R rdoherty New member Joined Aug 9, 2012 Posts 3 Aug 10, 2012 #1 Blue screen reliably when any major program is launched, including IE or trying to uninstall a program. BSOD reports problem in driver ataport.sys JCGriff dump attached View attachment Windows7_Vista_jcgriff2.zip Things tried so far: 1) Seatools full diagnostic on the HDD -- passed 2) Microsoft Essentials full scan -- finished 3) Windows 7 recovery RAM test -- passed 4) Checked all drivers in the ATA section of Devmgr -- no updates needed Here are system details: Win 7 OS 32-bit SP1 Upgraded from original OS, which was Vista 5 year old computer, OS installation probably 3 years old Lenovo Thinkpad R61i ID# 8932-CTO Thanks for any assistance.
Blue screen reliably when any major program is launched, including IE or trying to uninstall a program. BSOD reports problem in driver ataport.sys JCGriff dump attached View attachment Windows7_Vista_jcgriff2.zip Things tried so far: 1) Seatools full diagnostic on the HDD -- passed 2) Microsoft Essentials full scan -- finished 3) Windows 7 recovery RAM test -- passed 4) Checked all drivers in the ATA section of Devmgr -- no updates needed Here are system details: Win 7 OS 32-bit SP1 Upgraded from original OS, which was Vista 5 year old computer, OS installation probably 3 years old Lenovo Thinkpad R61i ID# 8932-CTO Thanks for any assistance.
JaidynM BSOD Kernel Dump Senior Analyst Joined May 1, 2012 Posts 1,011 Location Somewhere Over The Rainbow Aug 10, 2012 #2 Problem devices Code: Security Processor Loader Driver ROOT\LEGACY_SPLDR\0000 This device is not present, is not working properly, or does not have all its drivers installed. You will need to either uninstall the drivers and reinstall the latest version or perform a clean installation of the driver. If the device is disabled please enable it. Drivers The following drivers need to be updated: Code: rimmptsk.sys Thu Nov 17 13:28:31 2005 (437BEACF) rimsptsk.sys Thu Dec 22 19:02:21 2005 (43AA5D8D) mdmxsdk.sys Tue Jun 20 07:26:59 2006 (449716A3) rixdptsk.sys Wed Nov 15 12:35:19 2006 (455A6ED7) Apfiltr.sys Sun Mar 4 21:28:07 2007 (45EA9F37) HSX_CNXT.sys Tue Mar 27 07:37:27 2007 (46082F07) HSXHWAZL.sys Tue Mar 27 07:37:36 2007 (46082F10) HSX_DPV.sys Tue Mar 27 07:38:56 2007 (46082F60) xaudio.sys Wed Apr 11 03:59:32 2007 (461BD084) CHDARTN.sys Sat Apr 28 08:29:45 2007 (46327959) ibmpmdrv.sys Thu May 31 19:52:39 2007 (465E9AE7) RimSerial.sys Tue Nov 25 04:02:13 2008 (492ADE15) b57nd60x.sys Sun Apr 26 21:15:34 2009 (49F44256) NuidFltr.sys Fri May 8 18:35:42 2009 (4A03EEDE) These drivers can be found by searching them in Google and then finding the associated software or driver. Finally, find the latest version of this driver or software and download and install it. Some of the drivers may also be found here (if the driver says 'Windows Update' simply make sure all Windows Updates are installed). You should also update any other drivers you can think of including graphics, audio, chipset, SSD etc. Check with your system manufacturer for any BIOS updates. Make sure all Windows updates are installed. Software Do you have an AV installed? I can't seem to find one in your dumps. If you don't have one installed, please install MSE. Microsoft Security Essentials - Free Antivirus for Windows Run a full system scan with Malwarebytes. http://www.malwarebytes.org/ Last edited: Aug 10, 2012
Problem devices Code: Security Processor Loader Driver ROOT\LEGACY_SPLDR\0000 This device is not present, is not working properly, or does not have all its drivers installed. You will need to either uninstall the drivers and reinstall the latest version or perform a clean installation of the driver. If the device is disabled please enable it. Drivers The following drivers need to be updated: Code: rimmptsk.sys Thu Nov 17 13:28:31 2005 (437BEACF) rimsptsk.sys Thu Dec 22 19:02:21 2005 (43AA5D8D) mdmxsdk.sys Tue Jun 20 07:26:59 2006 (449716A3) rixdptsk.sys Wed Nov 15 12:35:19 2006 (455A6ED7) Apfiltr.sys Sun Mar 4 21:28:07 2007 (45EA9F37) HSX_CNXT.sys Tue Mar 27 07:37:27 2007 (46082F07) HSXHWAZL.sys Tue Mar 27 07:37:36 2007 (46082F10) HSX_DPV.sys Tue Mar 27 07:38:56 2007 (46082F60) xaudio.sys Wed Apr 11 03:59:32 2007 (461BD084) CHDARTN.sys Sat Apr 28 08:29:45 2007 (46327959) ibmpmdrv.sys Thu May 31 19:52:39 2007 (465E9AE7) RimSerial.sys Tue Nov 25 04:02:13 2008 (492ADE15) b57nd60x.sys Sun Apr 26 21:15:34 2009 (49F44256) NuidFltr.sys Fri May 8 18:35:42 2009 (4A03EEDE) These drivers can be found by searching them in Google and then finding the associated software or driver. Finally, find the latest version of this driver or software and download and install it. Some of the drivers may also be found here (if the driver says 'Windows Update' simply make sure all Windows Updates are installed). You should also update any other drivers you can think of including graphics, audio, chipset, SSD etc. Check with your system manufacturer for any BIOS updates. Make sure all Windows updates are installed. Software Do you have an AV installed? I can't seem to find one in your dumps. If you don't have one installed, please install MSE. Microsoft Security Essentials - Free Antivirus for Windows Run a full system scan with Malwarebytes. http://www.malwarebytes.org/
R rdoherty New member Joined Aug 9, 2012 Posts 3 Aug 11, 2012 #3 View attachment 1342Thank you for your analysis. After many additional steps, the situation remains unchanged, regular BSOD in normal boot mode. Here are the additional steps I perfromed: 1) All identified drivers above were either updated (with drivers from manufacturer site or Lenovo site), or they were disabled in devmgr (in safe mode). 2) Microsoft Essentials and Malwarebytes run to completeion with no errors (in Safe Mode, both programs result in BSOD in regular boot mode). Safe mode (with networking) seems stable, regular boot mode quickly results in BSOD. Updated griff analysis is attached. Thanks as usual for any help here.
View attachment 1342Thank you for your analysis. After many additional steps, the situation remains unchanged, regular BSOD in normal boot mode. Here are the additional steps I perfromed: 1) All identified drivers above were either updated (with drivers from manufacturer site or Lenovo site), or they were disabled in devmgr (in safe mode). 2) Microsoft Essentials and Malwarebytes run to completeion with no errors (in Safe Mode, both programs result in BSOD in regular boot mode). Safe mode (with networking) seems stable, regular boot mode quickly results in BSOD. Updated griff analysis is attached. Thanks as usual for any help here.
P Patrick Sysnative Staff Joined Jun 7, 2012 Posts 4,618 Aug 11, 2012 #4 Hi, It seems that all of the recent dumps are of the 1000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M bugcheck. These latest crash dumps are mentioning Mpfilter.sys (Microsoft Windows AntiMalware protection system) which seems to be faulting ataport.sys. I would recommend from safe mode, performing a clean boot and then uninstalling and reinstalling Microsoft Windows AntiMalware protection. Here's how to perform a clean boot. Regards, Patrick
Hi, It seems that all of the recent dumps are of the 1000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M bugcheck. These latest crash dumps are mentioning Mpfilter.sys (Microsoft Windows AntiMalware protection system) which seems to be faulting ataport.sys. I would recommend from safe mode, performing a clean boot and then uninstalling and reinstalling Microsoft Windows AntiMalware protection. Here's how to perform a clean boot. Regards, Patrick
R rdoherty New member Joined Aug 9, 2012 Posts 3 Aug 12, 2012 #5 SOLVED: I had to download and run TDSSkiller from Kapersky to remove a rootkit. This rootkit was not found by AntiMalware (neither Malwarebytes nor Security Essentials), all those tools ran clean with no reported problems. Following the TDSSkiller, I followed up with the Antimalware to be sure it was clean from all tools. Thank you for your help on this thread.
SOLVED: I had to download and run TDSSkiller from Kapersky to remove a rootkit. This rootkit was not found by AntiMalware (neither Malwarebytes nor Security Essentials), all those tools ran clean with no reported problems. Following the TDSSkiller, I followed up with the Antimalware to be sure it was clean from all tools. Thank you for your help on this thread.
P Patrick Sysnative Staff Joined Jun 7, 2012 Posts 4,618 Aug 12, 2012 #6 Ah, so it appears that the rootkit was faulting Mpfilter.sys. I've seen TDSSKiller solve a few issues in the past, specifically BSOD's that are of the IRQL_NOT_LESS_OR_EQUAL stop code. Good job solving it :) I'll have to be buzzkillington for a second though... for future reference, be very careful with programs such as TDSSKiller. If used incorrectly, they will destroy your system (software of course, not hardware ). If you ever need to use it again, or need to recommended it to someone, set the action from "cure" to "skip" and to save a report that a security expert can analyze for you. Sometimes, it's not always black and white and a file that is "cured / cleaned" can be detrimental the the functionality of your OS. Regards, Patrick
Ah, so it appears that the rootkit was faulting Mpfilter.sys. I've seen TDSSKiller solve a few issues in the past, specifically BSOD's that are of the IRQL_NOT_LESS_OR_EQUAL stop code. Good job solving it :) I'll have to be buzzkillington for a second though... for future reference, be very careful with programs such as TDSSKiller. If used incorrectly, they will destroy your system (software of course, not hardware ). If you ever need to use it again, or need to recommended it to someone, set the action from "cure" to "skip" and to save a report that a security expert can analyze for you. Sometimes, it's not always black and white and a file that is "cured / cleaned" can be detrimental the the functionality of your OS. Regards, Patrick
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,285 Location Upstate, NY Aug 12, 2012 #7 Good advice, Patrick. :) rdoherty said: SOLVED: I had to download and run TDSSkiller from Kapersky to remove a rootkit. This rootkit was not found by AntiMalware (neither Malwarebytes nor Security Essentials), all those tools ran clean with no reported problems. Following the TDSSkiller, I followed up with the Antimalware to be sure it was clean from all tools. Thank you for your help on this thread. Click to expand... Hi, rdoherty. If you would like to have a check of your computer after running TDSSKiller, please follow the instructions at Malware Removal Posting Instructions and we'll check your logs.
Good advice, Patrick. :) rdoherty said: SOLVED: I had to download and run TDSSkiller from Kapersky to remove a rootkit. This rootkit was not found by AntiMalware (neither Malwarebytes nor Security Essentials), all those tools ran clean with no reported problems. Following the TDSSkiller, I followed up with the Antimalware to be sure it was clean from all tools. Thank you for your help on this thread. Click to expand... Hi, rdoherty. If you would like to have a check of your computer after running TDSSKiller, please follow the instructions at Malware Removal Posting Instructions and we'll check your logs.