Need help with BSOD, ataport.sys

rdoherty · Aug 10, 2012

Blue screen reliably when any major program is launched, including IE or trying to uninstall a program. BSOD reports problem in driver ataport.sys

JCGriff dump attached View attachment Windows7_Vista_jcgriff2.zip

Things tried so far:
1) Seatools full diagnostic on the HDD -- passed
2) Microsoft Essentials full scan -- finished
3) Windows 7 recovery RAM test -- passed
4) Checked all drivers in the ATA section of Devmgr -- no updates needed

Here are system details:
Win 7 OS 32-bit SP1
Upgraded from original OS, which was Vista
5 year old computer, OS installation probably 3 years old

Lenovo Thinkpad R61i
ID# 8932-CTO

Thanks for any assistance.

JaidynM · Aug 10, 2012

Problem devices

Code:

Security Processor Loader Driver    ROOT\LEGACY_SPLDR\0000    This device is not present, is not working properly, or does not have all its drivers installed.

You will need to either uninstall the drivers and reinstall the latest version or perform a clean installation of the driver. If the device is disabled please enable it.

Drivers

The following drivers need to be updated:

Code:

rimmptsk.sys                Thu Nov 17 13:28:31 2005 (437BEACF)
rimsptsk.sys                Thu Dec 22 19:02:21 2005 (43AA5D8D)
mdmxsdk.sys                 Tue Jun 20 07:26:59 2006 (449716A3)
rixdptsk.sys                Wed Nov 15 12:35:19 2006 (455A6ED7)
Apfiltr.sys                 Sun Mar  4 21:28:07 2007 (45EA9F37)
HSX_CNXT.sys                Tue Mar 27 07:37:27 2007 (46082F07)
HSXHWAZL.sys                Tue Mar 27 07:37:36 2007 (46082F10)
HSX_DPV.sys                 Tue Mar 27 07:38:56 2007 (46082F60)
xaudio.sys                  Wed Apr 11 03:59:32 2007 (461BD084)
CHDARTN.sys                 Sat Apr 28 08:29:45 2007 (46327959)
ibmpmdrv.sys                Thu May 31 19:52:39 2007 (465E9AE7)
RimSerial.sys               Tue Nov 25 04:02:13 2008 (492ADE15)
b57nd60x.sys                Sun Apr 26 21:15:34 2009 (49F44256)
NuidFltr.sys                Fri May  8 18:35:42 2009 (4A03EEDE)

These drivers can be found by searching them in Google and then finding the associated software or driver. Finally, find the latest version of this driver or software and download and install it. Some of the drivers may also be found here (if the driver says 'Windows Update' simply make sure all Windows Updates are installed).

You should also update any other drivers you can think of including graphics, audio, chipset, SSD etc. Check with your system manufacturer for any BIOS updates.

Make sure all Windows updates are installed.

Software

Do you have an AV installed? I can't seem to find one in your dumps. If you don't have one installed, please install MSE.
Microsoft Security Essentials - Free Antivirus for Windows

Run a full system scan with Malwarebytes.
http://www.malwarebytes.org/

rdoherty · Aug 11, 2012

View attachment 1342Thank you for your analysis. After many additional steps, the situation remains unchanged, regular BSOD in normal boot mode.

Here are the additional steps I perfromed:
1) All identified drivers above were either updated (with drivers from manufacturer site or Lenovo site), or they were disabled in devmgr (in safe mode).
2) Microsoft Essentials and Malwarebytes run to completeion with no errors (in Safe Mode, both programs result in BSOD in regular boot mode).

Safe mode (with networking) seems stable, regular boot mode quickly results in BSOD. Updated griff analysis is attached.

Thanks as usual for any help here.

Patrick · Aug 11, 2012

Hi,

It seems that all of the recent dumps are of the 1000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M bugcheck. These latest crash dumps are mentioning Mpfilter.sys (Microsoft Windows AntiMalware protection system) which seems to be faulting ataport.sys.

I would recommend from safe mode, performing a clean boot and then uninstalling and reinstalling Microsoft Windows AntiMalware protection. Here's how to perform a clean boot.

Regards,

Patrick

rdoherty · Aug 12, 2012

SOLVED: I had to download and run TDSSkiller from Kapersky to remove a rootkit. This rootkit was not found by AntiMalware (neither Malwarebytes nor Security Essentials), all those tools ran clean with no reported problems.

Following the TDSSkiller, I followed up with the Antimalware to be sure it was clean from all tools.

Thank you for your help on this thread.

Patrick · Aug 12, 2012

Ah, so it appears that the rootkit was faulting Mpfilter.sys. I've seen TDSSKiller solve a few issues in the past, specifically BSOD's that are of the IRQL_NOT_LESS_OR_EQUAL stop code. Good job solving it :)

I'll have to be buzzkillington for a second though... for future reference, be very careful with programs such as TDSSKiller. If used incorrectly, they will destroy your system (software of course, not hardware

). If you ever need to use it again, or need to recommended it to someone, set the action from "cure" to "skip" and to save a report that a security expert can analyze for you. Sometimes, it's not always black and white and a file that is "cured / cleaned" can be detrimental the the functionality of your OS.

Regards,

Patrick

Corrine · Aug 12, 2012

Good advice, Patrick. :)

rdoherty said:
SOLVED: I had to download and run TDSSkiller from Kapersky to remove a rootkit. This rootkit was not found by AntiMalware (neither Malwarebytes nor Security Essentials), all those tools ran clean with no reported problems.

Following the TDSSkiller, I followed up with the Antimalware to be sure it was clean from all tools.

Thank you for your help on this thread.

Hi, rdoherty. If you would like to have a check of your computer after running TDSSKiller, please follow the instructions at Malware Removal Posting Instructions and we'll check your logs.

Search

Search

Need help with BSOD, ataport.sys

rdoherty

New member

JaidynM

BSOD Kernel Dump Analyst

rdoherty

New member

Patrick

Moderator, BSOD Academy Instructor

rdoherty

New member

Patrick

Moderator, BSOD Academy Instructor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Need help with BSOD, ataport.sys

rdoherty

New member

JaidynM

BSOD Kernel Dump Analyst

rdoherty

New member

Patrick

Moderator, BSOD Academy Instructor

rdoherty

New member

Patrick

Moderator, BSOD Academy Instructor

Corrine

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst