I have a laptop with Windows XP Pro on it. Every time I boot, I get a BSOD with the message 0x7b STOP. When I try booting in any of safe modi I get the same result. With a Hirens bootcd I managed to copy the entire hard drive data on a usb stick and I ran a virusscan on that. That’s when Avast told me it was a Win32:Rloader-B. But I can’t seem to remove it since no (bootable) virusscanner is able to find it. Can you help me?
Oops must learn how to read
Please print these instruction out so that you know what you are doing
[*]Download OTLPENet.exe to your desktop
[]Download Farbar Recovery Scan Tool and save it to a flash drive.
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop. Note : as you are running from CD it is not exactly speedy
[]Insert the flash drive with FRST on it
[]Locate the flash drive and run FSRT
[]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01
Ran by SYSTEM at 05-10-2012 19:18:20
Running from D:
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM.….exe: exefile => OK
HKLM.…\exefile\DefaultIcon: %1 => OK
HKLM.…\exefile\open\command: “%1” %* => OK
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 1022.05 MB
Available physical RAM: 827.85 MB
Total Pagefile: 905.6 MB
Available Pagefile: 836.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
Volume 1 C NTFS Partition 149 GB Healthy
=========================================================
==================== End Of Log ============================
I’m posting from a different computer as I’m not able to boot into windows on the laptop.
Enter BIOS at startup, go to “Integrated Peripherals” or something similar where you can find the “SATA Mode” option and change it from AHCI to ATA or IDE
ListParts by Farbar Version: 02-10-2012
Ran by SYSTEM (administrator) on 06-10-2012 at 14:17:36
Windows XP (X86)
Running From: D:
Language: 0409
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 1022.05 MB
Available physical RAM: 860.92 MB
Total Pagefile: 905.6 MB
Available Pagefile: 842.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
Volume 1 C NTFS Partition 149 GB Healthy
======================================================================================================
****** End Of Log ******
I get the BSOD with the stop message just after seeing the Windows XP Logo for a second or so. The laptop boots, the logo pops up and then boem → BSOD.
I automatically get the menu where I can select Normal mode, Safe Mode, Safe Mode with Network, Safe Mode with MS Dos, or load the last known configuration, since Windows has not been shut down properly.
All the safe modi crash just after they loaded the mup.sys driver. The last known good configuration also crashes with the 0x7b Stop error.
The most common cause is the executing PnP (Plug and Play) and ACPI routines issue.
To fix the issue, we need to access the computer from Recovery Console.
If you do have your Windows CD
To start the Recovery Console directly from the Windows XP CD you would do the following:
[*]Insert the Windows XP cd in your computer.[*]Restart your computer so you are booting off of the CD.[*]When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.[*]The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.[*]It will then prompt you for the Administrator’s password. If there is no password, simply press enter. Otherwise type in the password and then press enter.[*]If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
Type map and press enter.
It will give you the drive letters.
Note down the letter of you CD-ROM.
If it is a letter other than E you should replace the letter E with your CD drive letter when applying the expand command later on if the command is needed to be applied.
Type following commmands, pressing Enter after each one.
[*]ren c:\windows\system32\drivers\atapi.sys atapi.old
(It will returns to the prompt again without notification)[*]copy c:\windows\servicepackfiles\i386\atapi.sys c:\windows\system32\drivers
(If you get a notification “1 file(s) copied” you don’t need to do the next expand command and go to exit command. But if you get notification that the file doesn’t exist proceed with expand command)[*]expand e:\I386\atapi.sy_ c:\windows\system32\drivers
(You should be notified that the file expanded)[*]exit
You may remove the CD or let Windows boot normally.
If you don’t have your Windows CD
Please download ARCDC from Artellos.com.
[*]Double click ARCDC.exe
[*]Follow the dialog until you see 6 options. Please pick: [i]Windows Professional SP2 & SP3[/i]
[*]You will be prompted with a Terms of Use by Microsoft, please accept.
[*]You will see a few dos screens flash by, this is normal.
[*]Next you will be able to choose to add extra files. Select the Default Files.
[*]The last window will allow you to burn the disk using BurnCDCC
Then, follow instructions from Step #1 above.
I followed the instructions of not having the original disk. After completion I rebooted normally but I still get the same error. Booting into safe modus also still gives the same error.
EDIT: Strange, I just reviewed the drivers folder c:\WINDOWS\system32\drivers with the OTL bootable disk. And although the date of the last modification is today, I can’t see any atapi.old.
I also just found out that Microsoft Security Essentials was installed on the laptop. Apparently that can also result into problems if it is installed on a XP machine.