Installed MSE now W7 memory dumps on startup

[clue124]

Hi, so I decided my laptop needed a cleanup.
Back story: Laptop hard drive crashes so I replace it with a previous busted laptops HDD which works until I install Microsoft Security Essentials.
Now, every time I start the computer up it will BSOD with a memory dump every single time. I am currently using safe mode and it works fine.

I have attached a .rar file of my .dmp file in the message. Also, I cannot system restore in safe mode and... I forgot that I turned off system restore on this HDD years ago so...

Thanks a bunch

 

[yowanvista]

An Avast software(Avast Antivirus/internet security) is the cause, please remove such software and use MSE

Your system seems to be infected, run a scan of Malwarebytes

Please remove any CD virtualization programs such as Daemon Tools and Alcohol 120%. They use a driver, found in your dmp, sptd.sys, that is notorious for causing BSODs. Use this SPTD uninstaller when you're done: DuplexSecure - Downloads
You can use MagicDisc as an alternative.

sptd.sys        0x83827000    0x8391a000    0x000f3000    0x4ad245ea    12/10/2009 00:54:02

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 83a67487, aa52b764, 0}

Unable to load image \SystemRoot\System32\Drivers\aswSnx.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSnx.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSnx.SYS
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 83a67487, The address that the exception occurred at
Arg3: aa52b764, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
ataport!IdePortDispatchDeviceControl+b
83a67487 80b98600000000  cmp     byte ptr [ecx+86h],0

TRAP_FRAME:  aa52b764 -- (.trap 0xffffffffaa52b764)
ErrCode = 00000000
eax=870a4490 ebx=00000000 ecx=00000000 edx=86de6008 esi=870a4490 edi=862246a0
eip=83a67487 esp=aa52b7d8 ebp=aa52b7d8 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
ataport!IdePortDispatchDeviceControl+0xb:
83a67487 80b98600000000  cmp     byte ptr [ecx+86h],0       ds:0023:00000086=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 830564bc to 83a67487

STACK_TEXT:  
aa52b7d8 830564bc 870a4490 87ed5540 864704e8 ataport!IdePortDispatchDeviceControl+0xb
aa52b7f0 83abb40f aa52b89c a88608e0 a8860904 nt!IofCallDriver+0x63
aa52b81c 8d0c9bac 864704e8 862246a0 2740ed08 fltmgr!FltIsVolumeWritable+0x77
WARNING: Stack unwind information not available. Following frames may be wrong.
aa52b880 83ab1bf5 000000a2 00000005 01000008 aswSnx+0x2bac
aa52b8b4 83ab2417 864b68c8 00000005 29f83121 fltmgr!FltpDoInstanceSetupNotification+0x69
aa52b900 83ab27d1 87141cd0 864704e8 00000005 fltmgr!FltpInitInstance+0x25d
aa52b970 83ab28d7 87141cd0 864704e8 00000005 fltmgr!FltpCreateInstanceFromName+0x285
aa52b9dc 83abbcde 87141cd0 864704e8 00000005 fltmgr!FltpEnumerateRegistryInstances+0xf9
aa52ba2c 83ab07f4 864704e8 88adfe28 864b2f80 fltmgr!FltpDoFilterNotificationForNewVolume+0xe0
aa52ba70 830564bc 862248d8 864704e8 864b2fdc fltmgr!FltpCreate+0x206
aa52ba88 8325ab8d 8b3385c3 aa52bc30 00000000 nt!IofCallDriver+0x63
aa52bb60 8323b5f3 870a4490 a514c6e0 86225008 nt!IopParseDevice+0xed7
aa52bbdc 832617b9 00000000 aa52bc30 00000040 nt!ObpLookupObjectName+0x4fa
aa52bc38 83259b0b 011fe52c 8614c6e0 00000001 nt!ObOpenObjectByName+0x165
aa52bcb4 83265422 011fe588 80100080 011fe52c nt!IopCreateFile+0x673
aa52bd00 8305d3ea 011fe588 80100080 011fe52c nt!NtCreateFile+0x34
aa52bd00 773e6344 011fe588 80100080 011fe52c nt!KiFastCallEntry+0x12a
011fe590 00000000 00000000 00000000 00000000 0x773e6344


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!IdePortDispatchDeviceControl+b
83a67487 80b98600000000  cmp     byte ptr [ecx+86h],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ataport!IdePortDispatchDeviceControl+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf16

FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

Followup: MachineOwner
---------

 

[clue124]

It worked, however... It still crashes as soon as I try to install MSE.
here is the dump file for this crash.

 

[yowanvista]

Boot in safe mode, run a full scan with Malwarebtes and run http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

 

[clue124]

Just finished scanning and running SFC. Few malware found and no errors in SFC.
Restarting now.

 

[clue124]

Still crashed.

 

[clue124]

Still need assistance, please. Just checked to see if my laptop would work this time, but it BSOD before I could log in. Back in safe mode and still no clue what is going on here. I have tried all the fixes, scans, etc and even uninstalled the sptd.

 

[MvdB]

Could you please update your system spec's? See fourth post here: http://www.sevenforums.com/general-discussion/8-forum-rules.html

Also, this last upload only contains a dump. Please upload full info as described here:
For us to help you better, please follow these instructions completely:
http://www.sevenforums.com/crashes-debugging/96879-blue-screen-death-bsod-posting-instructions.html

From your dump it appears as if you have an unfinished or old status of standard Windows Update drivers. I realize that might be hard to fix out of a Safemode situation so please first upload the info asked for above and we'll have a look.

 

[clue124]

Alright, sorry about that. I updated my specs, however I do not know the HDD specs. 250GB is all I know.

Attached is the Collection folder in a .rar. I could not get the perfmon /report, however.

I hope this helps. I might be able to grab the perfmon report if I get lucky and grab it before my system crashes.

 

[clue124]

If worse comes to worst, I will just backup all my files and nuke the sucker for a clean install. I am trying to avoid that, though..

 

[MvdB]

Thx, this shows us some more. I agree with Yowan that this system seems to have been infected. Can you update us on what the Malware was you found? That might help us understand what damage was done , if any.

You have two "devices" that have a problem:

Not Available    ACPI\QCI0701\2&DABA3FF&1    The drivers for this device are not installed.
Security Processor Loader Driver    ROOT\LEGACY_SPLDR\0000    This device is not present, is not working properly, or does not have all its drivers installed.

Acpi is a advanced power interface... should have been updated with Windows Update as yours is a standard Windows one...

For the other:
Start > Device Manager look for Yellow marks you might find Security processor Loader driver Right click and click on Update driver.



I do not yet agree with Yowan that Avast! was the cause... actually it might have been blocked or sidetracked. But doesn't matter, I'd use your preferred AV to do a boot scan. Avast has a seperate option for this.. if you choose it, upon rebooting, it will scan your system BEFORE loading W7. But other AV's have similar options. Please try that.

 

[clue124]

Here are the infected files found with Malwarebytes

c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\30E16RG1\na1msgr[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\NRA8HX8U\spsf12[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

I am going to install AVAST and check the boot scan.

 

[clue124]

Avast crashed my Safe Mode.. Installed AVG instead.
There are no yellow marks in my device manager. It is starting to seem like hope is lost for this one.

 

[MvdB]

Did you do a boot scan with AVG?

 

[clue124]

No can do, I cannot find the option for it. I will have to check tomorrow but for now I must hit the sack.