Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD after installing an anti-virus program


  • This topic is locked This topic is locked
2 replies to this topic

#1 hisuka2001

hisuka2001

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 04 August 2012 - 12:55 AM

My problem is this, I have an infected acer netbook which I posted my concern in the 'Am I infected, what should I do section'. I replaced my previous antivirus program which is avira, because it always detects an infected file but cannot remove it, to Eset smart security. After installing, I rebooted the netbook but BSOD happened. The infected acer netbook can only be booted in safe mode. I copied the minidump files and using the bluescreen viewer from another laptop I borrowed the following logfile is shown:

athr.sys athr.sys+6c70e 0x8c60e000 0x8c71e000 0x00110000 0x4a2ea444 6/10/2009 2:04:52 AM
ndis.sys ndis.sys+36b02 0x88274000 0x8832b000 0x000b7000 0x4a5bbf58 7/14/2009 7:12:24 AM
ntkrnlpa.exe ntkrnlpa.exe+467eb 0x81c02000 0x82012000 0x00410000 0x4a5bc007 7/14/2009 7:15:19 AM Microsoft® Windows® Operating System NT Kernel & System 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Corporation C:\Windows\system32\ntkrnlpa.exe

halmacpi.dll 0x82012000 0x82049000 0x00037000 0x4a5bbf07 7/14/2009 7:11:03 AM
kdcom.dll 0x819ee000 0x819f6000 0x00008000 0x4a5bdaaa 7/14/2009 9:08:58 AM
mcupdate_GenuineIntel.dll 0x8221c000 0x82294000 0x00078000 0x4a5bda21 7/14/2009 9:06:41 AM
PSHED.dll 0x82294000 0x822a5000 0x00011000 0x4a5bdad0 7/14/2009 9:09:36 AM Microsoft® Windows® Operating System Platform Specific Hardware Error Driver 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Corporation C:\Windows\system32\PSHED.dll
BOOTVID.dll 0x822a5000 0x822ad000 0x00008000 0x4a5bd9a2 7/14/2009 9:04:34 AM Microsoft® Windows® Operating System VGA Boot Driver 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Corporation C:\Windows\system32\BOOTVID.dll
CLFS.SYS 0x822ad000 0x822ef000 0x00042000 0x4a5bbf0e 7/14/2009 7:11:10 AM
CI.dll 0x822ef000 0x8239a000 0x000ab000 0x4a5bdac8 7/14/2009 9:09:28 AM
Wdf01000.sys 0x87e2a000 0x87e9b000 0x00071000 0x4a5bbf28 7/14/2009 7:11:36 AM
WDFLDR.SYS 0x87e9b000 0x87ea9000 0x0000e000 0x4a5bbf1d 7/14/2009 7:11:25 AM
ACPI.sys 0x87ea9000 0x87ef1000 0x00048000 0x4a5bbf0f 7/14/2009 7:11:11 AM
WMILIB.SYS 0x87ef1000 0x87efa000 0x00009000 0x4a5bbf1a 7/14/2009 7:11:22 AM
msisadrv.sys 0x87efa000 0x87f02000 0x00008000 0x4a5bbf0d 7/14/2009 7:11:09 AM
pci.sys 0x87f02000 0x87f2c000 0x0002a000 0x4a5bbf14 7/14/2009 7:11:16 AM
vdrvroot.sys 0x87f2c000 0x87f37000 0x0000b000 0x4a5bc74b 7/14/2009 7:46:19 AM
partmgr.sys 0x87f37000 0x87f48000 0x00011000 0x4a5bbf27 7/14/2009 7:11:35 AM
compbatt.sys 0x87f48000 0x87f50000 0x00008000 0x4a5bc0f6 7/14/2009 7:19:18 AM
BATTC.SYS 0x87f50000 0x87f5b000 0x0000b000 0x4a5bc0f3 7/14/2009 7:19:15 AM
volmgr.sys 0x87f5b000 0x87f6b000 0x00010000 0x4a5bbf1d 7/14/2009 7:11:25 AM
volmgrx.sys 0x87f6b000 0x87fb6000 0x0004b000 0x4a5bbf2d 7/14/2009 7:11:41 AM
mountmgr.sys 0x87fb6000 0x87fcc000 0x00016000 0x4a5bbf1f 7/14/2009 7:11:27 AM
atapi.sys 0x87fcc000 0x87fd5000 0x00009000 0x4a5bbf13 7/14/2009 7:11:15 AM
ataport.SYS 0x87fd5000 0x87ff8000 0x00023000 0x4a5bbf16 7/14/2009 7:11:18 AM
msahci.sys 0x87e00000 0x87e0a000 0x0000a000 0x4a5bc72e 7/14/2009 7:45:50 AM
PCIIDEX.SYS 0x87e0a000 0x87e18000 0x0000e000 0x4a5bbf13 7/14/2009 7:11:15 AM
amdxata.sys 0x87e18000 0x87e21000 0x00009000 0x4a12f30f 5/20/2009 1:57:35 AM
fltmgr.sys 0x8239a000 0x823ce000 0x00034000 0x4a5bbf11 7/14/2009 7:11:13 AM
fileinfo.sys 0x823ce000 0x823df000 0x00011000 0x4a5bc18f 7/14/2009 7:21:51 AM
PxHelp20.sys 0x823df000 0x823e84c0 0x000094c0 0x4addfa1e 10/21/2009 1:57:50 AM
Ntfs.sys 0x8803e000 0x8816d000 0x0012f000 0x4a5bbf45 7/14/2009 7:12:05 AM
msrpc.sys 0x8816d000 0x88198000 0x0002b000 0x4a5bbf3f 7/14/2009 7:11:59 AM
ksecdd.sys 0x88198000 0x881ab000 0x00013000 0x4a5bbf3c 7/14/2009 7:11:56 AM
cng.sys 0x88200000 0x8825d000 0x0005d000 0x4a5bc427 7/14/2009 7:32:55 AM
pcw.sys 0x8825d000 0x8826b000 0x0000e000 0x4a5bbf0e 7/14/2009 7:11:10 AM
Fs_Rec.sys 0x8826b000 0x88274000 0x00009000 0x4a5bbf12 7/14/2009 7:11:14 AM
NETIO.SYS 0x8832b000 0x88369000 0x0003e000 0x4a5bbf63 7/14/2009 7:12:35 AM
ksecpkg.sys 0x88369000 0x8838e000 0x00025000 0x4a5bc468 7/14/2009 7:34:00 AM
tcpip.sys 0x88439000 0x88582000 0x00149000 0x4a5bbf8e 7/14/2009 7:13:18 AM
fwpkclnt.sys 0x88582000 0x885b3000 0x00031000 0x4a5bbf43 7/14/2009 7:12:03 AM
vmstorfl.sys 0x885b3000 0x885bb380 0x00008380 0x4a5bc32c 7/14/2009 7:28:44 AM
wd.sys 0x885bc000 0x885c4000 0x00008000 0x4a5bbf23 7/14/2009 7:11:31 AM
volsnap.sys 0x8838e000 0x883cd000 0x0003f000 0x4a5bbf26 7/14/2009 7:11:34 AM
spldr.sys 0x885c4000 0x885cc000 0x00008000 0x4a084ebb 5/12/2009 12:13:47 AM
rdyboost.sys 0x885cc000 0x885f9000 0x0002d000 0x4a5bc19a 7/14/2009 7:22:02 AM
mup.sys 0x88400000 0x88410000 0x00010000 0x4a5bbfc6 7/14/2009 7:14:14 AM
hwpolicy.sys 0x88410000 0x88418000 0x00008000 0x4a5bbf05 7/14/2009 7:11:01 AM
fvevol.sys 0x883cd000 0x883ff000 0x00032000 0x4a5bbf7d 7/14/2009 7:13:01 AM
disk.sys 0x88418000 0x88429000 0x00011000 0x4a5bbf20 7/14/2009 7:11:28 AM
CLASSPNP.SYS 0x881ab000 0x881d0000 0x00025000 0x4a5bbf18 7/14/2009 7:11:20 AM
Null.SYS 0x885f9000 0x88600000 0x00007000 0x4a5bbf10 7/14/2009 7:11:12 AM
Beep.SYS 0x8801f000 0x88026000 0x00007000 0x4a5bc6fc 7/14/2009 7:45:00 AM
vga.sys 0x88026000 0x88032000 0x0000c000 0x4a5bc27e 7/14/2009 7:25:50 AM
VIDEOPRT.SYS 0x8a82b000 0x8a84c000 0x00021000 0x4a5bc27d 7/14/2009 7:25:49 AM
watchdog.sys 0x8a84c000 0x8a859000 0x0000d000 0x4a5bc21a 7/14/2009 7:24:10 AM
RDPCDD.sys 0x8a859000 0x8a861000 0x00008000 0x4a5bcae4 7/14/2009 8:01:40 AM
rdpencdd.sys 0x8a861000 0x8a869000 0x00008000 0x4a5bcae3 7/14/2009 8:01:39 AM
rdprefmp.sys 0x8a869000 0x8a871000 0x00008000 0x4a5bcae5 7/14/2009 8:01:41 AM
Msfs.SYS 0x8a871000 0x8a87c000 0x0000b000 0x4a5bbf1e 7/14/2009 7:11:26 AM
Npfs.SYS 0x8a87c000 0x8a88a000 0x0000e000 0x4a5bbf23 7/14/2009 7:11:31 AM
tdx.sys 0x8a88a000 0x8a8a1000 0x00017000 0x4a5bbf4a 7/14/2009 7:12:10 AM
TDI.SYS 0x8a8a1000 0x8a8ac000 0x0000b000 0x4a5bbf4c 7/14/2009 7:12:12 AM
afd.sys 0x8a8ac000 0x8a906000 0x0005a000 0x4a5bbf62 7/14/2009 7:12:34 AM
netbt.sys 0x8a906000 0x8a938000 0x00032000 0x4a5bbf52 7/14/2009 7:12:18 AM
wfplwf.sys 0x8a938000 0x8a93f000 0x00007000 0x4a5bc90f 7/14/2009 7:53:51 AM
pacer.sys 0x8a93f000 0x8a95e000 0x0001f000 0x4a5bc916 7/14/2009 7:53:58 AM
vwififlt.sys 0x8a95e000 0x8a96f000 0x00011000 0x4a5bc8a3 7/14/2009 7:52:03 AM
netbios.sys 0x8a96f000 0x8a97d000 0x0000e000 0x4a5bc912 7/14/2009 7:53:54 AM
wanarp.sys 0x8a97d000 0x8a990000 0x00013000 0x4a5bc956 7/14/2009 7:55:02 AM
termdd.sys 0x8a990000 0x8a9a0000 0x00010000 0x4a5bcadf 7/14/2009 8:01:35 AM
rdbss.sys 0x8a9a0000 0x8a9e1000 0x00041000 0x4a5bbfd2 7/14/2009 7:14:26 AM
nsiproxy.sys 0x8a9e1000 0x8a9eb000 0x0000a000 0x4a5bbf48 7/14/2009 7:12:08 AM
mssmbios.sys 0x8a9eb000 0x8a9f5000 0x0000a000 0x4a5bc0fd 7/14/2009 7:19:25 AM
discache.sys 0x8a800000 0x8a80c000 0x0000c000 0x4a5bc214 7/14/2009 7:24:04 AM
csc.sys 0x8b813000 0x8b877000 0x00064000 0x4a5bbffc 7/14/2009 7:15:08 AM
dfsc.sys 0x8b877000 0x8b88f000 0x00018000 0x4a5bbfc8 7/14/2009 7:14:16 AM
blbdrive.sys 0x8b88f000 0x8b89d000 0x0000e000 0x4a5bc1d8 7/14/2009 7:23:04 AM
tunnel.sys 0x8b89d000 0x8b8be000 0x00021000 0x4a5bc91b 7/14/2009 7:54:03 AM
intelppm.sys 0x8b8be000 0x8b8d0000 0x00012000 0x4a5bbf07 7/14/2009 7:11:03 AM
igdkmd32.sys 0x8c030000 0x8c538000 0x00508000 0x4bcc8108 4/20/2010 12:12:56 AM
dxgkrnl.sys 0x8c538000 0x8c5ef000 0x000b7000 0x4a5bc297 7/14/2009 7:26:15 AM
dxgmms1.sys 0x8b8d0000 0x8b909000 0x00039000 0x4a5bc265 7/14/2009 7:25:25 AM
HDAudBus.sys 0x8c000000 0x8c01f000 0x0001f000 0x4a5bc85f 7/14/2009 7:50:55 AM
L1C62x86.sys 0x8b909000 0x8b91b000 0x00012000 0x4c738d35 8/24/2010 5:13:25 PM
vwifibus.sys 0x8c71e000 0x8c728000 0x0000a000 0x4a5bc8a2 7/14/2009 7:52:02 AM
usbuhci.sys 0x8c728000 0x8c733000 0x0000b000 0x4a5bc86e 7/14/2009 7:51:10 AM
USBPORT.SYS 0x8c733000 0x8c77e000 0x0004b000 0x4a5bc871 7/14/2009 7:51:13 AM
usbehci.sys 0x8c77e000 0x8c78d000 0x0000f000 0x4a5bc872 7/14/2009 7:51:14 AM
CmBatt.sys 0x8c78d000 0x8c790700 0x00003700 0x4a5bc0f6 7/14/2009 7:19:18 AM
i8042prt.sys 0x8c791000 0x8c7a9000 0x00018000 0x4a5bbf1b 7/14/2009 7:11:23 AM
kbdclass.sys 0x8c7a9000 0x8c7b6000 0x0000d000 0x4a5bbf13 7/14/2009 7:11:15 AM
mouclass.sys 0x8c7b6000 0x8c7c3000 0x0000d000 0x4a5bbf13 7/14/2009 7:11:15 AM
wmiacpi.sys 0x8c7c3000 0x8c7cc000 0x00009000 0x4a5bc0f4 7/14/2009 7:19:16 AM
CompositeBus.sys 0x8c7cc000 0x8c7d9000 0x0000d000 0x4a5bc716 7/14/2009 7:45:26 AM
AgileVpn.sys 0x8c7d9000 0x8c7eb000 0x00012000 0x4a5bc954 7/14/2009 7:55:00 AM
rasl2tp.sys 0x8b91b000 0x8b933000 0x00018000 0x4a5bc939 7/14/2009 7:54:33 AM
ndistapi.sys 0x8c7eb000 0x8c7f6000 0x0000b000 0x4a5bc930 7/14/2009 7:54:24 AM
ndiswan.sys 0x8b933000 0x8b955000 0x00022000 0x4a5bc93a 7/14/2009 7:54:34 AM
raspppoe.sys 0x8b955000 0x8b96d000 0x00018000 0x4a5bc94d 7/14/2009 7:54:53 AM
raspptp.sys 0x8b96d000 0x8b984000 0x00017000 0x4a5bc947 7/14/2009 7:54:47 AM
rassstp.sys 0x8b984000 0x8b99b000 0x00017000 0x4a5bc951 7/14/2009 7:54:57 AM
rdpbus.sys 0x8c7f6000 0x8c800000 0x0000a000 0x4a5bcb20 7/14/2009 8:02:40 AM
swenum.sys 0x8c600000 0x8c601380 0x00001380 0x4a5bc704 7/14/2009 7:45:08 AM
ks.sys 0x8b99b000 0x8b9cf000 0x00034000 0x4a5bc709 7/14/2009 7:45:13 AM
umbus.sys 0x8c01f000 0x8c02d000 0x0000e000 0x4a5bc88a 7/14/2009 7:51:38 AM
ew_jubusenum.sys 0x8b9cf000 0x8b9e0b80 0x00011b80 0x4cb01041 10/9/2010 2:48:33 PM
usbhub.sys 0x8f60a000 0x8f64e000 0x00044000 0x4a5bc8a6 7/14/2009 7:52:06 AM
NDProxy.SYS 0x8f64e000 0x8f65f000 0x00011000 0x4a5bc933 7/14/2009 7:54:27 AM
HdAudio.sys 0x8f65f000 0x8f6af000 0x00050000 0x4a5bc892 7/14/2009 7:51:46 AM
portcls.sys 0x8f6af000 0x8f6de000 0x0002f000 0x4a5bc864 7/14/2009 7:51:00 AM
drmk.sys 0x8f6de000 0x8f6f7000 0x00019000 0x4a5bd2f5 7/14/2009 8:36:05 AM
crashdmp.sys 0x8f6f7000 0x8f704000 0x0000d000 0x4a5bc72e 7/14/2009 7:45:50 AM
dump_dumpata.sys 0x8f704000 0x8f70f000 0x0000b000 0x4a5bbf14 7/14/2009 7:11:16 AM
dump_msahci.sys 0x8f70f000 0x8f719000 0x0000a000 0x4a5bc72e 7/14/2009 7:45:50 AM
dump_dumpfve.sys 0x8f719000 0x8f72a000 0x00011000 0x4a5bbf6f 7/14/2009 7:12:47 AM
win32k.sys 0x8e2e0000 0x8e52a000 0x0024a000 0x00000000
Dxapi.sys 0x8f72a000 0x8f734000 0x0000a000 0x4a5bc265 7/14/2009 7:25:25 AM
monitor.sys 0x8f734000 0x8f73f000 0x0000b000 0x4a5bc286 7/14/2009 7:25:58 AM
usbccgp.sys 0x8f73f000 0x8f756000 0x00017000 0x4a5bc883 7/14/2009 7:51:31 AM
USBD.SYS 0x8f756000 0x8f757700 0x00001700 0x4a5bc869 7/14/2009 7:51:05 AM
usbvideo.sys 0x8f758000 0x8f77bb00 0x00023b00 0x4a5bc897 7/14/2009 7:51:51 AM
TSDDD.dll 0x8e540000 0x8e549000 0x00009000 0x00000000
cdd.dll 0x8e570000 0x8e58e000 0x0001e000 0x00000000
ATMFD.DLL 0x8e590000 0x8e5dd000 0x0004d000 0x00000000 Adobe Type Manager Windows NT OpenType/Type 1 Font Driver 5.1 Build 226 Adobe Systems Incorporated C:\Windows\system32\ATMFD.DLL
luafv.sys 0x8f77c000 0x8f797000 0x0001b000 0x4a5bc020 7/14/2009 7:15:44 AM
WudfPf.sys 0x8f797000 0x8f7b1000 0x0001a000 0x4a5bc835 7/14/2009 7:50:13 AM
lltdio.sys 0x8f7b1000 0x8f7c1000 0x00010000 0x4a5bc8ee 7/14/2009 7:53:18 AM
nwifi.sys 0x81205000 0x8124b000 0x00046000 0x4a5bc89f 7/14/2009 7:51:59 AM
ndisuio.sys 0x8124b000 0x8125b000 0x00010000 0x4a5bc90f 7/14/2009 7:53:51 AM
rspndr.sys 0x8125b000 0x8126e000 0x00013000 0x4a5bc8f0 7/14/2009 7:53:20 AM
HTTP.sys 0x8126e000 0x812f3000 0x00085000 0x4a5bbf75 7/14/2009 7:12:53 AM
bowser.sys 0x812f3000 0x8130c000 0x00019000 0x4a5bbfcd 7/14/2009 7:14:21 AM
mpsdrv.sys 0x8130c000 0x8131e000 0x00012000 0x4a5bc8d4 7/14/2009 7:52:52 AM
mrxsmb.sys 0x8131e000 0x81341000 0x00023000 0x4a5bbfd0 7/14/2009 7:14:24 AM
mrxsmb10.sys 0x81341000 0x8137c000 0x0003b000 0x4a5bbfda 7/14/2009 7:14:34 AM
mrxsmb20.sys 0x8137c000 0x81397000 0x0001b000 0x4a5bbfd5 7/14/2009 7:14:29 AM
vwifimp.sys 0x813af000 0x813b8000 0x00009000 0x4a5bc8a9 7/14/2009 7:52:09 AM


I uninstalled the ESET smart security but the problem persists, system restore is unable to restore to previous sessions due perhaps to the infected files and I tried using the startup repair to fix windows startup files. But startup repair didn't find any problem in the startup files. I replaced the "athr.sys" file in c:\windows\system32 to "athr.sys.old" and I was able to reboot the infected acer netbook to its normal mode. I don't know if it resolved the problem regarding the BSOD, so that's why I am posting this thread... Once perhaps the infected files are removed or cured, I will try to update the drivers since maybe they can prevent future BSODs from happening.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:43 PM

Posted 04 August 2012 - 01:50 AM

Post deleted by noknojon as hisuka2001 has a current post in Am I Infected -


Edited by noknojon, 04 August 2012 - 02:03 AM.


#3 Platypus

Platypus

  • Global Moderator
  • 15,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:43 PM

Posted 04 August 2012 - 02:58 AM

Closing this topic for now to avoid confusion and allow the infection to be dealt with. It can be opened again later if the problems described need separate attention once the system is cleared of malware.
Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users