Windows 7 Blue Screen of Death minidump analysis request

Posted on 2011-10-21
Last Modified: 2012-05-12
Greetings wise wizards of EE:

I'm helping a friend with a Lenovo Thinkpad laptop running Windows 7 Pro 32 bit with an Intel Core I-5 processor and 4 GB of RAM. He believes his machine is infected with a virus, and I tend to agree, as it produces the dreaded Blue Screen of Death when attempting to boot to normal mode, and it will only remain in safe mode for approximately 10 minutes when booting to safe mode before the Blue Screen of Death appears. Thus, normal antivirus scanning from his machine does not appear to be an option.

I pulled his hard drive and connected to one of my healthy PCs via a USB to SATA adapter, so that I can backup his data, and copy the Blue Screen of Death minidump files (found in the C:Windows/Minidump folder). There are dozens of Minidump files generated from the last few days of his troubleshooting, but I just copied the most recent Minidump files from the last three days, which I attach to this inquiry.

My friend's machine is HIGHLY customized, and it would be a royal pain in the neck to reformat & reconstruct it. After his data is backed up, I am planning on scanning his hard drive with antivirus via my healthy PC, in the hopes of disabling the threat from my machine... I've had some limited luck with this technique in the past...

Anyhoo, an analysis of the minidumps and any advice to nuke the threats short of reformatting would be greatly appreciated.

IMany thanks in advance,

Question by:zovoth
    LVL 32

    Accepted Solution

    Faulting module is apsx86.sys which is the ThinkVantage Active Protection System. Since you can't boot into normal mode to uninstall Active Protection, try renaming apsx86.sys to apsx86.old to prevent it from loading while you have hard disk connected to another PC. Then uninstall if you can boot into normal mode.

    Does not appear to be caused by malware but do a scan anyway to be sure.
    LVL 10

    Expert Comment

    by:Arman Khodabande
    I've read that it may be a malware on some sites . . . Or maybe the malware has corupted it . . .
    Anyway scan it . You can use Malwarebytes antimalware. It's free for just scanning.

    You can use "Blue Screen view" to analyze your dump files yourself . . .

    Good luck

    Author Closing Comment

    Greetings willcomp:

    Many thanks for your rapid reply, as well as your analysis of the minidump file... you've pointed out the exact troublesome file, which will help me tackle the issue directly.

    Many thanks and may the wind be at your back,

    LVL 32

    Expert Comment

    You're welcome. Glad to help.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Suggested Solutions

    First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
    The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
    This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
    The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now