BSOD crash

Discussion in 'Software' started by spreasgeet, Nov 3, 2010.

  1. spreasgeet

    spreasgeet Private E-2

    New member here, so I hope I'm posting this in the right place...

    My cousin's computer gets a BSOD crash when trying to log in to Windows. The login screen comes up fine, but it crashes after logging in. I'm able to start it up in safe mode just fine.

    I debugged the mindump file and found the probable cause to be
    zvpjwsdutwt1.sys
    I can't find this file when I search the computer though. I have run out of my limited expertise and don't know what else to try, so I'm hoping someone on here can point me in the right direction.

    I've attached (hopefully) the results of debugging the .dmp file.

    I'm not above reformatting and starting from scratch, but at the moment I don't have an operating system to put back on it. Besides, it would be better if I could just fix the problem, if only for my own enrichment.

    Thanks in advance.
     

    Attached Files:

  2. FED UP

    FED UP MajorGeek

    Interesting. Google shows absolutely nothing about zvpjwsdutwt1.sys . I'll be lurking this thread for sure.
     
  3. rustyjack

    rustyjack MajorGeek

  4. rustyjack

    rustyjack MajorGeek

    P.S Have you looked into hidden files and folders to see if you can find this zvpjwsdutwt1.sys, also would be a good idea if you let us know what OS your running, i:e XP, Vista, Win7 ! :major
     
  5. spreasgeet

    spreasgeet Private E-2

    Yes I checked hidden files and folders as well. I even did a generic *.sys search (in case I made a typo) and nothing came up that was even close.

    She's running XP home, 1GB ram, Intel Atom 1.6 GHz processor.

    Also, she said that right before her computer started having this problem, *something* automatically downloaded FLVtube player. I removed it, but to no avail.

    I'll repost the logs when I get done running all the cleanup and anti-malware.
     
  6. spreasgeet

    spreasgeet Private E-2

    I can't get internet on the computer so I had to download all the setups on my computer, throw them on a memory stick and transfer them to my cousins computer.

    I couldn't install SUPERAntiSpyware. I get the error "File copy error, aborting installation." To be sure the file was OK, I installed it on my computer and it went smoothly there. I also tried renaming it SAS.exe, but no luck there either.

    MalwareBytes Anti-Malware went fine.

    Root Repeal went fine, though I accidentally ran it before ComboFix, if the order on http://forums.majorgeeks.com/showthread.php?t=208809 was important.

    SHORT VERSION OF THE FOLLOWING PARAGRAPH:
    For some reason ComboFix ran in Chinese. I don't speak Chinese, so I made assumptions about the dialogue boxes as best I could.

    When I try and run ComboFix, I get a message saying "Windows cannot find 'grpconv'." Then it appears to start but its in Chinese. This computer was a display model at the store when my cousin bought it and at some point someone installed Chinese language support. A few other programs on the computer when I got ahold of it were in Chinese as well. English is selected on the language bar though. Seeing as I don't read Chinese, I just clicked 'Yes' in the diaogue box, which appeared to be the terms agreement, and it started, but kept spitting out Chinese characters. At one point I got the dialogue box that I assume said I needed to download the Microsoft Recovery Console, but at the time I was in safe mode with no networking, so ComboFix errored out. I rebooted into safe mode with networking, plugged it in, and restarted ComboFix. I got a dialogue box with 'Yes' and 'No' buttons, so I assumed it was asking if I wanted to resume. I clicked 'Yes' and ComboFix seemed to restart from where it left off, with a progress bar. After a time, the dialogue box I assume to be the terms agreement came up again, so I clicked 'Yes' and ComboFix appears to have started like normal. A couple more dialogue boxes and it errored. I clicked 'OK' and it continued.

    At one point I got a notification saying "Rootkit - TDL3 is detected. Please be patient as this may take some moments." I clicked 'OK' and a few minutes later a dialogue box came up, in Chinese, with only 'OK', so I clicked it and the computer rebooted.

    All this happened before it got to "Completed Stage_xx" notifications.

    After the reboot I re-ran ComboFix, got the rootkit notification again, didn't click 'OK' this time, and again got the dialogue box that reboots the computer.

    This time it went all the way through stage 50, and started finding and recovering infected files. It found an infection in the winlogon file and seemed to be trying to recover it last time I checked it, then it rebooted.

    Again, restarted ComboFix, and this time while going through the stages, i got a windows notice that "PEV.exe has encountered a problem and needs to close." ComboFix was still running in the background. Then again, sometime after completing stage 50, but before finishing and creating a log file, it rebooted.

    At this point I gave up on ComboFix.

    I apologize for the novella, but since it was in Chinese and I couldn't be entirely sure what was going on, I figured it would be better to report everything I did in case it might help in some way.

    I uploaded the logs of the 3 scans that worked.
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds