Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop repeatedly crashes at startup


  • Please log in to reply
4 replies to this topic

#1 ahamrick

ahamrick

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:50 PM

Posted 12 July 2010 - 01:57 PM

I have a Sony Vaio VGN-NS240E and since the day I bought it, it goes to a blue screen at startup until it eventually is able to boot up. The sony vaio customer service is completely unhelpful. My warranty is up, too. :thumbsup:

I have an Intel Core 2 Duo CPU T6400 @ 2.00 GHz with 3.00 GB RAM on a 32-bit.

So I used the windows debugger program to analyze a minidump file and these are the results. But I have no clue what they mean.


Microsoft Windows Debugger Version 6.12.0002.633 X86
Copyright Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini071210-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18209.x86fre.vistasp2_gdr.100218-0019
Machine Name:
Kernel base = 0x81e4e000 PsLoadedModuleList = 0x81f65c70
Debug session time: Mon Jul 12 13:55:23.312 2010 (UTC - 4:00)
System Uptime: 0 days 4:18:46.603
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {2693a97b, 1b, 0, 81ef8153}

Probably caused by : ntkrpamp.exe ( nt!KiTimerListExpire+1af )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 2693a97b, memory referenced
Arg2: 0000001b, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81ef8153, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 81f85868
Unable to read MiSystemVaType memory at 81f65420
2693a97b

CURRENT_IRQL: 1b

FAULTING_IP:
nt!KiTimerListExpire+1af
81ef8153 668b4302 mov ax,word ptr [ebx+2]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: 81f43b0c -- (.trap 0xffffffff81f43b0c)
ErrCode = 00000000
eax=81f46e90 ebx=2693a979 ecx=81f86b80 edx=00000000 esi=81f4c7e8 edi=ffffffff
eip=81ef8153 esp=81f43b80 ebp=81f43c88 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!KiTimerListExpire+0x1af:
81ef8153 668b4302 mov ax,word ptr [ebx+2] ds:0023:2693a97b=????
Resetting default scope

LAST_CONTROL_TRANSFER: from 81ef8153 to 81e9bfd9

STACK_TEXT:
81f43b0c 81ef8153 badb0d00 00000000 81efe606 nt!KiTrap0E+0x2e1
81f43c88 81ef7ecb 81f43cd0 8df2bb02 81f43cd8 nt!KiTimerListExpire+0x1af
81f43ce8 81ef8635 00000000 00000000 000f2fd7 nt!KiTimerExpiration+0x22a
81f43d50 81ef689d 00000000 0000000e 00000000 nt!KiRetireDpcList+0xba
81f43d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiTimerListExpire+1af
81ef8153 668b4302 mov ax,word ptr [ebx+2]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiTimerListExpire+1af

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d1e08

FAILURE_BUCKET_ID: 0xA_nt!KiTimerListExpire+1af

BUCKET_ID: 0xA_nt!KiTimerListExpire+1af

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 2693a97b, memory referenced
Arg2: 0000001b, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81ef8153, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 81f85868
Unable to read MiSystemVaType memory at 81f65420
2693a97b

CURRENT_IRQL: 1b

FAULTING_IP:
nt!KiTimerListExpire+1af
81ef8153 668b4302 mov ax,word ptr [ebx+2]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: 81f43b0c -- (.trap 0xffffffff81f43b0c)
ErrCode = 00000000
eax=81f46e90 ebx=2693a979 ecx=81f86b80 edx=00000000 esi=81f4c7e8 edi=ffffffff
eip=81ef8153 esp=81f43b80 ebp=81f43c88 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!KiTimerListExpire+0x1af:
81ef8153 668b4302 mov ax,word ptr [ebx+2] ds:0023:2693a97b=????
Resetting default scope

LAST_CONTROL_TRANSFER: from 81ef8153 to 81e9bfd9

STACK_TEXT:
81f43b0c 81ef8153 badb0d00 00000000 81efe606 nt!KiTrap0E+0x2e1
81f43c88 81ef7ecb 81f43cd0 8df2bb02 81f43cd8 nt!KiTimerListExpire+0x1af
81f43ce8 81ef8635 00000000 00000000 000f2fd7 nt!KiTimerExpiration+0x22a
81f43d50 81ef689d 00000000 0000000e 00000000 nt!KiRetireDpcList+0xba
81f43d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiTimerListExpire+1af
81ef8153 668b4302 mov ax,word ptr [ebx+2]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiTimerListExpire+1af

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d1e08

FAILURE_BUCKET_ID: 0xA_nt!KiTimerListExpire+1af

BUCKET_ID: 0xA_nt!KiTimerListExpire+1af

Followup: MachineOwner
---------




I just wanna fix my laptop.. :flowers:

BTW I am running on windows vista home premium... and I have service pack 2 installed.

Edit: Moved topic from Vista to the more appropriate forum, at the recommendation of an Advisor. ~ Animal

Edited by Animal, 12 July 2010 - 06:09 PM.


BC AdBot (Login to Remove)

 


#2 ahamrick

ahamrick
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:50 PM

Posted 12 July 2010 - 02:08 PM

here is a second minidump file from today...



Microsoft ® Windows Debugger Version 6.12.0002.633 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini071210-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18209.x86fre.vistasp2_gdr.100218-0019
Machine Name:
Kernel base = 0x81e33000 PsLoadedModuleList = 0x81f4ac70
Debug session time: Mon Jul 12 13:59:18.276 2010 (UTC - 4:00)
System Uptime: 0 days 0:03:03.870
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c000001d, 96ac8d9c, ae0f9c70, 0}

Probably caused by : hardware ( win32k!_GetDCEx+5ac )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c000001d, The exception code that was not handled
Arg2: 96ac8d9c, The address that the exception occurred at
Arg3: ae0f9c70, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'xaudio' and 'parport.sys' overlap

EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.

FAULTING_IP:
win32k!_GetDCEx+5ac
96ac8d9c ff ???

TRAP_FRAME: ae0f9c70 -- (.trap 0xffffffffae0f9c70)
ErrCode = 00000000
eax=fe600608 ebx=00000000 ecx=ae0f9f81 edx=00000f31 esi=fe568078 edi=fe600608
eip=96ac8d9c esp=ae0f9ce4 ebp=ae0f9d10 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
win32k!_GetDCEx+0x5ac:
96ac8d9c ff ???
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: avgui.exe

CURRENT_IRQL: 0

MISALIGNED_IP:
win32k!_GetDCEx+5ac
96ac8d9c ff ???

LAST_CONTROL_TRANSFER: from 96ac6062 to 96ac8d9c

FAILED_INSTRUCTION_ADDRESS:
win32k!_GetDCEx+5ac
96ac8d9c ff ???

STACK_TEXT:
ae0f9d10 96ac6062 fe600608 00000000 00004003 win32k!_GetDCEx+0x5ac
ae0f9d24 96ac60e2 00000000 00000000 0012ee44 win32k!_GetDC+0x35
ae0f9d38 81e7dc7a 00000000 0012eec4 77905e74 win32k!NtUserGetDC+0x77
ae0f9d38 77905e74 00000000 0012eec4 77905e74 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012eec4 00000000 00000000 00000000 00000000 0x77905e74


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!_GetDCEx+5ac
96ac8d9c ff ???

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!_GetDCEx+5ac

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: hardware

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: hardware

FAILURE_BUCKET_ID: IP_MISALIGNED

BUCKET_ID: IP_MISALIGNED

Followup: MachineOwner
---------

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:50 PM

Posted 12 July 2010 - 04:15 PM

Your second dump refers to AVG can you remove it and possibly reinstall it?

Could also be a sign of an infection.

#4 ahamrick

ahamrick
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:50 PM

Posted 12 July 2010 - 05:10 PM

Your second dump refers to AVG can you remove it and possibly reinstall it?

Could also be a sign of an infection.


AVG is now removed and reinstalled..

and I have another minidump file.



Microsoft ® Windows Debugger Version 6.12.0002.633 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini071210-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18209.x86fre.vistasp2_gdr.100218-0019
Machine Name:
Kernel base = 0x81e1c000 PsLoadedModuleList = 0x81f33c70
Debug session time: Mon Jul 12 17:46:47.725 2010 (UTC - 4:00)
System Uptime: 0 days 0:00:16.319
Loading Kernel Symbols
...................................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {c0000005, 82ee276d, 8ab5b5dc, 8ab5b2d8}

Probably caused by : ndis.sys ( ndis!NdisReadConfiguration+c8 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82ee276d, The address that the exception occurred at
Arg3: 8ab5b5dc, Exception Record Address
Arg4: 8ab5b2d8, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
ndis!NdisReadConfiguration+c8
82ee276d 8b4608 mov eax,dword ptr [esi+8]

EXCEPTION_RECORD: 8ab5b5dc -- (.exr 0xffffffff8ab5b5dc)
ExceptionAddress: 82ee276d (ndis!NdisReadConfiguration+0x000000c8)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 30a8854a
Attempt to read from address 30a8854a

CONTEXT: 8ab5b2d8 -- (.cxr 0xffffffff8ab5b2d8)
eax=00000000 ebx=8204a841 ecx=82e4187c edx=82e41990 esi=30a88542 edi=00000003
eip=82ee276d esp=8ab5b6a4 ebp=8ab5b718 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210246
ndis!NdisReadConfiguration+0xc8:
82ee276d 8b4608 mov eax,dword ptr [esi+8] ds:0023:30a8854a=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 30a8854a

READ_ADDRESS: GetPointerFromAddress: unable to read from 81f53868
Unable to read MiSystemVaType memory at 81f33420
30a8854a

FOLLOWUP_IP:
ndis!NdisReadConfiguration+c8
82ee276d 8b4608 mov eax,dword ptr [esi+8]

BUGCHECK_STR: 0x7E

LOCK_ADDRESS: 81f50600 -- (!locks 81f50600)

Resource @ nt!PiEngineLock (0x81f50600) Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE:
Lock address : 0x81f50600
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0

LAST_CONTROL_TRANSFER: from 82ecdae8 to 82ee276d

STACK_TEXT:
8ab5b718 82ecdae8 8ab5b75c 8ab5b750 30a88542 ndis!NdisReadConfiguration+0xc8
8ab5b754 82eea525 c0000001 81f09005 00000000 ndis!ndisReadOffloadRegistry+0x33e
8ab5b7f8 82ee9c62 854196c8 86e9b438 86e9bf0c ndis!ndisInitializeConfiguration+0x599
8ab5b8cc 82ee95cc 85419818 8ab5b908 8542e578 ndis!ndisAddDevice+0x587
8ab5b9d0 81e2825b 85419818 8542e578 8542f8b0 ndis!ndisPnPAddDevice+0x572
8ab5b9ec 81f7f654 85419818 82ee905a 00000004 nt!PpvUtilCallAddDevice+0x19
8ab5ba14 81f7e66c 85419818 82ee905a 00000002 nt!PnpCallAddDevice+0x7e
8ab5baf0 81f7da27 02000000 00000000 81f4e550 nt!PipCallDriverAddDevice+0x477
8ab5bcec 81e28764 846abea8 867cae70 8ab5bd38 nt!PipProcessDevNodeTree+0x15c
8ab5bd44 81ec1e22 00000000 00000000 846a5828 nt!PnpDeviceActionWorker+0x229
8ab5bd7c 81ff1c42 00000000 eb2ad7ab 00000000 nt!ExpWorkerThread+0xfd
8ab5bdc0 81e5af4e 81ec1d25 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: ndis!NdisReadConfiguration+c8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ndis

IMAGE_NAME: ndis.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49e02080

STACK_COMMAND: .cxr 0xffffffff8ab5b2d8 ; kb

FAILURE_BUCKET_ID: 0x7E_ndis!NdisReadConfiguration+c8

BUCKET_ID: 0x7E_ndis!NdisReadConfiguration+c8

Followup: MachineOwner
---------

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:50 PM

Posted 12 July 2010 - 11:53 PM

Can you perform the following:

Download the following:

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


Make sure you run full scans of MBAM and SAS, and make sure they are updated. It seems to me like you are getting false positives, but to be sure Id like to see the scans.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users