PDA

View Full Version : Virus Problem after update!



JOYBEBA6679
25-09-2009, 05:36 PM
Hi to all. Ok I have a huge problem. I installed what I though was an update for one of my video softwares and apparently it was a virus. Now my laptop turns off by it self and if I try to turn it on it gives me options to boot, like boot on SAFE mode and stuff but no matter which option I take the laptop just turns off again.

My laptop is a Toshiba tablet Portege with Windows XP sp 2, 1GB ram. It has avast antivirus home installed, malwarebytes and spyware terminator but since I cant get it to boot not even in SAFE mode then I would like to know if anyone here knows what to do.

Thanks in advance!!

wainuitech
25-09-2009, 05:46 PM
Sure its a Virus ?? could be some bad drivers - can you boot to the menu and select last known good configuration. ?? If it were a virus - i'm a little surprised Avast didn't detect it ???

Other wise you can try downloading a stand alone antivirus and make a bootable CD - Several to try (http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/) - dont use these as I would remove the HDD and slave to another PC and do a scan that way.

Edited: also found This one and review (http://www.raymond.cc/blog/archives/2008/11/15/free-drweb-livecd-to-scan-and-remove-virus-without-starting-windows/) - download at end of review.

JOYBEBA6679
25-09-2009, 05:51 PM
Well none of the boot options work, either safe mode or last known good configuration, every configuration just turns the laptop off.

wainuitech
25-09-2009, 05:56 PM
Download one of the bootable CD's I linked in post # 2 - and see if that picks up anything - OR remove the HDD from the laptop, slave to another PC (you'll need an adapter, or external case)

JOYBEBA6679
25-09-2009, 06:23 PM
Oops I forgot the laptop does not have a cd bay. And that slave part should be the last resort.

wainuitech
25-09-2009, 08:47 PM
NO Optical Drive -- Geeees that just about writes off most repairs unless you have a bootable USB drive.

How do you load in software thats normally On CD ?

JOYBEBA6679
25-09-2009, 08:57 PM
Well I've managed to make a USB pen drive I have bootable, the problem now is that no function key works on this tablet. I managed to the manual for it and it says I should press F12 then arrow keys to move to bootable options but it doesnt let me do a thing...

wainuitech
25-09-2009, 10:25 PM
Nothing like a challenge :D OK since you dont have a optical Drive -

make a bootable USB drive - follow the instructions here (http://www.megaleecher.net/Bootable_Kaspersky_Rescue_Disk).

Never used this as I would normally have a optical drive or slave it.

I actually suspect its not a Virus, if it is, it must be a damn good one to disable all function keys even before it boots the OS.

IF its not a virus, then we will need to look at something else.

Once again I would use a CD, but try the bootable Antivirus from USB drive first.

JOYBEBA6679
27-09-2009, 05:20 AM
Hi to all again. well I have a bit more of information on this problem. What actually happened was that my GF was trying to find a stream video of a series and she found it on a webpage. Apparently a popup told her that there was an update for the media player so she clicked on OK, the "update started installing and when it finished the tablet just turned off.

When I try to turn it on it takes me to the booting options screen (safe mode, last knows config etc..) and if I select start windows normally or last known configuration the windows logo with the loading appears for a second, then a blue screen of death comes up and the tablet shuts down inmediatelly leaving almost no time to see what the BSOD says.

I took a photo of this screen and it gives me this error: "IQRL_NOT_LESS_OR_EQUAL" and some more text.

I managed to make the tablet boot on SAFE mode and tried a system restore but it resolved nothing. then I ran avast antivir and it gave me 0 infected files so its not a virus.

Now I suspect its a bad driver. Knowing that this happened after an "update" of a media player. How can I know which driver is bad so I can either update it or roll back it?? Thanks in advance!!!!!

wainuitech
27-09-2009, 10:07 AM
Sounds like a driver problem for sure. You can try doing a Clean Boot (http://www.pctechguide.com/tutorials/CleanBoot_Boot.htm) - that should work - also (important part) download and run Hijackthis (http://free.antivirus.com/hijackthis/) - do a scan / save a report, post the complete report back here. Hopefully we can see whats loading / causing the problem.

When you did a restore , did it actually run OK, as that should have taken the laptop back to before the drivers were installed, have you tried a restore point further back ?

BTW - there is a way to run restore if the laptop wont boot into safe mode & without an optical drive, a bit long winded, but it does work.

feersumendjinn
27-09-2009, 11:48 AM
my GF was trying to find a stream video of a series and she found it on a webpage. (A rogue torrent client? (http://torrentfreak.com/bittorrent-malware-spreads-to-media-players/)) Apparently a popup told her that there was an update for the media player so she clicked on OK, the "update started installing and when it finished the tablet just turned off.

Knowing that this happened after an "update" of a media player......
Sounds to me more like she's downloaded malware that's overwritten some system files. :2cents::D
Do as Wainuitech suggested though.

JOYBEBA6679
27-09-2009, 05:07 PM
Ok, I tried that clean boot process but it didnt fixed the problem. I tried it from SAFE mode since thats the pnly mode that the tablet actually boots. When I do the restart part it restarts but gives me the same BSOD again.

When I did the system restore (from SAFE mode) I even restored it to 2 weeks before the problem happened and I still got that BSOD.

I saw somewhere that apparently this error could also be related to a bad RAM stick. Could this be the problem??? If so, how can I know if its bad since it only has one 1GB stick.

wainuitech
27-09-2009, 05:14 PM
Normally you would download memtest (http://www.memtest86.com/download.html) and boot from a bootable CD.

BUT you dont have a optical drive so that rules that idea out.
There is a USB bootable image, but it says from Linux only.

So unless you can install memtest and run it from safe mode then I dont know of any other way.

Can you run the hijackthis and post a log file back here.

It may require a repair install, or a complete install to fix it. Not having any optical drive rules out lots of standard options.

Try installing Malwarebytes (http://www.malwarebytes.org/) in safe mode, run it and see if it detects anything.

I doubt its the memory, esp since its only turn to custard since the install of that rouge driver. The fact it runs in Safe mode indicates its a driver problem.

JOYBEBA6679
27-09-2009, 05:51 PM
Ok here is the Hijackthis log file. I hope this shows some info on whats bad:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:08 AM, on 9/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 4656 bytes

Speedy Gonzales
27-09-2009, 05:59 PM
Tick these then tick fix checked

Close browsers

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

JOYBEBA6679
27-09-2009, 06:08 PM
Ok, ticked those items, fixe cheked them, then after it fixed the items, I did a restart but it gave me the BSOD again :(.

Speedy Gonzales
27-09-2009, 06:10 PM
Whatever it was you installed, see if its in add/remove programs. If it is uninstall it

WHAT exactly does the BSOD say?

wainuitech
27-09-2009, 06:16 PM
Thanks Speedy :thumbs:

Bugger - it doesn't show anything of real concern.

OK try this, boot into safe mode, open My Computer, right click your HDD / properties / Tools Tab / On Error check, click check Now, put ticks in both boxes, click Start, you should get a message saying it cant run and do you want to run on next reboot, - select Yes - reboot, hopefully chkdsk will run on reboot, allow it to run (will take a while) dont stop it.

This may fix any damaged files (kind of thinking it wont though).

If this doesn't work open My Computer right click HDD / Properties, open the Advanced Tab / Under Startup and Recovery, click Settings to open the Startup and Recovery / untick Automatically restart check box, click OK to exit out - reboot, this time when the Laptop reboots and BSOD's there will be an error number, something like 0x0000008 along with a few other wording, post back the complete error message.

Do you have a windows XP CD , or does this Laptop have a recovery partition ?

EDITED: Please also do the following -- Open hijackthis again, this time select "Open the misc Tools Section", under the Misc Tools Tab there will be a button called "generate Startup List log" when it opens click Yes, this will create a startup list - copy / Paste the complete log back here.

JOYBEBA6679
27-09-2009, 06:24 PM
Ok the BSOD gives me this error: "IQRL_NOT_LESS_OR_EQUAL" then it tells me some information but I could only see the error since I too a photo of the BSOD. It goes away so fast gives no time to actually see what it is.

Checked on control pannel for newly installed software but found none. Also, if it was drivers or malware, wasnt it supposed to fix when I did a system restore for a date 2 weeks before the problem?

wainuitech
27-09-2009, 06:31 PM
Not always, if its a malware infection, then doing a restore can take the bug with it.
IF its a file that has changed one of the windows system files, it can mask its self as a legit Windows file.

Please reread my last post, I made a few changes to it.

Blam
27-09-2009, 06:46 PM
Ok the BSOD gives me this error: "IQRL_NOT_LESS_OR_EQUAL" then it tells me some information but I could only see the error since I too a photo of the BSOD. It goes away so fast gives no time to actually see what it is.

Checked on control pannel for newly installed software but found none. Also, if it was drivers or malware, wasnt it supposed to fix when I did a system restore for a date 2 weeks before the problem?

Right Click My Computer>Properties>Advanced>Under Startup and recovery select "Settings">Untick Auto restart.

The PC won't restart straight after the BSOD now, so you can note down some more info, such as the driver/file name

wainuitech
27-09-2009, 06:48 PM
Bit slow blam :p Already suggested that in post 18 :)

JOYBEBA6679
27-09-2009, 06:48 PM
Ok, first option didnt work as it gave me the BSOD before chkdsk could run. So I tried second option and the error number it gives me is:

STOP: 0x0000000A (0x00000000,0x00000002,0x00000001,0x804DC11D)

Mesage says: Check to make sure any new hardware or software is properly installed.
If problem continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing.

And after those instructions just gives me that error number I mention before. I will post the starup log in a min.

JOYBEBA6679
27-09-2009, 07:01 PM
This is the startup log hijackthis gave me:

StartupList report, 9/27/2009, 1:30:46 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.17184)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\INKSCR~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

0aMCPClient: *Registry key not found*
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 4,530 bytes
Report generated in 0.381 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Blam
27-09-2009, 07:01 PM
Follow the instructions here:
http://www.bay-wolf.com/usbmemstick.htm

Then download "Pre-Compiled EXE file for USB Key (Pure DOS)" from here:
http://www.memtest.org/#downiso

Takes around 5-10mins

Then boot from the USB and perform the memory test

Blam

Speedy Gonzales
27-09-2009, 07:08 PM
Looks like that exact stop error is a common one. Some sites way it is a driver (it maybe hidden in device manager). Or ram. Go to device manager / view / show hidden devices. Look for any entries with a X or !. Tell us what it is

JOYBEBA6679
27-09-2009, 07:16 PM
Ok there is a network adapter with a red X called Intel PRO/100 VE Network Connection and there is also a hidden driver with a yellow ! called sptd, if I right click it and choose properties it says device type: non-plug and play drivers, manufacturer and location are unknown, Device status says: This device is not present, is not working properly or does not have all its drivers installed (code 24). On start up type it says boot. status stopped.

Speedy Gonzales
27-09-2009, 07:21 PM
Was daemon tools or alcohol installed on this previously?? If they were, (doesnt look like theyre installed now), delete that entry, then reboot

JOYBEBA6679
27-09-2009, 07:42 PM
By delete that entry you mean right click the sptd driver and click uninstall on the device manager? then reboot?

BTW, a daemon tools lite appears installed on the laptop, but doesnt appear on the add remove list, it has an uninstall option, do I uninstall that too?

Speedy Gonzales
27-09-2009, 07:43 PM
Yup or press the delete key

JOYBEBA6679
27-09-2009, 08:02 PM
Ok, well I deleted that driver then did a reboot but the problem is still there. Same BSOD after reboot.

Edit: If I try to boot it on SAFE mode after some command lines there is an option that says: Press ESC to prevent SPTD.SYS to be loaded. If I dont press esc SAFE mode also gives me that BSOD if I press esc preventing that sys to load then it boots into safe mode.

wainuitech
27-09-2009, 08:07 PM
Do you have the Windows XP CD ?

You may need to do a repair install of the OS.

Did you also manage to try the memory test as posted by blam #25

JOYBEBA6679
27-09-2009, 08:08 PM
Well no I dont have that CD since I bought this laptop used and it only came with what was installed. I am going to try that memory test in a min.

Speedy Gonzales
27-09-2009, 08:27 PM
Go to start/run type services.msc. See if there's a sptd service. If there is disable it. If daemontools was on this, did you uninstall it (not delete its folder)

JOYBEBA6679
27-09-2009, 08:43 PM
Tried that services option but I dont see a service called sptd there. Also, does the bootable usb work on a sandisk cruzer micro? It has installed that U3 launcher and after I format it with the tool to make it bootable the drive is empty but the U3 drive is still there.

Speedy Gonzales
27-09-2009, 08:47 PM
Also, does the bootable usb work on a sandisk cruzer micro? It has installed that U3 launcher and after I format it with the tool to make it bootable the drive is empty but the U3 drive is still there.

Yup it should work, I use a 1GB cruzer here. You could get one of the files off bootdisk.com. But you may need a floppy to extract the images to. Then you need to copy the files from it to the USB flash drive. Then boot from it (change the bootdisk in the BIOS to it first). Altho it may or may not boot from it. This depends on whether the BIOS supports booting from USB devices

JOYBEBA6679
27-09-2009, 09:10 PM
Well I was looking at the booting options on the net since the icons dont say much, and aparently this machine does not boot from USB pen drives, but it does from SD cards since it has a slot for them. Is there tut to make the card bootable, is it the same tut for USB aplied to the SD card?

Speedy Gonzales
27-09-2009, 09:23 PM
Might work, I could check your system out, if you get teamviewer. Install it then run it. All you have to do, is PM the ID and password to me. If normal windows doesnt work, boot into safe mode / networking

JOYBEBA6679
29-09-2009, 04:51 AM
Well actually thats the problem, normal windows does not boot, and if I choose any of the safe modes I have to press esc before the sptd.sys is loaded, tho I just deleted that sptd driver and daemon from the system. But as soon as I get my hands on that laptop again ill do what you say, maybe ull find what the problem is.

Speedy Gonzales
10-10-2009, 05:44 PM
This has now been fixed, it was infected with a worm, probably this (http://www.sophos.com/security/analyses/viruses-and-spyware/w32sillyfdcbr.html), and it infected the USB flash drives. And it was infected with an IRC backdoor, and another trojan. And sptd.sys kept crashing (probably daemontools stuffing it up, even tho it wasnt installed). So, I deleted it. Removed Veohplayer, some knowledge thing, some other media player, Pronto something. Seems to be working now ! Malwarebytes picked up and removed 12 of the infections