| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 103492 | 2009-09-25 05:36:00 | Virus Problem after update! | JOYBEBA6679 (10686) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 813745 | 2009-09-26 22:48:00 | my GF was trying to find a stream video of a series and she found it on a webpage. (A rogue torrent client? (torrentfreak.com)) Apparently a popup told her that there was an update for the media player so she clicked on OK, the "update started installing and when it finished the tablet just turned off. Knowing that this happened after an "update" of a media player...... Sounds to me more like she's downloaded malware that's overwritten some system files. :2cents::D Do as Wainuitech suggested though. |
feersumendjinn (64) | ||
| 813746 | 2009-09-27 04:07:00 | Ok, I tried that clean boot process but it didnt fixed the problem. I tried it from SAFE mode since thats the pnly mode that the tablet actually boots. When I do the restart part it restarts but gives me the same BSOD again. When I did the system restore (from SAFE mode) I even restored it to 2 weeks before the problem happened and I still got that BSOD. I saw somewhere that apparently this error could also be related to a bad RAM stick. Could this be the problem??? If so, how can I know if its bad since it only has one 1GB stick. |
JOYBEBA6679 (10686) | ||
| 813747 | 2009-09-27 04:14:00 | Normally you would download memtest (www.memtest86.com) and boot from a bootable CD. BUT you dont have a optical drive so that rules that idea out. There is a USB bootable image, but it says from Linux only. So unless you can install memtest and run it from safe mode then I dont know of any other way. Can you run the hijackthis and post a log file back here. It may require a repair install, or a complete install to fix it. Not having any optical drive rules out lots of standard options. Try installing Malwarebytes (http://www.malwarebytes.org/) in safe mode, run it and see if it detects anything. I doubt its the memory, esp since its only turn to custard since the install of that rouge driver. The fact it runs in Safe mode indicates its a driver problem. |
wainuitech (129) | ||
| 813748 | 2009-09-27 04:51:00 | Ok here is the Hijackthis log file. I hope this shows some info on whats bad: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:08 AM, on 9/27/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.atcomet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E} -- End of file - 4656 bytes |
JOYBEBA6679 (10686) | ||
| 813749 | 2009-09-27 04:59:00 | Tick these then tick fix checked Close browsers O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E} |
Speedy Gonzales (78) | ||
| 813750 | 2009-09-27 05:08:00 | Ok, ticked those items, fixe cheked them, then after it fixed the items, I did a restart but it gave me the BSOD again :(. | JOYBEBA6679 (10686) | ||
| 813751 | 2009-09-27 05:10:00 | Whatever it was you installed, see if its in add/remove programs. If it is uninstall it WHAT exactly does the BSOD say? |
Speedy Gonzales (78) | ||
| 813752 | 2009-09-27 05:16:00 | Thanks Speedy :thumbs: Bugger - it doesn't show anything of real concern. OK try this, boot into safe mode, open My Computer, right click your HDD / properties / Tools Tab / On Error check, click check Now, put ticks in both boxes, click Start, you should get a message saying it cant run and do you want to run on next reboot, - select Yes - reboot, hopefully chkdsk will run on reboot, allow it to run (will take a while) dont stop it. This may fix any damaged files (kind of thinking it wont though). If this doesn't work open My Computer right click HDD / Properties, open the Advanced Tab / Under Startup and Recovery, click Settings to open the Startup and Recovery / untick Automatically restart check box, click OK to exit out - reboot, this time when the Laptop reboots and BSOD's there will be an error number, something like 0x0000008 along with a few other wording, post back the complete error message. Do you have a windows XP CD , or does this Laptop have a recovery partition ? EDITED: Please also do the following -- Open hijackthis again, this time select "Open the misc Tools Section", under the Misc Tools Tab there will be a button called "generate Startup List log" when it opens click Yes, this will create a startup list - copy / Paste the complete log back here. |
wainuitech (129) | ||
| 813753 | 2009-09-27 05:24:00 | Ok the BSOD gives me this error: "IQRL_NOT_LESS_OR_EQUAL" then it tells me some information but I could only see the error since I too a photo of the BSOD. It goes away so fast gives no time to actually see what it is. Checked on control pannel for newly installed software but found none. Also, if it was drivers or malware, wasnt it supposed to fix when I did a system restore for a date 2 weeks before the problem? |
JOYBEBA6679 (10686) | ||
| 813754 | 2009-09-27 05:31:00 | Not always, if its a malware infection, then doing a restore can take the bug with it. IF its a file that has changed one of the windows system files, it can mask its self as a legit Windows file. Please reread my last post, I made a few changes to it. |
wainuitech (129) | ||
| 1 2 3 4 | |||||