Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Doesn't Work!


  • This topic is locked This topic is locked
44 replies to this topic

#1 Rey22

Rey22

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 09 July 2010 - 09:11 PM

Nothing works. When I click on any icon it pops up the "which program do you want to use to open this file", even after that nothing works. I tried to follow guidelines provided by someone, but I can't even open a downloaded program from a usb. It's completely non-usable. Need some help.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 12 July 2010 - 06:50 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Can you boot into safe mode?

Do you have access to a working PC?
Posted Image
m0le is a proud member of UNITE

#3 Rey22

Rey22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 12 July 2010 - 07:59 PM

Yes I can get into Safe Mode.
Yes I have another working computer.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 13 July 2010 - 05:58 PM

Can you explain how the PC got to this state?

Was there a definite malware attack or something else?

In the meantime please do the following on the other PC:
  • Download OTLPE Network from either location and save it to your desktop:

    http://oldtimer.geekstogo.com/OTLPENet.exe
    http://ottools.noahdfear.net/OTLPENet.exe

  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPENet Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click to start the burn process
  • You will see a dialog "Operation successfully completed"
Hold on to this disk. smile.gif
Posted Image
m0le is a proud member of UNITE

#5 Rey22

Rey22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 July 2010 - 07:50 PM

My sister was using it to download music, and apparently she didn't update the virus protector or may have turned it off entirely. Next thing nothing works. If I click on any program all that pops up is the little window that asks "which program would you like to use to open this file" with a list of the programs but even clicking on those leads nowhere. So I'm not sure exactly what that is, but it doesn't allow anything to work on the laptop.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 13 July 2010 - 07:54 PM

That certainly sounds like malware.

When you have burnt the CD above do the following:

Please do this......
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first

    Note : For information click here

  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Copy and Paste the following code into the textbox. Do not include the word "Code"

    Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Push
  • When finished, the file will be saved in drive C:\OTL.txt
  • Please post the contents of the C:\OTL.txt file in your next reply.
  • Copy this file to your USB drive if you do not have an internet connection.

Posted Image
m0le is a proud member of UNITE

#7 Rey22

Rey22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 16 July 2010 - 11:24 PM

The computer is not displaying the removable drive (usb). It just shows Ramdisk (B:), local disk (C:) and CD drive. To connect the computer to a wired connection, I'm going to have to restart it and thus restart this process. Is there a reason for the removable drive not to show up, or should I just continue with the second option ?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 18 July 2010 - 03:42 PM

I am now under the instructions that the OTLPE program is now out of bounds and we can't continue with it.

Please download ARCDC from Artellos.com.
  • Double click
  • Follow the dialog until you see 6 options. Please pick the correct option for your operating system (let me know
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.

Please let me know when you have done this. smile.gif
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 20 July 2010 - 07:00 PM

You still there, Rey22?
Posted Image
m0le is a proud member of UNITE

#10 Rey22

Rey22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 20 July 2010 - 08:27 PM

Yes I just burned the CD. Should I put it in the bad computer?

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 21 July 2010 - 03:01 PM

Yes, boot it as below:


1. Insert the Recovery Disk into the drive and then restart the computer.

Note:Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.

2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

Note:If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.

3. When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.

4. At the Recovery Console command prompt, type the following then press Enter:

chkdsk /r

5. Allow this to run UNDISTURBED until completed (45 min or so)

6. Report any errors
Posted Image
m0le is a proud member of UNITE

#12 Rey22

Rey22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 21 July 2010 - 10:50 PM

I've put the cd in, and restarted it using the CD drive, but it stops at a black page with a single white tab at the left corner, right after I choose the CD drive. It did this before too, but would eventually move on, but it is staying at this screen now. I've tried a number of times.

Is there a way to manually open the program once windows starts normally, like double clicking on the CD Drive, and choosing one of those files?

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 22 July 2010 - 07:29 PM

I think we'll return to the recovery disk idea as I have a few other thoughts on this.

Please download this program from a clean PC and transfer the file to the infected PC's desktop whilst in safe mode. Then run it as instructed.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#14 Rey22

Rey22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 22 July 2010 - 10:35 PM

I put combofix on a usb and onto the desktop of the non working computer, whilst in safe mode, but it still won't allow the program to run. I click on it, and the same message pops up saying "which program do you want to choose to run this", then doing nothing after really.. would it be any different if it were on a cd?

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 AM

Posted 23 July 2010 - 04:19 PM

No, this isn't going to work.

What operating system are you running?


Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users