Inactive 8-step malware/rootkit removal help, logs included

Status
Not open for further replies.

Jarick

Posts: 22   +0
I've been experiencing problems with a "0.exe" trojan, and need help removing it. I have followed the steps from the 8-step removal guide, and have attached the logs. I use Bitdefender total security 2010 for anti-virus.
 

Attachments

  • DDS.txt
    23.3 KB · Views: 1
  • Attach.txt
    21.4 KB · Views: 0
  • gmer.log
    28.9 KB · Views: 2
  • mbam-log-2010-08-23 (08-26-52).txt
    906 bytes · Views: 3
Welcome aboard
yahooo.gif


Please, re-run DDS in normal mode and post both logs.

Then....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thank you,
all new requested logs are attached
 

Attachments

  • DDS.txt
    22 KB · Views: 2
  • Attach.txt
    21.1 KB · Views: 0
  • MBRCheck_08.23.10_21.54.42.txt
    12 KB · Views: 2
  • ComboFix.txt
    37.5 KB · Views: 1
MBRCheck log looks good :)

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=======================================================================

Any reason, you didn't allow Combofix to install recovery console?
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Please, re-run Combofix and allow recovery console installation.
Post fresh Combofix log.

Bed time for me though :)
 
Viewpoint must have installed with AOL a couple of years ago. I couldnt find any Viewpoint programs in the add/remove programs list..... but there is a Viewpoint folder in my program files, but wont let me delete it.

When I ran Combofix, after the green bar finished a window popped up saying wrong OS? I have genuine Windows XP Home edition. Combofix then continued to start, reboot, and when it tried updating the recovery console it said I wasnt connected to the internet(even though I am connected via ethernet cable to my router which is working perfectly) so I disconnected then reconnected the cable and it still said it couldnt access the internet and continued with the scan. I will retry and post the new log if it hopefully works.

Good night, thank you, and I will be looking forward to your next reply :)
 
Ran Combofix again and everything went perfect :) new log attached
 

Attachments

  • ComboFix.txt
    34.5 KB · Views: 1
Looks good :)

How is computer doing?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

========================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
BitDefender is still showing alerts about "0.exe" and it says that 0.exe is trying to open a random .txt file in "C:\WINDOWS\temp" under different names each time (1354750.txt and 1426515.txt were the latest). Also a RunDLL error window will pop up after bitdefender blocks it saying the .txt couldnt be found.

Besides that, the computer does seem faster and programs(such as firefox) are launching faster.

Logs will follow
 
Sorry, but the logs are too long to post, they are attached.
 

Attachments

  • OTL.Txt
    184.4 KB · Views: 2
  • Extras.Txt
    61.2 KB · Views: 1
Does BD show any location of 0.exe file?

=========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\SHERYL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SHERYL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\SHERYL~1\LOCALS~1\Temp\adxapie.sys -- (adxapie)
    DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
    SRV - [2008/04/13 17:11:54 | 023,275,520 | R-S- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\Rpcqt.dll -- (RPCQT) Remote Procedure Call (CQTPM)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX28.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444223240000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: RaptisoftGameLoader http://www.miniclip.com/haphazard/raptisoftgameloader.cab (Reg Error: Key error.)
    NetSvcs: RPCQT - C:\WINDOWS\SYSTEM32\Rpcqt.dll (Lavasoft                                                                                                                                                                                                                                                                                                    )
    NetSvcs: RPCQT - C:\WINDOWS\SYSTEM32\Rpcqt.dll (Lavasoft                                                                                                                                                                                                                                                                                                    )
    [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_unmip.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_histprot.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
    [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
    [2010/08/16 11:47:30 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
    [2010/04/20 16:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/05/18 21:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheryl-Jo\Application Data\Uniblue
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sheryl-Jo\Desktop\Warcraft II.PIF:SummaryInformation
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
    
    
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\Viewpoint
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Ran the fix, OTL stopped responding, rebooted, ran again and fix went through, rebooted (windows is only able to do classic windows display, not XP "blue") and ran quick scan. The computer isnt connecting to the internet now (using laptop for this post), all the cables are connected properly, but programs (Internet Explorer, Firefox, BD, MB, etc.) arent able to connect. I put the logs on a flash drive so they could be uploaded from laptop.
 

Attachments

  • 08242010_150656.log
    25.4 KB · Views: 1
  • OTL.Txt
    144.5 KB · Views: 1
1. Click Start>Run (Start>"Start search" in Vista).

2. Type in (or copy and paste):

cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

and press Enter.

3. Notepad will open.

4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
 
Try some basic steps....

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.
 
Nothing worked except for DAF, it fixed the other Windows problems, but desktop is still unable to connect to the internet.
 
Reinstalled the driver, no good, "network connections" in control panel is blank.

I have all of the disc that came with the computer through dell.
 
Hmmm....this is weird.

I think we don't have much of a choice, but try to use system restore point.
It may bring some infection back, but I don't see any other option.
We'll have to re-run some scans.
Go ahead with system restore and let me know what's going on.
 
When I try to start System Restore, a window pops up saying "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again." After multiple restarts, it still wont start. I went into the recovery console option created by recent update from Combofix, didnt know how to work it :/
 
Don't rush anything...

First, try system restore from Safe Mode.

If that doesn't work, here is how to use system restore from recovery console....
Since you already know how to get to recovery console, skip couple of steps from my manual listed below (start with step 4)


If you have Windows XP CD... (if you don't have Windows CD, scroll down)

1. Boot from the CD.
2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R:

xp_src_welcome.gif


3. You'll find yourself at this screen:

xp_src_console.gif


4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

6. This will bring you to a prompt that says:

C:\WINDOWS>

7. Type:

cd \

Press Enter

Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

8. The prompt should now say:

C:\>

9. Type:

cd system~1\_resto~1

Press Enter.

===============================================================================

Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

Type: cd \

Press Enter

Type: cd windows\system32\config

Press Enter

Type: ren system system.bak

Press Enter

(note the spaces between ren and system, and then between system and system.bak)

Type: exit

Press Enter

now the computer should restart, then follow steps 1-9


===============================================================================

10. Type:

dir

Press Enter

NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

11. Type:

cd rp{with the second to the last restore point number }

Press Enter

Example: cd rp9. if rp10 is the last restore point

12. Type:

cd snapshot

Press Enter.

NOTICE: Now the command prompt will look like this:

c:\system~1\resto~1\rp9\snapshot

Note : restore point 9 assumed for clarity of the content.


13. Type:

copy _registry_machine_system c:\windows\system32\config\system

Press Enter

14. Type:

Exit

Press Enter.

Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

copy _registry_machine_software c:\windows\system32\config\software

Alternatively, select different restore point.



If you don't have Windows CD...

Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

Follow steps 3 - 14.
 
It didnt do anything :( there was only one restore point "RP2051" and it wouldnt restore...... now when I try to boot windows it says "Windows could not start because the following file is missing or corrupt: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM"?
 
It looks like system hive is missing, or corrupted.
Let's try to fix it.

We'll have to replace the registry hives with a set of those present in the C:\System Volume Information folder, (if Restore Points are available).

Be very careful with following next set of steps:

We need to create a batch file and save it into a flash drive to move information from the sick computer to a working computer. This batch is to list all directories in C:\system volume information, which is useful for finding the backed up registry!.

Important note: Ensure that you Save it on the flash drive. Do NOT save this file on the working computer. You can accidentally run the file in the computer and damage its registry. This file will be ran in the non working computer after following the next set of instructions.

Using your clean working computer do the following:

1. Go to Start -> Run, and type notepad into the box.
2. Click OK.
3. Copy and paste the following code into Notepad:

Code:
Ren C:\windows\system32\config\system system.123
Dir "C:\System Volume Information" /s >C:\log.txt
Ren C:\windows\system32\config\system.123 system
Del %0

4. Go to File -> Save As then enter: ren.bat (save it as all files (*.*))
5. Then.. Save it on the flash drive. Do NOT save this file on the working computer.
6. After that insert the flash drive into the infected computer.


NOW...
On good computer...
Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.



7. Once booted with OTLPE CD, go to Start My Computer then go to your flash drive and copy the batch file to the desktop then double click it to run it.
8. Then go to C:\log.txt copy and paste it back here as a reply to this post.

Note: You may have to copy and paste the log into the flash drive so you can post it back here.
 
Bootes into OTLPE perfectly. I copied the batch file from my flash drive to the desktop, and double clicked on it. The command windows then says:

B:\Documents and Settings\Default User\Desktop>Ren C:\windows\system32\config\system system.123
The system cannot find the path specified.

B:\Documents and Settings\Default User\Desktop>Dir "C:\System Volume Information" /s 1>C:\log.txt
File Not Found

B:\Documents and Settings\Default User\Desktop>Ren C:\windows\system32\config\system.123 system
The system cannot find the path specified.

B:\Documents and Settings\Default User\Desktop>Del "B:\Documents and Settings\Default User\Desktop\ren.bat"
Insert the diskette that contains the batch file and press any key when ready.
 
Unfortunately, it looks like there is no good restore point.

We have only one option left.
Before we go there....
Do you have any important data on your computer?
 
Yes I do. Luckily I have backed up the MOST important, non-replaceable, items onto an external hard drive. The only other "important" data would be my game saves, but I'm perfectly fine replacing those if they cant be retrieved.
I'm guessing a format is coming...?
 
Status
Not open for further replies.
Back