8-step malware/rootkit removal help, logs included

By Jarick ยท 40 replies
Aug 23, 2010
  1. I've been experiencing problems with a "0.exe" trojan, and need help removing it. I have followed the steps from the 8-step removal guide, and have attached the logs. I use Bitdefender total security 2010 for anti-virus.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Welcome aboard [​IMG]

    Please, re-run DDS in normal mode and post both logs.


    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.


    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Thank you,
    all new requested logs are attached

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    MBRCheck log looks good :)

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.


    Any reason, you didn't allow Combofix to install recovery console?
    Please, re-run Combofix and allow recovery console installation.
    Post fresh Combofix log.

    Bed time for me though :)
  5. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Viewpoint must have installed with AOL a couple of years ago. I couldnt find any Viewpoint programs in the add/remove programs list..... but there is a Viewpoint folder in my program files, but wont let me delete it.

    When I ran Combofix, after the green bar finished a window popped up saying wrong OS? I have genuine Windows XP Home edition. Combofix then continued to start, reboot, and when it tried updating the recovery console it said I wasnt connected to the internet(even though I am connected via ethernet cable to my router which is working perfectly) so I disconnected then reconnected the cable and it still said it couldnt access the internet and continued with the scan. I will retry and post the new log if it hopefully works.

    Good night, thank you, and I will be looking forward to your next reply :)
  6. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Ran Combofix again and everything went perfect :) new log attached

    Attached Files:

  7. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Looks good :)

    How is computer doing?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.


    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:

    drivers32 /all
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    BitDefender is still showing alerts about "0.exe" and it says that 0.exe is trying to open a random .txt file in "C:\WINDOWS\temp" under different names each time (1354750.txt and 1426515.txt were the latest). Also a RunDLL error window will pop up after bitdefender blocks it saying the .txt couldnt be found.

    Besides that, the computer does seem faster and programs(such as firefox) are launching faster.

    Logs will follow
  9. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Sorry, but the logs are too long to post, they are attached.

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Does BD show any location of 0.exe file?


    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
      SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\SHERYL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SHERYL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\SHERYL~1\LOCALS~1\Temp\adxapie.sys -- (adxapie)
      DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
      DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
      DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
      DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
      SRV - [2008/04/13 17:11:54 | 023,275,520 | R-S- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\Rpcqt.dll -- (RPCQT) Remote Procedure Call (CQTPM)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX28.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab (Reg Error: Key error.)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444223240000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O16 - DPF: RaptisoftGameLoader http://www.miniclip.com/haphazard/raptisoftgameloader.cab (Reg Error: Key error.)
      NetSvcs: RPCQT - C:\WINDOWS\SYSTEM32\Rpcqt.dll (Lavasoft                                                                                                                                                                                                                                                                                                    )
      NetSvcs: RPCQT - C:\WINDOWS\SYSTEM32\Rpcqt.dll (Lavasoft                                                                                                                                                                                                                                                                                                    )
      [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_unmip.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_histprot.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
      [2010/08/16 11:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
      [2010/08/16 11:47:30 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
      [2010/04/20 16:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2009/05/18 21:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheryl-Jo\Application Data\Uniblue
      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sheryl-Jo\Desktop\Warcraft II.PIF:SummaryInformation
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
      C:\Program Files\Viewpoint
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  11. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Ran the fix, OTL stopped responding, rebooted, ran again and fix went through, rebooted (windows is only able to do classic windows display, not XP "blue") and ran quick scan. The computer isnt connecting to the internet now (using laptop for this post), all the cables are connected properly, but programs (Internet Explorer, Firefox, BD, MB, etc.) arent able to connect. I put the logs on a flash drive so they could be uploaded from laptop.

    Attached Files:

  12. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    1. Click Start>Run (Start>"Start search" in Vista).

    2. Type in (or copy and paste):

    cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

    and press Enter.

    3. Notepad will open.

    4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
  13. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    "Ping request could not find host google.com. Please check the name and try again"
  14. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Try some basic steps....

    Make sure, your computer is set to obtain IP address automatically.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
    6. Click Obtain an IP Address Automatically, and then click OK.

    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"

    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.

    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista):

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
  15. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Nothing worked except for DAF, it fixed the other Windows problems, but desktop is still unable to connect to the internet.
  16. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Try to reinstall network driver.

    Do you have Windows CD?
  17. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Reinstalled the driver, no good, "network connections" in control panel is blank.

    I have all of the disc that came with the computer through dell.
  18. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Hmmm....this is weird.

    I think we don't have much of a choice, but try to use system restore point.
    It may bring some infection back, but I don't see any other option.
    We'll have to re-run some scans.
    Go ahead with system restore and let me know what's going on.
  19. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    When I try to start System Restore, a window pops up saying "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again." After multiple restarts, it still wont start. I went into the recovery console option created by recent update from Combofix, didnt know how to work it :/
  20. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Don't rush anything...

    First, try system restore from Safe Mode.

    If that doesn't work, here is how to use system restore from recovery console....
    Since you already know how to get to recovery console, skip couple of steps from my manual listed below (start with step 4)

    If you have Windows XP CD... (if you don't have Windows CD, scroll down)

    1. Boot from the CD.
    2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R:


    3. You'll find yourself at this screen:


    4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

    NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

    5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

    6. This will bring you to a prompt that says:


    7. Type:

    cd \

    Press Enter

    Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

    8. The prompt should now say:


    9. Type:

    cd system~1\_resto~1

    Press Enter.


    Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

    Type: cd \

    Press Enter

    Type: cd windows\system32\config

    Press Enter

    Type: ren system system.bak

    Press Enter

    (note the spaces between ren and system, and then between system and system.bak)

    Type: exit

    Press Enter

    now the computer should restart, then follow steps 1-9


    10. Type:


    Press Enter

    NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

    NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

    11. Type:

    cd rp{with the second to the last restore point number }

    Press Enter

    Example: cd rp9. if rp10 is the last restore point

    12. Type:

    cd snapshot

    Press Enter.

    NOTICE: Now the command prompt will look like this:


    Note : restore point 9 assumed for clarity of the content.

    13. Type:

    copy _registry_machine_system c:\windows\system32\config\system

    Press Enter

    14. Type:


    Press Enter.

    Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

    copy _registry_machine_software c:\windows\system32\config\software

    Alternatively, select different restore point.

    If you don't have Windows CD...

    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD.
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    Follow steps 3 - 14.
  21. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    It didnt do anything :( there was only one restore point "RP2051" and it wouldnt restore...... now when I try to boot windows it says "Windows could not start because the following file is missing or corrupt: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM"?
  22. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    It looks like system hive is missing, or corrupted.
    Let's try to fix it.

    We'll have to replace the registry hives with a set of those present in the C:\System Volume Information folder, (if Restore Points are available).

    Be very careful with following next set of steps:

    We need to create a batch file and save it into a flash drive to move information from the sick computer to a working computer. This batch is to list all directories in C:\system volume information, which is useful for finding the backed up registry!.

    Important note: Ensure that you Save it on the flash drive. Do NOT save this file on the working computer. You can accidentally run the file in the computer and damage its registry. This file will be ran in the non working computer after following the next set of instructions.

    Using your clean working computer do the following:

    1. Go to Start -> Run, and type notepad into the box.
    2. Click OK.
    3. Copy and paste the following code into Notepad:

    Ren C:\windows\system32\config\system system.123
    Dir "C:\System Volume Information" /s >C:\log.txt
    Ren C:\windows\system32\config\system.123 system
    Del %0
    4. Go to File -> Save As then enter: ren.bat (save it as all files (*.*))
    5. Then.. Save it on the flash drive. Do NOT save this file on the working computer.
    6. After that insert the flash drive into the infected computer.

    On good computer...
    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.

    7. Once booted with OTLPE CD, go to Start My Computer then go to your flash drive and copy the batch file to the desktop then double click it to run it.
    8. Then go to C:\log.txt copy and paste it back here as a reply to this post.

    Note: You may have to copy and paste the log into the flash drive so you can post it back here.
  23. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Bootes into OTLPE perfectly. I copied the batch file from my flash drive to the desktop, and double clicked on it. The command windows then says:

    B:\Documents and Settings\Default User\Desktop>Ren C:\windows\system32\config\system system.123
    The system cannot find the path specified.

    B:\Documents and Settings\Default User\Desktop>Dir "C:\System Volume Information" /s 1>C:\log.txt
    File Not Found

    B:\Documents and Settings\Default User\Desktop>Ren C:\windows\system32\config\system.123 system
    The system cannot find the path specified.

    B:\Documents and Settings\Default User\Desktop>Del "B:\Documents and Settings\Default User\Desktop\ren.bat"
    Insert the diskette that contains the batch file and press any key when ready.
  24. Broni

    Broni Malware Annihilator Posts: 54,259   +383

    Unfortunately, it looks like there is no good restore point.

    We have only one option left.
    Before we go there....
    Do you have any important data on your computer?
  25. Jarick

    Jarick TS Rookie Topic Starter Posts: 22

    Yes I do. Luckily I have backed up the MOST important, non-replaceable, items onto an external hard drive. The only other "important" data would be my game saves, but I'm perfectly fine replacing those if they cant be retrieved.
    I'm guessing a format is coming...?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...