[lordoxford]

Hello! I'm referred here by "happyrock" having got an all-clear, running the AVG malware search code and stll having an XP that won't start.
I have a paid-for top AVIRA installation in place but a scam got through telling me that key ".EXEs" were infected and suggesting I buy their "Cleaner". Very few programs would run. I managed to find its self starting routine and cleared it up. I sent details to AVG. A month later it hit again with a less easily identified self-starter. I thought I'd cleared it but shortly afterwards I got this failure to run XP. Depending on how I start I get one of the fail codes listed in the above description. I'm not sure that the AVG code I ran from here was aware of this particular malware.
Can you help?

[Advertisements]

Hi, lordoxford! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay.

If you have your Windows CD

• Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
• Once you have booted from CD, You’re going to proceed until you see the following screen, at which point you will press the "R" key to enter the recovery console:
  
  
  
• You will be prompted to select one of the listed Windows installation (typically number "1").
• Select the installation number, and hit Enter.
  If there is an administrator password for the administrator account fill out the password and hit enter.
  By default you can leave this blank and hit enter.
  (If it does have a password and you don't know it, you're out of luck).
  
  You will be greeted with this screen, which indicates a recovery console at the ready:
  
  
  
• Please make sure you follow the instructions of this guide exactly as given or you might risk more problems.
  NOTE; Make sure you press Enter after each command.
  Make sure all commands are exactly as shown in this guide, including "spaces".
  
  First, we will start off with these 6 commands.
  

  CD..
  ATTRIB -H C:\boot.ini
  ATTRIB -S C:\boot.ini
  ATRIB -R C:\boot.ini
  del boot.ini
  BOOTCFG /Rebuild

  
  Note about the above command.
  BOOTCFG /REBUILD will search for pre-existing installations of Windows XP and rebuilds sundry essential components of the Windows operating system, recompiles the BOOT.INI file and corrects a litany of common Windows errors.
  
  For the Enter Load Identifier portion of this command, you should enter the name of the operating system you have installed.
  If, for example, you are using Windows XP Home, you could type Microsoft Windows XP Home Edition for the identifier (it's not crucial, however what the name is, as long, as it's meaningful).
  For the OS Load Option portion of this command, you should enter the following: /FASTDETECT /NOEXECUTE=OPTIN
  It is very important that you do one or both of the following two things:
  
  Here is what you should see:
  
  
  
• The following command verifies the integrity of the hard drive containing the Windows XP installation. While this step is not an essential function in our process, it’s still good to be sure that the drive is physically capable of running windows and that it contains no bad sectors or other corruptions that might be causing issues.
  Take note that this scan might take a long while. Leave it running uninterrupted!
  
  CHKDSK /R
  
• This last command writes a new boot sector to the hard drive and cleans up all the loose ends we created by rebuilding the BOOT.INI file and the system files. When the Windows Recovery Console asks you if you are Sure you want to write a new bootsector to the partition C: ? just hit "Y" and hit Enter to confirm your decision:
  
  FIXBOOT
  
• It’s time to reboot your PC by typing:
  EXIT
  and pressing Enter.

With any luck, your PC will boot successfully into Windows XP as if your various DLL, Hive, EXE and NTLDR errors never existed.

If you don't have Windows CD
Please download ARCDC from Artellos.com.

• Double click ARCDC.exe
• Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
• You will be prompted with a Terms of Use by Microsoft, please accept.
• You will see a few dos screens flash by, this is normal.
• Next you will be able to choose to add extra files. Select the Default Files.
• The last window will allow you to burn the disk using BurnCDCC

Then, follow instructions from Step #1 above.

[Render]

Hi, lordoxford! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay.

If you have your Windows CD

• Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
• Once you have booted from CD, You’re going to proceed until you see the following screen, at which point you will press the "R" key to enter the recovery console:
  
  
  
• You will be prompted to select one of the listed Windows installation (typically number "1").
• Select the installation number, and hit Enter.
  If there is an administrator password for the administrator account fill out the password and hit enter.
  By default you can leave this blank and hit enter.
  (If it does have a password and you don't know it, you're out of luck).
  
  You will be greeted with this screen, which indicates a recovery console at the ready:
  
  
  
• Please make sure you follow the instructions of this guide exactly as given or you might risk more problems.
  NOTE; Make sure you press Enter after each command.
  Make sure all commands are exactly as shown in this guide, including "spaces".
  
  First, we will start off with these 6 commands.
  

  CD..
  ATTRIB -H C:\boot.ini
  ATTRIB -S C:\boot.ini
  ATRIB -R C:\boot.ini
  del boot.ini
  BOOTCFG /Rebuild

  
  Note about the above command.
  BOOTCFG /REBUILD will search for pre-existing installations of Windows XP and rebuilds sundry essential components of the Windows operating system, recompiles the BOOT.INI file and corrects a litany of common Windows errors.
  
  For the Enter Load Identifier portion of this command, you should enter the name of the operating system you have installed.
  If, for example, you are using Windows XP Home, you could type Microsoft Windows XP Home Edition for the identifier (it's not crucial, however what the name is, as long, as it's meaningful).
  For the OS Load Option portion of this command, you should enter the following: /FASTDETECT /NOEXECUTE=OPTIN
  It is very important that you do one or both of the following two things:
  
  Here is what you should see:
  
  
  
• The following command verifies the integrity of the hard drive containing the Windows XP installation. While this step is not an essential function in our process, it’s still good to be sure that the drive is physically capable of running windows and that it contains no bad sectors or other corruptions that might be causing issues.
  Take note that this scan might take a long while. Leave it running uninterrupted!
  
  CHKDSK /R
  
• This last command writes a new boot sector to the hard drive and cleans up all the loose ends we created by rebuilding the BOOT.INI file and the system files. When the Windows Recovery Console asks you if you are Sure you want to write a new bootsector to the partition C: ? just hit "Y" and hit Enter to confirm your decision:
  
  FIXBOOT
  
• It’s time to reboot your PC by typing:
  EXIT
  and pressing Enter.

With any luck, your PC will boot successfully into Windows XP as if your various DLL, Hive, EXE and NTLDR errors never existed.

If you don't have Windows CD
Please download ARCDC from Artellos.com.

• Double click ARCDC.exe
• Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
• You will be prompted with a Terms of Use by Microsoft, please accept.
• You will see a few dos screens flash by, this is normal.
• Next you will be able to choose to add extra files. Select the Default Files.
• The last window will allow you to burn the disk using BurnCDCC

Then, follow instructions from Step #1 above.

[lordoxford]

Thanks for your speedy reply!
I'm on a borrowed, old machine with no CD write facility.
My "Failed" machine ran pre-loaded Win XP home so I have no XP CD. I do have an XP professional CD but this has failed to boot in the past.
Can I install the downloaded code you suggest onto a USB flash drive? The failed machine runs Puppy linux from one OK.

[Render]

Hi,

Can I install the downloaded code you suggest onto a USB flash drive?

It is possible if the bios on your infected computer supports booting from usb flash drive.

Please do these on your borrowed machine:

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

• Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
• Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
• Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
• Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
  
  
• Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
  
  
• Please also decompress eeepcfr to your systemroot (usually C:\).
• Empty the flash drive you want to install OTLPE on.
• Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
• Press any key when asked to in the black window that opens.
• As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
  For Drive Label: type in OTLPE.
  Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
  Finally check Enable File Copy.
  
  
• Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

NEXT...

Download that scan.txt file and save it to your USB flash drive.  scan.txt   271bytes   160 downloads

NEXT...

• Plug-in this bootable OTLPE USB flash drive in your infected machine (as you do with Puppy Linux) and reboot your infected system using the boot USB you just created.
• Your system should now display a Reatogo desktop.
• Copy scan.txt file from your USB flash drive to your desktop.
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop scan.txt into the Custom scans and fixes box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[lordoxford]

Thanks again, Render, this is going to take a bit of time.
Cheers!

[Render]

No problem. I will be here.

[Render]

It would be also nice if you could burn an ARCDC CD from my first post. Maybe you could find access to some clean computer with a CD/DVD burner for example from your friends or from school/work.

[lordoxford]

Hi!
Have spent hours following your directions down the "OTLPE" route. It fails at the very last fence - the fast format of the flash drive. All the necessary files etc are in place and I'll resume after I've discovered what's wrong with the flash drive (format fails from windows "...cannot be formatted ..." after it has been formatting for about 50Sec. It's 8Gb, is there a size limit on a FAT format? I'll try it from DOS).

Edited by lordoxford, 03 May 2011 - 05:04 PM.

[Render]

Hi,

Size of the USB flash drive shouldn't be a problem. You can format it with NTFS without problem?

[lordoxford]

I think it's a circuit fault in the drive - I've ordered 3 new drives from Tmart.com in the US. £9.40 post free with a free gift thrown in! I can put all the diagnostic stuff on the appropriate drives.

[Render]

OK.

[Render]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Render]

User returned.

I'm sorry about the delay - it took over a month for the three USB sticks to arrive from Hong Kong! (Evidently by slow boat from China).
I followed your instructions, the sick machine booted, displayed the message "Starting Reatogo-X-PE ..." and the load indicator wound down.
After four minutes (!) the Windows XP screen appeared followed immediately by "STOP: 0x7B (F78DA528, 34, 0, 0)".
As a check I swapped the USB stick for the Puppy Linux 525 stick and accessed the filestore OK.
Perhaps I could use this route to insert an appropriate file or two?

[Render]

Hi,

So your machine is unbootable? Are you able to boot into Safe mode?

[Render]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.