Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SMART virus


  • This topic is locked This topic is locked

#31
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
I still wonder why there are two systems in your computer. It should show as the Local drive.

See if that works.
  • 0

Advertisements


#32
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
When I double click on OTLPE, a pop up comes and says browse for folder
choose windows directory
my computer
31/2 floppy A
ramdisk b
recovery c
os d
reatogope x
shared documents

what do I click?
  • 0

#33
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
It should be D:\Windows
  • 0

#34
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
It is not windows - It says OS (D:)
I click on that and a pop up says runscanner error target is not windows 2000 or later
  • 0

#35
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
I haven't try this before, but Reatogo is an external environment.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Insert the USB into the ailing computer (If not recognized by Reatogo, boot to the Reatogo desktop with the flash drive inserted). Throughout My computer, browse to the USB and double click on FRST.

If successful, the tool will start to run. When the tool opens click Yes to disclaimer. Press the Scan button.It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
  • 0

#36
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Is this right?

Attached Files

  • Attached File  OTL.Txt   127.11KB   128 downloads

  • 0

#37
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I clicked on OS and scrolled down to the windows folder and hit ok. It came to the scan tool - that is what I saved.
  • 0

#38
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
That scan shows some missing files, in addition, if you ran the tool from D:, why is it showing the files in C:?

Can you attempt FRST?
  • 0

#39
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 22-07-2012 15:35:52
Running from E:\
Windows ™ Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] ()

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation)
0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation)
0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation)
0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

============ One Month Created Files and Folders ==============

2012-07-22 15:35 - 2012-07-22 15:35 - 00000000 ____D C:\FRST
2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt

============ 3 Months Modified Files ========================

2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt
2012-07-02 19:27 - 2007-05-18 00:01 - 00060048 ____A C:\Windows\System32\FNTCACHE.DAT


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 04:38] - [2006-11-02 05:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 04:52] - [2006-11-02 05:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 2045.84 MB
Available physical RAM: 1787.82 MB
Total Pagefile: 1876.54 MB
Available Pagefile: 1796.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.02 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.83 GB) NTFS
4 Drive d: (OS) (Fixed) (Total:222.78 GB) (Free:24.05 GB) NTFS
5 Drive e: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 223 GB 10 GB
Partition 4 Unknown 1609 KB 233 GB
==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 55 MB Healthy
==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C RECOVERY NTFS Partition 10 GB Healthy
==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D OS NTFS Partition 223 GB Healthy
==================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Partition 2048 KB Healthy
==================================================================================

==========================================================

Last Boot: 2012-07-02 19:23

======================= End Of Log ==========================

Attached File  FRST.txt   5.55KB   135 downloads

Edited to include the FRST report.
  • 0

#40
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Is that it? Is my computer dead?
  • 0

Advertisements


#41
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Sorry for the delay, but did not receive a notification on your last reply.

There seems to be a few problems. One is related with one of the partitions of the hard drive, which should be addressed first, then a few missing files and registry entries.

Please download Listparts and save it to a flash drive.

Plug the flashdrive into the infected PC.

Boot to the Reatogo desktop.

  • Browse to your USB drive and double click on ListParts.exe.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press the Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it in your next reply.

  • 0

#42
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
ListParts by Farbar Version: 25-07-2012
Ran by SYSTEM (administrator) on 26-07-2012 at 15:03:46
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 2045.84 MB
Available physical RAM: 1837.23 MB
Total Pagefile: 1876.54 MB
Available Pagefile: 1817.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.83 GB) NTFS
4 Drive d: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT
5 Drive e: (OS) (Fixed) (Total:222.78 GB) (Free:23.56 GB) NTFS
6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 223 GB 10 GB
Partition 4 Unknown 1609 KB 233 GB
======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 55 MB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C RECOVERY NTFS Partition 10 GB Healthy
======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E OS NTFS Partition 223 GB Healthy
======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Partition 2048 KB Healthy
======================================================================================================

****** End Of Log ******


Attached File  Result.txt   3.11KB   121 downloads
  • 0

#43
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
The tool is not listing the legit active partition. I will need to consult the developer before removing the rogue partition. Lets unhide the partition to see if associated with a Volume.

Download the enclosed file. Attached File  fix.txt   32bytes   110 downloads

Save it next to ListParts in the USB.

Run ListParts as you did before, except that this time around click on the Fix button and wait.

Once done, put a checkmark on the List BCD and click on the Scan button. Post the new log (Result.txt) produced in the flash drive.
  • 0

#44
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Attached File  Result.txt   3.11KB   127 downloads
  • 0

#45
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
The fix seems to have failed. Lets try again, please. This time I will attempt to also make the C: partition Active (bootable)

Please remove the current Result.txt from the USB drive.

Download the enclosed file. Attached File  fix.txt   59bytes   106 downloads

Save it next to ListParts in the USB, replacing the existing one.

Run ListParts as you did before, except that this time around click on the Fix button and wait.

Once done, put a checkmark on the List BCD and click on the Scan button. Post the new log (Result.txt) produced in the flash drive.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP