[JSntgRvr]

Download the enclosed file.

Save an extract its contents to the USB drive.

Insert the USB drive into the ailing computer and boot to Reatogo.

Browse to the USB drive throughout My Computer and locate the SaveMBR folder. Open the folder and doubleclick on the SaveMBR.bat file. If successful, it will create a file (MBRDUMP.txt). Please attach that file to a reply.

[Advertisements]

I guess that was not sucessful, because there is nothing on the sick computer called mbrdump

[hknh]

I guess that was not sucessful, because there is nothing on the sick computer called mbrdump

[JSntgRvr]

It should be created in the same folder the batch file, SaveMBR.bat, was saved in the USB drive.

[hknh]

found it-

Attached Files

•  MBRDUMP.txt   512bytes   374 downloads

[JSntgRvr]

Save these instructions in the USB drive, so you can have access to it while in Reatogo (you can use any name)

Insert the USB drive and Boot to Reatogo.

Change the C driver letter to H, and the D driver letter to C.

Run OTLPE as you did before. If asked for the Windows directory, select C:\Windows.

Leave the setting as they are, except that this time, copy and paste the following under custom scans:

:OTL
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:238AA907
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D455373F
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:C4532973

:files
Attrib -H C:\Users\Heidi\AppData\Roaming\*.* /S /D /c
Attrib -H C:\ProgramData\*.* /S /D /c
C:\ProgramData\8YiLcmFFsOhOQD
C:\ProgramData\8YiLcmFFsOhOQD.exe
C:\ProgramData\xBuRdeRWhJWa.exe.vir
C:\ProgramData\-8YiLcmFFsOhOQDr
C:\ProgramData\-8YiLcmFFsOhOQD

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Click on the red Run Fix button. A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report in Notepad and post its contents in a reply.

Attempt to boot in Normal mode and let me know the outcome.

[hknh]

 07302012_140819.log   3.04KB   290 downloads



I logged in from the hard drive running windows normally - it looped back to the windows error recovery screen - I didn't click on anything quick enough, so it ran the repair windows option, which broght me to the same windows username page where nothing works

Edited by hknh, 30 July 2012 - 07:14 AM.

[JSntgRvr]

You must change the drive letters prior to running OTLPE, or the fix will not work. Please try again.

[hknh]

Files\Folders moved on Reboot...
C:\Users\\Public\Videos folder moved successfully.
C:\Users\\Public\Pictures folder moved successfully.
C:\Users\\Public\Music folder moved successfully.
C:\Users\\Public\Favorites folder moved successfully.
C:\Users\\Public\Downloads folder moved successfully.
C:\Users\\Public\Documents folder moved successfully.
C:\Users\\Public\Desktop folder moved successfully.
C:\Users\\Public folder moved successfully.
C:\Users\\Default\Videos folder moved successfully.
C:\Users\\Default\Saved Games folder moved successfully.
C:\Users\\Default\Pictures folder moved successfully.
C:\Users\\Default\Music folder moved successfully.
C:\Users\\Default\Links folder moved successfully.
C:\Users\\Default\Favorites folder moved successfully.
C:\Users\\Default\Downloads folder moved successfully.
C:\Users\\Default\Documents folder moved successfully.
C:\Users\\Default\Desktop folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows\Templates folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows\SendTo folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Users\\Default\AppData\Roaming\Microsoft folder moved successfully.
C:\Users\\Default\AppData\Roaming folder moved successfully.
C:\Users\\Default\AppData\Local\Temp folder moved successfully.
C:\Users\\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Users\\Default\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Users\\Default\AppData\Local\Microsoft\Windows\GameExplorer folder moved successfully.
C:\Users\\Default\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Users\\Default\AppData\Local\Microsoft folder moved successfully.
C:\Users\\Default\AppData\Local folder moved successfully.
C:\Users\\Default\AppData folder moved successfully.
C:\Users\\Default folder moved successfully.
Folder move failed. C:\Users\ scheduled to be moved on reboot.

Registry entries deleted on Reboot...



 07312012_180929.log   5KB   272 downloads

I attemptd to boot in normal - goes back to windows error recover screen

[JSntgRvr]

I am sorry, but that was not what the fix called for. You have removed every user from that computer. Can you post the entire log? This is only part of it, and your username is missing.

Don't do anything. I will need to consult this with OTLPE developer to see if there is a way out.

[hknh]

Did I do something wrong? I followed your directions exactly. How did I screw it up?

[JSntgRvr]

I don't know how that got into a fix window, but it is not what the above fix called for. Something is clear, however, it is not the first time as there were no files in those folders.

Take a look at post 58 above.

You must make sure the Recovery partition becomes H and the OS partition becomes C. Any other combination of drive letters will produce a false report. Please try to perform another scan once again, but this time around paste the following in the custom scans window:

:files
Dir /a C:\ /c
Dir /a H:\ /c
Dir /a C:\users\ /s /c
Dir /a H:\users\ /s /c

Doubleclick on the Run Scan button and post the report.

[JSntgRvr]

If you have not ran the scan above, I edited the options.

[hknh]

in post 65, you said to make c=h and d=c, but my c=os and my recovery=d, so that was incorrect - I always want os=c and rec=h,right? - the last report would have made the c drive recovery- I have written down now that OS will always become c and recov will always become h



the first time I ran this, it stalled and I had to use ctrl+alt+del to stop the unrespnsive otple

the same thing happened the second time

[JSntgRvr]

I am having problems with my ISP, please expect delays.

I will check the drive with an active flag (bootable) for these folders, but the developer of OTLPE replied back to me, and returning those folders back will not be enough, as some of these are junctions (links) to other folders, and I don't even know how to begin to re-create those junctions.

Give some time to resolve the issues with my ISP, and I will get back to you.

[hknh]

ok - thank you