See if that works.
SMART virus
#31
- Group: Global Moderator
- Posts: 9,530
- Joined: 30-November 05
Posted 22 July 2012 - 11:59 AM
See if that works.
#32
- Group: Member
- Posts: 54
- Joined: 02-July 12
Posted 22 July 2012 - 12:02 PM
When I double click on OTLPE, a pop up comes and says browse for folder
choose windows directory
my computer
31/2 floppy A
ramdisk b
recovery c
os d
reatogope x
shared documents
what do I click?
choose windows directory
my computer
31/2 floppy A
ramdisk b
recovery c
os d
reatogope x
shared documents
what do I click?
#33
- Group: Global Moderator
- Posts: 9,530
- Joined: 30-November 05
Posted 22 July 2012 - 12:04 PM
It should be D:\Windows
#34
- Group: Member
- Posts: 54
- Joined: 02-July 12
Posted 22 July 2012 - 12:06 PM
It is not windows - It says OS (D:)
I click on that and a pop up says runscanner error target is not windows 2000 or later
I click on that and a pop up says runscanner error target is not windows 2000 or later
#35
- Group: Global Moderator
- Posts: 9,530
- Joined: 30-November 05
Posted 22 July 2012 - 12:17 PM
I haven't try this before, but Reatogo is an external environment.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
Insert the USB into the ailing computer (If not recognized by Reatogo, boot to the Reatogo desktop with the flash drive inserted). Throughout My computer, browse to the USB and double click on FRST.
If successful, the tool will start to run. When the tool opens click Yes to disclaimer. Press the Scan button.It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
Insert the USB into the ailing computer (If not recognized by Reatogo, boot to the Reatogo desktop with the flash drive inserted). Throughout My computer, browse to the USB and double click on FRST.
If successful, the tool will start to run. When the tool opens click Yes to disclaimer. Press the Scan button.It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
#37
- Group: Member
- Posts: 54
- Joined: 02-July 12
Posted 22 July 2012 - 12:20 PM
I clicked on OS and scrolled down to the windows folder and hit ok. It came to the scan tool - that is what I saved.
#38
- Group: Global Moderator
- Posts: 9,530
- Joined: 30-November 05
Posted 22 July 2012 - 12:34 PM
That scan shows some missing files, in addition, if you ran the tool from D:, why is it showing the files in C:?
Can you attempt FRST?
Can you attempt FRST?
#39
- Group: Member
- Posts: 54
- Joined: 02-July 12
Posted 22 July 2012 - 12:38 PM
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 22-07-2012 15:35:52
Running from E:\
Windows ™ Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] ()
================================ Services (Whitelisted) ==================
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation)
0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation)
0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation)
0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation)
========================== NetSvcs (Whitelisted) ===========
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
============ One Month Created Files and Folders ==============
2012-07-22 15:35 - 2012-07-22 15:35 - 00000000 ____D C:\FRST
2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt
============ 3 Months Modified Files ========================
2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt
2012-07-02 19:27 - 2007-05-18 00:01 - 00060048 ____A C:\Windows\System32\FNTCACHE.DAT
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 04:38] - [2006-11-02 05:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 04:52] - [2006-11-02 05:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 2045.84 MB
Available physical RAM: 1787.82 MB
Total Pagefile: 1876.54 MB
Available Pagefile: 1796.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.02 MB
======================= Partitions =========================
2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.83 GB) NTFS
4 Drive d: (OS) (Fixed) (Total:222.78 GB) (Free:24.05 GB) NTFS
5 Drive e: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 223 GB 10 GB
Partition 4 Unknown 1609 KB 233 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 55 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C RECOVERY NTFS Partition 10 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D OS NTFS Partition 223 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Partition 2048 KB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-02 19:23
======================= End Of Log ==========================
FRST.txt (5.55K)
Number of downloads: 24
Edited to include the FRST report.
Ran by SYSTEM at 22-07-2012 15:35:52
Running from E:\
Windows ™ Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] ()
================================ Services (Whitelisted) ==================
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation)
0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation)
0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation)
0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation)
========================== NetSvcs (Whitelisted) ===========
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
============ One Month Created Files and Folders ==============
2012-07-22 15:35 - 2012-07-22 15:35 - 00000000 ____D C:\FRST
2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt
============ 3 Months Modified Files ========================
2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt
2012-07-02 19:27 - 2007-05-18 00:01 - 00060048 ____A C:\Windows\System32\FNTCACHE.DAT
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 04:38] - [2006-11-02 05:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 04:52] - [2006-11-02 05:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 2045.84 MB
Available physical RAM: 1787.82 MB
Total Pagefile: 1876.54 MB
Available Pagefile: 1796.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.02 MB
======================= Partitions =========================
2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.83 GB) NTFS
4 Drive d: (OS) (Fixed) (Total:222.78 GB) (Free:24.05 GB) NTFS
5 Drive e: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 223 GB 10 GB
Partition 4 Unknown 1609 KB 233 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 55 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C RECOVERY NTFS Partition 10 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D OS NTFS Partition 223 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Partition 2048 KB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-02 19:23
======================= End Of Log ==========================
FRST.txt (5.55K)
Number of downloads: 24
Edited to include the FRST report.
#40
- Group: Member
- Posts: 54
- Joined: 02-July 12
Posted 26 July 2012 - 09:00 AM
Is that it? Is my computer dead?
#41
- Group: Global Moderator
- Posts: 9,530
- Joined: 30-November 05
Posted 26 July 2012 - 10:12 AM
Sorry for the delay, but did not receive a notification on your last reply.
There seems to be a few problems. One is related with one of the partitions of the hard drive, which should be addressed first, then a few missing files and registry entries.
Please download Listparts and save it to a flash drive.
Plug the flashdrive into the infected PC.
Boot to the Reatogo desktop.
There seems to be a few problems. One is related with one of the partitions of the hard drive, which should be addressed first, then a few missing files and registry entries.
Please download Listparts and save it to a flash drive.
Plug the flashdrive into the infected PC.
Boot to the Reatogo desktop.
- Browse to your USB drive and double click on ListParts.exe.
- When the tool opens click Yes to disclaimer.
- Put check mark on List BCD.
- Press the Scan button.
- It will make a log (Result.txt) in the flash drive. Please copy and paste it in your next reply.
#42
- Group: Member
- Posts: 54
- Joined: 02-July 12
Posted 26 July 2012 - 11:06 AM
ListParts by Farbar Version: 25-07-2012
Ran by SYSTEM (administrator) on 26-07-2012 at 15:03:46
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 2045.84 MB
Available physical RAM: 1837.23 MB
Total Pagefile: 1876.54 MB
Available Pagefile: 1817.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB
======================= Partitions =========================
2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.83 GB) NTFS
4 Drive d: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT
5 Drive e: (OS) (Fixed) (Total:222.78 GB) (Free:23.56 GB) NTFS
6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 223 GB 10 GB
Partition 4 Unknown 1609 KB 233 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 55 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C RECOVERY NTFS Partition 10 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E OS NTFS Partition 223 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Partition 2048 KB Healthy
======================================================================================================
****** End Of Log ******
Result.txt (3.11K)
Number of downloads: 19
Ran by SYSTEM (administrator) on 26-07-2012 at 15:03:46
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 2045.84 MB
Available physical RAM: 1837.23 MB
Total Pagefile: 1876.54 MB
Available Pagefile: 1817.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB
======================= Partitions =========================
2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.83 GB) NTFS
4 Drive d: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT
5 Drive e: (OS) (Fixed) (Total:222.78 GB) (Free:23.56 GB) NTFS
6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 223 GB 10 GB
Partition 4 Unknown 1609 KB 233 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 55 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C RECOVERY NTFS Partition 10 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E OS NTFS Partition 223 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Partition 2048 KB Healthy
======================================================================================================
****** End Of Log ******
Result.txt (3.11K)
Number of downloads: 19
#43
- Group: Global Moderator
- Posts: 9,530
- Joined: 30-November 05
Posted 26 July 2012 - 06:15 PM
The tool is not listing the legit active partition. I will need to consult the developer before removing the rogue partition. Lets unhide the partition to see if associated with a Volume.
Download the enclosed file.
fix.txt (32bytes)
Number of downloads: 28
Save it next to ListParts in the USB.
Run ListParts as you did before, except that this time around click on the Fix button and wait.
Once done, put a checkmark on the List BCD and click on the Scan button. Post the new log (Result.txt) produced in the flash drive.
Download the enclosed file.
fix.txt (32bytes)
Number of downloads: 28
Save it next to ListParts in the USB.
Run ListParts as you did before, except that this time around click on the Fix button and wait.
Once done, put a checkmark on the List BCD and click on the Scan button. Post the new log (Result.txt) produced in the flash drive.
#45
- Group: Global Moderator
- Posts: 9,530
- Joined: 30-November 05
Posted 27 July 2012 - 09:38 AM
The fix seems to have failed. Lets try again, please. This time I will attempt to also make the C: partition Active (bootable)
Please remove the current Result.txt from the USB drive.
Download the enclosed file.
fix.txt (59bytes)
Number of downloads: 30
Save it next to ListParts in the USB, replacing the existing one.
Run ListParts as you did before, except that this time around click on the Fix button and wait.
Once done, put a checkmark on the List BCD and click on the Scan button. Post the new log (Result.txt) produced in the flash drive.
Please remove the current Result.txt from the USB drive.
Download the enclosed file.
fix.txt (59bytes)
Number of downloads: 30
Save it next to ListParts in the USB, replacing the existing one.
Run ListParts as you did before, except that this time around click on the Fix button and wait.
Once done, put a checkmark on the List BCD and click on the Scan button. Post the new log (Result.txt) produced in the flash drive.
