[JohnGo]

I'm on a different computer now.

[Advertisements]

Restart the computer and press repeatedly to get to safe mode

Select last known good and reboot

You should now return to windows

[Essexboy]

Restart the computer and press repeatedly to get to safe mode

Select last known good and reboot

You should now return to windows

[JohnGo]

I can't get into safemode. When I get the black screen and select safemode (pressing f8 repeatedly), the attachment shows what comes up. It stays for a short while then the previous message comes up for a bit and then goes to bsod.

Attached Thumbnails

• 

[Essexboy]

At the safe mode menu select last known good

[JohnGo]

It does the same thing: thru winxp startup screen, then the blue message I sent, then bsod.

[Essexboy]

Looks like the registry was corrupted on the forced shutdown

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[JohnGo]

In the event you check here before I arise is the morning, I'll leave you an update now.

Farbar Recovery Scan Tool ran for 7 hours on the first attempt. When it started, the tray clock stopped but the scan appeared to be running. At this point I stopped it and restarted it again. As of now it has been running 3 1/2 hrs. The clock has continued to run this time. I'll let it continue to run thru the night and check it in the a.m.

[JohnGo]

The computer seems to be still running Farbar this a.m. (12 hours now).

[Essexboy]

Farbar should take no longer than two or three minutes

We will use OTL instead. Reboot from the CD. You should be able to connect to the net with this

• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[JohnGo]

When I double click OTLPE, it will flash up a black window for a split second. It looks like it might be a
"c\prompt" window. After that, the OTLPE name under the icon is grayed out and the computer won't do anything else till a reboot.

[JohnGo]

The mouse pointer still moves but that's all.

[Essexboy]

Do you have a windows CD as we will need to use the recovery console

If you have then the following commands will need to be typed when you access the command prompt on the recovery console

md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default

If you do not have the CD or recovery console let me know and I will locate a copy

[JohnGo]

I have my XP disc that I bought a few years back and I have kept all updates current. I will continue with your instructions with that disc.

[JohnGo]

I'm at the command prompt in the recovery console. I'm not too skilled here...Where it says "Which Windows installation would you like to log onto", do I start there and type all 3 of your groups at one time and hit enter?...with a line space between each group?

[Essexboy]

No select the main windows which you use .. It should be the first one Windows XP

Then enter each line individually pressing enter after each