Arestocrat on Win 7 [Closed]
Started by
cnedhogan
, May 13 2013 03:26 PM
-
This topic is locked
#1
Posted 13 May 2013 - 03:26 PM
cnedhogan
-
- Member
-
- 9 posts
New Member
#2
Posted 13 May 2013 - 04:16 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Hello
Lets see if we can get this to run
Gringo
Lets see if we can get this to run
- Download OTLPE from either location and save it to your desktop:
http://oldtimer.geek...om/OTLPEStd.exe
http://ottools.noahd...et/OTLPEStd.exe
- Double click the OTLPENet icon on your desktop
- "Do you want to burn the CD?" choose Yes
- ImgBurn will automatically extract and load the OTLPE Iso to be burned to CD
- Place a blank CD in your CD-Rom
- Click
to start the burn process - You will see a dialog "Operation successfully completed"
- Boot the non-working computer using the boot CD you just created
- In order to do so, the computer must be set to boot from the CD first
Note : For information click here
- Your system should now display a REATOGO-X-PE desktop.
- Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press "OK"
- OTL should now start.
- Push
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive.
- Please post the contents of the C:\OTL.txt file in your next reply.
Gringo
#3
Posted 14 May 2013 - 08:40 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
I just booted from the OTLPE cd and got to the drive selection. I chose Local Disk (C:), but get a RunScan error message saying "Target is not Windows 2000 or later" and it kicks me back to the Reatogo desktop screen. My computer runs Windows 7 Enterprise, or at least it used to. The other choices for drives to scan were RAMDisk (B:), ReatogoPE (X:) and Shared Documents. Ideas?
#4
Posted 14 May 2013 - 08:43 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Download the following three programmes to your desktop : (select 32 or 64 bit as appropriate }
1. WiNTBootIc
2. Windows 7 64bit RC or Windows 7 32 bit
3. Farbar Recovery Scan Tool x64 or Farbar Recovery Scan Tool 32bit
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
It will let you know when it is done
Then copy FRST to the same USB
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7.
Click repair my computer
Select your operating system
Select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
1. WiNTBootIc
2. Windows 7 64bit RC or Windows 7 32 bit
3. Farbar Recovery Scan Tool x64 or Farbar Recovery Scan Tool 32bit
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
It will let you know when it is done
Then copy FRST to the same USB
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7.
Click repair my computer
Select your operating system
Select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
#5
Posted 14 May 2013 - 09:16 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
I booted from USB and have a choice f "Use Recovery tools that can help fix problems..." or "Restore your computer using a system image created earlier." Under the first option, My OS was not listed (none shown). What drivers should I try to load, and from where? The USB or from other media? I don't have any of my original pc disks handy, but I can download drivers if I know what I need.
#6
Posted 14 May 2013 - 09:38 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Hello
My OS was not listed (none shown). what happens if you click next
gringo
My OS was not listed (none shown). what happens if you click next
gringo
#7
Posted 14 May 2013 - 09:49 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
I get to the Sys Recovery Options screen. I followed the instructions up until e:\frst64.exe but when I hit Enter it gives an error. Not a recognized command...
#8
Posted 14 May 2013 - 09:53 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
Wait, I just got it to run. Accessed through Notepad then opened and ran as Administrator. Stay tuned.
#9
Posted 14 May 2013 - 09:54 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
try it without the 64
#10
Posted 14 May 2013 - 09:56 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013
Ran by SYSTEM on 14-05-2013 23:54:28
Running from E:\
WIN_7 (X86) OS Language: English(US)
Boot Mode: RecoveryAttention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
Attention: Software hive is missing.
ATTENTION: Software hive is not loaded.
BootExecute:
========================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders ========
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3893.83 MB
Available physical RAM: 3470.71 MB
Total Pagefile: 3892.11 MB
Available Pagefile: 3470.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.62 MB
==================== Drives ================================
Drive e: () (Removable) (Total:3.68 GB) (Free:3.49 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: FFDD3528)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ran by SYSTEM on 14-05-2013 23:54:28
Running from E:\
WIN_7 (X86) OS Language: English(US)
Boot Mode: RecoveryAttention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
Attention: Software hive is missing.
ATTENTION: Software hive is not loaded.
BootExecute:
========================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders ========
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3893.83 MB
Available physical RAM: 3470.71 MB
Total Pagefile: 3892.11 MB
Available Pagefile: 3470.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.62 MB
==================== Drives ================================
Drive e: () (Removable) (Total:3.68 GB) (Free:3.49 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: FFDD3528)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#11
Posted 14 May 2013 - 10:07 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Hello
That does not look correct, I want you to rerun it but this time when you get to this part
I get to the Sys Recovery Options screen. I followed the instructions up until e:\frst64.exe but when I hit Enter it gives an error. Not a recognized command... I want you to use e:\frst.exe (without the 64)
That does not look correct, I want you to rerun it but this time when you get to this part
I get to the Sys Recovery Options screen. I followed the instructions up until e:\frst64.exe but when I hit Enter it gives an error. Not a recognized command... I want you to use e:\frst.exe (without the 64)
#12
Posted 14 May 2013 - 10:34 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
Just ran again without the 64. Looks like the same thing. Is this just because I did not select an OS before running the scan?
---------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013
Ran by SYSTEM on 15-05-2013 00:32:57
Running from E:\
WIN_7 (X86) OS Language: English(US)
Boot Mode: RecoveryAttention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
Attention: Software hive is missing.
ATTENTION: Software hive is not loaded.
BootExecute:
========================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders ========
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3893.83 MB
Available physical RAM: 3480.95 MB
Total Pagefile: 3892.11 MB
Available Pagefile: 3482.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.62 MB
==================== Drives ================================
Drive e: () (Removable) (Total:3.68 GB) (Free:3.49 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: FFDD3528)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
---------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013
Ran by SYSTEM on 15-05-2013 00:32:57
Running from E:\
WIN_7 (X86) OS Language: English(US)
Boot Mode: RecoveryAttention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
Attention: Software hive is missing.
ATTENTION: Software hive is not loaded.
BootExecute:
========================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders ========
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3893.83 MB
Available physical RAM: 3480.95 MB
Total Pagefile: 3892.11 MB
Available Pagefile: 3482.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.62 MB
==================== Drives ================================
Drive e: () (Removable) (Total:3.68 GB) (Free:3.49 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: FFDD3528)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#13
Posted 15 May 2013 - 07:59 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Hello
OK lets try something - when you get to the system recovery options I want you to select system restore and lets see if we can restore to before you gat this virus
Gringo
OK lets try something - when you get to the system recovery options I want you to select system restore and lets see if we can restore to before you gat this virus
Gringo
#14
Posted 15 May 2013 - 09:49 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
I tried that, and it doesn't work because I have to select an OS on the previous screen, and there are none listed. If I knew what drivers to load and where to find them, I should be able to take care of that. Can you help with that part?
#15
Posted 15 May 2013 - 09:52 PM
cnedhogan
- Topic Starter
-
- Member
-
- 9 posts
New Member
Is it possible that the Win 7 ISO file I downloaded and copied to the USB drive is not working correctly? If you have another trusted site for a download, I can do that all over again...Let me know what you think.
As a last resort, I do have a full system image and file backup on an external hard drive that I should be able to reimage with. But it is almost 9 months old, and I do not want to lose that much data unless there are no other options.
As a last resort, I do have a full system image and file backup on an external hard drive that I should be able to reimage with. But it is almost 9 months old, and I do not want to lose that much data unless there are no other options.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
