[Essexboy]

OK as the CD works lets use that method

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Advertisements]

I burned the CD and booted up from it. It showed a progress bar saying 'Starting Reatogo-X-PE' and loaded all the way, but the first time, it just hung there for minutes and turned off. I thought I'd try again, just to make sure, and I couldn't believe when it actually booted into Win XP! But I clicked OTLPE and when it asked for the Windows folder, I realized I couldn't access it because the directory it's on (named Local Disk E: there) doesn't show any folders. Under My Computer I have RAMDisk B:, SYSTEM C: (which has folders BOOT and System Volume Information), Local Disk D: (which is a partition on my hard drive where the computer stores backup stuff for recovery) and Local Disk E:, which, by exclusion, is the main disk where the Windows folder would be, right? I chose that and it gave me an error saying i's not Windows 2000 or later, but I think that's because I couldn't actually point it to the Windows folder.

 

Local Disk E: shows up in Windows Explorer but it doesn't show its total size, or free space, and clicking on it gives me the message 'Disk is not formatted, do you want to format it now?'

 

I guess we know what the problem is now Sort of.

[Julia.G]

I burned the CD and booted up from it. It showed a progress bar saying 'Starting Reatogo-X-PE' and loaded all the way, but the first time, it just hung there for minutes and turned off. I thought I'd try again, just to make sure, and I couldn't believe when it actually booted into Win XP! But I clicked OTLPE and when it asked for the Windows folder, I realized I couldn't access it because the directory it's on (named Local Disk E: there) doesn't show any folders. Under My Computer I have RAMDisk B:, SYSTEM C: (which has folders BOOT and System Volume Information), Local Disk D: (which is a partition on my hard drive where the computer stores backup stuff for recovery) and Local Disk E:, which, by exclusion, is the main disk where the Windows folder would be, right? I chose that and it gave me an error saying i's not Windows 2000 or later, but I think that's because I couldn't actually point it to the Windows folder.

 

Local Disk E: shows up in Windows Explorer but it doesn't show its total size, or free space, and clicking on it gives me the message 'Disk is not formatted, do you want to format it now?'

 

I guess we know what the problem is now Sort of.

[Essexboy]

Ouch.. Do you have a backup at all or an image of the drive ? 

 

What we could try is a chkdsk

 

From the reatogo desktop select command prompt and type in the following :

 

chkdsk c: /r

 

Let me know how that goes

[Julia.G]

I ran chkdsk on E: and it says the file system is NTFS, and completed file verification very quickly (stage 1 of 5).

It verified indexes (2 of 5), and security descriptors and Usn Journal (3 of 5) and completed.

When checking file data (4 of 5), it said 'Windows replaced bad clusters in file 58064 of name \$Extend\$UsnJrnl' at 23%, and then completed.

It added 6 bad clusters to the Bad Cluster File, and corrected errors in the volume Bitmap and the file system. There were 24KB in bad sectors.

 

I can now access the E: drive through explorer and everything seems to be intact. Should I try booting up the computer normally or run the scans as directed first?

[Essexboy]

Yes try a normal boot, I am feeling slightly optimistic

[Julia.G]

 

You were right to be optimistic! I'm actually writing from the computer that was totally dead just 2 days ago!

 

When I started it the first time, it just crashed again. I tried system restore but it says it couldn't read some instruction from some part of the memory and just stops. Since I had no other options, I just tried restarting it again in normal Windows. It performed a disk check before initializing and didn't find any errors, but then it just gave me a black background with a pointer. I was about to despair when I saw this little blink of a window, and thought I'd try to open task manager. It worked, and I restarted Explorer, and everything showed up! It was still a little weird, lots of startup programs hadn't loaded. I got all my files out and properly backed them up, and after another restart, it seems to be just fine.

 

Thank you so much for your patience! 

 

I'm still not convinced everything is fine, though. Is there some sort of diagnostic tool I can run to try and see if there's anything that could give me trouble in the near future, or if there's some sort of hardware failure that I should fix?

[Essexboy]

Yes there is  
 
What appears to have happened is that the MFT was corrupted hence the system didn't really know where any file was. Chkdsk rebuilt the MFT for you.


Lets see what we can discover

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Julia.G]

Sorry about the delay, I think the different time zones are messing things up a bit.

 

Here are the logs.

Attached Files

•  FRST.txt   48.78KB   393 downloads
•  Addition.txt   64.56KB   281 downloads

[Essexboy]

No problem on the time, no apparent malware is showing.... However, your version of chrome is running from appdata as opposed to programme files where it should be. This was a change that Google instituted recently to make it more secure. I would recommend that you fully uninstall Chrome and then install the latest version

1.Close all Chrome windows and tabs.
2.Go to the Start menu > Control Panel.
3.Click Programmes and Features.
4.Double-click Google Chrome.
5.Click Uninstall from the confirmation dialogue. If you want to delete your user profile information, like your browser preferences, bookmarks and history, select the "Also delete your browsing data" tick box. (recommended)

Then install a fresh copy from here http://www.google.co...chrome/browser/

How is the computer behaving now ?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[Julia.G]

To be honest, the computer seems perfectly normal. I haven't tried installing Windows updates yet, and haven't really used it intensively in any way. I also cleared a lot of space in my hard drive (it's about 60% full now) and have only restarted it a couple of times, but nothing out of the ordinary seems to be happening. I reinstalled Chrome as well. However, when I tried to run AdwCleaner, it crashed (AdwCleaner, not the PC) while it was doing the cleaning part! I checked but it didn't produce the logfile you mentioned, just [S0] and [R0].

 

Should I try again? 

[Essexboy]

No it appears that there is a bug in the latest version, I will report that. Could you try windows updates and just use the computer as normal for a day or so and let me know of any problems

[Julia.G]

Will do!

[Essexboy]

Ta

[Julia.G]

Okay, so I waited a day and used it like normal. I did the Windows update, and it restarted without complaint. I tried running AdwCleaner again, but it didn't find anything to clean, which I guess means it did its job before crashing the first time. The only thing that happened is that the computer stopped responding while I was browsing, and I had to hard shutdown and restart, but I wouldn't really say that's something that would never have happened before. In other words, it's like my computer never even spent a couple of days in a coma or anything.

 

What do you think? Business as usual or is there anything else I should do?

[Essexboy]

Nope, if there was a hardware problem it would have re-appeared by now I feel. What I would suggest is empty your temporary files and defragment your hardrive

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix




: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe