[Gary R]

OK, the fact that you don't have to log in is not important, you're booting from a "rescue disk" to access the Command Prompt, whereas I accessed things differently. With a Rescue Disk you don't need to log in because there are no "accounts" to log into on the disk.

 

So my next question is this .....

 

When the command window opens on your computer, what does it say at the top of it ?

 

It should have a title at the top saying ...

 

Administrator   X:\Windows\System32\cmd.exe

 

And the cursor inside the command window should be flashing against .... X:\Windows\System32

 

If it has anything different, please let me know exactly what it is.

[Advertisements]

The title is exactly the same as you have above.

 

The cursor is flashing next to X:\Sources>

Above that is Microsoft Windows [Version 10.0.16299.15]

[Kirballer]

The title is exactly the same as you have above.

 

The cursor is flashing next to X:\Sources>

Above that is Microsoft Windows [Version 10.0.16299.15]

[Gary R]

OK, try the following, and tell me what happens ...

 

With the Command Windows open, type C: where the cursor is, and then hit Enter

 

What reply do you get ???

[Kirballer]

I get C:\>

[Gary R]

Good, that's what should happen.

 

So .... with your clean computer, please insert the USB drive that you have a copy of FRST on, and then Format it. Once that's done, please download a new copy of frst from ... https://www.bleeping...can-tool/dl/82/... to the newly formatted disk.

 

Now with the Command Window open, take the USB drive from your clean machine and plug it into the infected machine.

 

Next ....

 

At the command prompt, type E: then hit Enter

 

If the cursor now flashes E:/ then type DIR and then hit Enter

 

This should show you what files are present on your E:/ drive (your USB) drive, and there should only be FRST.64.exe

 

If that is the case, then at the cursor type FRST64.exe and that should start FRST.

 

Now run a scan with FRST, and post me the log once its completed.

 

To exit out, just close the Command Window, and you should then be presented with a series of options, one of which is to shut down your computer.

[Kirballer]

It says there are 5 files, but when I look on the usb there is only FRST64. I have formatted the usb and everything other than FRST should be deleted.

[Gary R]

OK can you list me the other files (if they are listed), if not let me know, in any case, just type FRST64.exe and hit Enter, and run a scan with FRST, and let's see what happens.

[Kirballer]

autorun.inf, bootmgr.efi, setup.exe, sources, support

 

Edit: running FRST now

 

I can complete a scan running FRST. When I move the usb to my other computer, I can't see an FRST.txt anywhere and can only see the FRST.exe application.

 

The FRST window looks different as well. I can't select as many options as I could when not in RE. This includes not being able to select an Addition.txt. I'm not sure if it is supposed to be this way or not.

Edited by Kirballer, 16 January 2018 - 09:41 AM.

[Gary R]

With your USB drive plugged into your clean computer please do the following .... http://www.ilovefree...windows-10.html... to reveal hidden files and folders on the drive.

 

Is FRST.txt now present ?

[Kirballer]

No other files showed up.

[Gary R]

OK, try running FRST again, and see if it produces a log this time.

 

When it completes its scan, in the Command Windows type DIR and hit Enter and you should be able to see if FRST.txt is actually being created on the USB drive or not.

 

If it is, then the problem is where's it going to when you plug it into your clean machine. ? (I'll have to think about that one)

[Kirballer]

I am now getting this message "The device is not ready." when I type "E:"

 

Edit: I've shut down my computer and booted through the other usb and it seems to be working fine again.

 

FRST.txt does show up when I type DIR. 

Edited by Kirballer, 16 January 2018 - 10:06 AM.

[Gary R]

Type E: again and see if you get an E:/ prompt this time if you do then type FRST64.exe to run FRST

 

If not, try F: and see if you get an F:/ prompt

 

If not try G: and see if you get a G:/prompt

 

After that try H: I: J:  etc.

 

If you do get a prompt back type DIR and look to see if FRST64.exe is present, if it is, type FRST64.exe to run it.

 

If you have more than one USB port/drive, the drive letter can change, and you may not be being seen by Windows as the E: drive.

[Kirballer]

I've gotten FRST to run again. Should I try saving a copy of the FRST.txt to the usb I use to boot from and see if it shows up on my clean computer then?

[Kirballer]

In the FRST.txt, it says "If the system is bootable FRST must be run from normal or Safe Mode to create a complete log." 

 

Maybe this is why it won't show up on the clean computer?