Author Topic: test. PLEASE respond! (Read 31657 times)

kissagain · « **Reply #30 on:** April 01, 2013, 07:47:51 PM »

I burned OTLPE.exe to a CD, downloaded and ran FRST.exe (FRST.txt is attached). I then rebooted into the Reatogo desktop. I was trying to locate Firefox on Reatogo but only saw Internet explorer. I tried to access the internet. I opened to use it, but seemed not to be able to access the web on it. I then searched the "All Programs" for Firefox, located it and attempted a connection via that browser... no luck again. I was thinking I could probably reboot into Windows again to communicate via the Forum, clicked on "shutdown" and Reatogo didn't seem to do anything for at least 10 minutes (may need to cold boot), at which time I left as was and am presently at library again, to send the FRST.txt file. I'll be here for a little while and check again for your reply, before returning home and cold booting into Windows.

essexboy · « **Reply #31 on:** April 01, 2013, 08:09:44 PM »

Found it

ATTENTION ===> 0 byte partition bootkit on partition 1

I will need to use one of Farbars other tools to kill this

Download ListParts64 to the USB where you have FRST

Go to the Reatogo desktop and run Listparts
The tool will start to run.

Press Scan button.
It will make a log (results.txt) on the flash drive. Please copy and paste it to your reply.

kissagain · « **Reply #32 on:** April 02, 2013, 01:03:30 AM »

downloaded ListParts64... (back to home).... opened Reatogo Desktop... looked for "ListParts" program icon on desktop... couldn't find one and searched "all Programs", none to be found... ran ListParts64.exe (via "My Computer" on the desktop) from my USB drive.... I got an error msg which said "D:\ListParts64.exe is not a valid Win32 application"... started to reply but decided to try again... rebooted into Reatogo... clicked on "My Computer" but it didn't respond... hit "alt+ctrl+del" and back toreply now.... with no result.txt file..... Not sure if I did something wrong?

essexboy · « **Reply #33 on:** April 02, 2013, 04:52:51 PM »

Hi that was my stupid fault I forgot that reatogo is a 32 bit operating system

Download this one to your USB
ListParts This is the 32bit version.. Once we run the listparts fix it will be gone

kissagain · « **Reply #34 on:** April 02, 2013, 06:52:52 PM »

Hi,
Success in running Listparts...

results.txt attached.

Immediately upon rebooting to Windows and opening browser, I got the Avast alert: "Malicious URL Blocked" again.... infection- URL:Mal in Process- C:\Windows\systems32\scvhost.exe

essexboy · « **Reply #35 on:** April 02, 2013, 07:17:35 PM »

OK download the attached fix.txt to the same USB as listparts
Run the Reatogo desktop
Run Listparts as before
Press Fix

What will then happen is the 0byte partition will be set inactive
The proper partition will be set active
The proper partition will be set inactive
The proper partition will then be set active for the last time
The 0byte partition will then be removed

Once it has completed it will make a log on the USB drive, post that
Reboot to normal windows and let me know if the alerts cease

kissagain · « **Reply #36 on:** April 02, 2013, 08:59:16 PM »

MAJOR problem!!!! I CANNOT reboot into normal Windows (I am again at the library!)

Reminder: I have not been able to use any browser for my communications with you within the Reatogo desktop since I have been using it. I have been back and forth between Reatog and normal Windows.

When I rebooted to go into normal Windows (and did a COLD boot for normal windows) I get the same message on a black bootup screen: "Reboot and select proper Boot device or Insert Boot Media in Selected Boot device and press any key."

You will find the PLfixlog.txt attached.

I am also WORRIED NOW.... when I inserted my USB drive into this computer at the library I had a notice that "a new device was installed but computer will need to be restarted to complete" something to that main effect) that is not to happen nor has it happened to me in the past by inserting my USB drive.

I will be here at the library for a little while waiting your next instruction.

essexboy · « **Reply #37 on:** April 02, 2013, 09:04:33 PM »

OK download this fix, and then run from list parts as before.

I have had a quick word with Farbar and the custom is used only for Vista and above, which was why the script did not run

kissagain · « **Reply #38 on:** April 02, 2013, 09:10:44 PM »

okay... on my way back home to run this new fix file...... I hope there won't be any problems with this library computer!! But I'm not sure if i will know about it, if there is.

I will send new fixlog after I run the listparts with this fix.... either from home or from library again IF it does't work.

kissagain · « **Reply #39 on:** April 02, 2013, 10:15:40 PM »

BACK at the library ... that only means that AGAIN my computer did NOT bootup into normal Windows! It still brought up the same message for inserting a boot device (same as mentioned in reply #36).

I ran the fix again and you will find attached the most recent PLfixlog.txt

I will be waiting for reply....

essexboy · « **Reply #40 on:** April 02, 2013, 11:07:16 PM »

Jus waiting to have a word with Farbar about this meanwhile

Run the reatogo desktop

At the Reatogo desktop. Double click MBRFix. A command prompt will be presented. Type the following commands and press Enter after each line:
C:
cd C:\
MbrFix /drive 0 fixmbr
Exit

kissagain · « **Reply #41 on:** April 02, 2013, 11:21:00 PM »

I will follow those instructions and leave computer as it will sit until I return tomorrow to the library (if need to) for your further instructions, after your talking with Farbar. I will be leaving library in 20 mins, as it will be closing for the day. I will check for further instruction before leaving here if you may send within 15 mins.

essexboy · « **Reply #42 on:** April 02, 2013, 11:22:58 PM »

OK he is not online at the moment

kissagain · « **Reply #43 on:** April 03, 2013, 04:59:39 PM »

Hi essexboy,
I am back at the library, was hoping for a reply but I see none. I will be here for an hour this session.

In the meantime, I have typed as you requested previously. In typing the third line, I got a msg saying: " 'Mbrfix' is not recognized as an internal or external command operable program or batch file." At this line I typed it in various ways: (1) all with no spaces, (2) space after "Mbrfix" (3) space after each of following: "Mbrfix", "/drive" and "0" and "fixmbr", all resulting in the same msg. However, I used only the zero for the "0". If it is to be the letter "O" I was mistaken. I also changed what I saw as a forward slash, into a backward slash with a resulting msg of "The system cannot find the path specified." This is how I left the sceen on my computer. I have not yet typed the "Exit"

Waiting for further instruction.

kissagain

essexboy · « **Reply #44 on:** April 03, 2013, 05:11:45 PM »

This was in the box that MBRFix opened ? If so add a /yes at the end

MBRFix /drive 0 fixmbr /yes

Author Topic: test. PLEASE respond! (Read 31657 times)

kissagain

Re: test. PLEASE respond!

essexboy

Re: test. PLEASE respond!

kissagain

Re: test. PLEASE respond!

essexboy

Re: test. PLEASE respond!

kissagain

Re: test. PLEASE respond!

essexboy

Re: test. PLEASE respond!

kissagain

Re: test. PLEASE respond!

essexboy

Re: test. PLEASE respond!

kissagain

Re: test. PLEASE respond!

kissagain

Re: test. PLEASE respond!

essexboy

Re: test. PLEASE respond!

kissagain

Re: test. PLEASE respond!

essexboy

Re: test. PLEASE respond!

kissagain

Re: test. PLEASE respond!

essexboy

Re: test. PLEASE respond!