How do I recover from corrupt Windows 8.1 RT?

Second day of trying to start with fresh 8.1 installation on my Surface RT, all updates on, and still get reported failures from apps.diagcab tool.   It is possible nothing is wrong but that the tool reports a failure due to a bug or being out of date with current RT software, or cache folder locations or design.  The tool looks like this...
The apps.diagcab software tool.
and is here.
http://download.microsoft.com/download/F/2/4/F24D0C03-4181-4E5B-A23B-5C3A6B5974E3/apps.diagcab

From this link.
http://answers.microsoft.com/en-us/ie/forum/ie11-iewindows8_1/ie11-metro-fails-to-launch-after-splash-screen/bed951a0-2e79-4420-a397-e7605575f05b


History:
For months I've noticed being hacked.  Mostly seems like data monitoring rather than tremendous damage.  It is something that feels like remote access in the middle of my doing something.  Kinda like showing off.  A couple weeks ago got hugely hacked at a client's house on their Comcast setup.  I recorded a video of it on my phone and posted it on Google.  Possibly available if need be.  Another show off style of hack.  Without me saying so the client saw the video and described it as "show-off" attack.  At this client's house I tried to enter a CNNhln site, it took over my computer and played an audio file loop of ...

"You must fix your system.  Call the number below.  Your credit card info and data are at risk" (kinda like that)

While I was recording my Surface RT on my phone, the hack then took over the TV and put a still bitmap message across the screen about attending a swinger's convention, and on the basement TV a still video grab of a local newscaster from the 90's in mid-sentence.  Then later while I was on the phone with Comcast they booted up the client's Apple I was not able to take over the menus fast enough so unplugged everything instead.  After that, TVs were not functional and Comcast had to come out the next morning and restart all services.  Everything is reported fine at client's house since then.

Finally decided to try and check into all this yesterday.  Below is part of an email to my current contact at Microsoft.   I said:

Re:  SFC
Thank you for following up.  Yes, sfc can be good.  Didn't find anything for me though.  Not in months past, nor today after reset.  That's the thing about how I feel hacked and ridden to see what I'm doing, rather than do too much damage and get discovered.  
 
Re:  Trouble deleting javascript filenames.
One thing I noticed since the last time (about a year ago?)  I reset Windows, today I had difficulty deleting Windows.old file.  You have to select it, change permissions so you can delete it, then delete it.  So long ago, it smoothly deleted.  Today while going through this procedure Windows notified me of about 8-10? files that could not be deleted because their filename was too long so Windows couldn't handle it.   So Windows quit deleting and left me with these few javascript filenames (the filenames were a long line of code) down a subfolder or so under my AppData folder .   I selected show them to me individually.  If from real advertising, it was from Verizon and Huntington Bank ads.  The Huntington Bank got me, because it would have to do with a question I tried to help answer about Huntington Bank website problems on a forum.  I am a member of Experts-Exchange.com and tomorrow I'll try and find that question from long ago and see what was said.  I can't forget the feeling those months ago.  I felt led into a trap I remember because when I went to the Huntington Bank site it messed up my computer.  I took all these screen grabs of the dialogue box of deleting the javascript filenames to show someone, then lost my head and reset windows without getting the screen grabs off there first.  It's important to me so will try to replicate tomorrow while customizations are not done for my new install yet. If I had a low-level disk tool I would try and recover the screen grabs but I haven't come across one for RT yet.  I don't remember how I got those files deleted so I could delete the upper parent Windows.old folder.  There was something funny about it.
 
Re:  Sample output from apps.diagcab.
Tonight, after my earlier reset of Windows, I finally had a chance to get back and try the apps diag tool to reply to you.  I ran the apps diag tool twice and it still shows corruption every time.  I think it may be a good tool.  I will put some screen grabs of it in this email or attached prior to sending.

The two output files are .oxps and are each two pages I think.  You should find them attached.

And I have attached them here as PDFs.  I also have a few more, newly created screen grabs of the too long a filename to delete problem.  While trying to manually delete the Store cache, I renamed the cache folder cacheold.  Ran apps.diagcab again, got same errors, tried to delete the Cache folder that had just gotten created automatically, and had a similar deletion problem.  Here is what one of them looks like.

Long path error message sample.MetroAppDiagOutput1.pdf
MetroAppDiagOutput2.pdf
LVL 9
Christopher Jay WolffWiggle My Legs, OwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Christopher Jay WolffWiggle My Legs, OwnerAuthor Commented:
Forgot to mention I plan to have my next step to be reset windows again.  This time from flash drive as being the most clean and secure method.  From MS to flash, then to Surface.  Hope to get to it in about 5 hours or so.
0
David Johnson, CD, MVPOwnerCommented:
filename\path too long errors easy to fix start renaming the folders above it i.e.
right click select rename and press a letter then enter.  I sympathize with you since I had this experience the other day on one of my machines.. disk cleanup tool didn't do it.. takeown /f c:\windows.old /r /d n then right click add the users name, give them full control .. some folders/files gave an error (can't access) and then shift delete and or from an administrative command prompt del windows.old /s /q and rd windows.old /s/q

you sure this is a windows rt device not a windows pro device?
0
Christopher Jay WolffWiggle My Legs, OwnerAuthor Commented:
Thanks.  Yes on RT.  In my email quote above I described my first reset of Windows months ago where deleting Windows.old was fairly smooth.  Similar to what you describe.  I owned it and simply checked the box at the bottom of the window for "Advanced Security Settings" to have permissions go on downward and be inherited  by all child objects.  Then delete Windows.old smoothly.  All gone.

This Windows reset last Monday left a small tree of folders holding a few undeletable files in AppData ( I think a cache folder but not sure) with the too long a filename.  As I viewed the filenames one at a time for deletion, it appeared the filenames seemed to be long lines of javascript.  That's what brought back the bad memory of the Huntington Bank problem that messed up this same Surface RT.  Somehow I got it deleted and should have recorded my steps, but didn't know it would be a recurring problem.

While messing around with Microsoft Store cache, which also happens to reside in AppData folder,  The path I'm using:
C:\Users\ChristopherJay\AppData\Local\Packages\winstore_blahblah\LocalState\Cache

I use Task Mgr to delete Store and Store broker to allow handling cache.  I created Cacheold folder, launched Store, ran apps.diagcab and got the same error of corrupt Store cache.  Then tried deleting Store cache and ended up with a bunch of undeletable files with too long a name again.  This time as you can  see, they don't look like java code.  I tried simply dragging to desktop to shorten path.  Had to quit before success.  Back at it today for a little while.

This inability to delete may be connected to the corrupt Microsoft Store cache problem.  If someone wants a permanent back door to the Surface RT, maybe they design the hack to use Microsoft Store access somehow.  The way the RT has run for months, is like it emails someone to tell them I just booted up and am online.

Microsoft says to try different ISPs during reset, and different User account. Got behind, still have to do the reset windows to flash then RT procedure from MS.  And chkdsk and sfc don't show anything wrong for months.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Christopher Jay WolffWiggle My Legs, OwnerAuthor Commented:
Update.

Booted from flash recovery drive, Advanced, Reset without deleting Recovery partition.  First ever, and the last and only time, I ran apps.diagcab with no errors.  In hindsight, I should have talked to the computer engineer earlier as I believe the hack resided on my recovery partition.  So I should have immediately selected Reset and Delete Recovery partition.  Tried boot from flash, Advanced, boot to command prompt, format C: all zeroes, took too long and aborted.  Some commands like fdisk were unavailable at that prompt.  Only diskpart.  Microsoft (or hacker) tried to give me update on firmware, ended up having to take it, and system has not booted since.  Now working with new contact at Microsoft to see if possible to get a new firmware into the system.  That sequence above might be slightly off, but I gotta run.  The point is I got firmware update and it is no longer bootable.  Still working.  I plan to give the points to David above for knowing he should prod me to fix this issue sooner rather than later.
0
David Johnson, CD, MVPOwnerCommented:
I'm surprised that you got hacked with WinRT as that is far more secure than normal windows since normally you can only run windows store apps and other arm based programs a Win32 program will not run. Anything that could run would have to be internet explorer based. So it would be a browser hack.. unfortunately there isn't much in the level of malware removal tools for WinRT .. A full restore using the latest firmware/software from MIcrosoft should have cleaned things up.. Again you have to monkey around with the Windows.old folder to delete it. i.e. permissions, changing folder names to get under the 260 character limit and so forth.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Christopher Jay WolffWiggle My Legs, OwnerAuthor Commented:
Thanks. Yes I had my doubts about apps.diagcab running on RT.  Don't know enough.  Sorry didn't get back to you sooner.   Too many problems logging on, while simultaneously trying to get old Dell laptop and Macbook up and running as spares.  Hours.

As the system remains broken with no fix in sight, we could keep the post open if you like, or simply close knowing it is a difficult issue.  Still working on it.  My new contact asked for some details.  I provided them and the link to this question also.  They did answer some questions for me though.  They are saying that even though you go through setup and it asked during a custom install if you want auto updates on or off, if you pick off, it is still always on and can't be turned off.

Having a little testing luck by using a new refurbed Surface RT just like the one that is down.  Not much time with it due to holiday.  Opened a local user account on refurb and ran apps.diagcab and it reported it was able to fix the corrupt file.  My second time with no errors but this one was on the new refurb RT.  That was about last Thursday when it arrived I think.  I also could not log into my bank account from residential net with this new RT, but other sites sort of worked with an error being reported about Office cache not being compatible with IE's security features.  Today had the same error reported and inability to log into banking from McDonald's.  Got some screen grabs today though.  They're attached.

When launching IE, it reports cache problem immediately before choosing a URL.  Maybe because I'm signed in locally instead of my hotmail account that ties everything together for sign in.  If I do nothing the notice banner disappears.  If I click More Info, it opens a new IE window with the exact same message at the bottom with another "More Info" hyperlink.

Maybe the certificate issues are explainable to someone who understands certs, but I've never seen them in my years of logging into McDonald's.  Shouldn't the URL window be filled?

Sorry about the filenames.  Public Library did it for me.
--tsclient-usb1-screengrabs-CacheErrorOn
--tsclient-usb1-screengrabs-CacheErrorOn
--tsclient-usb1-screengrabs-CertDetailTo
--tsclient-usb1-screengrabs-CertInfoBott
--tsclient-usb1-screengrabs-CertInfoMid.
--tsclient-usb1-screengrabs-CertPath.PNG
--tsclient-usb1-screengrabs-SecurityAler
--tsclient-usb1-screengrabs-SecurityAler
0
Christopher Jay WolffWiggle My Legs, OwnerAuthor Commented:
Update.
A couple nights ago got about 43 updates from Microsoft.  They provided more and different diagnostics in the Windows directory under a Diagnostics folder.  I don't recall seeing the diagnostics folder before.  Haven't had too much time to mess with it.  There are three folders under diagnostics folder, which are Index, Scheduled, and System.  This new sub-tree is
Index folder
    bunch of xml files
Scheduled folder
    Maintenance folder
        a pkg file and a bunch of .ps1 files for different categories
System folder
    ...
    IESecurity folder
    ...
    Performance folder
    Power folder
    Printer folder
    Search folder
    USBCore folder
    WindowsUpdate folder


That night ran IESecurity pkg under System folder first.  No problems.  Then ran WindowsUpdate folder's pkg file and had errors found and reported repaired.  Very similar to the way apps.diagcab behaved.  When running again the same errors are reported again and again reported as being fixed.  So still not able to get rid of problem to secure the machine.  Got more updates last night and today from Microsoft and just now ran the WindowsUpdate diag pkg again.  The result from WindowsUpdate diag appears to be the same (I should have gotten a screen grab a couple nights ago)  and is below.

Windows Update diag pkg result.

If I get time, I am planning  later this week to reset again and use diskpart with a higher skill-level than my first time.  That was when my orginal RT went down and is still down and doesn't boot from flash anymore after taking new firmware update.  Any advice beforehand anyone?
0
Christopher Jay WolffWiggle My Legs, OwnerAuthor Commented:
I am going to have to find some way.  Maybe I have to give up on the RT which has been such a success for me.  Microsoft updates will keep the situation dynamic so testing results will also be dynamic and I'm closing the question.  The closest thing to what my experience has been with this malware is described in this attached paper from McAfee about a worm which makes a system part of a botnet.  It has specifics of some things to do, and to look for, to help protect a system and I plan to try some of these things too.  Mine is different but so so similar.  If I give up on the RT I could use so many other tools.

Thanks David.
rp-catch-me-if-you-can.pdf
0
Christopher Jay WolffWiggle My Legs, OwnerAuthor Commented:
Hope the points are okay.  Hard to do with ongoing problems.  Let me know if you think it should be otherwise.  Trying to avoid grade inflation you know.  My problem is I clicked on "grading tips" that sort of defines an A, a B, and a C so there it was in black and white.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 8

From novice to tech pro — start learning today.