[Slink]

its denying me access to the C drive but the documents and settings folder is in the ramdisk B: drive.. so copy it ro ramdisk(b:) drive?
after i open the documents and setting folder there are only 2 folders in it labeled all users and default users

Edited by Slink, 01 September 2011 - 01:51 PM.

[Advertisements]

No. Just check in the Documents and Settings folder that a folder with your user account's name exist, so you're sure that the drive is the correct one. Ramdisk isn't the correct drive.

If you get an error denied when trying to copy in the drive at OTLPE environment, do this:
Right click on the Drive
Select Properties
Go to security tab
From the Group or User names: space select Administrators
Under it, where it says permissions for Administrators, make sure that the Full control (under Allow) is checked.
Then try again and tell me if you get the same error.

[michaelg9]

No. Just check in the Documents and Settings folder that a folder with your user account's name exist, so you're sure that the drive is the correct one. Ramdisk isn't the correct drive.

If you get an error denied when trying to copy in the drive at OTLPE environment, do this:
Right click on the Drive
Select Properties
Go to security tab
From the Group or User names: space select Administrators
Under it, where it says permissions for Administrators, make sure that the Full control (under Allow) is checked.
Then try again and tell me if you get the same error.

[Slink]

ok im getting confused now. i cant find a file with my account name on it..

this is what im looking at. in attachment
the (b:) and (x:) drives are the only ones that says it has something on it

Attached Thumbnails

• 

Edited by Slink, 01 September 2011 - 02:12 PM.

[michaelg9]

Hello,
Local Disk (C:) is the drive we want. Continue with the instructions above

[Slink]

ok i so sorry i miss read that.. but everything is already set too allow besides special permission which i wont let me check allow or deny (and it still denys me access to C:)

[michaelg9]

OK, let's try another thing that i think will work:

Boot from the Windows XP CD as before. Select the windows installation folder number and then enter the administrators password as before.
Then type:

set AllowAllPaths = true

Then:

COPY D:\i386\ntldr C:\
COPY D:\i386\ntdetect.com C:\

Tell me if you get the access denied error.
Then, type this: (even if you got the error or not)

set AllowAllPaths = false

Reboot and see what happens

[Slink]

right? still didnt work if i did it right

Attached Thumbnails

• 

[michaelg9]

Hello,
Sorry for having you to switch from environment to environment

Boot from the OTLPE cd.
Click the Start > run
Type:

Regedit

Navigate to this key from the left panel:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole

Double click SetCommand from the right panel and set the value to 1:


The boot from the Windows XP CD and try the same previous steps at post#21

[Slink]

still access denied

[michaelg9]

Did set AllowAllPaths = true produced any errors?

[Slink]

i got the exact same message as before in post #22

[michaelg9]

Hello

I've asked the creator of OTLPE for some help on this. Let's run a scan until I get an answer:


OTL Custom Scan

• Download OTL to your Desktop
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.exe
  %APPDATA%\*.
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole|SetCommand /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

It's late here, so I'll answer you back tomorrow morning

[Slink]

want me to run that in the OTLPE environment?
if so it wont let me and says it failed to start framedyn.dll

Edited by Slink, 01 September 2011 - 04:34 PM.

[michaelg9]

Sorry that was the wrong set of instructions:

• Download scan.txt to your USB:
   scan.txt   510bytes   94 downloads
• Reboot your system using the boot CD you created and after it loads the Desktop, attach the USB
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.
• Before rebooting, check in C:\ and see if a text file named OTL.txt is there. Tell me if it's there or not

Next:

Double Click MBRFix from the Desktop and type:

MbrFix /drive 0 savembr C:\mbr.dat

After that there should be a file called mbr.dat in C:\. Move it to your usb.
From a clean computer put it in a zip archive
Attach it here in your next reply

[Slink]

got to step 6 and got a message (target is not windows 2000 or later)
but im running xp

Edited by Slink, 02 September 2011 - 11:26 AM.