[ldtate]

Is your desktop showing?

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


To re-enable your Emulation drivers after you are claen, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Next:

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Advertisements]

My desktop does not show at the moment.
Currently, the computer goes through the restore setup & bomb's out before I even get a chance to log in.

Terry

[Terry Mullins]

My desktop does not show at the moment.
Currently, the computer goes through the restore setup & bomb's out before I even get a chance to log in.

Terry

[ldtate]

Hopefully you have access to a computer that can burn CD's

We will need to make a BOOT CD

Print these instruction out so that you know what you are doing.

Two programs to download

First

Please download ISOBurner and save it to your desktop. This program will allow you to burn OTLPE.ISO to make a bootable CD.

• Double click the ISOBurner set up icon to install the program, from there on in it is fairly automatic.
• There are Instructions for the iso burner here if you need them.

Second

• Download OTLPE.iso save it to your desktop. Now burn OTLPE.iso to a CD using ISO Burner. {NOTE: This file is 276.7 MB in size so it may take some time to download.)
• When downloaded double click OTLPE.iso > this will then open ISOBurner to burn the file to CD
  
  
• Reboot the infected system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start. Change the following settings
  
  • Change Drivers to Safe List
  • Under the Custom Scan box paste this in
    /md5start
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvata.sys
    iastorv.sys
    mountmgr.sys
    /md5stop
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Terry Mullins]

I just read your previous post & haven't tried it yet.

Our restore cd's for the Aspire 4330 arrived from Acer & we went through the install process.
During the install process, we got an error message that said that the system could not process the unattend.xml file because the answer is incorrect.

Interesting enough, we used the recovery cd's from another Acer Aspire (Model 5315), and everything appears to be working correctly, except some of the drivers that were for that particular model (which we downloaded from Acer).

[ldtate]

I take it all is good now?

[ldtate]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.