It's hard for me to download the drivers now since my computer keeps wanting to reboot after only a few minutes of being online. I'm managing responding to you with continually getting the BSOD and then logging in a response before I get disconnected. Do you really think I need to download the drivers or just loss them off of the disk I have that came with the motherboard? I just need to know which ones to delete.
Browser Redirecting all the time
- Thread starter soar3
- Start date
shinybeast
Retired Graduate
OK
I want to pause here and seek a second opinion before you do anything else. I do not want the situation to become worse.
In the mean time, I have some questions.
What drivers did you install from the disc? What drivers are available to install from the disc?
Do you get BSODs if you run the computer without connecting the modem?
Do you have access to a PS/2 keyboard?
I want to pause here and seek a second opinion before you do anything else. I do not want the situation to become worse.
In the mean time, I have some questions.
What drivers did you install from the disc? What drivers are available to install from the disc?
Do you get BSODs if you run the computer without connecting the modem?
Do you have access to a PS/2 keyboard?
The drivers I installed are the NVIDIA nforce drivers and it asks to " Install these drivers sequentially, from top to bottom. NVIDIA nforce drivers (ethernet, IDE, RAID, and more) " That is the only option it has to select from and that is the one I selected.
The computer stays running as long as I don't plug into my modem without a problem. When I first did the reinstall of the nsvsds file I did hv an issue with getting online, but I deleted the network adapter and reinstated that driver and everything was fine. No BSOD and no keyboard malfunctions until I ran the OTL fix. However, it seems like the networking aspect of my computer is at question, but my keyboard is non responsive when I boot my computer up and try to select safe mode or to try and boot from a disk. I have never had this problem before. Also, the keyboard will function and let me get in to modify my BIOS, though. WEIRD!
No, I do not have a Ps/2 keyboard, just a Usb on.
The computer stays running as long as I don't plug into my modem without a problem. When I first did the reinstall of the nsvsds file I did hv an issue with getting online, but I deleted the network adapter and reinstated that driver and everything was fine. No BSOD and no keyboard malfunctions until I ran the OTL fix. However, it seems like the networking aspect of my computer is at question, but my keyboard is non responsive when I boot my computer up and try to select safe mode or to try and boot from a disk. I have never had this problem before. Also, the keyboard will function and let me get in to modify my BIOS, though. WEIRD!
No, I do not have a Ps/2 keyboard, just a Usb on.
shinybeast
Retired Graduate
If you can get the computer to work normally with modem disconnected, I strongly suggest you back up any important data on C: drive.
I'll post again once I get some more opinions.
I'll post again once I get some more opinions.
I ran a backup on my computer all night without any problems with the modem disconnected. I deleted and reinstalled my network adapters this morning and my computer stayed online and functioning until I decided to try and reboot and see what happens. After rebooting, the computer would only stay online for 10-15 mins and sometimes even shorter. I still do not have the option to get into Safe Mode which I'm starting to believe is not a keyboard issue since my keyboard is working fine. Maybe there was a file corrupted or deleted that has changed my boot.ini file of some sort.
shinybeast
Retired Graduate
Hi soar3,
See if you can stay online long enough to download TDSSKiller. Then disconnect the modem and run it. Post back with the log.
TDSSKiller
See if you can stay online long enough to download TDSSKiller. Then disconnect the modem and run it. Post back with the log.
TDSSKiller
- Click here to download TDSSKiller to your desktop.
- Extract TDSSKiller.zip to your desktop so that TDSSKiller.exe is on your desktop (not in a folder).
NOTE: Close all running programs as a reboot may be necessary. - Copy the text in code box below.
Code:"%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt" - Click Start, click Run... and paste the above command in the Open: box and click OK.
- If TDSSKiller finds something, allow it to delete what it finds.
- Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
- Locate the log, tdskiller.txt, on your desktop and post the contents of that log in your next reply.
17:29:21:046 3924 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
17:29:21:046 3924 ================================================================================
17:29:21:046 3924 SystemInfo:
17:29:21:046 3924 OS Version: 5.1.2600 ServicePack: 2.0
17:29:21:046 3924 Product type: Workstation
17:29:21:046 3924 ComputerName: AMD
17:29:21:046 3924 UserName: Emmett & Roz
17:29:21:046 3924 Windows directory: C:\WINDOWS
17:29:21:046 3924 Processor architecture: Intel x86
17:29:21:046 3924 Number of processors: 2
17:29:21:046 3924 Page size: 0x1000
17:29:21:046 3924 Boot type: Normal boot
17:29:21:046 3924 ================================================================================
17:29:21:046 3924 UnloadDriverW: NtUnloadDriver error 2
17:29:21:046 3924 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:29:21:156 3924 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
17:29:21:156 3924 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:29:21:156 3924 wfopen_ex: Trying to KLMD file open
17:29:21:156 3924 wfopen_ex: File opened ok (Flags 2)
17:29:21:156 3924 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
17:29:21:156 3924 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:29:21:156 3924 wfopen_ex: Trying to KLMD file open
17:29:21:156 3924 wfopen_ex: File opened ok (Flags 2)
17:29:21:156 3924 Initialize success
17:29:21:156 3924
17:29:21:156 3924 Scanning Services ...
17:29:21:187 3924 Raw services enum returned 344 services
17:29:21:203 3924
17:29:21:203 3924 Scanning Kernel memory ...
17:29:21:203 3924 Devices to scan: 10
17:29:21:203 3924
17:29:21:203 3924 Driver Name: Disk
17:29:21:203 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:203 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:203 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:203 3924 IRP_MJ_READ : BA908D9B
17:29:21:203 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:203 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:203 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:203 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:203 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:203 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:203 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:203 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:203 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:203 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:203 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:203 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:203 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:203 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:203 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: Disk
17:29:21:218 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:218 3924 IRP_MJ_READ : BA908D9B
17:29:21:218 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:218 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:218 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: Disk
17:29:21:218 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:218 3924 IRP_MJ_READ : BA908D9B
17:29:21:218 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:218 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:218 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: USBSTOR
17:29:21:218 3924 IRP_MJ_CREATE : ADC63218
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:218 3924 IRP_MJ_READ : ADC6323C
17:29:21:218 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:218 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : ADC625F0
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: USBSTOR
17:29:21:234 3924 IRP_MJ_CREATE : ADC63218
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:234 3924 IRP_MJ_READ : ADC6323C
17:29:21:234 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:234 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : ADC625F0
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: USBSTOR
17:29:21:234 3924 IRP_MJ_CREATE : ADC63218
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:234 3924 IRP_MJ_READ : ADC6323C
17:29:21:234 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:234 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : ADC625F0
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: nvata
17:29:21:234 3924 IRP_MJ_CREATE : BA6F2894
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : BA6F2874
17:29:21:234 3924 IRP_MJ_CLOSE : BA6F2894
17:29:21:234 3924 IRP_MJ_READ : BA6F2874
17:29:21:234 3924 IRP_MJ_WRITE : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_EA : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_EA : BA6F2874
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA6F28AE
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA6F2D4E
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA6F2874
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_CLEANUP : BA6F2874
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_SECURITY : BA6F2874
17:29:21:234 3924 IRP_MJ_POWER : BA6F2CEE
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA6F2A7C
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_QUOTA : BA6F2874
17:29:21:250 3924 C:\WINDOWS\system32\DRIVERS\nvata.sys - Verdict: 1
17:29:21:250 3924
17:29:21:250 3924 Completed
17:29:21:250 3924
17:29:21:250 3924 Results:
17:29:21:250 3924 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924
17:29:21:250 3924 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
17:29:21:250 3924 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
17:29:21:250 3924 KLMD(ARK) unloaded successfully
17:29:21:046 3924 ================================================================================
17:29:21:046 3924 SystemInfo:
17:29:21:046 3924 OS Version: 5.1.2600 ServicePack: 2.0
17:29:21:046 3924 Product type: Workstation
17:29:21:046 3924 ComputerName: AMD
17:29:21:046 3924 UserName: Emmett & Roz
17:29:21:046 3924 Windows directory: C:\WINDOWS
17:29:21:046 3924 Processor architecture: Intel x86
17:29:21:046 3924 Number of processors: 2
17:29:21:046 3924 Page size: 0x1000
17:29:21:046 3924 Boot type: Normal boot
17:29:21:046 3924 ================================================================================
17:29:21:046 3924 UnloadDriverW: NtUnloadDriver error 2
17:29:21:046 3924 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:29:21:156 3924 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
17:29:21:156 3924 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:29:21:156 3924 wfopen_ex: Trying to KLMD file open
17:29:21:156 3924 wfopen_ex: File opened ok (Flags 2)
17:29:21:156 3924 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
17:29:21:156 3924 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:29:21:156 3924 wfopen_ex: Trying to KLMD file open
17:29:21:156 3924 wfopen_ex: File opened ok (Flags 2)
17:29:21:156 3924 Initialize success
17:29:21:156 3924
17:29:21:156 3924 Scanning Services ...
17:29:21:187 3924 Raw services enum returned 344 services
17:29:21:203 3924
17:29:21:203 3924 Scanning Kernel memory ...
17:29:21:203 3924 Devices to scan: 10
17:29:21:203 3924
17:29:21:203 3924 Driver Name: Disk
17:29:21:203 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:203 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:203 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:203 3924 IRP_MJ_READ : BA908D9B
17:29:21:203 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:203 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:203 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:203 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:203 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:203 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:203 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:203 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:203 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:203 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:203 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:203 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:203 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:203 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:203 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: Disk
17:29:21:218 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:218 3924 IRP_MJ_READ : BA908D9B
17:29:21:218 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:218 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:218 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: Disk
17:29:21:218 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:218 3924 IRP_MJ_READ : BA908D9B
17:29:21:218 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:218 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:218 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: USBSTOR
17:29:21:218 3924 IRP_MJ_CREATE : ADC63218
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:218 3924 IRP_MJ_READ : ADC6323C
17:29:21:218 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:218 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : ADC625F0
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: USBSTOR
17:29:21:234 3924 IRP_MJ_CREATE : ADC63218
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:234 3924 IRP_MJ_READ : ADC6323C
17:29:21:234 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:234 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : ADC625F0
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: USBSTOR
17:29:21:234 3924 IRP_MJ_CREATE : ADC63218
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:234 3924 IRP_MJ_READ : ADC6323C
17:29:21:234 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:234 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : ADC625F0
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: nvata
17:29:21:234 3924 IRP_MJ_CREATE : BA6F2894
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : BA6F2874
17:29:21:234 3924 IRP_MJ_CLOSE : BA6F2894
17:29:21:234 3924 IRP_MJ_READ : BA6F2874
17:29:21:234 3924 IRP_MJ_WRITE : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_EA : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_EA : BA6F2874
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA6F28AE
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA6F2D4E
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA6F2874
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_CLEANUP : BA6F2874
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_SECURITY : BA6F2874
17:29:21:234 3924 IRP_MJ_POWER : BA6F2CEE
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA6F2A7C
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_QUOTA : BA6F2874
17:29:21:250 3924 C:\WINDOWS\system32\DRIVERS\nvata.sys - Verdict: 1
17:29:21:250 3924
17:29:21:250 3924 Completed
17:29:21:250 3924
17:29:21:250 3924 Results:
17:29:21:250 3924 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924
17:29:21:250 3924 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
17:29:21:250 3924 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
17:29:21:250 3924 KLMD(ARK) unloaded successfully
shinybeast
Retired Graduate
Boot.ini Check
We can check the current state of the Boot.ini file to check if it is corrupted or not as follows:
Please post bootini.txt and answer the following question.
Can you remember if the computer was rebooted at any time after the driver install but before the OTL fix? I asked this earlier but did not get an answer.
We can check the current state of the Boot.ini file to check if it is corrupted or not as follows:
- Open Notepad.
- Copy and Paste everything from the Code Box below into Notepad: <----Start >> Run... type in notepad and select OK
Code:
@Echo off
xcopy C:\boot.ini "%userprofile%\desktop\" /h
attrib -s -h "%userprofile%\desktop\boot.ini"
ren "%userprofile%\desktop\boot.ini" bootini.txt
Del %0- Go to File >> Save As
- Save File name as "Look.bat" <-- Make sure to include the apostrophes.
- Change Save as Type to All Files and save the file to your Desktop.
- It should look like this:
Please post bootini.txt and answer the following question.
Can you remember if the computer was rebooted at any time after the driver install but before the OTL fix? I asked this earlier but did not get an answer.
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Sorry for not answering, but yes the computer was rebooted after the drivers were installed.
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Sorry for not answering, but yes the computer was rebooted after the drivers were installed.
shinybeast
Retired Graduate
OK, that looks good.
I notice you have NVIDIA ForceWare Network Access Manager installed. It is known to be buggy and cause issues. It is also unnecessary. I recommend you uninstall it and see if that helps. If that does not help, then try reinstalling motherboard drivers but do not install Network Access Manager.
Otherwise, I think I may be out of ideas. I can recommend a forum to seek further assistance or you can reformat and reinstall Windows or take the computer to a shop.
Let me know the outcome and/or what you decide to do.
I notice you have NVIDIA ForceWare Network Access Manager installed. It is known to be buggy and cause issues. It is also unnecessary. I recommend you uninstall it and see if that helps. If that does not help, then try reinstalling motherboard drivers but do not install Network Access Manager.
Otherwise, I think I may be out of ideas. I can recommend a forum to seek further assistance or you can reformat and reinstall Windows or take the computer to a shop.
Let me know the outcome and/or what you decide to do.
I went into msconfig and changed the way my computer boots and was able to then get to the Safe Mode screen and safe mode itself. Safe mode worked fine and then I rebooted into Safe Mode with networking to see what would happen with my modem plugged in. I once again got the BSOD page displaying " unknown hard error. Beginning dump of physical memory" .
Well, all I can say is I wish I didn't do that last OTL run because I didn't have these issues with my computer ever before. If you do have a good forum to suggest for help, I'm open for suggestions. Thanks for your patience.
Well, all I can say is I wish I didn't do that last OTL run because I didn't have these issues with my computer ever before. If you do have a good forum to suggest for help, I'm open for suggestions. Thanks for your patience.
shinybeast
Retired Graduate
OK, we can undo the OTL fix and see what that does.
Please run this command.
Copy the text in the codebox below.
Click Start, click Run..., paste the above command in the Open: field and press Enter.
A text file named files should appear on the desktop. Post the contents of that file in your next reply.
Please run this command.
Copy the text in the codebox below.
Code:
dir /s C:\_OTL >> "%userprofile%\Desktop\files.txt"Click Start, click Run..., paste the above command in the Open: field and press Enter.
A text file named files should appear on the desktop. Post the contents of that file in your next reply.
shinybeast
Retired Graduate
Hi soar3,
Try this
Try this
Code:
cmd /c dir /s C:\_OTL >> "%userprofile%\Desktop\files.txt"shinybeast
Retired Graduate
You didn't save OTL to the desktop.
Try this.
Try this.
Code:
cmd /c dir /s D:\_OTL >> "%userprofile%\Desktop\files.txt"Volume in drive C has no label.
Volume Serial Number is B429-ECEA
Volume in drive D is Programs
Volume Serial Number is 0477-52EC
Directory of D:\_OTL
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> MovedFiles
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> 03272010_193248
03/28/2010 09:35 PM 142,526 03272010_193248.log
1 File(s) 142,526 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> C_Documents and Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> All Users
03/27/2010 07:32 PM <DIR> Emmett & Roz
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Desktop
03/27/2010 07:32 PM <DIR> Local Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Desktop
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/23/2010 05:48 AM 2,855 Shortcut to rkill(2).com.pif
1 File(s) 2,855 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
2 File(s) 145,381 bytes
29 Dir(s) 91,043,721,216 bytes free
Volume in drive D is Programs
Volume Serial Number is 0477-52EC
Directory of D:\_OTL
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> MovedFiles
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> 03272010_193248
03/28/2010 09:35 PM 142,526 03272010_193248.log
1 File(s) 142,526 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> C_Documents and Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> All Users
03/27/2010 07:32 PM <DIR> Emmett & Roz
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Desktop
03/27/2010 07:32 PM <DIR> Local Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Desktop
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/23/2010 05:48 AM 2,855 Shortcut to rkill(2).com.pif
1 File(s) 2,855 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
2 File(s) 145,381 bytes
29 Dir(s) 91,043,581,952 bytes free
Volume Serial Number is B429-ECEA
Volume in drive D is Programs
Volume Serial Number is 0477-52EC
Directory of D:\_OTL
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> MovedFiles
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> 03272010_193248
03/28/2010 09:35 PM 142,526 03272010_193248.log
1 File(s) 142,526 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> C_Documents and Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> All Users
03/27/2010 07:32 PM <DIR> Emmett & Roz
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Desktop
03/27/2010 07:32 PM <DIR> Local Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Desktop
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/23/2010 05:48 AM 2,855 Shortcut to rkill(2).com.pif
1 File(s) 2,855 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
2 File(s) 145,381 bytes
29 Dir(s) 91,043,721,216 bytes free
Volume in drive D is Programs
Volume Serial Number is 0477-52EC
Directory of D:\_OTL
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> MovedFiles
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> 03272010_193248
03/28/2010 09:35 PM 142,526 03272010_193248.log
1 File(s) 142,526 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> C_Documents and Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> All Users
03/27/2010 07:32 PM <DIR> Emmett & Roz
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Desktop
03/27/2010 07:32 PM <DIR> Local Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Desktop
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/23/2010 05:48 AM 2,855 Shortcut to rkill(2).com.pif
1 File(s) 2,855 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
2 File(s) 145,381 bytes
29 Dir(s) 91,043,581,952 bytes free
shinybeast
Retired Graduate
Nothing much there but empty folders. We can try System Restore to before the drivers were installed and OTL fix run. This may or may not fix things and could restore the infection as well. Before we try that...
What did you do in MSCONFIG to allow safe mode to boot?
What did you do in MSCONFIG to allow safe mode to boot?
I deselected Selective Startup and then selected Diagnostic setup. I have now been booting into plain normal startup.
However, I had already looked into using System Restore, but for some reason my restore was turned off and the restore points that I had this morning are gone. I was p#@@ed off!!!!
However, I had already looked into using System Restore, but for some reason my restore was turned off and the restore points that I had this morning are gone. I was p#@@ed off!!!!
shinybeast
Retired Graduate
OTL successfully created a restore point when you first ran it.
Did you turn off System Restore?
Also, System Restore will probably not run under diagnostic startup as the services needed for it will probably not be running.
What do you think about this?