Codec Problems - can only work in safe mode?

**miss spooky** · 2006-12-25, 10:58

Couldn't find COLR4-2K.sys either...

HJT log:-

Logfile of HijackThis v1.99.1
Scan saved at 9:37:45 AM, on 12/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O15 - Trusted Zone: http://www.freewebs.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130231909123
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131100914278
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...r/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

**Mosaic1** · 2006-12-28, 09:18

Hi miss spooky,

Teacup is taking some time off but will be back. In the meantime I have been asked to look in. I have been reading this thread.

There's a possibility that you had a typo. So let's dop a search for all sys files and see.

Copy the bold print to notepad. Name the file look.bat SAve it on your desktop.
Then double click on look.bat to run it. When finished, it will create and open a file named results.txt on your desktop. Please post the contents of results.txt into your next reply here.

cd \
dir /s /a *.sys >results.txt
Start notepad results.txt

I hope you're still with us. There are a couple of things we can try to get you back into Windows. One is not difficult at all, if it works. But I would really like to see what this file is first and then take it from there.

Mosaic1

**miss spooky** · 2006-12-28, 17:06

Hi Mosaic1,

Thank you for taking over. I guessed Teacup was taking a Xmas break.

I've done the scan & here are the results:-

Volume in drive C has no label.
Volume Serial Number is 3869-1805

Directory of C:\

10/09/2004 01:12p 0 MSDOS.SYS
04/23/1999 10:22p 222,390 IO.SYS
12/24/2006 10:51a 419,430,400 PAGEFILE.SYS
3 File(s) 419,652,790 bytes

Directory of C:\WINDOWS\SYSTEM32

05/08/2001 12:00p 9,029 ansi.sys
10/06/2005 09:33a 1,638,672 WIN32K.SYS
05/08/2001 12:00p 4,768 himem.sys
06/19/2003 08:05p 42,537 KEYBOARD.SYS
05/08/2001 12:00p 29,370 ntdos411.sys
05/08/2001 12:00p 29,274 ntdos412.sys
05/08/2001 12:00p 29,146 ntdos404.sys
05/08/2001 12:00p 29,146 ntdos804.sys
06/19/2003 08:05p 33,824 NTIO.SYS
05/08/2001 12:00p 27,097 country.sys
05/08/2001 12:00p 27,866 ntdos.sys
06/19/2003 08:05p 42,809 key01.sys
06/19/2003 08:05p 34,544 ntio404.sys
06/19/2003 08:05p 35,648 ntio411.sys
06/19/2003 08:05p 35,408 ntio412.sys
06/19/2003 08:05p 34,544 ntio804.sys
06/19/2003 08:05p 187,024 spcmdcon.sys
17 File(s) 2,270,706 bytes

Directory of C:\WINDOWS\SYSTEM32\DRIVERS

06/19/2003 08:05p 93,360 ndiswan.sys
05/10/2005 09:20a 513,424 ntfs.sys
06/19/2003 08:05p 37,552 nmnt.sys
09/06/2004 06:06a 161,072 nwrdr.sys
06/19/2003 08:05p 91,408 NWLNKIPX.SYS
06/19/2003 08:05p 65,520 nwlnknb.sys
04/21/2005 08:03a 183,248 rdbss.sys
06/19/2003 08:05p 60,208 parallel.sys
06/19/2003 08:05p 25,104 parport.sys
06/19/2003 08:05p 22,064 pciidex.sys
06/19/2003 08:05p 109,584 pcmcia.sys
06/19/2003 08:05p 60,496 psched.sys
06/19/2003 08:05p 17,680 ptilink.sys
06/19/2003 08:05p 19,920 rasirda.sys
12/02/2004 01:07p 63,280 udfs.sys
05/12/2005 10:25a 320,176 tcpip.sys
06/19/2003 08:05p 62,736 serial.sys
06/19/2003 08:05p 22,064 sonydcam.sys
04/21/2005 08:03a 127,568 AFD.SYS
05/03/2005 09:10a 238,928 SRV.SYS
06/19/2003 08:05p 16,240 tdi.sys
04/14/2005 06:59a 136,880 fltmgr.sys
06/19/2003 08:05p 50,640 videoprt.sys
06/19/2003 08:05p 173,232 UPDATE.SYS
06/19/2003 08:05p 57,264 mf.sys
06/19/2003 08:05p 29,168 modem.sys
06/19/2003 08:05p 59,312 pci.sys
06/19/2003 08:05p 21,776 mouclass.sys
06/19/2003 08:05p 40,176 usbhub.sys
12/12/2002 12:14a 5,248 mspclock.sys
06/19/2003 08:05p 20,688 usbd.sys
06/19/2003 08:05p 32,848 uhcd.sys
07/14/2005 12:24p 74,384 SCSIPORT.SYS
06/19/2003 08:05p 35,344 redbook.sys
06/19/2003 08:05p 34,704 msgpc.sys
05/08/2001 12:00p 57,904 atmarpc.sys
05/08/2001 12:00p 4,080 beep.sys
05/08/2001 12:00p 19,088 cdaudio.sys
04/08/2005 11:51a 175,632 netbt.sys
06/19/2003 08:05p 170,928 ndis.sys
05/08/2001 12:00p 272,496 cinemst2.sys
05/08/2001 12:00p 12,880 class2.sys
06/19/2003 08:05p 9,200 ndistapi.sys
06/19/2003 08:05p 11,792 partmgr.sys
05/08/2001 12:00p 10,064 dxapi.sys
04/30/2005 02:50p 11,860 vbtenum.sys
06/19/2003 08:05p 52,112 rasl2tp.sys
06/19/2003 08:05p 48,464 raspptp.sys
06/19/2003 08:05p 14,160 serenum.sys
05/08/2001 12:00p 34,416 ipfltdrv.sys
05/08/2001 12:00p 19,984 ipinip.sys
06/19/2003 08:05p 10,384 sfloppy.sys
06/19/2003 08:05p 148,400 sfmatalk.sys
05/08/2001 12:00p 4,240 mnmdd.sys
05/08/2001 12:00p 21,328 msfs.sys
07/09/2004 02:58a 15,104 mpe.sys
05/08/2001 12:00p 102,160 nbf.sys
06/19/2003 08:05p 53,552 swmidi.sys
05/08/2001 12:00p 40,432 ndproxy.sys
05/08/2001 12:00p 33,456 netbios.sys
05/08/2001 12:00p 9,680 netdtect.sys
05/08/2001 12:00p 37,040 npfs.sys
05/08/2001 12:00p 2,800 null.sys
05/08/2001 12:00p 12,560 nwlnkflt.sys
05/08/2001 12:00p 35,344 nwlnkfwd.sys
05/08/2001 12:00p 58,480 nwlnkspx.sys
06/19/2003 08:05p 47,568 sysaudio.sys
05/08/2001 12:00p 6,512 parvdm.sys
05/08/2001 12:00p 8,016 rasacd.sys
06/19/2003 08:05p 10,928 tape.sys
06/19/2003 08:05p 32,272 wanarp.sys
05/08/2001 12:00p 16,880 raspti.sys
05/08/2001 12:00p 35,024 rawwan.sys
05/08/2001 12:00p 21,712 rca.sys
05/08/2001 12:00p 6,032 rootmdm.sys
06/19/2003 08:05p 73,872 wdmaud.sys
06/19/2003 08:05p 57,296 irda.sys
06/19/2003 08:05p 10,288 irenum.sys
05/08/2001 12:00p 14,832 smclib.sys
06/19/2003 08:05p 20,208 msircomm.sys
05/08/2001 12:00p 105,840 streams.sys
08/28/2004 10:52p 28,624 SECDRV.SYS
06/19/2003 08:05p 11,984 ndisuio.sys
05/08/2001 12:00p 52,048 tosdvd.sys
05/08/2001 12:00p 22,000 tsbvcap.sys
05/08/2001 12:00p 23,888 usbcamd.sys
05/08/2001 12:00p 59,280 vdmindvd.sys
05/08/2001 12:00p 13,968 vga.sys
06/19/2003 08:05p 19,728 usbehci.sys
05/08/2001 12:00p 4,240 wmilib.sys
05/08/2001 12:00p 12,016 ws2ifsl.sys
05/08/2001 12:00p 12,368 fsvga.sys
05/08/2001 12:00p 88,816 lvcam.sys
05/08/2001 12:00p 79,120 lvcodek.sys
05/08/2001 12:00p 17,424 lvsound.sys
05/08/2001 12:00p 15,120 usbintel.sys
06/19/2003 08:05p 49,776 usbhub20.sys
06/19/2003 08:05p 138,288 usbport.sys
09/21/2003 01:32a 71,888 ksecdd.sys
04/08/2005 11:51a 432,976 mrxsmb.sys
10/27/2006 08:34a 26,912 avg7rsnt.sys
05/20/2004 08:21a 36,918 DcCam.sys
05/20/2004 08:39a 8,022 DcLps.sys
05/20/2004 08:41a 61,564 DcFpoint.sys
06/02/2004 01:17p 151,985 ExportIt.sys
01/16/2006 09:33p 4,288 avg7rsw.sys
10/04/1999 03:03p 13,904 hidusb.sys
05/08/2001 12:00p 33,616 fips.sys
06/02/2004 01:19p 38,705 DCFS2k.sys
06/19/2003 08:05p 21,872 usbprint.sys
06/19/2003 08:05p 12,592 usbscan.sys
12/12/2002 12:14a 5,504 mstee.sys
12/12/2002 12:14a 4,096 swenum.sys
07/09/2004 02:58a 11,392 bdasup.sys
11/15/2006 09:01p 36,592 pxhelp20.sys
11/10/1999 03:34p 71,632 atimpab.sys
05/20/2004 08:45a 68,950 DcPtp.sys
12/12/2002 12:14a 7,424 mskssrv.sys
07/09/2004 02:58a 14,976 streamip.sys
07/09/2004 02:58a 10,112 ndisip.sys
12/02/2004 01:07p 89,328 mup.sys
04/08/2005 11:51a 63,248 cdfs.sys
07/09/2004 02:58a 10,880 slip.sys
09/30/1999 05:26p 64,144 ess.sys
03/30/2004 09:05p 11,904 Bonifay.sys
10/27/2006 08:34a 27,904 avg7rsxp.sys
09/25/1999 10:36a 9,104 NtApm.sys
07/09/2004 02:58a 83,968 nabtsfec.sys
07/09/2004 02:58a 16,384 ccdecode.sys
09/25/1999 10:35a 2,896 audstub.sys
07/09/2004 02:58a 18,688 wstcodec.sys
07/09/2004 02:58a 56,832 msdv.sys
07/19/2005 10:44a 142,288 fastfat.sys
12/12/2002 12:14a 130,304 ks.sys
06/19/2003 08:05p 148,208 portcls.sys
01/16/2006 09:33p 4,992 avgtdi.sys
10/28/1999 03:24p 51,152 DMusic.sys
12/02/2004 01:00p 116,400 ftdisk.sys
08/11/2004 10:42p 67,344 ipnat.sys
08/16/2005 08:40a 30,160 mountmgr.sys
02/02/2005 01:21a 14,408 GEARAspiWDM.sys
06/19/2003 08:05p 21,552 USBSTOR.SYS
01/10/2003 09:30a 25,449 SQCamD.sys
01/10/2003 10:56a 30,921 SQCaptur.sys
12/16/2004 04:32p 13,304 BTNetFilter.sys
10/27/2006 08:34a 778,656 avg7core.sys
06/19/2003 08:05p 42,000 stream.sys
09/25/1999 10:36a 4,816 MSPQM.sys
05/31/2005 03:40p 20,480 blueletaudio.sys
04/28/2003 06:31p 51,169 OXSER.SYS
05/10/2002 01:31p 633,220 Intels51.sys
04/30/2005 02:50p 28,271 BTHidMgr.sys
09/25/1999 10:34a 16,144 MODEMCSA.sys
06/21/2002 09:36a 25,260 SMCUSB.sys
03/21/2004 06:28p 23,420 cdralw2k.sys
03/21/2004 06:28p 58,000 cdr4_2K.sys
03/25/2005 05:18p 82,148 VcommMgr.sys
06/19/2003 08:05p 21,008 agp440.sys
06/19/2003 08:05p 17,840 asyncmac.sys
06/19/2003 08:05p 86,672 atapi.sys
06/19/2003 08:05p 48,496 atmlane.sys
06/19/2003 08:05p 331,088 atmuni.sys
10/19/2004 01:37p 61,312 VComm.sys
06/19/2003 08:05p 27,984 cdrom.sys
06/19/2003 08:05p 34,832 classpnp.sys
06/19/2003 08:05p 30,768 DISK.SYS
06/19/2003 08:05p 14,288 diskdump.sys
06/19/2003 08:05p 7,728 diskperf.sys
06/19/2003 08:05p 56,112 DLC.SYS
06/19/2003 08:05p 369,104 dmboot.sys
06/19/2003 08:05p 137,936 dmio.sys
06/19/2003 08:05p 7,312 dmload.sys
06/19/2003 08:05p 27,440 efs.sys
09/05/2006 04:03p 3,968 AvgAsCln.sys
06/19/2003 08:05p 26,256 fdc.sys
06/19/2003 08:05p 19,312 flpydisk.sys
06/19/2003 08:05p 7,600 fs_rec.sys
06/19/2003 08:05p 24,752 hidclass.sys
06/19/2003 08:05p 23,056 hidparse.sys
06/19/2003 08:05p 46,992 i8042prt.sys
06/19/2003 08:05p 4,624 intelide.sys
06/19/2003 08:05p 64,304 ipsec.sys
06/19/2003 08:05p 19,952 irsir.sys
06/19/2003 08:05p 46,992 isapnp.sys
06/19/2003 08:05p 24,528 kbdclass.sys
06/19/2003 08:05p 148,304 kmixer.sys
02/11/2004 06:29a 48,076 Sio9502k.sys
03/23/2004 03:26a 48,556 SktBt2k.sys
07/03/2003 07:58p 63,488 wssbtr1f.sys
05/31/2005 09:42a 23,000 btcusb.sys
09/21/2004 06:18p 116,021 fw203x.sys
04/30/2005 02:48p 10,804 BtNetDrv.sys
09/21/2004 06:18p 148,830 bcbthub.sys
04/30/2005 02:50p 11,736 VHIDMini.sys
194 File(s) 12,081,621 bytes

Directory of C:\WINDOWS\SYSTEM32\dllcache

05/03/2005 09:10a 238,928 srv.sys
06/19/2003 08:05p 148,208 portcls.sys
06/19/2003 08:05p 42,000 stream.sys
05/08/2001 12:00p 33,616 fips.sys
04/21/2005 08:03a 127,568 afd.sys
04/08/2005 11:51a 63,248 cdfs.sys
07/19/2005 10:44a 142,288 fastfat.sys
10/06/2005 09:33a 1,638,672 win32k.sys
09/21/2003 01:32a 71,888 ksecdd.sys
06/19/2003 08:05p 33,824 NTIO.SYS
05/10/2005 09:20a 513,424 ntfs.sys
07/14/2005 12:24p 74,384 scsiport.sys
12/02/2004 01:07p 63,280 udfs.sys
06/19/2003 08:05p 21,872 usbprint.sys
06/19/2003 08:05p 12,592 usbscan.sys
10/04/1999 03:03p 13,904 hidusb.sys
05/08/2001 12:00p 9,029 ansi.sys
12/12/2002 12:14a 130,304 ks.sys
12/12/2002 12:14a 5,248 mspclock.sys
12/12/2002 12:14a 7,424 mskssrv.sys
12/12/2002 12:14a 4,096 swenum.sys
12/12/2002 12:14a 5,504 mstee.sys
07/09/2004 02:58a 16,384 ccdecode.sys
05/08/2001 12:00p 57,904 atmarpc.sys
07/09/2004 02:58a 56,832 msdv.sys
06/19/2003 08:05p 21,552 usbstor.sys
05/08/2001 12:00p 4,080 beep.sys
05/08/2001 12:00p 11,376 busmouse.sys
04/08/2005 11:51a 175,632 netbt.sys
05/08/2001 12:00p 27,097 country.sys
06/19/2003 08:05p 16,240 tdi.sys
08/16/2005 08:40a 30,160 mountmgr.sys
06/19/2003 08:05p 34,544 ntio404.sys
06/19/2003 08:05p 35,648 ntio411.sys
06/19/2003 08:05p 35,408 ntio412.sys
05/08/2001 12:00p 12,880 class2.sys
06/19/2003 08:05p 34,544 ntio804.sys
09/06/2004 06:06a 161,072 nwrdr.sys
04/14/2005 06:59a 136,880 fltmgr.sys
12/02/2004 01:00p 116,400 ftdisk.sys
08/11/2004 10:42p 67,344 ipnat.sys
10/24/2004 01:10p 77,680 mqac.sys
05/08/2001 12:00p 10,064 dxapi.sys
04/08/2005 11:51a 432,976 mrxsmb.sys
12/02/2004 01:07p 89,328 mup.sys
04/21/2005 08:03a 183,248 rdbss.sys
05/12/2005 10:25a 320,176 tcpip.sys
05/08/2001 12:00p 4,768 himem.sys
05/08/2001 12:00p 34,416 ipfltdrv.sys
05/08/2001 12:00p 19,984 ipinip.sys
05/08/2001 12:00p 4,240 mnmdd.sys
05/08/2001 12:00p 21,328 msfs.sys
05/08/2001 12:00p 40,432 ndproxy.sys
05/08/2001 12:00p 33,456 netbios.sys
05/08/2001 12:00p 9,680 netdtect.sys
05/08/2001 12:00p 37,040 npfs.sys
05/08/2001 12:00p 3,216 mwsetupk.sys
05/08/2001 12:00p 29,146 ntdos404.sys
05/08/2001 12:00p 29,370 ntdos411.sys
05/08/2001 12:00p 27,866 ntdos.sys
05/08/2001 12:00p 29,274 ntdos412.sys
09/24/1999 11:10a 39,200 mwwdm.sys
05/08/2001 12:00p 29,146 ntdos804.sys
05/08/2001 12:00p 102,160 nbf.sys
05/08/2001 12:00p 6,512 parvdm.sys
05/08/2001 12:00p 2,800 null.sys
05/08/2001 12:00p 12,560 nwlnkflt.sys
05/08/2001 12:00p 35,344 nwlnkfwd.sys
05/08/2001 12:00p 58,480 nwlnkspx.sys
05/08/2001 12:00p 8,016 rasacd.sys
05/08/2001 12:00p 16,880 raspti.sys
05/08/2001 12:00p 35,024 rawwan.sys
05/08/2001 12:00p 6,032 rootmdm.sys
05/08/2001 12:00p 14,832 smclib.sys
05/08/2001 12:00p 105,840 streams.sys
05/08/2001 12:00p 9,328 synth.sys
05/08/2001 12:00p 42,736 sndblst.sys
05/08/2001 12:00p 10,800 tcarc.sys
05/08/2001 12:00p 18,864 trident.sys
05/08/2001 12:00p 12,336 spud.sys
05/08/2001 12:00p 4,240 wmilib.sys
05/08/2001 12:00p 13,968 vga.sys
05/08/2001 12:00p 12,016 ws2ifsl.sys
09/25/1999 10:34a 16,144 modemcsa.sys
84 File(s) 6,504,224 bytes

Cont

**miss spooky** · 2006-12-28, 17:07

Cont-

Directory of C:\WINDOWS\ServicePackFiles\i386

06/19/2003 08:05p 59,312 pci.sys
06/19/2003 08:05p 17,520 ppa.sys
06/19/2003 08:05p 27,440 efs.sys
06/19/2003 08:05p 56,112 dlc.sys
06/19/2003 08:05p 26,256 fdc.sys
06/19/2003 08:05p 120,240 afd.sys
06/19/2003 08:05p 85,776 ibmfent5.sys
06/19/2003 08:05p 85,776 hptxnt5.sys
06/19/2003 08:05p 85,776 e100bnt5.sys
06/19/2003 08:05p 87,888 mup.sys
06/19/2003 08:05p 57,264 mf.sys
06/19/2003 08:05p 113,744 ks.sys
06/19/2003 08:05p 16,240 tdi.sys
06/19/2003 08:05p 33,824 ntio.sys
06/19/2003 08:05p 244,944 srv.sys
06/19/2003 08:05p 534,192 ntfs.sys
06/19/2003 08:05p 37,552 nmnt.sys
06/19/2003 08:05p 75,536 mqac.sys
06/19/2003 08:05p 16,048 ppa3.sys
06/19/2003 08:05p 55,920 msdv.sys
06/19/2003 08:05p 29,264 mountmgr.sys
06/19/2003 08:05p 50,640 videoprt.sys
06/19/2003 08:05p 170,928 ndis.sys
06/19/2003 08:05p 12,688 dot4prt.sys
06/19/2003 08:05p 9,968 adicvls.sys
06/19/2003 08:05p 57,296 irda.sys
06/19/2003 08:05p 12,912 hpmc.sys
06/19/2003 08:05p 44,208 dot4.sys
06/19/2003 08:05p 137,936 dmio.sys
06/19/2003 08:05p 30,768 disk.sys
06/19/2003 08:05p 24,752 hidclass.sys
06/19/2003 08:05p 148,208 portcls.sys
05/08/2001 12:00p 33,616 fips.sys
06/19/2003 08:05p 163,120 acpi.sys
06/19/2003 08:05p 61,680 cdfs.sys
06/19/2003 08:05p 62,672 udfs.sys
06/19/2003 08:05p 6,608 dlttape.sys
06/19/2003 08:05p 32,848 uhcd.sys
06/19/2003 08:05p 10,928 tape.sys
06/19/2003 08:05p 21,776 mouclass.sys
06/19/2003 08:05p 23,056 hidparse.sys
06/19/2003 08:05p 20,688 usbd.sys
06/19/2003 08:05p 29,168 modem.sys
06/19/2003 08:05p 24,784 openhci.sys
06/19/2003 08:05p 9,392 seaddsmc.sys
06/19/2003 08:05p 9,680 ddsmc.sys
06/19/2003 08:05p 10,256 nsmmc.sys
06/19/2003 08:05p 18,928 hidbatt.sys
06/19/2003 08:05p 5,168 mstee.sys
06/19/2003 08:05p 34,704 msgpc.sys
06/19/2003 08:05p 11,856 examc.sys
06/19/2003 08:05p 168,624 netbt.sys
06/19/2003 08:05p 140,016 icam3.sys
06/19/2003 08:05p 9,968 jvcmc.sys
06/19/2003 08:05p 9,776 snyaitmc.sys
06/19/2003 08:05p 9,424 atlmc.sys
06/19/2003 08:05p 42,809 key01.sys
06/19/2003 08:05p 86,672 atapi.sys
06/19/2003 08:05p 67,120 ipnat.sys
06/19/2003 08:05p 19,952 irsir.sys
06/19/2003 08:05p 27,984 cdrom.sys
06/19/2003 08:05p 64,304 ipsec.sys
06/19/2003 08:05p 7,184 battc.sys
06/19/2003 08:05p 332,144 tcpip.sys
06/19/2003 08:05p 161,072 nwrdr.sys
05/08/2001 12:00p 27,866 ntdos.sys
06/19/2003 08:05p 10,928 4mmdat.sys
06/19/2003 08:05p 10,288 stkmc.sys
06/19/2003 08:05p 9,808 pnrmc.sys
06/19/2003 08:05p 9,200 ndistapi.sys
06/19/2003 08:05p 34,544 ntio804.sys
06/19/2003 08:05p 34,544 ntio404.sys
06/19/2003 08:05p 35,648 ntio411.sys
06/19/2003 08:05p 35,408 ntio412.sys
06/19/2003 08:05p 174,800 rdbss.sys
06/19/2003 08:05p 4,624 intelide.sys
06/19/2003 08:05p 35,760 sbp2port.sys
06/19/2003 08:05p 74,192 scsiport.sys
06/19/2003 08:05p 11,632 scsiprnt.sys
06/19/2003 08:05p 9,808 gameenum.sys
06/19/2003 08:05p 73,872 wdmaud.sys
06/19/2003 08:05p 42,000 stream.sys
06/19/2003 08:05p 10,160 spctramc.sys
06/19/2003 08:05p 22,416 viaagp.sys
06/19/2003 08:05p 173,232 update.sys
06/19/2003 08:05p 32,272 wanarp.sys
06/19/2003 08:05p 22,768 usbser.sys
06/19/2003 08:05p 40,176 usbhub.sys
06/19/2003 08:05p 8,848 qntmmc.sys
06/19/2003 08:05p 65,520 nwlnknb.sys
05/04/2001 12:05p 27,120 symc8xx.sys
06/19/2003 08:05p 17,840 asyncmac.sys
06/19/2003 08:05p 1,717,936 win32k.sys
06/19/2003 08:05p 10,768 qlstrmc.sys
06/19/2003 08:05p 109,584 pcmcia.sys
06/19/2003 08:05p 3,088 pciide.sys
06/19/2003 08:05p 62,736 serial.sys
06/19/2003 08:05p 34,832 classpnp.sys
06/19/2003 08:05p 11,120 plasmc.sys
06/19/2003 08:05p 53,552 swmidi.sys
06/19/2003 08:05p 11,792 partmgr.sys
06/19/2003 08:05p 11,632 mouhid.sys
06/19/2003 08:05p 25,104 parport.sys
06/19/2003 08:05p 37,680 ohci1394.sys
06/19/2003 08:05p 187,024 spcmdcon.sys
06/19/2003 08:05p 12,432 sonymc.sys
06/19/2003 08:05p 22,064 pciidex.sys
06/19/2003 08:05p 10,384 sfloppy.sys
06/19/2003 08:05p 60,496 psched.sys
06/19/2003 08:05p 382,128 setupdd.sys
06/19/2003 08:05p 48,496 atmlane.sys
06/19/2003 08:05p 418,640 mrxsmb.sys
06/19/2003 08:05p 148,400 sfmatalk.sys
06/19/2003 08:05p 71,888 ksecdd.sys
05/04/2001 12:05p 104,720 ibmtrp.sys
06/19/2003 08:05p 14,160 serenum.sys
06/19/2003 08:05p 21,872 usbprint.sys
06/19/2003 08:05p 60,208 parallel.sys
06/19/2003 08:05p 14,288 diskdump.sys
06/19/2003 08:05p 68,336 i81xnt5.sys
06/19/2003 08:05p 9,392 breecemc.sys
06/19/2003 08:05p 46,992 i8042prt.sys
06/19/2003 08:05p 369,104 dmboot.sys
06/19/2003 08:05p 7,312 dmload.sys
05/08/2001 12:00p 27,097 country.sys
06/19/2003 08:05p 35,344 redbook.sys
06/19/2003 08:05p 91,408 nwlnkipx.sys
06/19/2003 08:05p 21,552 usbstor.sys
06/19/2003 08:05p 22,064 sonydcam.sys
06/19/2003 08:05p 138,288 usbport.sys
06/19/2003 08:05p 12,592 usbscan.sys
06/19/2003 08:05p 47,568 sysaudio.sys
06/19/2003 08:05p 17,680 ptilink.sys
06/19/2003 08:05p 46,992 isapnp.sys
06/19/2003 08:05p 10,288 irenum.sys
06/19/2003 08:05p 11,984 ndisuio.sys
06/19/2003 08:05p 49,776 usbhub20.sys
06/19/2003 08:05p 19,728 usbehci.sys
06/19/2003 08:05p 93,360 ndiswan.sys
06/19/2003 08:05p 10,448 discmc.sys
06/19/2003 08:05p 27,376 smbbatt.sys
06/19/2003 08:05p 148,304 kmixer.sys
06/19/2003 08:05p 9,776 elmsmc.sys
06/19/2003 08:05p 115,504 ftdisk.sys
06/19/2003 08:05p 7,600 fs_rec.sys
06/19/2003 08:05p 7,728 diskperf.sys
06/19/2003 08:05p 24,528 kbdclass.sys
06/19/2003 08:05p 9,904 adicsc.sys
06/19/2003 08:05p 24,176 agpcpq.sys
06/19/2003 08:05p 21,008 agp440.sys
06/19/2003 08:05p 33,328 lp6nds35.sys
06/19/2003 08:05p 11,536 acpiec.sys
06/19/2003 08:05p 9,264 compbatt.sys
06/19/2003 08:05p 40,752 1394bus.sys
06/19/2003 08:05p 42,537 keyboard.sys
06/19/2003 08:05p 10,992 cpqarray.sys
05/04/2001 12:05p 597,776 altnd5.sys
06/19/2003 08:05p 331,088 atmuni.sys
05/04/2001 12:05p 104,656 skfpwin.sys
06/19/2003 08:05p 64,432 adpu160m.sys
06/19/2003 08:05p 19,312 flpydisk.sys
06/19/2003 08:05p 140,496 fastfat.sys
06/19/2003 08:05p 48,464 raspptp.sys
06/19/2003 08:05p 52,112 rasl2tp.sys
06/19/2003 08:05p 19,920 rasirda.sys
06/19/2003 08:05p 20,208 msircomm.sys
06/19/2003 08:05p 9,904 cmbatt.sys
167 File(s) 12,137,189 bytes

Directory of C:\WINDOWS\inf

05/08/2001 12:00p 32,528 wbfirdma.sys
1 File(s) 32,528 bytes

Directory of C:\WINDOWS\twain_32\MyDSC

01/10/2003 09:30a 25,449 SQCamD.sys
01/10/2003 10:56a 30,921 SQCaptur.sys
2 File(s) 56,370 bytes

Directory of C:\Program Files\Common Files\Kodak\kodak_dr

06/02/2004 01:19p 38,705 DCFS2k.sys
05/20/2004 08:39a 8,022 DcLps.sys
05/20/2004 08:45a 68,950 DcPtp.sys
06/02/2004 01:17p 151,985 ExportIt.sys
05/20/2004 08:41a 61,564 DcFpoint.sys
05/20/2004 08:21a 36,918 DcCam.sys
6 File(s) 366,144 bytes

Directory of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

09/05/2006 04:03p 3,968 avgascln.sys
09/28/2006 02:13p 4,096 guard.sys
2 File(s) 8,064 bytes

Directory of C:\Program Files\Nokia\Connectivity Cable Driver

02/15/2005 04:57p 9,021 nmwcdcm.sys
02/17/2005 01:48p 140,619 nmwcd.sys
02/15/2005 04:57p 6,300 nmwcdc.sys
3 File(s) 155,940 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k

09/21/2004 06:18p 116,021 fw203x.sys
04/30/2005 02:50p 28,271 BTHidMgr.sys
04/30/2005 02:48p 10,804 BtNetDrv.sys
09/21/2004 06:18p 148,830 bcbthub.sys
04/30/2005 02:50p 11,860 VBTEnum.sys
10/19/2004 01:37p 61,312 VComm.sys
03/25/2005 05:18p 82,148 VcommMgr.sys
04/30/2005 02:50p 11,736 VHIDMini.sys
05/31/2005 03:40p 20,480 blueletaudio.sys
12/16/2004 04:32p 13,304 BTNetFilter.sys
10 File(s) 504,766 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\driver\USB

05/31/2005 09:42a 23,000 btcusb.sys
1 File(s) 23,000 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\driver\PCMCIA

05/30/2001 05:21a 31,677 Btpcmcia.sys
11/25/2002 01:23a 12,240 wppcmcia.sys
2 File(s) 43,917 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\driver\PCMCIA\socket

03/23/2004 10:26a 48,556 SktBt2k.sys
1 File(s) 48,556 bytes

Directory of C:\Documents and Settings\Administrator\My Documents\Misc

04/01/2003 02:39a 211,788 PL2507U.SYS
10/05/2001 01:54p 33,669 tpp300.sys
10/05/2001 01:54p 8,650 tppiosmp.sys
3 File(s) 254,107 bytes

Directory of C:\MSDOS7

04/23/1999 10:22p 9,719 ansi.sys
04/23/1999 10:22p 30,742 country.sys
04/23/1999 10:22p 17,175 display.sys
04/23/1999 10:22p 33,191 himem.sys
04/23/1999 10:22p 3,708 ifshlp.sys
04/23/1999 10:22p 34,566 keyboard.sys
04/23/1999 10:22p 31,942 keybrd2.sys
7 File(s) 161,043 bytes

Total Files Listed:
503 File(s) 454,300,965 bytes
0 Dir(s) 2,493,640,704 bytes free

**Mosaic1** · 2006-12-28, 17:47

Hi miss spooky,

You're welcome. I see nothing there.

I'd like to see if that file is losted in the bootlog please.

If you go into your windows folder and find this file:
Ntbtlog.txt

Open it up and it will be long. Each successful boot to safe mode adds to it.

Go to the last set of entries:

For example, search for the date you last started and then copy and paste only anything listed after that.

I have to go out for most of the afternoon. But I'll be back later. We can search for a rootkit. But it doesn't seem to be running in safe mode so I am not sure how successful we'll be.

And don't give up. There's another option where we start the last known good configuration from the boot menu and see if that gets you in. But I'd like to wait a little bit on that one.

**miss spooky** · 2006-12-28, 18:38

Evening,

Heres the log. There was only one date so I've copied everything:-

Service Pack 412 23 2006 21:49:57.500
Loaded driver \WINDOWS\System32\ntoskrnl.exe
Loaded driver \WINDOWS\System32\hal.dll
Loaded driver \WINDOWS\System32\BOOTVID.dll
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver intelide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver Diskperf.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver PxHelp20.sys
Loaded driver Fastfat.sys
Loaded driver KSecDD.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys053
?Loaded driver BTHidMgr.sys
Loaded driver agp440.sys
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver Standard PC
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Did not load driver Intel(R) 536EP V.92 Modem
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Loaded driver \SystemRoot\system32\DRIVERS\vbtenum.sys
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Loaded driver \SystemRoot\System32\DRIVERS\parallel.sys
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Intel(R) 536EP V.92 Modem
Loaded driver \SystemRoot\System32\Drivers\Cdr4_2K.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\DRIVERS\Bonifay.sys
Loaded driver \SystemRoot\System32\DRIVERS\uhcd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver EZ Connect USB to Dual Speed Ethernet Converter
Did not load driver ISSC Bluetooth Device
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys
Did not load driver Lexmark X6100 Series
Did not load driver Lexmark X6100 Series
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\system32\DRIVERS\DcCam.sys
Did not load driver \SystemRoot\system32\DRIVERS\exportit.sys
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Did not load driver \SystemRoot\System32\Drivers\sglfb.SYS
Did not load driver \SystemRoot\System32\Drivers\tga.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Did not load driver mnmdd.SYS
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Did not load driver RasAcd.SYS
Did not load driver Tcpip.SYS
Did not load driver NetBT.SYS
Did not load driver Parport.SYS
Did not load driver Serial.SYS
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver \SystemRoot\System32\DRIVERS\redbook.sys
Did not load driver Avg7Core.SYS
Did not load driver Avg7RsW.SYS
Did not load driver Avg7RsNT.SYS
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Intel(R) 536EP V.92 Modem
Did not load driver ISSC Bluetooth Device
Did not load driver Lexmark X6100 Series
Did not load driver Lexmark X6100 Series
Did not load driver EZ Connect USB to Dual Speed Ethernet Converter
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Intel(R) 536EP V.92 Modem
Did not load driver ISSC Bluetooth Device
Did not load driver Lexmark X6100 Series
Did not load driver Lexmark X6100 Series
Did not load driver EZ Connect USB to Dual Speed Ethernet Converter
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Did not load driver Microsoft WINMM WDM Audio Compatibility Driver
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Aslo my partner has just said that he has tried to reboot from last known good reboot, but we still end up at blue screen & error msg.

I'm working tonight so won't be back now until tom afternoon / evening.

Speak soon.

Thanks.

**Mosaic1** · 2006-12-29, 08:58

We can try booting another style. Like not loading the video or sound and seeing if that gets you into regular windows. That would be a way of narrowing down the conflict.
But what really bothers me is that you have an error mentioning a sys file and we can't find that file or any information on it on Google.

You can only start in Safe Mode. I have not been posting to the logs in a long time, but I do research.

So I am going to ask you to run a rootkit detector program. However, I am not sure it will run in safe mode. Let's try anyway.

Download gmer from this link:

http://www.majorgeeks.com/GMER_d5198.html

Unzip and double click the gmer.exe file
Select rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Press scan
When it has finished press save.

Post back the log it creates.
Repeat the process with the Autostarts tab and do the same.
__________________

Do you have an install CD? And /or do you already have Recovery Console installed?

The reason I ask is that we might be able to find that file by booting to Recovery console. Then a copy of the file to another location so we can examine it.

-------------------------

Let's try gmer fisrt and take it fom there. Let me know about the install CD please.

--------------------

**Mosaic1** · 2006-12-29, 09:06

I also noticed that your startuplist shows regedit.exe as missing.

That is a file you need.

**miss spooky** · 2006-12-29, 19:33

Evening,

No more nights for a while now!!

I downloaded gmer.exe but when I went to unzip it then open it the comp rebooted itself. It is doing this everytime I try to open file.

The error message clears to quick to read but I mamaged to get ***stop.....
kmode exception_not_handled

With regards to an install cd, I bought the comp from the paper a cpouple of years ago, but I never got the cd's. I could probably get hold of one if we need to. I'm not sure about recovery console.

I do have rootkitreviver installed but I haven't tried that as I'm not sure whether it's the same sort of program...

**Mosaic1** · 2006-12-30, 07:42

Buying a computer without the install CD is not a good idea. Now you can't format and reinstall if you ever have a major problem if you don't have an install CD. And I am reluctant to try anything dramatic.

I see this computer was actually upgraded from a windows 98 system. That means we may be able to use DOS. That is, if the File system was never changed to NTFS.

Let's find out. Double click on My Computer. Right click on the C:\ drive icon and then click on Properties. You'll see File System there, Is it FAT32 or NTFS?

Go ahead and run Rootkit Revealer. Again, I'm not sure it will run. But let's see.

I'd also like to see if we can get you into normal widnows mode, but using the VGA drivers like those used in Safe mode. That will require an edit of boot.ini.

But again, No CD, No Recovery Console = Not good. If you can use Dos, I prefer that. We'll have to see what filesystem is on that disc.

I'd like to have a look in
Event Viewer for system and application errors too please. It may e easier for me to just go through those.

When Event Viewer opens Right click on Application and click
Save Log file as And give the file a name like apps. Leave the file type alone.
By default it will save as .evt

Find apps.evt and email it to me as an attachment please.

Do the same for system Right click on system and save the log file as sys.evt

I'll load these files into my event viewer and see if there's any information we are in need of.

My email is: edited out now.

Replace the AT with an @ for the email to work please.

-------------

Finally, I need to look at your boot.ini

Can you copy that and send it along too please? That will be found in C:\ too

We'll edit it to add a menu item to load windows with basevideo. And I want to see if there is an MSDOS item on your bootmenu too.

Thread: Codec Problems - can only work in safe mode?

Thread Tools

Display

Posting Permissions