Codec Problems - can only work in safe mode?

Hi ya,

I've just emailed you with files. Also found FAT32 file.

I've been running Rootkit Revealer for over two hours now, it ran the system
scan but seams to be stuck in cleaning up mode. Is this normal?

Also since trying to install gmer last night, my email seams to have gone
pear shaped, I can't view any received email, I just get a blank screen when
I open then, or I get information from another email?? Fonts also seem to be changing.

Speak soon.
 
Hi,

I just got here, and will only be online for a short time tonight.

Can you email me a copy of your boot.ini please?


Thanks,
Mo
 
I am looking at your event viewer saved files. Your kmode bsod created a memory dump we can look at. BUT no promises. These are very technical. However we might get a clue as to the file or files involved.

Can you look in your Windows folder for a file named:
MEMORY.DMP

If you find it, please email it to me.

Rootkit Revealer is not always going to find something. But that doesn't mean there isn't something to find. Rootkits come in different types and so do these utilities which attempt to track them. Not all utilities are effective.


Also, please copy the bold print to notepad. Save the file as searching.bat
double click on searching.bat
When it has finished it will open a file named results.txt.
Please post the contents of results.txt into your next post.

cd \
dir /s /a regedit.* > results.txt
Start notepad results.txt
 
For your email problem, I don't know offhand. What email program are you using? Outlook Express or Outlook? possibly nothing and you just go to your ISP site to view it?

Fonts are changing? In all programs? do you have more details?

I am continuing to look at your event viewer files. I see there are 2 chkdsk reports. One of them found problems with some gmer files.

Try a new download of gmer. We need to try and get you into regualr windows mode to run it though. I have asked for a lot of information. Please read carefully. You have quite a few issues.
 
Last edited:
I just got your boot.ini file. Please read my other posts and follow those instructions too.

You have a FAT32 filesystem so wwe can boot you to the prompt and look around.

Click here to download a win98 bootdisk:
http://www.dehning.com/download/utilities/bootdisks/boot98sc.exe

I hope you have a working floppy drive. If not, let me know. Otherwise download this setup and then put a floppy in the drive

http://www.dehning.com/download/utilities/bootdisks/boot98sc.exe


Double click on the downloaded .exe and it will install onto the new floppy disc.

Then you can restart the system with that floppy in the drive and get to a prompt.

Looks like this:
C:\

Or C:\windows

I'm not sure. It's been a long time since I have had to use a 98 bootdisk.

If asked to accept CD support, say no. You'll have no mouse here. Be sure to remove the floppy from the drive before you restart the system.

Give it a test and let me know if it works. If not, we may have to have you go into your bios and adjust the boot order.

I want to warn you that you may have both software and hardware issues here. Without an install CD you are in dangerous territory.
 
Earlier you said you couldn't read any incoming emails. Is that still the case?


At any rate, I want you to also make a copy of boot.ini and keep it in C:\

So now you'll have both C:\boot.ini

and C:\copy of boot.ini
 
Afternoon,

I ran a search files & folders and couldn't find a file for MEMORY.DMP.

Tried to reload gmer but the comp still reboots everytime I double click on gmer.exe file.

I'm just about to look at the stuff on your last post.

Here's REGIT Report:

Volume in drive C has no label.
Volume Serial Number is 3869-1805

Directory of C:\WINDOWS\HELP

05/08/2001 12:00p 22,728 regedit.chm
05/08/2001 12:00p 12,861 regedit.hlp
2 File(s) 35,589 bytes

Directory of C:\WINDOWS\SYSTEM32\dllcache

06/19/2003 08:05p 73,488 regedit.exe
1 File(s) 73,488 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

06/19/2003 08:05p 73,488 regedit.exe
1 File(s) 73,488 bytes

Total Files Listed:
4 File(s) 182,565 bytes
0 Dir(s) 2,485,075,968 bytes free
 
Let's get a copy of regedit.exe into your windows folder.
Look in this folder for regedit.exe
C:\WINDOWS\SYSTEM32\dllcache


Right click on regedit.exe and click copy on the context menu

Open the Windows Folder. Right click on an empty space and click paste. Now you should have regedit.exe in your windows folder.
 
Afternoon,

Copied boot.ini folder.
Copied regedit.exe into windows
followed instruction to show all files, boxes already unchecked & checked resp. Still unable to find folder. Do you have location?

With regards to email - the incoming emails I had received up to yesterday do not show the content they came in with... i.e we received a conf email from a recruitment agency, but when we highlight it or open it, it shows the info on a message I sent out after I received the incoming email. The emails I have received today i.e your read receipt seem to be ok... I am running Incredimail Premium (outlook).

I downloaded the 98 info & restarted the comp. It ran through the initial promt screen then showed A:\> with a flashing cursor.

No C:\ or C:\Windows

The cursor just flashed away, I didn't know what to do, so I took out disk, & pressed enter. Error message showed "failed drive" Abort, retry & ?. I aborted & tried again. same thing happened so I took out disk & rebooted in safe mnode again. Have tried to reboot into normal windows but keep getting blue screen with original error message.
 
The floppy worked. It restarted the system and now we can do something.

Remember that file I had you create to look for sys files?
Let's try it again. Copy the bold to notepad. Save in the C: drive as look.bat

cd \
dir /s /a *.sys > C:\files.txt


Put the floppy in the drive and let it take you to the A:\> prompt.

Once there, Type C:
Press enter.

Now you will be at this prompt:

C:\>
Type look.bat
Press enter.

Once the command has run and you are back at the C:\> prompt, remove the floppy from the drive and restart the computer.

Try pressing CTRL + ALT +DEL twice to do that.

Once back in Safe mode, please find C:\files.txt

Open it and post its contents here. Let's see if we get a different result now for the list of sys files.
Maybe the memory.dmp file wasn't created. We'll deal with that later.

EDIT: But it would be a file, not a folder.

C:\windows\memory.dmp
 
Last edited:
When you get back, check your email.

I edited and sent you a file named new boot.ini with directions on what to do.

If we can't get a handle on things, later, we'll do a dance and try to get into regular windows mode without loading the video drivers. Then see if we can run gmer. And if not gmer, then something else.

Let's just see how this all goes. You should see no changes yet. I am gathering ifnormation at this point. Or trying to do.

I have another very big concern. Windows File Protection should have kicked in and replaced regedit automatically for you. The fact that it didn't is a very big worry. So I want to see a registry key and another batch result for a file.

Copy the bold to notepad. Name the file FP.bat

Regedit /e /a fpcheck.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
cd \
dir /s /a sfc*>>fpcheck.txt
Start notepad fpcheck.txt


Double click on FP.bat. When finished it will produce and open a file named fpcheck.txt

Please post the contents of fpcheck.txt into your next post.
 
The boot up went ok.

Results of FILES.TXT:-


Volume in drive C has no label
Volume Serial Number is 3869-1805

Directory of C:\

MSDOS SYS 0 10-09-04 1:12p
IO SYS 222,390 04-23-99 10:22p
PAGEFILE SYS 419,430,400 12-31-06 12:42p
3 file(s) 419,652,790 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISC

PL2507U SYS 211,788 04-01-03 2:39a
TPP300 SYS 33,669 10-05-01 1:54p
TPPIOSMP SYS 8,650 10-05-01 1:54p
3 file(s) 254,107 bytes

Directory of C:\PROGRA~1\COMMON~1\KODAK\KODAK_DR

DCFS2K SYS 38,705 06-02-04 1:19p
DCLPS SYS 8,022 05-20-04 8:39a
DCPTP SYS 68,950 05-20-04 8:45a
EXPORTIT SYS 151,985 06-02-04 1:17p
DCFPOINT SYS 61,564 05-20-04 8:41a
DCCAM SYS 36,918 05-20-04 8:21a
6 file(s) 366,144 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGANT~1.5

AVGASCLN SYS 3,968 09-05-06 4:03p
GUARD SYS 4,096 09-28-06 2:13p
2 file(s) 8,064 bytes

Directory of C:\PROGRA~1\IVTCOR~1\BLUESO~1\DEVICE\WIN2K

FW203X SYS 116,021 09-21-04 6:18p
BTHIDMGR SYS 28,271 04-30-05 2:50p
BTNETDRV SYS 10,804 04-30-05 2:48p
BCBTHUB SYS 148,830 09-21-04 6:18p
VBTENUM SYS 11,860 04-30-05 2:50p
VCOMM SYS 61,312 10-19-04 1:37p
VCOMMMGR SYS 82,148 03-25-05 5:18p
VHIDMINI SYS 11,736 04-30-05 2:50p
BLUELE~1 SYS 20,480 05-31-05 3:40p
BTNETF~1 SYS 13,304 12-16-04 4:32p
10 file(s) 504,766 bytes

Directory of C:\PROGRA~1\IVTCOR~1\BLUESO~1\DRIVER\PCMCIA

BTPCMCIA SYS 31,677 05-30-01 5:21a
WPPCMCIA SYS 12,240 11-25-02 1:23a
2 file(s) 43,917 bytes

Directory of C:\PROGRA~1\IVTCOR~1\BLUESO~1\DRIVER\PCMCIA\SOCKET

SKTBT2K SYS 48,556 03-23-04 10:26a
1 file(s) 48,556 bytes

Directory of C:\PROGRA~1\IVTCOR~1\BLUESO~1\DRIVER\USB

BTCUSB SYS 23,000 05-31-05 9:42a
1 file(s) 23,000 bytes

Directory of C:\PROGRA~1\NOKIA\CONNEC~1

NMWCDCM SYS 9,021 02-15-05 4:57p
NMWCD SYS 140,619 02-17-05 1:48p
NMWCDC SYS 6,300 02-15-05 4:57p
3 file(s) 155,940 bytes

Directory of C:\WINDOWS\SERVIC~1\I386

PCI SYS 59,312 06-19-03 8:05p
PPA SYS 17,520 06-19-03 8:05p
EFS SYS 27,440 06-19-03 8:05p
DLC SYS 56,112 06-19-03 8:05p
FDC SYS 26,256 06-19-03 8:05p
AFD SYS 120,240 06-19-03 8:05p
IBMFENT5 SYS 85,776 06-19-03 8:05p
HPTXNT5 SYS 85,776 06-19-03 8:05p
E100BNT5 SYS 85,776 06-19-03 8:05p
MUP SYS 87,888 06-19-03 8:05p
MF SYS 57,264 06-19-03 8:05p
KS SYS 113,744 06-19-03 8:05p
TDI SYS 16,240 06-19-03 8:05p
NTIO SYS 33,824 06-19-03 8:05p
SRV SYS 244,944 06-19-03 8:05p
NTFS SYS 534,192 06-19-03 8:05p
NMNT SYS 37,552 06-19-03 8:05p
MQAC SYS 75,536 06-19-03 8:05p
PPA3 SYS 16,048 06-19-03 8:05p
MSDV SYS 55,920 06-19-03 8:05p
MOUNTMGR SYS 29,264 06-19-03 8:05p
VIDEOPRT SYS 50,640 06-19-03 8:05p
NDIS SYS 170,928 06-19-03 8:05p
DOT4PRT SYS 12,688 06-19-03 8:05p
ADICVLS SYS 9,968 06-19-03 8:05p
IRDA SYS 57,296 06-19-03 8:05p
HPMC SYS 12,912 06-19-03 8:05p
DOT4 SYS 44,208 06-19-03 8:05p
DMIO SYS 137,936 06-19-03 8:05p
DISK SYS 30,768 06-19-03 8:05p
HIDCLASS SYS 24,752 06-19-03 8:05p
PORTCLS SYS 148,208 06-19-03 8:05p
FIPS SYS 33,616 05-08-01 12:00p
ACPI SYS 163,120 06-19-03 8:05p
CDFS SYS 61,680 06-19-03 8:05p
UDFS SYS 62,672 06-19-03 8:05p
DLTTAPE SYS 6,608 06-19-03 8:05p
UHCD SYS 32,848 06-19-03 8:05p
TAPE SYS 10,928 06-19-03 8:05p
MOUCLASS SYS 21,776 06-19-03 8:05p
HIDPARSE SYS 23,056 06-19-03 8:05p
USBD SYS 20,688 06-19-03 8:05p
MODEM SYS 29,168 06-19-03 8:05p
OPENHCI SYS 24,784 06-19-03 8:05p
SEADDSMC SYS 9,392 06-19-03 8:05p
DDSMC SYS 9,680 06-19-03 8:05p
NSMMC SYS 10,256 06-19-03 8:05p
HIDBATT SYS 18,928 06-19-03 8:05p
MSTEE SYS 5,168 06-19-03 8:05p
MSGPC SYS 34,704 06-19-03 8:05p
EXAMC SYS 11,856 06-19-03 8:05p
NETBT SYS 168,624 06-19-03 8:05p
ICAM3 SYS 140,016 06-19-03 8:05p
JVCMC SYS 9,968 06-19-03 8:05p
SNYAITMC SYS 9,776 06-19-03 8:05p
ATLMC SYS 9,424 06-19-03 8:05p
KEY01 SYS 42,809 06-19-03 8:05p
ATAPI SYS 86,672 06-19-03 8:05p
IPNAT SYS 67,120 06-19-03 8:05p
IRSIR SYS 19,952 06-19-03 8:05p
CDROM SYS 27,984 06-19-03 8:05p
IPSEC SYS 64,304 06-19-03 8:05p
BATTC SYS 7,184 06-19-03 8:05p
TCPIP SYS 332,144 06-19-03 8:05p
NWRDR SYS 161,072 06-19-03 8:05p
NTDOS SYS 27,866 05-08-01 12:00p
4MMDAT SYS 10,928 06-19-03 8:05p
STKMC SYS 10,288 06-19-03 8:05p
PNRMC SYS 9,808 06-19-03 8:05p
NDISTAPI SYS 9,200 06-19-03 8:05p
NTIO804 SYS 34,544 06-19-03 8:05p
NTIO404 SYS 34,544 06-19-03 8:05p
NTIO411 SYS 35,648 06-19-03 8:05p
NTIO412 SYS 35,408 06-19-03 8:05p
RDBSS SYS 174,800 06-19-03 8:05p
INTELIDE SYS 4,624 06-19-03 8:05p
SBP2PORT SYS 35,760 06-19-03 8:05p
SCSIPORT SYS 74,192 06-19-03 8:05p
SCSIPRNT SYS 11,632 06-19-03 8:05p
GAMEENUM SYS 9,808 06-19-03 8:05p
WDMAUD SYS 73,872 06-19-03 8:05p
STREAM SYS 42,000 06-19-03 8:05p
SPCTRAMC SYS 10,160 06-19-03 8:05p
VIAAGP SYS 22,416 06-19-03 8:05p
UPDATE SYS 173,232 06-19-03 8:05p
WANARP SYS 32,272 06-19-03 8:05p
USBSER SYS 22,768 06-19-03 8:05p
USBHUB SYS 40,176 06-19-03 8:05p
QNTMMC SYS 8,848 06-19-03 8:05p
NWLNKNB SYS 65,520 06-19-03 8:05p
SYMC8XX SYS 27,120 05-04-01 12:05p
ASYNCMAC SYS 17,840 06-19-03 8:05p
WIN32K SYS 1,717,936 06-19-03 8:05p
QLSTRMC SYS 10,768 06-19-03 8:05p
PCMCIA SYS 109,584 06-19-03 8:05p
PCIIDE SYS 3,088 06-19-03 8:05p
SERIAL SYS 62,736 06-19-03 8:05p
CLASSPNP SYS 34,832 06-19-03 8:05p
PLASMC SYS 11,120 06-19-03 8:05p
SWMIDI SYS 53,552 06-19-03 8:05p
PARTMGR SYS 11,792 06-19-03 8:05p
MOUHID SYS 11,632 06-19-03 8:05p
PARPORT SYS 25,104 06-19-03 8:05p
OHCI1394 SYS 37,680 06-19-03 8:05p
SPCMDCON SYS 187,024 06-19-03 8:05p
SONYMC SYS 12,432 06-19-03 8:05p
PCIIDEX SYS 22,064 06-19-03 8:05p
SFLOPPY SYS 10,384 06-19-03 8:05p
PSCHED SYS 60,496 06-19-03 8:05p
SETUPDD SYS 382,128 06-19-03 8:05p
ATMLANE SYS 48,496 06-19-03 8:05p
MRXSMB SYS 418,640 06-19-03 8:05p
SFMATALK SYS 148,400 06-19-03 8:05p
KSECDD SYS 71,888 06-19-03 8:05p
IBMTRP SYS 104,720 05-04-01 12:05p
SERENUM SYS 14,160 06-19-03 8:05p
USBPRINT SYS 21,872 06-19-03 8:05p
PARALLEL SYS 60,208 06-19-03 8:05p
DISKDUMP SYS 14,288 06-19-03 8:05p
I81XNT5 SYS 68,336 06-19-03 8:05p
BREECEMC SYS 9,392 06-19-03 8:05p
I8042PRT SYS 46,992 06-19-03 8:05p
DMBOOT SYS 369,104 06-19-03 8:05p
DMLOAD SYS 7,312 06-19-03 8:05p
COUNTRY SYS 27,097 05-08-01 12:00p
REDBOOK SYS 35,344 06-19-03 8:05p
NWLNKIPX SYS 91,408 06-19-03 8:05p
USBSTOR SYS 21,552 06-19-03 8:05p
SONYDCAM SYS 22,064 06-19-03 8:05p
USBPORT SYS 138,288 06-19-03 8:05p
USBSCAN SYS 12,592 06-19-03 8:05p
SYSAUDIO SYS 47,568 06-19-03 8:05p
PTILINK SYS 17,680 06-19-03 8:05p
ISAPNP SYS 46,992 06-19-03 8:05p
IRENUM SYS 10,288 06-19-03 8:05p
NDISUIO SYS 11,984 06-19-03 8:05p
USBHUB20 SYS 49,776 06-19-03 8:05p
USBEHCI SYS 19,728 06-19-03 8:05p
NDISWAN SYS 93,360 06-19-03 8:05p
DISCMC SYS 10,448 06-19-03 8:05p
SMBBATT SYS 27,376 06-19-03 8:05p
KMIXER SYS 148,304 06-19-03 8:05p
ELMSMC SYS 9,776 06-19-03 8:05p
FTDISK SYS 115,504 06-19-03 8:05p
FS_REC SYS 7,600 06-19-03 8:05p
DISKPERF SYS 7,728 06-19-03 8:05p
KBDCLASS SYS 24,528 06-19-03 8:05p
ADICSC SYS 9,904 06-19-03 8:05p
AGPCPQ SYS 24,176 06-19-03 8:05p
AGP440 SYS 21,008 06-19-03 8:05p
LP6NDS35 SYS 33,328 06-19-03 8:05p
ACPIEC SYS 11,536 06-19-03 8:05p
COMPBATT SYS 9,264 06-19-03 8:05p
1394BUS SYS 40,752 06-19-03 8:05p
KEYBOARD SYS 42,537 06-19-03 8:05p
CPQARRAY SYS 10,992 06-19-03 8:05p
ALTND5 SYS 597,776 05-04-01 12:05p
ATMUNI SYS 331,088 06-19-03 8:05p
SKFPWIN SYS 104,656 05-04-01 12:05p
ADPU160M SYS 64,432 06-19-03 8:05p
FLPYDISK SYS 19,312 06-19-03 8:05p
FASTFAT SYS 140,496 06-19-03 8:05p
RASPPTP SYS 48,464 06-19-03 8:05p
RASL2TP SYS 52,112 06-19-03 8:05p
RASIRDA SYS 19,920 06-19-03 8:05p
MSIRCOMM SYS 20,208 06-19-03 8:05p
CMBATT SYS 9,904 06-19-03 8:05p
167 file(s) 12,137,189 bytes
 
Cont:

Directory of C:\WINDOWS\SYSTEM32

ANSI SYS 9,029 05-08-01 12:00p
WIN32K SYS 1,638,672 10-06-05 9:33a
HIMEM SYS 4,768 05-08-01 12:00p
KEYBOARD SYS 42,537 06-19-03 8:05p
NTDOS411 SYS 29,370 05-08-01 12:00p
NTDOS412 SYS 29,274 05-08-01 12:00p
NTDOS404 SYS 29,146 05-08-01 12:00p
NTDOS804 SYS 29,146 05-08-01 12:00p
NTIO SYS 33,824 06-19-03 8:05p
COUNTRY SYS 27,097 05-08-01 12:00p
NTDOS SYS 27,866 05-08-01 12:00p
KEY01 SYS 42,809 06-19-03 8:05p
NTIO404 SYS 34,544 06-19-03 8:05p
NTIO411 SYS 35,648 06-19-03 8:05p
NTIO412 SYS 35,408 06-19-03 8:05p
NTIO804 SYS 34,544 06-19-03 8:05p
SPCMDCON SYS 187,024 06-19-03 8:05p
17 file(s) 2,270,706 bytes

Directory of C:\WINDOWS\SYSTEM32\DRIVERS

NDISWAN SYS 93,360 06-19-03 8:05p
NTFS SYS 513,424 05-10-05 9:20a
NMNT SYS 37,552 06-19-03 8:05p
NWRDR SYS 161,072 09-06-04 6:06a
NWLNKIPX SYS 91,408 06-19-03 8:05p
NWLNKNB SYS 65,520 06-19-03 8:05p
RDBSS SYS 183,248 04-21-05 8:03a
PARALLEL SYS 60,208 06-19-03 8:05p
PARPORT SYS 25,104 06-19-03 8:05p
PCIIDEX SYS 22,064 06-19-03 8:05p
PCMCIA SYS 109,584 06-19-03 8:05p
PSCHED SYS 60,496 06-19-03 8:05p
PTILINK SYS 17,680 06-19-03 8:05p
RASIRDA SYS 19,920 06-19-03 8:05p
UDFS SYS 63,280 12-02-04 1:07p
TCPIP SYS 320,176 05-12-05 10:25a
SERIAL SYS 62,736 06-19-03 8:05p
SONYDCAM SYS 22,064 06-19-03 8:05p
AFD SYS 127,568 04-21-05 8:03a
SRV SYS 238,928 05-03-05 9:10a
TDI SYS 16,240 06-19-03 8:05p
FLTMGR SYS 136,880 04-14-05 6:59a
VIDEOPRT SYS 50,640 06-19-03 8:05p
UPDATE SYS 173,232 06-19-03 8:05p
MF SYS 57,264 06-19-03 8:05p
MODEM SYS 29,168 06-19-03 8:05p
PCI SYS 59,312 06-19-03 8:05p
MOUCLASS SYS 21,776 06-19-03 8:05p
USBHUB SYS 40,176 06-19-03 8:05p
MSPCLOCK SYS 5,248 12-12-02 12:14a
USBD SYS 20,688 06-19-03 8:05p
UHCD SYS 32,848 06-19-03 8:05p
SCSIPORT SYS 74,384 07-14-05 12:24p
REDBOOK SYS 35,344 06-19-03 8:05p
MSGPC SYS 34,704 06-19-03 8:05p
ATMARPC SYS 57,904 05-08-01 12:00p
BEEP SYS 4,080 05-08-01 12:00p
CDAUDIO SYS 19,088 05-08-01 12:00p
NETBT SYS 175,632 04-08-05 11:51a
NDIS SYS 170,928 06-19-03 8:05p
CINEMST2 SYS 272,496 05-08-01 12:00p
CLASS2 SYS 12,880 05-08-01 12:00p
NDISTAPI SYS 9,200 06-19-03 8:05p
PARTMGR SYS 11,792 06-19-03 8:05p
DXAPI SYS 10,064 05-08-01 12:00p
VBTENUM SYS 11,860 04-30-05 2:50p
RASL2TP SYS 52,112 06-19-03 8:05p
RASPPTP SYS 48,464 06-19-03 8:05p
SERENUM SYS 14,160 06-19-03 8:05p
IPFLTDRV SYS 34,416 05-08-01 12:00p
IPINIP SYS 19,984 05-08-01 12:00p
SFLOPPY SYS 10,384 06-19-03 8:05p
SFMATALK SYS 148,400 06-19-03 8:05p
MNMDD SYS 4,240 05-08-01 12:00p
MSFS SYS 21,328 05-08-01 12:00p
MPE SYS 15,104 07-09-04 2:58a
NBF SYS 102,160 05-08-01 12:00p
SWMIDI SYS 53,552 06-19-03 8:05p
NDPROXY SYS 40,432 05-08-01 12:00p
NETBIOS SYS 33,456 05-08-01 12:00p
NETDTECT SYS 9,680 05-08-01 12:00p
NPFS SYS 37,040 05-08-01 12:00p
NULL SYS 2,800 05-08-01 12:00p
NWLNKFLT SYS 12,560 05-08-01 12:00p
NWLNKFWD SYS 35,344 05-08-01 12:00p
NWLNKSPX SYS 58,480 05-08-01 12:00p
SYSAUDIO SYS 47,568 06-19-03 8:05p
PARVDM SYS 6,512 05-08-01 12:00p
RASACD SYS 8,016 05-08-01 12:00p
TAPE SYS 10,928 06-19-03 8:05p
WANARP SYS 32,272 06-19-03 8:05p
RASPTI SYS 16,880 05-08-01 12:00p
RAWWAN SYS 35,024 05-08-01 12:00p
RCA SYS 21,712 05-08-01 12:00p
ROOTMDM SYS 6,032 05-08-01 12:00p
WDMAUD SYS 73,872 06-19-03 8:05p
IRDA SYS 57,296 06-19-03 8:05p
IRENUM SYS 10,288 06-19-03 8:05p
SMCLIB SYS 14,832 05-08-01 12:00p
MSIRCOMM SYS 20,208 06-19-03 8:05p
STREAMS SYS 105,840 05-08-01 12:00p
SECDRV SYS 28,624 08-28-04 10:52p
NDISUIO SYS 11,984 06-19-03 8:05p
TOSDVD SYS 52,048 05-08-01 12:00p
TSBVCAP SYS 22,000 05-08-01 12:00p
USBCAMD SYS 23,888 05-08-01 12:00p
VDMINDVD SYS 59,280 05-08-01 12:00p
VGA SYS 13,968 05-08-01 12:00p
USBEHCI SYS 19,728 06-19-03 8:05p
WMILIB SYS 4,240 05-08-01 12:00p
WS2IFSL SYS 12,016 05-08-01 12:00p
FSVGA SYS 12,368 05-08-01 12:00p
LVCAM SYS 88,816 05-08-01 12:00p
LVCODEK SYS 79,120 05-08-01 12:00p
LVSOUND SYS 17,424 05-08-01 12:00p
USBINTEL SYS 15,120 05-08-01 12:00p
USBHUB20 SYS 49,776 06-19-03 8:05p
USBPORT SYS 138,288 06-19-03 8:05p
KSECDD SYS 71,888 09-21-03 1:32a
MRXSMB SYS 432,976 04-08-05 11:51a
AVG7RSNT SYS 26,912 10-27-06 8:34a
DCCAM SYS 36,918 05-20-04 8:21a
DCLPS SYS 8,022 05-20-04 8:39a
DCFPOINT SYS 61,564 05-20-04 8:41a
EXPORTIT SYS 151,985 06-02-04 1:17p
AVG7RSW SYS 4,288 01-16-06 9:33p
HIDUSB SYS 13,904 10-04-99 3:03p
FIPS SYS 33,616 05-08-01 12:00p
DCFS2K SYS 38,705 06-02-04 1:19p
USBPRINT SYS 21,872 06-19-03 8:05p
USBSCAN SYS 12,592 06-19-03 8:05p
MSTEE SYS 5,504 12-12-02 12:14a
SWENUM SYS 4,096 12-12-02 12:14a
BDASUP SYS 11,392 07-09-04 2:58a
PXHELP20 SYS 36,592 11-15-06 9:01p
ATIMPAB SYS 71,632 11-10-99 3:34p
DCPTP SYS 68,950 05-20-04 8:45a
MSKSSRV SYS 7,424 12-12-02 12:14a
STREAMIP SYS 14,976 07-09-04 2:58a
NDISIP SYS 10,112 07-09-04 2:58a
MUP SYS 89,328 12-02-04 1:07p
CDFS SYS 63,248 04-08-05 11:51a
SLIP SYS 10,880 07-09-04 2:58a
ESS SYS 64,144 09-30-99 5:26p
BONIFAY SYS 11,904 03-30-04 9:05p
AVG7RSXP SYS 27,904 10-27-06 8:34a
NTAPM SYS 9,104 09-25-99 10:36a
NABTSFEC SYS 83,968 07-09-04 2:58a
CCDECODE SYS 16,384 07-09-04 2:58a
AUDSTUB SYS 2,896 09-25-99 10:35a
WSTCODEC SYS 18,688 07-09-04 2:58a
MSDV SYS 56,832 07-09-04 2:58a
FASTFAT SYS 142,288 07-19-05 10:44a
KS SYS 130,304 12-12-02 12:14a
PORTCLS SYS 148,208 06-19-03 8:05p
AVGTDI SYS 4,992 01-16-06 9:33p
DMUSIC SYS 51,152 10-28-99 3:24p
FTDISK SYS 116,400 12-02-04 1:00p
IPNAT SYS 67,344 08-11-04 10:42p
MOUNTMGR SYS 30,160 08-16-05 8:40a
GEARAS~1 SYS 14,408 02-02-05 1:21a
USBSTOR SYS 21,552 06-19-03 8:05p
SQCAMD SYS 25,449 01-10-03 9:30a
SQCAPTUR SYS 30,921 01-10-03 10:56a
BTNETF~1 SYS 13,304 12-16-04 4:32p
AVG7CORE SYS 778,656 10-27-06 8:34a
STREAM SYS 42,000 06-19-03 8:05p
MSPQM SYS 4,816 09-25-99 10:36a
BLUELE~1 SYS 20,480 05-31-05 3:40p
OXSER SYS 51,169 04-28-03 6:31p
INTELS51 SYS 633,220 05-10-02 1:31p
BTHIDMGR SYS 28,271 04-30-05 2:50p
MODEMCSA SYS 16,144 09-25-99 10:34a
SMCUSB SYS 25,260 06-21-02 9:36a
CDRALW2K SYS 23,420 03-21-04 6:28p
CDR4_2K SYS 58,000 03-21-04 6:28p
VCOMMMGR SYS 82,148 03-25-05 5:18p
AGP440 SYS 21,008 06-19-03 8:05p
ASYNCMAC SYS 17,840 06-19-03 8:05p
ATAPI SYS 86,672 06-19-03 8:05p
ATMLANE SYS 48,496 06-19-03 8:05p
ATMUNI SYS 331,088 06-19-03 8:05p
VCOMM SYS 61,312 10-19-04 1:37p
CDROM SYS 27,984 06-19-03 8:05p
CLASSPNP SYS 34,832 06-19-03 8:05p
DISK SYS 30,768 06-19-03 8:05p
DISKDUMP SYS 14,288 06-19-03 8:05p
DISKPERF SYS 7,728 06-19-03 8:05p
DLC SYS 56,112 06-19-03 8:05p
DMBOOT SYS 369,104 06-19-03 8:05p
DMIO SYS 137,936 06-19-03 8:05p
DMLOAD SYS 7,312 06-19-03 8:05p
EFS SYS 27,440 06-19-03 8:05p
AVGASCLN SYS 3,968 09-05-06 4:03p
FDC SYS 26,256 06-19-03 8:05p
FLPYDISK SYS 19,312 06-19-03 8:05p
FS_REC SYS 7,600 06-19-03 8:05p
HIDCLASS SYS 24,752 06-19-03 8:05p
HIDPARSE SYS 23,056 06-19-03 8:05p
I8042PRT SYS 46,992 06-19-03 8:05p
INTELIDE SYS 4,624 06-19-03 8:05p
IPSEC SYS 64,304 06-19-03 8:05p
IRSIR SYS 19,952 06-19-03 8:05p
ISAPNP SYS 46,992 06-19-03 8:05p
KBDCLASS SYS 24,528 06-19-03 8:05p
KMIXER SYS 148,304 06-19-03 8:05p
SIO9502K SYS 48,076 02-11-04 6:29a
SKTBT2K SYS 48,556 03-23-04 3:26a
WSSBTR1F SYS 63,488 07-03-03 7:58p
BTCUSB SYS 23,000 05-31-05 9:42a
FW203X SYS 116,021 09-21-04 6:18p
BTNETDRV SYS 10,804 04-30-05 2:48p
BCBTHUB SYS 148,830 09-21-04 6:18p
VHIDMINI SYS 11,736 04-30-05 2:50p
194 file(s) 12,081,621 bytes

Directory of C:\WINDOWS\TWAIN_32\MYDSC

SQCAMD SYS 25,449 01-10-03 9:30a
SQCAPTUR SYS 30,921 01-10-03 10:56a
2 file(s) 56,370 bytes

Total files listed:
411 file(s) 447,603,170 bytes
0 dir(s) 2,378.53 MB free
 
fpcheck report:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="G8Y3I8"
"DefaultUserName"="Administrator"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="1"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"DebugServerCommand"="no"
"Win9xUpg"=dword:00000001
"SFCDisable"=dword:00000000
"ShowLogonOptions"=dword:00000000
"AltDefaultUserName"="Administrator"
"AltDefaultDomainName"="G8Y3I8"
"AutoAdminLogon"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):66,64,65,70,6c,6f,79,2e,64,6c,6c,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
"Status"=dword:00000000
"LastPolicyTime"=dword:00c2f924
"PrevSlowLink"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,73,6b,71,75,6f,74,61,2e,64,6c,6c,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"DllName"=hex(2):67,70,74,65,78,74,2e,64,6c,6c,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"DllName"=hex(2):73,63,65,63,6c,69,2e,64,6c,6c,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"Status"=dword:00000000
"LastPolicyTime"=dword:00d8ae18
"PrevSlowLink"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):69,65,64,6b,63,73,33,32,2e,64,6c,6c,00
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,63,65,63,6c,69,2e,64,6c,6c,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequireSuccessfulRegistry"=dword:00000001
"Status"=dword:00000000
"LastPolicyTime"=dword:00c2f93d
"PrevSlowLink"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Application Management"
"DllName"=hex(2):61,70,70,6d,67,6d,74,73,2e,64,6c,6c,00
"ProcessGroupPolicy"="ProcessGroupPolicyObjects"
"NoBackgroundPolicy"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,70,74,65,78,74,2e,64,6c,6c,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\PrevOsVersion]
"PlatformName"="Windows 98"
"VersionText"=" A "
"MajorVersion"=dword:00000004
"MinorVersion"=dword:0000000a
"BuildNumber"=dword:040a08ae
"PlatformId"=dword:00000001

Volume in drive C has no label.
Volume Serial Number is 3869-1805

Directory of C:\WINDOWS\SYSTEM32

05/08/2001 12:00p 10,000 sfc.exe
06/19/2003 08:05p 95,024 sfc.dll
04/08/2005 10:34a 973,072 sfcfiles.dll
3 File(s) 1,078,096 bytes

Directory of C:\WINDOWS\SYSTEM32\dllcache

05/08/2001 12:00p 10,000 sfc.exe
04/08/2005 10:34a 973,072 sfcfiles.dll
2 File(s) 983,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

06/19/2003 08:05p 95,024 sfc.dll
06/19/2003 08:05p 971,024 sfcfiles.dll
2 File(s) 1,066,048 bytes

Total Files Listed:
7 File(s) 3,127,216 bytes
0 Dir(s) 2,493,034,496 bytes free
 
Cont:

I haven't received email and still unable to find memory.dmp file.

I'm working a 12hrs shift tomorrow but will be back in the evening (GMT).

Have a happy New Year.
 
I don't like what I see there. Not one file is even remotely named as the one you say is there in the error.

And you didn't get the new boot.ini file either because of no email...

We'll work on it more later. But I have to tell you that this could be a hardware issue too. You have an older computer with no install CD and who knows what shape it's in.

What bothers me is that file name. Next boot, please try normal windows again and try to write down the file name mentioned in the error. Maybe the name has changed or you had a typo. It's an unknown in all searches and is therefore a total mystery.

We'll be doing a clean boot tshoot next. We'll start by booting in VGA mode once we get your boot.ini edited. If no joy, we'll remove other startups and see if you can get to Regular Windows. I am not hopeful. But I'll give it a little more time. The problem is you are using this system on the internet and I don't know what's going on in the background. Please tell your Partner not to file share or surf. We need to do some damage control and limit use.
 
Last edited:
Plus there is no indicaton as to why File Protection didn't kick in and replace regedit for you.

Your system may not be setup to create a memory dump.
Or it isn't writing it because of some problem, possibly memory. We'll deal with that later if need be.
Let's see if you can load windows in normal mode without your video drivers.

I am attaching a zip file containing new boot.ini

Unzip it to C:\
So now you'll have C:\new boot.ini

Be sure it is unzipped!

Then find boot.ini on C: and right click on it, click Properties and clear the read only attribute. Then rename boot.ini as oldboot.ini

Next, find new boot.ini and rename it to boot.ini

Now restart the computer. Do not press F8 or whatever to get the menu to go to Safe mode. Instead, let it go. When the menu appears, there will be 2 Windows listed. Choose the second one, the one I edited by adding /basevideo at the end.

This will try to get you to regular Windows. See if you get there or still get a BSOD. If you do get in, even though it will have the look of safe mode you'll know it isn't. You'll have sound and no warning that you are in safe mode.

If you get in, see if you can run gmer. Please pay close attention to any error messages you may get.
If you get a BSOD, restart and enter safe mode using the same method you have been using so far.

Let me know how it all goes.

Have a Happy New Year. Talk to you soon.
 
PS Don't forget to downoad a fresh copy of gmer. Don't run the old one. Chkdsk found problems with its files. So be sure to use a new copy.
 
You must log in or register to reply here.
Back
Top