• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1228
  • Last Modified:

File system is checked for consistency every time system is booted

Hi Experts,

I am running Windows XP Pro SP3.

I get these messages nearly every time Windows is rebooted:

"Checking file system on C:"
"One of your disks needs to be checked for consistency"

No errors are ever reported during the disk checking.

In no case has Windows crashed - I have always shut it down.

Is there a workaround for this?

Regards,
Leigh
0
LeighWardle
Asked:
LeighWardle
  • 18
  • 15
  • 5
  • +4
1 Solution
 
houssam_balloutCommented:
right click on Local DIsk C
then chose advanced then click disk check, if it informs you to schedule disk check at statrup click No,
then restart your computer & try
0
 
cantorisCommented:
Open a command prompt (Start - Run - CMD) and type
chkdsk /D
to ensure chkdsk settings are set to their correct defaults.

Then
fsutil dirty query c:
Does it think the C: drive is "dirty" - ie needs a check?

If on reboot, it still does a check I'd suspect that something is not "leaving go" of the drive when it should during shutdown.  You could for starters try ending as many applications from the tray at bottom-right of the screen before you begin your shutdown.  Obviously if that helps then you just need to narrow down which it was.  If not, then I'd start wondering about drivers somewhere.

(I take it you've tried a full chkdsk
chkdsk c: /V/R
to ensure all is definitely well and no bad sectors?  It will put an entry in the Application Event Log with source WINLOGON which contains the report.)
0
 
cantorisCommented:
Sorry, the first command should read

chkntfs /D
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
KCTSCommented:
the command is actually
chkntfs C: /x

(where c: is the drive letter)
0
 
KCTSCommented:
... as you have posted another question in which you state a registry repair has to be don on each reboot, then it suggestes to me that your hard disk is dying - back up and important data and replace it.
0
 
cantorisCommented:
No,   /x   excludes a drive from checking to see if a scan is warranted.
/D  sets everything back to the defaults where the drive will be scanned only if required - ie if it is dirty.
0
 
dbruntonCommented:
If registry repair required as KCTS notes then hard disk needs to be tested (after the backup).

Get the UBCD http://www.ultimatebootcd.com/

Download links are the icons at the top of the page above Overview.  Browse the page and see what utils are there for you.  Check the memory and hard disk utils especially.

Make the CD and boot from it.  Run the memory tester first - memtest -  and let it do two to three passes through your memory.  Memory could be a problem so get that test done first.

Then test the hard disk with the correct manufacturer's util for your hard disk.  Do the long test.  That will most likely tell you if your disk is corrupt.
0
 
LeighWardleAuthor Commented:
Hi:

Memtest passed.

Seagate SeaTools Hard disk (Long Test) passed.

See below for 3 lots of output from chkdsk.
The first 2 time I used chkdsk c: /f /r.
The last time I used chkdsk c: /v /f /r.

Every time there are entries like:

Cleaning up minor inconsistencies on the drive.
Cleaning up ? unused index entries from index $SII of file 0x9.
Cleaning up ? unused index entries from index $SDH of file 0x9.
Cleaning up ? unused security descriptors.
where ? is 12, then 11, then 9...

chkntfs C: returns "C: is not dirty".
fsutil dirty query C: returns "Volume - C: is NOT dirty".

Regards,
Leigh


=================================================
event log output from 1st. chkdsk c: /f /r
=================================================
Checking file system on C:
The type of the file system is NTFS.
Volume label is C_Drive.


A disk check has been scheduled.
Windows will now check the disk.                        
Cleaning up minor inconsistencies on the drive.
Cleaning up 12 unused index entries from index $SII of file 0x9.
Cleaning up 12 unused index entries from index $SDH of file 0x9.
Cleaning up 12 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

  71103689 KB total disk space.
  15606580 KB in 122015 files.
     60612 KB in 8267 indexes.
         0 KB in bad sectors.
    245997 KB in use by the system.
     65536 KB occupied by the log file.
  55190500 KB available on disk.

      4096 bytes in each allocation unit.
  17775922 total allocation units on disk.
  13797625 allocation units available on disk.

Internal Info:
c0 18 02 00 f6 fc 01 00 e2 61 03 00 00 00 00 00  .........a......
19 01 00 00 02 00 00 00 c3 05 00 00 00 00 00 00  ................
14 26 72 03 00 00 00 00 ba bd f7 2b 00 00 00 00  .&r........+....
c8 9e 3b 08 00 00 00 00 00 00 00 00 00 00 00 00  ..;.............
00 00 00 00 00 00 00 00 88 96 f6 3f 00 00 00 00  ...........?....
99 9e 36 00 00 00 00 00 b8 3a 07 00 9f dc 01 00  ..6......:......
00 00 00 00 00 d0 8c b8 03 00 00 00 4b 20 00 00  ............K ..

Windows has finished checking your disk.
Please wait while your computer restarts.


=================================================
event log output from 2nd. chkdsk c: /f /r
=================================================
Checking file system on C:
The type of the file system is NTFS.
Volume label is C_Drive.


A disk check has been scheduled.
Windows will now check the disk.                        
Cleaning up minor inconsistencies on the drive.
Cleaning up 11 unused index entries from index $SII of file 0x9.
Cleaning up 11 unused index entries from index $SDH of file 0x9.
Cleaning up 11 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

  71103689 KB total disk space.
  15606804 KB in 122017 files.
     60612 KB in 8268 indexes.
         0 KB in bad sectors.
    246513 KB in use by the system.
     65536 KB occupied by the log file.
  55189760 KB available on disk.

      4096 bytes in each allocation unit.
  17775922 total allocation units on disk.
  13797440 allocation units available on disk.

Internal Info:
c0 18 02 00 f9 fc 01 00 e7 61 03 00 00 00 00 00  .........a......
19 01 00 00 02 00 00 00 c2 05 00 00 00 00 00 00  ................
14 26 72 03 00 00 00 00 dc 83 dd 2b 00 00 00 00  .&r........+....
90 02 1f 08 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 be fb ba 3f 00 00 00 00  ...........?....
99 9e 36 00 00 00 00 00 b8 3a 07 00 a1 dc 01 00  ..6......:......
00 00 00 00 00 50 90 b8 03 00 00 00 4c 20 00 00  .....P......L ..

Windows has finished checking your disk.
Please wait while your computer restarts.



=================================================
event log output from chkdsk c: /v /f /r
=================================================
Checking file system on C:
The type of the file system is NTFS.
Volume label is C_Drive.

A disk check has been scheduled.
Windows will now check the disk.                        
Cleaning up minor inconsistencies on the drive.
Cleaning up 9 unused index entries from index $SII of file 0x9.
Cleaning up 9 unused index entries from index $SDH of file 0x9.
Cleaning up 9 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

  71103689 KB total disk space.
  15610784 KB in 122034 files.
     60616 KB in 8268 indexes.
         0 KB in bad sectors.
    243441 KB in use by the system.
     65536 KB occupied by the log file.
  55188848 KB available on disk.

      4096 bytes in each allocation unit.
  17775922 total allocation units on disk.
  13797212 allocation units available on disk.

Internal Info:
c0 18 02 00 0a fd 01 00 fd 61 03 00 00 00 00 00  .........a......
19 01 00 00 02 00 00 00 c0 05 00 00 00 00 00 00  ................
ba c3 6f 03 00 00 00 00 30 6e 08 2c 00 00 00 00  ..o.....0n.,....
f2 13 51 08 00 00 00 00 7a af 94 ee 02 00 00 00  ..Q.....z.......
a8 8e ec 3e 02 00 00 00 04 37 7a 6d 05 00 00 00  ...>.....7zm....
99 9e 36 00 00 00 00 00 b8 3a 07 00 b2 dc 01 00  ..6......:......
00 00 00 00 00 80 ce b8 03 00 00 00 4c 20 00 00  ............L ..

Windows has finished checking your disk.
Please wait while your computer restarts.
0
 
hello_everybodyCommented:
You could disable automatic CHKDSK in the Registry if you want to but it won't solve the problem only turn off the 'red light'. This error occurs when there are bad sectors on the hard drive and bad sectors cannot be repaired with sfc or by preventing chkdsk from running.
It may also be caused by a faulty ram chip.

Disabling Chkdsk - Windows 2000 and XP
1. Run the Registry Editor  i.e., REGEDIT
2. Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey:
\SYSTEM\CurrentControlSet\Control\Session Manager(Double click the folder)
3. Change the BootExecute entry to:
autocheck autochk *
Exit your registry, you may need to restart or log out of Windows for the change to take effect.

You will still be able to run CHKDSK anytime you want to by going to Start/Run/type in  chkdsk.exe
which should be done frequently anyway.  
0
 
dbruntonCommented:
Nope.

I don't believe that is the problem.

Refer http://support.microsoft.com/kb/831374

See if that article applies to you.
0
 
RANJINAPCommented:
Hello Leighwardle,
Important: I also faced the same problem some time before. I found the solution using Power disk defragmenter, check this link
0
 
LeighWardleAuthor Commented:
dbrunton wrote:
> Nope.
> I don't believe that is the problem.
> Refer http://support.microsoft.com/kb/831374
> See if that article applies to you.

http://support.microsoft.com/kb/831374 certainly looks like it describes the same problem as I have, i.e.
   Cleaning up minor inconsistencies on the drive.
   Cleaning up ? unused index entries from index $SII of file 0x9.
   Cleaning up ? unused index entries from index $SDH of file 0x9.
   Cleaning up ? unused security descriptors.
   
But the "Resolution" section for Windows XP says: "To resolve this problem, obtain the latest service pack for Windows XP".
But I already have SP3 installed.

Where do I go from here?

Regards,
Leigh
0
 
dbruntonCommented:
Check how many files you have on this disk.

At the command line

cd \
dir /s

and let it run.  At the end you should see Total files listed and number of files and directories.  Post those here.  Let's see what those total.

There is also the Vrfydsk.exe utility mentioned under More Information.  Run that and post here.

There is also the hotfix (but that shouldn't be needed yet) to look at.
0
 
LeighWardleAuthor Commented:
Attention: dbrunton.

I am locked in a loop!

when I run dir /S from cmd.exe, it does not go to completion, instead I get a bubble message:
   "cmd.exe - Corrupt file"

   "The file or directory C: is corrupt and unreadable. Please run the Chkdsk utility."
   
I then run chkdsk c: /V /R /F, but that doesn't fix the corruption!

Regards,
Leigh
0
 
dbruntonCommented:
Interesting.

Let's try at the command line

cd \winnt
dir /s

From your earlier chkdsk we have

122017 files

so number of files is not a problem.  But run the dir as above and report back.
0
 
LeighWardleAuthor Commented:
at the command line:

cd \winnt
dir /S

Goes to completion, output below...

Regards,
Leigh
 Volume in drive C is C_Drive
 Volume Serial Number is C047-5DC3

 Directory of C:\WINDOWS

21/12/2009  02:05 PM    <DIR>          .
21/12/2009  02:05 PM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          addins
30/12/2008  02:22 AM    <DIR>          AppPatch
30/12/2008  02:22 AM    <DIR>          Config
30/12/2008  02:22 AM    <DIR>          Connection Wizard
30/12/2008  02:22 AM    <DIR>          Cursors
30/12/2008  02:22 AM    <DIR>          Debug
30/12/2008  02:22 AM    <DIR>          Driver Cache
30/12/2008  02:22 AM    <DIR>          ehome
30/12/2008  02:22 AM    <DIR>          Fonts
21/12/2009  02:05 PM                 0 foo.txt
30/12/2008  02:22 AM    <DIR>          Help
30/12/2008  02:22 AM    <DIR>          ime
30/12/2008  02:22 AM    <DIR>          inf
30/12/2008  02:22 AM    <DIR>          java
30/12/2008  02:22 AM    <DIR>          Media
30/12/2008  02:22 AM    <DIR>          msagent
30/12/2008  02:22 AM    <DIR>          msapps
30/12/2008  02:22 AM    <DIR>          mui
30/12/2008  02:22 AM    <DIR>          pchealth
30/12/2008  02:22 AM    <DIR>          PeerNet
30/12/2008  02:22 AM    <DIR>          Provisioning
30/12/2008  02:22 AM    <DIR>          repair
30/12/2008  02:22 AM    <DIR>          Resources
30/12/2008  02:22 AM    <DIR>          security
30/12/2008  02:22 AM    <DIR>          system
24/08/2001  07:00 AM               219 system.ini
21/12/2009  02:04 PM    <DIR>          system32
30/12/2008  02:22 AM    <DIR>          Temp
30/12/2008  02:22 AM    <DIR>          twain_32
30/12/2008  02:22 AM    <DIR>          Web
30/12/2008  02:22 AM    <DIR>          WinSxS
               2 File(s)            219 bytes

 Directory of C:\WINDOWS\addins

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\AppPatch

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Config

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Connection Wizard

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Cursors

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Debug

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          UserMode
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Debug\UserMode

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Driver Cache

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          i386
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Driver Cache\i386

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\ehome

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Fonts

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM                 0 $$TEMP$$.~~~
24/08/2001  07:00 AM             6,336 cga40woa.fon
24/08/2001  07:00 AM             4,304 cga80woa.fon
24/08/2001  07:00 AM            36,656 dosapp.fon
24/08/2001  07:00 AM             8,368 ega40woa.fon
24/08/2001  07:00 AM             5,312 ega80woa.fon
24/08/2001  07:00 AM             8,704 modern.fon
24/08/2001  07:00 AM            13,312 roman.fon
24/08/2001  07:00 AM            12,288 script.fon
24/08/2001  07:00 AM             5,360 vgafix.fon
24/08/2001  07:00 AM             5,168 vgaoem.fon
24/08/2001  07:00 AM             7,280 vgasys.fon
              12 File(s)        113,088 bytes

 Directory of C:\WINDOWS\Help

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Tours
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Help\Tours

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          htmlTour
30/12/2008  02:22 AM    <DIR>          mmTour
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Help\Tours\htmlTour

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Help\Tours\mmTour

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\ime

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          CHTIME
30/12/2008  02:22 AM    <DIR>          imejp
30/12/2008  02:22 AM    <DIR>          imejp98
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\ime\CHTIME

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Applets
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\ime\CHTIME\Applets

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\ime\imejp

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          applets
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\ime\imejp\applets

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\ime\imejp98

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\inf

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\java

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          classes
30/12/2008  02:22 AM    <DIR>          trustlib
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\java\classes

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\java\trustlib

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Media

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\msagent

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          chars
30/12/2008  02:22 AM    <DIR>          intl
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\msagent\chars

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\msagent\intl

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\msapps

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          msinfo
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\msapps\msinfo

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\mui

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\pchealth

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          helpctr
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\pchealth\helpctr

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          binaries
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\pchealth\helpctr\binaries

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\PeerNet

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Provisioning

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Schemas
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Provisioning\Schemas

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\repair

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Themes
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Luna
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Shell
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Homestead
30/12/2008  02:22 AM    <DIR>          Metallic
30/12/2008  02:22 AM    <DIR>          NormalColor
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\security

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          logs
30/12/2008  02:22 AM    <DIR>          templates
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\security\logs

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\security\templates

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32

21/12/2009  02:04 PM    <DIR>          .
21/12/2009  02:04 PM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          1025
30/12/2008  02:22 AM    <DIR>          1028
30/12/2008  02:22 AM    <DIR>          1031
30/12/2008  02:22 AM    <DIR>          1033
30/12/2008  02:22 AM    <DIR>          1037
30/12/2008  02:22 AM    <DIR>          1041
30/12/2008  02:22 AM    <DIR>          1042
30/12/2008  02:22 AM    <DIR>          1054
30/12/2008  02:22 AM    <DIR>          2052
30/12/2008  02:22 AM    <DIR>          3076
30/12/2008  02:22 AM    <DIR>          3com_dmi
24/08/2001  07:00 AM            12,288 bootvid.dll
30/12/2008  02:22 AM    <DIR>          config
24/08/2001  07:00 AM             8,386 ctype.nls
24/08/2001  07:00 AM            66,082 c_1252.nls
24/08/2001  07:00 AM            66,594 c_437.nls
30/12/2008  02:22 AM    <DIR>          dhcp
30/12/2008  02:22 AM    <DIR>          dllcache
30/12/2008  02:22 AM    <DIR>          drivers
30/12/2008  02:22 AM    <DIR>          export
21/12/2009  02:04 PM            22,312 foo.txt
30/12/2008  02:22 AM    <DIR>          ias
30/12/2008  02:22 AM    <DIR>          icsxml
30/12/2008  02:22 AM    <DIR>          IME
30/12/2008  02:22 AM    <DIR>          inetsrv
24/08/2001  07:00 AM             5,632 kbdus.dll
24/08/2001  07:00 AM             7,040 kdcom.dll
24/08/2001  07:00 AM             2,560 lz32.dll
24/08/2001  07:00 AM             7,046 l_intl.nls
30/12/2008  02:22 AM    <DIR>          mui
30/12/2008  02:22 AM    <DIR>          npp
24/08/2001  07:00 AM            68,608 olecli32.dll
24/08/2001  07:00 AM            34,304 olecnv32.dll
24/08/2001  07:00 AM            22,016 olesvr32.dll
24/08/2001  07:00 AM            69,120 olethk32.dll
30/12/2008  02:22 AM    <DIR>          oobe
30/12/2008  02:22 AM    <DIR>          ras
30/12/2008  02:22 AM    <DIR>          Setup
30/12/2008  02:22 AM    <DIR>          ShellExt
30/12/2008  02:22 AM    <DIR>          spool
24/08/2001  07:00 AM            89,588 unicode.nls
30/12/2008  02:22 AM    <DIR>          usmt
24/08/2001  07:00 AM             9,344 vga.dll
30/12/2008  02:22 AM    <DIR>          wbem
30/12/2008  02:22 AM    <DIR>          wins
              15 File(s)        490,920 bytes

 Directory of C:\WINDOWS\system32\1025

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\1028

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\1031

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\1033

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\1037

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\1041

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\1042

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\1054

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\2052

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\3076

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\3com_dmi

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\config

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\dhcp

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\dllcache

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\drivers

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
24/08/2001  07:00 AM             4,224 beep.sys
24/08/2001  07:00 AM            18,688 cdaudio.sys
30/12/2008  02:22 AM    <DIR>          disdn
24/08/2001  07:00 AM             5,888 dmload.sys
24/08/2001  07:00 AM             3,328 dxgthk.sys
30/12/2008  02:22 AM    <DIR>          etc
24/08/2001  07:00 AM            34,944 fips.sys
24/08/2001  07:00 AM             7,936 fs_rec.sys
24/08/2001  07:00 AM           125,056 ftdisk.sys
24/08/2001  07:00 AM             9,600 ndistapi.sys
24/08/2001  07:00 AM            38,016 ndproxy.sys
24/08/2001  07:00 AM             2,944 null.sys
24/08/2001  07:00 AM            18,688 partmgr.sys
24/08/2001  07:00 AM            17,792 ptilink.sys
24/08/2001  07:00 AM             8,832 rasacd.sys
24/08/2001  07:00 AM            16,512 raspti.sys
24/08/2001  07:00 AM             4,224 rdpcdd.sys
24/08/2001  07:00 AM             4,352 wmilib.sys
              16 File(s)        321,024 bytes

 Directory of C:\WINDOWS\system32\drivers\disdn

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\drivers\etc

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\export

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\ias

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\icsxml

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\IME

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          CINTLGNT
30/12/2008  02:22 AM    <DIR>          PINTLGNT
30/12/2008  02:22 AM    <DIR>          TINTLGNT
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\IME\CINTLGNT

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\IME\PINTLGNT

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\IME\TINTLGNT

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\inetsrv

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          0009
30/12/2008  02:22 AM    <DIR>          0401
30/12/2008  02:22 AM    <DIR>          0402
30/12/2008  02:22 AM    <DIR>          0404
30/12/2008  02:22 AM    <DIR>          0405
30/12/2008  02:22 AM    <DIR>          0406
30/12/2008  02:22 AM    <DIR>          0407
30/12/2008  02:22 AM    <DIR>          0408
30/12/2008  02:22 AM    <DIR>          040b
30/12/2008  02:22 AM    <DIR>          040C
30/12/2008  02:22 AM    <DIR>          040D
30/12/2008  02:22 AM    <DIR>          040e
30/12/2008  02:22 AM    <DIR>          0410
30/12/2008  02:22 AM    <DIR>          0411
30/12/2008  02:22 AM    <DIR>          0412
30/12/2008  02:22 AM    <DIR>          0413
30/12/2008  02:22 AM    <DIR>          0414
30/12/2008  02:22 AM    <DIR>          0415
30/12/2008  02:22 AM    <DIR>          0416
30/12/2008  02:22 AM    <DIR>          0418
30/12/2008  02:22 AM    <DIR>          0419
30/12/2008  02:22 AM    <DIR>          041a
30/12/2008  02:22 AM    <DIR>          041b
30/12/2008  02:22 AM    <DIR>          041D
30/12/2008  02:22 AM    <DIR>          041e
30/12/2008  02:22 AM    <DIR>          041f
30/12/2008  02:22 AM    <DIR>          0424
30/12/2008  02:22 AM    <DIR>          0425
30/12/2008  02:22 AM    <DIR>          0426
30/12/2008  02:22 AM    <DIR>          0427
30/12/2008  02:22 AM    <DIR>          0804
30/12/2008  02:22 AM    <DIR>          0816
30/12/2008  02:22 AM    <DIR>          0C0A
30/12/2008  02:22 AM    <DIR>          dispspec
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0009

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0401

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0402

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0404

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0405

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0406

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0407

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0408

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\040b

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\040C

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\040D

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\040e

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0410

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0411

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0412

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0413

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0414

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0415

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0416

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0418

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0419

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\041a

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\041b

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\041D

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\041e

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\041f

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0424

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0425

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0426

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0427

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0804

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0816

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\0C0A

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\mui\dispspec

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\npp

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          html
30/12/2008  02:22 AM    <DIR>          images
30/12/2008  02:22 AM    <DIR>          sample
30/12/2008  02:22 AM    <DIR>          setup
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\html

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          ispsgnup
30/12/2008  02:22 AM    <DIR>          mouse
30/12/2008  02:22 AM    <DIR>          oemcust
30/12/2008  02:22 AM    <DIR>          oemhw
30/12/2008  02:22 AM    <DIR>          oemreg
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\html\ispsgnup

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\html\mouse

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\html\oemcust

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\html\oemhw

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\html\oemreg

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\images

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\sample

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\oobe\setup

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\ras

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\Setup

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\ShellExt

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\spool

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          drivers
30/12/2008  02:22 AM    <DIR>          prtprocs
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\spool\drivers

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          color
30/12/2008  02:22 AM    <DIR>          w32x86
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\spool\drivers\color

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\spool\drivers\w32x86

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          3
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\spool\drivers\w32x86\3

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\spool\prtprocs

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          w32x86
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\spool\prtprocs\w32x86

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\usmt

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wbem

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          Logs
30/12/2008  02:22 AM    <DIR>          mof
30/12/2008  02:22 AM    <DIR>          Repository
30/12/2008  02:22 AM    <DIR>          xml
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wbem\Logs

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wbem\mof

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          bad
30/12/2008  02:22 AM    <DIR>          good
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wbem\mof\bad

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wbem\mof\good

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wbem\Repository

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wbem\xml

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\system32\wins

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Temp

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\twain_32

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Web

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          printers
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Web\printers

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          images
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Web\printers\images

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\WinSxS

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
30/12/2008  02:22 AM    <DIR>          InstallTemp
30/12/2008  02:22 AM    <DIR>          Manifests
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\WinSxS\InstallTemp

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\WinSxS\Manifests

30/12/2008  02:22 AM    <DIR>          .
30/12/2008  02:22 AM    <DIR>          ..
               0 File(s)              0 bytes

     Total Files Listed:
              45 File(s)        925,251 bytes
             449 Dir(s)  56,571,899,904 bytes free

Open in new window

0
 
dbruntonCommented:
OK

So there are some possibles now.

There could be a corrupted file in c:\   No guarantee of that is the problem but that is a start to look at.

Use Windows Explorer to show the files there.  Make sure Explorer is set to show hidden files.  Do a PrtScr and then Paste into Paint and save and post the results here.
0
 
LeighWardleAuthor Commented:
Screendump of Explorer output from c:\ is below...

0001.jpg
0
 
dbruntonCommented:
Hmm.  Nothing strange there.

At the command line try

cd \
dir *.ini
dir *.bat
dir *.sys
dir *.com
dir ntl*.*
dir *.vbs
dir *.bat
dir *.exe

and see if any of those error out.

You've got a Windows folder and a Windows.0 folder.  What occurred there to get that?
0
 
dbruntonCommented:
If those prove OK then at the command line try

cd \
dir "Documents and Settings" /s
dir "Program Files" /s
dir "Recycler" /s
dir Windows /s
dir Windows.0 /s

and see if any of those error out.  I don't know if dir Recycler will do anything but try it anyway.  I'm trying to identify what file/folder is giving the error.
0
 
LeighWardleAuthor Commented:
I tried this (all in a batch file):

cd \
dir *.ini  /S
dir *.bat  /S
dir *.sys  /S
dir *.com  /S
dir ntl*.*  /S
dir *.vbs  /S
dir *.bat  /S
dir *.exe  /S

Gave the corruption error.

Tried deleting the commands one by one starting from the bottom.
Everytime the corruption error.

I believe just traversing the folder structure will give a corruption error, for example making up a file name like "blahblah.uvw"

cd \
dir "blahblah.uvw"

finds 0 files, but gives the corruption error.
0
 
dbruntonCommented:
Let's try the following method.  Make sure you have your data backed up first.

Normally when you run CHKDSK from Recovery Console of WinXP install CD it has better chances to look into sectors that are normally used by Windows when you run CHKDSK from Windows.
In other words 100% full scan is guaranteed by scan started from boot CD.
This is MS recommended procedure for similar problems. Also, chkdsk.exe could malfunction itself when running from installed copy of Windows so again the check from CD has advantages.

from http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_24503704.html
0
 
LeighWardleAuthor Commented:
I have deduced that the corrupt folder is: C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active.
Attempting to open this folder in File Explorer gives:
      The file or directory is corrupt and unreadable.

I tried deleting the folder on reboot using MoveOnBoot - but that failed.

I ran chkdsk c: /R from the Recovery Console.

The report said "..found and fixed one or more errors".

But the corrupt folder: C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active is still corrupt.
0
 
dbruntonCommented:
Try a Knoppix CD http://www.knoppix.org/

Make the CD and boot from it and see if it can delete that folder.
0
 
dbruntonCommented:
This may also be a virus that is hiding within that folder.

At the command prompt type

msconfig

See if there is any reference in the Startup Tab to that folder.
0
 
LeighWardleAuthor Commented:
I tried Knoppix Live CD v5.1:

I was trying to find the corrupt folder: C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active.
But it would only let me navigate to C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer
This folder showed as empty - no sign of folder Recovery.

Also tried Ubuntu 9.04 Live CD:
I could navigate to corrupt folder: C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active.
But could not delete it, or folder above it.
0
 
LeighWardleAuthor Commented:
dbrunton commented:
>You've got a Windows folder and a Windows.0 folder.  What occurred there to get that?

Boot.ini is calling C:\Windows.0 instead of C:\Windows.
0
 
LeighWardleAuthor Commented:
dbrunton commented:
>This may also be a virus that is hiding within that folder.

>At the command prompt type

>msconfig

>See if there is any reference in the Startup Tab to that folder.

There are not any references in the Startup Tab to the folder, corrupt folder: C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active
0
 
dbruntonCommented:
Ugh.

Try at the command line

rd     /s    "\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery"

>> Boot.ini is calling C:\Windows.0 instead of C:\Windows.

That you have a Windows folder and a Windows.0 folder is indicating possibly a reinstallation of Windows over another installation of Windows.

0
 
LeighWardleAuthor Commented:
C:\>rd     /s    "\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery"
\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery, Are you sure (Y/N)? y
\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\LASTAC~1 - The directory is not empty.


Here's what I got at the command line running

rd     /s    "\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery"

and drilling a bit deeper:

C:\>rd     /s    "\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\lastac~1"
\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\lastac~1, Are you sure (Y/N)? y
The directory is not empty.



C:\>dir     /s    "\\?\C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\lastac~1"
 Volume in drive \\?\C: is C_Drive
 Volume Serial Number is C047-5DC3
File Not Found
0
 
LeighWardleAuthor Commented:
>> Boot.ini is calling C:\Windows.0 instead of C:\Windows.

>That you have a Windows folder and a Windows.0 folder is indicating possibly a >reinstallation of Windows over another installation of Windows.

Yes, I did a clean install of Windows, but did not realize that it was installed to a different folder?
0
 
dbruntonCommented:
>> ... but did not realize that it was installed to a different folder?

Yep.  Windows knew there was another installation there but did not use that folder and created another one.

----------------------------------------------------------------------------------

Have you tried running CHKDSK from Recovery Console of WinXP install CD?

If not try that and then the rd commands above.

----------------------------------------------------------------------------------

From http://forums.techarena.in/vista-help/745683.htm

So, I recommend running CHKDSK by pressing/holding F8 during startup, selecting the Startup Repair option, allowing that to load, and choosing the command prompt option at the menu. You'll first have to navigate to the C: partition (instead of the virtual X: drive) by simply typing C: at the prompt. Type "chkdsk /r" (without quotes) and press "Y" when it asks you if you want to dismount the C: drive, and let it run to completion. Sometimes, it takes multiple iterations in order to fix some things, so feel free to run it again once more.

and then trying the rd commands again.

0
 
dbruntonCommented:
And try Rootkit Revealer http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

and report back what it says.  I haven't quite given up on the virus idea yet.
0
 
LeighWardleAuthor Commented:
>Have you tried running CHKDSK from Recovery Console of WinXP install CD?
Yes.

>So, I recommend running CHKDSK by pressing/holding F8 during startup, >selecting the Startup Repair option

I cannot see the Startup Repair option, the options I see are these:
http://www.webtree.ca/windowsxp/safemode%20002.jpg
0
 
dbruntonCommented:
Then just try the Rootkit Revealer application instead.
0
 
LeighWardleAuthor Commented:
Rootkit Revealer output is 16 MB!, zipped version (1.6 MB) is here:
http://www.mincad.com.au/forum/files/temp/RootkitReveal.zip
0
 
cantorisCommented:
Were you doing anything while Rootkit Revealer was running?
It's important you don't do anything that could alter what files are present on the drive while it is running or else you will get very odd results.  ie It's better to start it going and then don't touch the computer until it has finished.  Better still, close open apps first as well.
I think given the nature of your problems and the dual Windows folders I'd be backing up my data and then formatting (and verifying) the drive before installing afresh - partly expecting the format to fail.
0
 
LeighWardleAuthor Commented:
No, I wasn't doing anything while Rootkit Revealer was running.

I'm thinking reformat/fresh install, too.
0
 
dbruntonCommented:
>> I'm thinking reformat/fresh install, too.

Yeah.  When all else fails redo.

Rootkit Revealer didn't show C:\Documents and Settings\Hoppy\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\

Lots of other stuff which is probably innocuous but I was only looking for that folder.

It is looking like a disk error but you ran the long Seatools test and it passed that.

The Linux CDs couldn't delete it which is very strange.
0
 
LeighWardleAuthor Commented:
I used the latest Knoppix v6.2.

At first I could not delete the corrupt folder, but I created a text file in that folder, then I could delete the folder.

Now at the command line when I run:

cd \
dir /S

This goes to completion without any report of corruption.

But chkdsk still reports:

   Cleaning up minor inconsistencies on the drive.
   Cleaning up ? unused index entries from index $SII of file 0x9.
   Cleaning up ? unused index entries from index $SDH of file 0x9.
   Cleaning up ? unused security descriptors.
   
I think I will put with this, and leave the system in it's current state...

Regards,
Leigh
0
 
LeighWardleAuthor Commented:
Correction:

I think I will put UP with this, and leave the system in it's current state...
0
 
LeighWardleAuthor Commented:
Thanks, dbrunton, for your persistence.

Regards, Leigh
0
 
cantorisCommented:
Please assume the hard drive is on its way out and so ensure everything is backed up just in case.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 18
  • 15
  • 5
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now