Print Page - cripplecreekranch topic

POST 1 by
cripplecreekranch

Hi,

I have a _NCR NR-7200A CD reader/writer that turns on all the time; probably every 10-15 min. I can be sitting here with nothing open on the computer, nothing in the drive and the light will come on and you can hear the machine turn on. I have done a ton of spyware/adware, virus scans ect. The computer comes up clean. If media player is open and on when this happens it will make the music skip....it's driving me crazy. I have lots of ram and available disk space, any suggestions?
===========================================

I omitted Hijackthis log, but we may need it later
===========================================
My reply
Do you remember installing anything before this issue started?

What is the make and model of this computer?
Is that the exact name of the CDrom drive you posted earlier

Can you check in Device manager to ensure you posted the correct name please
=====================================================
cripplecreekranch
response
Hi,

I have had this problem for quite some time, but I really don't think I installed
anything new......I don't normally add stuff.

Make & model:
Dell, Dimension 4400
Pentium 4, 1.70 GHZ

I made a typo with the CD name, Here's the correct number:
CD-ROM drive = _NEC NR-7900A
============================================
My reply
Do you mean you can hear the CDrom spin up?

Can you check the following
Go to START>>RUN>>type in services.msc
Hit OK

In the new window, right hand side scroll to
IMAPI CD-Burning COM Service

Double click on it
In the startup type drop down bar, is it set to Automatic or Manual
If it's set to Automatic, can you change it to Manual
Apply and OK it
Reboot the computer

Is that any help?
How long have you had this system?
Have you checked on Dell's site for a firmware update?
Look in your Device manager>>Double click on your drive>>>DETAILS tab
Are you using version 1.08?

You appeared to have Roxio software installed, in this correct?
Sometimes old Roxio burning software may cause problems
Look in add/remove programs for software related to Roxio, is there any?
====================================================

cripplecreekranch

Yes, I can hear the cd spin up

The setting was already on manual

I bought the computer in 2001

Driver version - 5.1.25.35.0 dated 7/1/2001

Yes, I have Roxio easy cd creator 5

====================================================

My Reply
Can you again go into the Device manager and double click on your CD drive
Open the DETAILS tab
Are you using version 1.08?

You will see a long named in the white box
as eg....
IDE\CDROMNEC_CDRW_NR-7900A______________******

Can you post the numbers back please
They may be the ones I omitted in asterisks
may give a clue of what firmware version your using

Here is some info on SP2 and Roxio easy cd creator 5
http://www.cd-burner-help.com/roxio-easy-cd.htm (http://\"http://www.cd-burner-help.com/roxio-easy-cd.htm\")
Dell may have updates
If not, I may have a link to free software if there is no available update for your burning software

Can you post back the info above
Additionally, I just want to check on something

Just using this tool to identify some areas of the registry
Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix
==========================================

CONTINUED>>
Reply from cripplecreekranch

I couldn't find any updates, so I just uninstalled Roxio and the cd player is still comming on.
If you do have a link for another burning software I'd love to try it. I never like Roxio.

The version is 1.8, sorry I was looking in the wrong place.

Here is the comfix log

Stacey - 06-12-09 5:48:59.89 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Stacey\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))

2006-12-07 08:38 <DIR> d-------- C:\Program Files\directx
2006-12-06 11:41 <DIR> dr-h----- C:\Documents and Settings\Stacey\Recent
2006-12-02 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-12-02 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2006-12-01 23:42 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-01 23:42 <DIR> d-------- C:\WINDOWS\nview
2006-12-01 23:41 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-12-01 23:41 <DIR> d-------- C:\NVIDIA
2006-12-01 08:55 <DIR> d-------- C:\WINDOWS\NV856968.TMP
2006-11-30 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2006-11-30 18:15 <DIR> d-------- C:\Program Files\City Interactive
2006-11-30 17:35 <DIR> d-------- C:\Program Files\EA GAMES

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-07 09:47 84528 --a--c--- C:\Documents and Settings\Stacey\Application Data\GDIPFONTCACHEV1.DAT
2006-12-07 08:41 -------- d-------- C:\Program Files\Microsoft Picture It! 2002
2006-12-07 08:28 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-06 11:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-06 10:09 -------- d-------- C:\Program Files\Adobe
2006-12-06 10:00 -------- d-------- C:\Program Files\Common Files
2006-12-05 19:27 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-19 10:08 -------- d-------- C:\Program Files\Norton AntiVirus
2006-11-19 10:03 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-19 10:03 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-19 10:03 -------- d-------- C:\Program Files\Symantec
2006-11-17 13:14 -------- d-------- C:\Program Files\WinASO
2006-11-17 07:02 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-16 07:10 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3b,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3b,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoControlPanel"=dword:00000000
"NoNetHood"=dword:00000000
"NoComputersNearMe"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=dword:00000000
"NoComputersNearMe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="????"
"hkey"="HKCU"
"command"="????"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="????"
"hkey"="HKCU"
"command"="????"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Disk Defragmenter.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Stacey.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Stacey.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

Completion time: 06-12-09 5:50:43.53
C:\ComboFix.txt ... 06-12-09 05:50

Accidentally deleted other topic
Carry on here please
I moved this topic to the TechClinic section because the tools I'm asking you to run
I hope you don't mind, If we can't resolve this I'll move it back to the hardware section

The latest firmware version for your cdrw is found here under FIRMWARE section
http://support.dell.com/support/downloads/...=WW1&osl=EN (http://\"http://support.dell.com/support/downloads/devices.aspx?c=us&cs=19&l=en&s=dhs&SystemID=DIM_PNT_P4_4400&os=WW1&osl=EN\")
It doesn't appear to resolve your issue, but others, it may not hurt to try it
Some users having troubles installing it
One user at Dell forums suggest running it with this method

Quote

1) Create the floppy as directed.
2) Go into Device Manager and uninstall the NR-7900A CD drive.
3) Reboot with the floppy as directed and answer questions appropriately to update firmware.
4) When the success message appears after a few seconds and returns to the "A:>" prompt, manually run FWLD799B.EXE by entering it at the prompt. The actual firmware update for the NEC NR-7900A will begin and take far more than few seconds (perhaps a minute, +/-). When the update is done, the system returns to the prompt and the light on the drive is flashing.
5) Pop out the floppy and press CTL-ALT-DEL to reboot into Windows.
6) Check Device Manager again to be sure Windows re-installed the drive. If not, do it manually.

You should now see "109b" in the revision field of drive.

Let me know if it helps, verify you have updated the firmware in device manager and there are no error codes
Can you also double check to make sure that your CDRW is found in MyComputer please

I see some unknown characters in the startupreg registry key

Can you do the following for me please
From the bottom of this reply box, download and SAVE Run_Keys.zip to desktop

Right click on the file and EXTRACT the contents too desktop

Double click on Run_Keys.bat
A dos window will open then a text file should open
Can you copy>>paste back here the contents of that text file please

It's great to see that the experts make mistakes too lol.

AAAAAHHHHH Now my floppy has calved; every disk I put in (even the ones that have my info on them) tells me
"A:\Is not accessible
No ID address mark was found on the floppy disk"

I tried to format the disk and that did not work either, I am told that windows was unable to complete format.

Can I use a CD instead?

Sorry to be such a pest, but this download doesn't work. After dl it informs me that there are no files to extract?? [color=\"#6a8da5\"]Run_Keys.zip[/color] (http://\"http://www.thetechguide.com/forum/index.php?act=attach&type=post&id=2050\") ( 349bytes )
I know about the funny characters in my startup - at least that is where the used to be. Could never figure out what
they were and so they were left.

[quote name=\'guestolo\' post=\'254021\' date=\'Dec 9 2006, 12:31 PM\']Accidentally deleted other topic
Carry on here please
I moved this topic to the TechClinic section because the tools I'm asking you to run
I hope you don't mind, If we can't resolve this I'll move it back to the hardware section

The latest firmware version for your cdrw is found here under FIRMWARE section
http://support.dell.com/support/downloads/...=WW1&osl=EN (http://\"http://support.dell.com/support/downloads/devices.aspx?c=us&cs=19&l=en&s=dhs&SystemID=DIM_PNT_P4_4400&os=WW1&osl=EN\")
It doesn't appear to resolve your issue, but others, it may not hurt to try it
Some users having troubles installing it
One user at Dell forums suggest running it with this method

Let me know if it helps, verify you have updated the firmware in device manager and there are no error codes
Can you also double check to make sure that your CDRW is found in MyComputer please

I see some unknown characters in the startupreg registry key

Can you do the following for me please
From the bottom of this reply box, download and SAVE Run_Keys.zip to desktop

Right click on the file and EXTRACT the contents too desktop

Double click on Run_Keys.bat
A dos window will open then a text file should open
Can you copy>>paste back here the contents of that text file please[/quote]

You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within

I tried both quick and full format, no go. I don't know whats going on with these zip files. This one said that there was no files to extract as well. And when I try to right click and just choose open it tells me that the file is corrupt??
This is getting really frustrating and I'm sorry to be taking up so much of your time.

[quote name=\'guestolo\' post=\'254617\' date=\'Dec 10 2006, 09:41 AM\']You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within[/quote]

Ok, I went an got the downloads from elsewhere.....at least I think they are the same ones. Here is both logs for you because I wasn't sure which one you would prefer.

FIND_STUFF

doesn't exist HKEY_LOCAL_MACHINE\CurrentControlSet\Services\Java
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Java
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Java
doesn't exist SYSTEM\CurrentControlSet\Services\ServiceHost
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:000001e8
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:1a,35,7b,6d,df,43,1f,65,c4,b3,85,a3,30,4a,22,22,61,61,38,36,33,\
31,63,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,89,52,d9,d1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:32,0f,48,b4,cd,8d,5b,16,e2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:a8,54,14,c0,59,97

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:48,0a,70,5d,61,f2,93,54,dd,5d,35,94,c7,c9,dd,3f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com (http://\"http://www.passport.com\")"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:da,2e,0b,cb,19,e1,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,6f,e3,94,f8,79,c4,01
"Type"=dword:00000031

RUN_KEYS

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip]
@="{E0D79304-84BE-11CE-9641-444553540000}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
@="NAV Helper"

[quote name=\'guestolo\' post=\'254617\' date=\'Dec 10 2006, 09:41 AM\']You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within[/quote]

That doesn't help cripplecreekranch
The Find_Stuff I was posting to you if for other keys in the registry

Can you do the following
Right click on Find_Stuff.bat and select EDIT
In the window that opens, select EDIT>>Select All
EDIT>>DELETE

Keep the window open
You should now have a blank Find_Stuff.bat file

In it's place, Copy>>Paste to the empty file
the Whole contents below in the Code box
DO NOT include the word "code" please

Code: [Select]

If not Exist files MkDir Files

echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices >files\ok1.txt

regedit /a files\ok1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce >files\ok2.txt

regedit /a files\ok2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run >files\ok3.txt

regedit /a files\ok3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok4.txt

regedit /a files\ok4.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run >files\ok14.txt

regedit /a files\ok14.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok15.txt

regedit /a files\ok15.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx >files\ok16.txt

regedit /a files\ok16.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"


echo doesn't exist HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg >files\ok5.txt

regedit /a files\ok5.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg"

cd files

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt
  
Type look.txt | find  /v /i "REGEDIT4" >> compare.txt 
Type compare.txt | find  /i "doesn't exist " >> compare2.txt
Type compare.txt | find  /v /i "doesn't exist" >> compare1.txt 

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt

Now close Find_Stuff.bat and SAVE the changes
Delete the FILES folder on your desktop
Double click on Find_Stuff.bat and post the new contents of Look1.txt in the new Files folder

Sorry, I thought I was being smart and saving you a step. I hope I did this right.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="????"
"hkey"="HKCU"
"command"="????"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="????"
"hkey"="HKCU"
"command"="????"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[quote name=\'guestolo\' post=\'255059\' date=\'Dec 10 2006, 09:46 PM\']That doesn't help cripplecreekranch
The Find_Stuff I was posting to you if for other keys in the registry

Can you do the following
Right click on Find_Stuff.bat and select EDIT
In the window that opens, select EDIT>>Select All
EDIT>>DELETE

Keep the window open
You should now have a blank Find_Stuff.bat file

In it's place, Copy>>Paste to the empty file
the Whole contents below in the Code box
DO NOT include the word "code" please

Code: [Select]

If not Exist files MkDir Files

echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices >files\ok1.txt

regedit /a files\ok1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce >files\ok2.txt

regedit /a files\ok2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run >files\ok3.txt

regedit /a files\ok3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok4.txt

regedit /a files\ok4.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run >files\ok14.txt

regedit /a files\ok14.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok15.txt

regedit /a files\ok15.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx >files\ok16.txt

regedit /a files\ok16.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"


echo doesn't exist HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg >files\ok5.txt

regedit /a files\ok5.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg"

cd files

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt
  
Type look.txt | find  /v /i "REGEDIT4" >> compare.txt 
Type compare.txt | find  /i "doesn't exist " >> compare2.txt
Type compare.txt | find  /v /i "doesn't exist" >> compare1.txt 

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt

Now close Find_Stuff.bat and SAVE the changes
Delete the FILES folder on your desktop
Double click on Find_Stuff.bat and post the new contents of Look1.txt in the new Files folder[/quote]

Do you still have Hijackthis?
Can you double click to Open Hijackthis.exe
>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Just want to see what it looks like, then we'll go from there
I'll link you to that recording software also, just let's see what we find first please

Oh, and can you still let me know the following
Can you also double check to make sure that your CDRW is found in "MyComputer"

Yes, the cd is in my computer. I got another floppy, but it doesn't fit into my computer....back to town to try to find another. I live in a really, really small one horse town.

Here's the hijack list

ACDSee
Ad-Aware SE Personal
Adobe Reader 7.0.8
BattleStrike
ccCommon
CCleaner (remove only)
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Desktop Taipei
Digital Cam
EPSON Printer Software
Family Tree Maker 9.0
HijackThis 1.99.1
HP Precisionscan Pro 3.1
Hunting Unlimited 2
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.6
LiveUpdate 3.0 (Symantec Corporation)
LOTR The Return of the King tm
Macromedia Flash Player 8
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office 2000 Disc 2
Microsoft Picture It! Photo 2002
Microsoft Plus! for Windows XP
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
PestPatrolv5
PhoneTools
QuickTime
Santa Cruz
Shockwave
SPBBC
Symantec
WinASO Registry Optimizer 2.8
Windows Defender Signatures
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinZip
WinZip Self-Extractor

[quote name=\'guestolo\' post=\'255290\' date=\'Dec 11 2006, 05:31 PM\']Do you still have Hijackthis?
Can you double click to Open Hijackthis.exe
>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Just want to see what it looks like, then we'll go from there
I'll link you to that recording software also, just let's see what we find first please

Oh, and can you still let me know the following
Can you also double check to make sure that your CDRW is found in "MyComputer"[/quote]

Can you do the following
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Double click on fix.reg and allow to add/merge to the registry
Reboot your computer

Back in Windows
We should update your version of Java for Security reasons
Malware can exploit older versions

Download the latest version of Sun Java
Use the Windows OFFLINE installation
h ttp://www.java.com/en/download/manual.jsp
I'm sorry, the forum is having problems, I can't direct link you to the download
If you can copy>>paste the above url to your browser address bar, remove the space between the h and the ttp
You can get there directly

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation Multi-language

Save the file to your Desktop.
Don't install it yet

Open your Windows control panel>>Start>>control Panel
Ensure you are in Classic view
Double click to open the Java Icon>>Under the General tab select "Delete Files"
Leave all 3 selections checked and click OK
Exit Java

Access your Add/remove programs via Control Panel
Remove
J2SE Runtime Environment 5.0 Update 6
Reboot again

then install the latest version from the installer on your desktop
You can delete the installer once installed
The updater is not that reliable, I usually go into Windows Control panel and open the Java icon
Click on the Update tab, and uncheck
"Check Automatically"
Apply it and click Never at the prompt
Check manually every month or so for updates

Come back here
Double click on find_stuff.bat again
Post the contents of look1.txt

NOTE: I see an entry related to HP's Share-to-Web
Did you have this install and uninstall it?

P.S. Can you NOT click the Reply button just beneath my reply
Instead, use the ADD REPLY button, just a bit lower
That will eliminate the quote response

I did have hp share to web, it came on my computer and yes I think I did take it off. Is that a problem?
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

Can you delete fix.reg on the desktop

remake a new fix.reg
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

Double click on fix.reg and allow to add/merge to the registry
Reboot your computer

Are you still having problems? Did you manage to get the new firmware installed?

Here's the link to the burning software I mentioned before, not compatible with all CD/DVD drives
But I believe yours is compatible
Take a look
www.cdburnerxp.se/ (http://\"http://www.cdburnerxp.se/\")

thanks for the link! I don't know why you were having me make the changes to my registry?? As for the firmware I'm still trying to get a new floppy drive. The one they had woundn't fit and now I have to order one. Like I said before I live in a really small town and this kind of thing takes a while. I will let you know as soon as I get the drive. Thanks & hope you had a Merry Christmas

Ok, I got the floppy fixed finally. Dloaded the firmware no problem. When I try to reboot with the disk in it just goes back to windows. When I uninstall the cd and reboot with the disk found new hardware come on and puts it back.

I can click on the file on the floppy and get the dos window to come up. It asks for another disk, says its doing it's thing. But when I check the version in my device manager it says the old version.

Now what?

You will have to probably enter SETUP (BIOS) and set the FLOPPY to First boot device

That's why it's bypassing it

went to bios and found three things and the cd rom came on first then the harddrive then the removable drive. Here's the order i put them in:

removable drive
cd-rom
harddrive

It didn't actually say floppy anywhere, but windows did not start and the black screen told me to remove disks or
other media, press any key to restart. Still getting nowhere.

OK, forgot about the other disk the firmware had me make.......what a dummy. I now have version 109b in my field of drive. The crappy part is that after all that, the cd is still comming on.

I'm kind of grasping here, but I would like to ensure we eliminate malware completely
If this doesn't show anything, I would like to try another route
Eg.. disable scheduled tasks, etc...

But first, if you could
==Download AVG Anti-Spyware 7.5 (http://\"http://www.ewido.net/en/download/\")

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).

I'll need to see this log later
Reboot the computer

Back in Windows
Can you post the log from AVG-Antispyware
On top of that, just as a triple check
Download [color=\"#0000FF\"]gmer.zip[/color] (http://\"http://www.majorgeeks.com/GMER_d5198.html\")
Unzip it to the desktop.
Double click on gmer.exe

Click on Scan.
DO NOT select 'Show All'
When the scan has run click Copy and paste the results (if any) into this thread

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:59:36 PM 1/15/2007

+ Scan result:

Nothing found.

::Report end

GMER 1.0.12.12011 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-01-15 16:56:13
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT 81DC51F0 ZwAlertResumeThread
SSDT 81DC52D0 ZwAlertThread
SSDT 81DC5CB0 ZwAllocateVirtualMemory
SSDT 829483F8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 81DC4DD0 ZwCreateMutant
SSDT 81DC5E80 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 81DC5AE0 ZwFreeVirtualMemory
SSDT 81DC4EB0 ZwImpersonateAnonymousToken
SSDT 81DC4F90 ZwImpersonateThread
SSDT 81DD47E0 ZwMapViewOfSection
SSDT 81DC4CF0 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 81DC5DA0 ZwOpenProcessToken
SSDT 81DC5798 ZwOpenThreadToken
SSDT 81DC4C00 ZwQueryValueKey
SSDT 81E12180 ZwResumeThread
SSDT 81DC56B8 ZwSetContextThread
SSDT 81DC5878 ZwSetInformationProcess
SSDT 81DC55D8 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 81DC4B20 ZwSuspendProcess
SSDT 81DC5418 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 81DC54F8 ZwTerminateThread
SSDT 81DC5958 ZwUnmapViewOfSection
SSDT 81DC5BC0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-583907252-1343024091-1417001333-1004$201c4052e551831.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-583907252-1343024091-1417001333-1004$201c4052e551831.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Stacey\Favorites\COMPUTERS\CDBurnerXP Pro - free burning solution Home - News.url:favicon
ADS C:\Documents and Settings\Stacey\Favorites\COMPUTERS\cripplecreekranch topic - TheTechGuide Forum.url:favicon
ADS C:\Documents and Settings\Stacey\Favorites\EBAY\Negative-Neutral Feedback.url:favicon
ADS C:\Documents and Settings\Stacey\My Documents\dloaded stuff\instmsiw.exe:SummaryInformation
ADS C:\Documents and Settings\Stacey\My Documents\dloaded stuff\instmsiw.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP363\A0034334.exe:SummaryInformation
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP363\A0034334.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP364\A0034336.exe:SummaryInformation
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP364\A0034336.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...

---- EOF - GMER 1.0.12 ----

I'm not sure what's happening on your end
Have you tried booting to safe mode and see if the problem persists
I guess it probably wouldn't but just check it out

Afterwards, let's try some troubleshooting

Go to start>>run>>type in msconfig
Hit OK
Under the STARTUP tab>>DISABLE ALL>>APPLY it
Under the SERVICES tab>>Put a check in "hide all Microsoft services" and then click DISABLE all>>APPLY it and click CLOSE
DON'T reboot the computer at the prompt

Go to start>>all programs>>accessories>>System tools>>Scheduled tasks
RIGHT click each sceduled task and select PROPERTIES
Under the TASK tab uncheck ENABLED and then APPLY it
Do that for each scheduled task

Shut down the computer

Disconnect from the Internet Physically by unplugging the cable
Restart back to Normal windows,
Do you still get the CD spinning up?

sigh.....the cd is still comming on. I thought that maybe it had worked, it might be my imagination, but I think it is comming on less often.

sigh.....the cd is still comming on. I thought that maybe it had worked, it might be my imagination, but I think it is comming on less often.

It didn\'t come on in safe mode

Hello, anybody still here??

Sorry, I'm out of ideas
One more thought
Just by chance
Can you try the following
Download ASPIcheck.exe (http://\"http://radified.com/Files/aspichk_4712.exe\")
Save it too desktop
Double click on it, Is ASPI working properly? What version no's does each file have beside it?

Have you tried disabling AUTOPLAY?
,You could try a new cd player if nothing else works

Sorry, I just thought I had been lost in the shuffle. Didn't know you ran out of idea's.

I turned off auto play and it still comes on

ASPI32.SYS 4.71.1
WOWPOST.EXE 4.6 (1021)
WINASPI.DLL 4.6 (1021)
WNASPI32.DLL 4.71.1

Well, that's it then. Thank you so much for the time you put in with me.

if you havin probs, i suggest just buy a new cd and floppy drive and take out the old ones and put in the new ones

Please don't gravedig. This topic is 9 months old. I'm going to go ahead and close this.

TheTechGuide Forum

General Category => Tech Clinic => Topic started by: guestolo on December 09, 2006, 03:24:08 PM