Show Posts

1

Tech Clinic / cripplecreekranch topic

« on: February 14, 2007, 01:11:11 PM »

Sorry, I just thought I had been lost in the shuffle. Didn't know you ran out of idea's.

I turned off auto play and it still comes on

ASPI32.SYS 4.71.1
WOWPOST.EXE 4.6 (1021)
WINASPI.DLL 4.6 (1021)
WNASPI32.DLL 4.71.1

Well, that's it then. Thank you so much for the time you put in with me.

2

Tech Clinic / cripplecreekranch topic

« on: February 13, 2007, 01:08:37 PM »

Hello, anybody still here??

3

Tech Clinic / cripplecreekranch topic

« on: January 21, 2007, 09:56:42 AM »

sigh.....the cd is still comming on. I thought that maybe it had worked, it might be my imagination, but I think it is comming on less often.

sigh.....the cd is still comming on. I thought that maybe it had worked, it might be my imagination, but I think it is comming on less often.

It didn\'t come on in safe mode

4

Tech Clinic / cripplecreekranch topic

« on: January 15, 2007, 08:01:09 PM »

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:59:36 PM 1/15/2007

+ Scan result:

Nothing found.

::Report end

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-15 16:56:13
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT 81DC51F0 ZwAlertResumeThread
SSDT 81DC52D0 ZwAlertThread
SSDT 81DC5CB0 ZwAllocateVirtualMemory
SSDT 829483F8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 81DC4DD0 ZwCreateMutant
SSDT 81DC5E80 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 81DC5AE0 ZwFreeVirtualMemory
SSDT 81DC4EB0 ZwImpersonateAnonymousToken
SSDT 81DC4F90 ZwImpersonateThread
SSDT 81DD47E0 ZwMapViewOfSection
SSDT 81DC4CF0 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 81DC5DA0 ZwOpenProcessToken
SSDT 81DC5798 ZwOpenThreadToken
SSDT 81DC4C00 ZwQueryValueKey
SSDT 81E12180 ZwResumeThread
SSDT 81DC56B8 ZwSetContextThread
SSDT 81DC5878 ZwSetInformationProcess
SSDT 81DC55D8 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 81DC4B20 ZwSuspendProcess
SSDT 81DC5418 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 81DC54F8 ZwTerminateThread
SSDT 81DC5958 ZwUnmapViewOfSection
SSDT 81DC5BC0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-583907252-1343024091-1417001333-1004$201c4052e551831.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-583907252-1343024091-1417001333-1004$201c4052e551831.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Stacey\Favorites\COMPUTERS\CDBurnerXP Pro - free burning solution Home - News.url:favicon
ADS C:\Documents and Settings\Stacey\Favorites\COMPUTERS\cripplecreekranch topic - TheTechGuide Forum.url:favicon
ADS C:\Documents and Settings\Stacey\Favorites\EBAY\Negative-Neutral Feedback.url:favicon
ADS C:\Documents and Settings\Stacey\My Documents\dloaded stuff\instmsiw.exe:SummaryInformation
ADS C:\Documents and Settings\Stacey\My Documents\dloaded stuff\instmsiw.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP363\A0034334.exe:SummaryInformation
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP363\A0034334.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP364\A0034336.exe:SummaryInformation
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP364\A0034336.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...

---- EOF - GMER 1.0.12 ----

5

Tech Clinic / cripplecreekranch topic

« on: January 10, 2007, 04:42:30 PM »

OK, forgot about the other disk the firmware had me make.......what a dummy. I now have version 109b in my field of drive. The crappy part is that after all that, the cd is still comming on.

6

Tech Clinic / cripplecreekranch topic

« on: January 09, 2007, 11:08:54 AM »

went to bios and found three things and the cd rom came on first then the harddrive then the removable drive. Here's the order i put them in:

removable drive
cd-rom
harddrive

It didn't actually say floppy anywhere, but windows did not start and the black screen told me to remove disks or
other media, press any key to restart. Still getting nowhere.

7

Tech Clinic / cripplecreekranch topic

« on: January 08, 2007, 10:18:15 AM »

Ok, I got the floppy fixed finally. Dloaded the firmware no problem. When I try to reboot with the disk in it just goes back to windows. When I uninstall the cd and reboot with the disk found new hardware come on and puts it back.

I can click on the file on the floppy and get the dos window to come up. It asks for another disk, says its doing it's thing. But when I check the version in my device manager it says the old version.

Now what?

8

Tech Clinic / cripplecreekranch topic

« on: December 29, 2006, 11:21:04 AM »

thanks for the link! I don't know why you were having me make the changes to my registry?? As for the firmware I'm still trying to get a new floppy drive. The one they had woundn't fit and now I have to order one. Like I said before I live in a really small town and this kind of thing takes a while. I will let you know as soon as I get the drive. Thanks & hope you had a Merry Christmas

9

Tech Clinic / cripplecreekranch topic

« on: December 17, 2006, 12:10:38 PM »

I did have hp share to web, it came on my computer and yes I think I did take it off. Is that a problem?
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

10

Tech Clinic / cripplecreekranch topic

« on: December 14, 2006, 10:41:07 AM »

Yes, the cd is in my computer. I got another floppy, but it doesn't fit into my computer....back to town to try to find another. I live in a really, really small one horse town.

Here's the hijack list

ACDSee
Ad-Aware SE Personal
Adobe Reader 7.0.8
BattleStrike
ccCommon
CCleaner (remove only)
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Desktop Taipei
Digital Cam
EPSON Printer Software
Family Tree Maker 9.0
HijackThis 1.99.1
HP Precisionscan Pro 3.1
Hunting Unlimited 2
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.6
LiveUpdate 3.0 (Symantec Corporation)
LOTR The Return of the King tm
Macromedia Flash Player 8
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office 2000 Disc 2
Microsoft Picture It! Photo 2002
Microsoft Plus! for Windows XP
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
PestPatrolv5
PhoneTools
QuickTime
Santa Cruz
Shockwave
SPBBC
Symantec
WinASO Registry Optimizer 2.8
Windows Defender Signatures
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinZip
WinZip Self-Extractor

[quote name=\'guestolo\' post=\'255290\' date=\'Dec 11 2006, 05:31 PM\']Do you still have Hijackthis?
Can you double click to Open Hijackthis.exe
>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Just want to see what it looks like, then we'll go from there
I'll link you to that recording software also, just let's see what we find first please

Oh, and can you still let me know the following
Can you also double check to make sure that your CDRW is found in "MyComputer"[/quote]

11

Tech Clinic / cripplecreekranch topic

« on: December 11, 2006, 10:35:47 AM »

Sorry, I thought I was being smart and saving you a step. I hope I did this right.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="

?"
"hkey"="HKCU"
"command"="

?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="

?"
"hkey"="HKCU"
"command"="

?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[quote name=\'guestolo\' post=\'255059\' date=\'Dec 10 2006, 09:46 PM\']That doesn't help cripplecreekranch
The Find_Stuff I was posting to you if for other keys in the registry

Can you do the following
Right click on Find_Stuff.bat and select EDIT
In the window that opens, select EDIT>>Select All
EDIT>>DELETE

Keep the window open
You should now have a blank Find_Stuff.bat file

In it's place, Copy>>Paste to the empty file
the Whole contents below in the Code box
DO NOT include the word "code" please

Code: [Select]

If not Exist files MkDir Files

echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices >files\ok1.txt

regedit /a files\ok1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce >files\ok2.txt

regedit /a files\ok2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run >files\ok3.txt

regedit /a files\ok3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok4.txt

regedit /a files\ok4.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run >files\ok14.txt

regedit /a files\ok14.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok15.txt

regedit /a files\ok15.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx >files\ok16.txt

regedit /a files\ok16.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"


echo doesn't exist HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg >files\ok5.txt

regedit /a files\ok5.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg"

cd files

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt
  
Type look.txt | find  /v /i "REGEDIT4" >> compare.txt 
Type compare.txt | find  /i "doesn't exist " >> compare2.txt
Type compare.txt | find  /v /i "doesn't exist" >> compare1.txt 

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt

Now close Find_Stuff.bat and SAVE the changes
Delete the FILES folder on your desktop
Double click on Find_Stuff.bat and post the new contents of Look1.txt in the new Files folder[/quote]

12

Tech Clinic / cripplecreekranch topic

« on: December 10, 2006, 07:56:22 PM »

Ok, I went an got the downloads from elsewhere.....at least I think they are the same ones. Here is both logs for you because I wasn't sure which one you would prefer.

FIND_STUFF

doesn't exist HKEY_LOCAL_MACHINE\CurrentControlSet\Services\Java
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Java
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Java
doesn't exist SYSTEM\CurrentControlSet\Services\ServiceHost
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:000001e8
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:1a,35,7b,6d,df,43,1f,65,c4,b3,85,a3,30,4a,22,22,61,61,38,36,33,\
31,63,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,89,52,d9,d1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:32,0f,48,b4,cd,8d,5b,16,e2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:a8,54,14,c0,59,97

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:48,0a,70,5d,61,f2,93,54,dd,5d,35,94,c7,c9,dd,3f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:da,2e,0b,cb,19,e1,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,6f,e3,94,f8,79,c4,01
"Type"=dword:00000031

RUN_KEYS

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip]
@="{E0D79304-84BE-11CE-9641-444553540000}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
@="NAV Helper"

[quote name=\'guestolo\' post=\'254617\' date=\'Dec 10 2006, 09:41 AM\']You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within[/quote]

13

Tech Clinic / cripplecreekranch topic

« on: December 10, 2006, 04:35:19 PM »

I tried both quick and full format, no go. I don't know whats going on with these zip files. This one said that there was no files to extract as well. And when I try to right click and just choose open it tells me that the file is corrupt??
This is getting really frustrating and I'm sorry to be taking up so much of your time.

[quote name=\'guestolo\' post=\'254617\' date=\'Dec 10 2006, 09:41 AM\']You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within[/quote]

14

Tech Clinic / cripplecreekranch topic

« on: December 10, 2006, 12:15:24 PM »

It's great to see that the experts make mistakes too lol.

AAAAAHHHHH Now my floppy has calved; every disk I put in (even the ones that have my info on them) tells me
"A:\Is not accessible
No ID address mark was found on the floppy disk"

I tried to format the disk and that did not work either, I am told that windows was unable to complete format.

Can I use a CD instead?

Sorry to be such a pest, but this download doesn't work. After dl it informs me that there are no files to extract?? [color=\"#6a8da5\"]Run_Keys.zip[/color] ( 349bytes )
I know about the funny characters in my startup - at least that is where the used to be. Could never figure out what
they were and so they were left.

[quote name=\'guestolo\' post=\'254021\' date=\'Dec 9 2006, 12:31 PM\']Accidentally deleted other topic
Carry on here please
I moved this topic to the TechClinic section because the tools I'm asking you to run
I hope you don't mind, If we can't resolve this I'll move it back to the hardware section

The latest firmware version for your cdrw is found here under FIRMWARE section
http://support.dell.com/support/downloads/...=WW1&osl=EN
It doesn't appear to resolve your issue, but others, it may not hurt to try it
Some users having troubles installing it
One user at Dell forums suggest running it with this method

Let me know if it helps, verify you have updated the firmware in device manager and there are no error codes
Can you also double check to make sure that your CDRW is found in MyComputer please

I see some unknown characters in the startupreg registry key

Can you do the following for me please
From the bottom of this reply box, download and SAVE Run_Keys.zip to desktop

Right click on the file and EXTRACT the contents too desktop

Double click on Run_Keys.bat
A dos window will open then a text file should open
Can you copy>>paste back here the contents of that text file please[/quote]

TheTechGuide Forum

News:

Messages - cripplecreekranch

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic

Tech Clinic / cripplecreekranch topic