Author Topic: cripplecreekranch topic (Read 2006 times)

guestolo · « **on:** December 09, 2006, 03:24:08 PM »

POST 1 by
cripplecreekranch

Hi,

I have a _NCR NR-7200A CD reader/writer that turns on all the time; probably every 10-15 min. I can be sitting here with nothing open on the computer, nothing in the drive and the light will come on and you can hear the machine turn on. I have done a ton of spyware/adware, virus scans ect. The computer comes up clean. If media player is open and on when this happens it will make the music skip....it's driving me crazy. I have lots of ram and available disk space, any suggestions?
===========================================

I omitted Hijackthis log, but we may need it later
===========================================
My reply
Do you remember installing anything before this issue started?

What is the make and model of this computer?
Is that the exact name of the CDrom drive you posted earlier

Can you check in Device manager to ensure you posted the correct name please
=====================================================
cripplecreekranch
response
Hi,

I have had this problem for quite some time, but I really don't think I installed
anything new......I don't normally add stuff.

Make & model:
Dell, Dimension 4400
Pentium 4, 1.70 GHZ

I made a typo with the CD name, Here's the correct number:
CD-ROM drive = _NEC NR-7900A
============================================
My reply
Do you mean you can hear the CDrom spin up?

Can you check the following
Go to START>>RUN>>type in services.msc
Hit OK

In the new window, right hand side scroll to
IMAPI CD-Burning COM Service

Double click on it
In the startup type drop down bar, is it set to Automatic or Manual
If it's set to Automatic, can you change it to Manual
Apply and OK it
Reboot the computer

Is that any help?
How long have you had this system?
Have you checked on Dell's site for a firmware update?
Look in your Device manager>>Double click on your drive>>>DETAILS tab
Are you using version 1.08?

You appeared to have Roxio software installed, in this correct?
Sometimes old Roxio burning software may cause problems
Look in add/remove programs for software related to Roxio, is there any?
====================================================

cripplecreekranch

Yes, I can hear the cd spin up

The setting was already on manual

I bought the computer in 2001

Driver version - 5.1.25.35.0 dated 7/1/2001

Yes, I have Roxio easy cd creator 5

====================================================

My Reply
Can you again go into the Device manager and double click on your CD drive
Open the DETAILS tab
Are you using version 1.08?

You will see a long named in the white box
as eg....
IDE\CDROMNEC_CDRW_NR-7900A______________******

Can you post the numbers back please
They may be the ones I omitted in asterisks
may give a clue of what firmware version your using

Here is some info on SP2 and Roxio easy cd creator 5
http://www.cd-burner-help.com/roxio-easy-cd.htm
Dell may have updates
If not, I may have a link to free software if there is no available update for your burning software

Can you post back the info above
Additionally, I just want to check on something

Just using this tool to identify some areas of the registry
Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix
==========================================

guestolo · « **Reply #1 on:** December 09, 2006, 03:29:19 PM »

CONTINUED>>
Reply from cripplecreekranch

I couldn't find any updates, so I just uninstalled Roxio and the cd player is still comming on.
If you do have a link for another burning software I'd love to try it. I never like Roxio.

The version is 1.8, sorry I was looking in the wrong place.

Here is the comfix log

Stacey - 06-12-09 5:48:59.89 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Stacey\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))

2006-12-07 08:38 <DIR> d-------- C:\Program Files\directx
2006-12-06 11:41 <DIR> dr-h----- C:\Documents and Settings\Stacey\Recent
2006-12-02 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-12-02 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2006-12-01 23:42 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-01 23:42 <DIR> d-------- C:\WINDOWS\nview
2006-12-01 23:41 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-12-01 23:41 <DIR> d-------- C:\NVIDIA
2006-12-01 08:55 <DIR> d-------- C:\WINDOWS\NV856968.TMP
2006-11-30 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2006-11-30 18:15 <DIR> d-------- C:\Program Files\City Interactive
2006-11-30 17:35 <DIR> d-------- C:\Program Files\EA GAMES

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-07 09:47 84528 --a--c--- C:\Documents and Settings\Stacey\Application Data\GDIPFONTCACHEV1.DAT
2006-12-07 08:41 -------- d-------- C:\Program Files\Microsoft Picture It! 2002
2006-12-07 08:28 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-06 11:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-06 10:09 -------- d-------- C:\Program Files\Adobe
2006-12-06 10:00 -------- d-------- C:\Program Files\Common Files
2006-12-05 19:27 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-19 10:08 -------- d-------- C:\Program Files\Norton AntiVirus
2006-11-19 10:03 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-19 10:03 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-19 10:03 -------- d-------- C:\Program Files\Symantec
2006-11-17 13:14 -------- d-------- C:\Program Files\WinASO
2006-11-17 07:02 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-16 07:10 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3b,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3b,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoControlPanel"=dword:00000000
"NoNetHood"=dword:00000000
"NoComputersNearMe"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=dword:00000000
"NoComputersNearMe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="

?"
"hkey"="HKCU"
"command"="

?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="

?"
"hkey"="HKCU"
"command"="

?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Disk Defragmenter.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Stacey.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Stacey.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

Completion time: 06-12-09 5:50:43.53
C:\ComboFix.txt ... 06-12-09 05:50

guestolo · « **Reply #2 on:** December 09, 2006, 03:31:10 PM »

Accidentally deleted other topic
Carry on here please
I moved this topic to the TechClinic section because the tools I'm asking you to run
I hope you don't mind, If we can't resolve this I'll move it back to the hardware section

The latest firmware version for your cdrw is found here under FIRMWARE section
http://support.dell.com/support/downloads/...=WW1&osl=EN
It doesn't appear to resolve your issue, but others, it may not hurt to try it
Some users having troubles installing it
One user at Dell forums suggest running it with this method

Quote

1) Create the floppy as directed.
2) Go into Device Manager and uninstall the NR-7900A CD drive.
3) Reboot with the floppy as directed and answer questions appropriately to update firmware.
4) When the success message appears after a few seconds and returns to the "A:>" prompt, manually run FWLD799B.EXE by entering it at the prompt. The actual firmware update for the NEC NR-7900A will begin and take far more than few seconds (perhaps a minute, +/-). When the update is done, the system returns to the prompt and the light on the drive is flashing.
5) Pop out the floppy and press CTL-ALT-DEL to reboot into Windows.
6) Check Device Manager again to be sure Windows re-installed the drive. If not, do it manually.

You should now see "109b" in the revision field of drive.

Let me know if it helps, verify you have updated the firmware in device manager and there are no error codes
Can you also double check to make sure that your CDRW is found in MyComputer please

I see some unknown characters in the startupreg registry key

Can you do the following for me please
From the bottom of this reply box, download and SAVE Run_Keys.zip to desktop

Right click on the file and EXTRACT the contents too desktop

Double click on Run_Keys.bat
A dos window will open then a text file should open
Can you copy>>paste back here the contents of that text file please

cripplecreekranch · « **Reply #3 on:** December 10, 2006, 12:15:24 PM »

It's great to see that the experts make mistakes too lol.

AAAAAHHHHH Now my floppy has calved; every disk I put in (even the ones that have my info on them) tells me
"A:\Is not accessible
No ID address mark was found on the floppy disk"

I tried to format the disk and that did not work either, I am told that windows was unable to complete format.

Can I use a CD instead?

Sorry to be such a pest, but this download doesn't work. After dl it informs me that there are no files to extract?? [color=\"#6a8da5\"]Run_Keys.zip[/color] ( 349bytes )
I know about the funny characters in my startup - at least that is where the used to be. Could never figure out what
they were and so they were left.

[quote name=\'guestolo\' post=\'254021\' date=\'Dec 9 2006, 12:31 PM\']Accidentally deleted other topic
Carry on here please
I moved this topic to the TechClinic section because the tools I'm asking you to run
I hope you don't mind, If we can't resolve this I'll move it back to the hardware section

The latest firmware version for your cdrw is found here under FIRMWARE section
http://support.dell.com/support/downloads/...=WW1&osl=EN
It doesn't appear to resolve your issue, but others, it may not hurt to try it
Some users having troubles installing it
One user at Dell forums suggest running it with this method

Let me know if it helps, verify you have updated the firmware in device manager and there are no error codes
Can you also double check to make sure that your CDRW is found in MyComputer please

I see some unknown characters in the startupreg registry key

Can you do the following for me please
From the bottom of this reply box, download and SAVE Run_Keys.zip to desktop

Right click on the file and EXTRACT the contents too desktop

Double click on Run_Keys.bat
A dos window will open then a text file should open
Can you copy>>paste back here the contents of that text file please[/quote]

guestolo · « **Reply #4 on:** December 10, 2006, 12:41:40 PM »

You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within

cripplecreekranch · « **Reply #5 on:** December 10, 2006, 04:35:19 PM »

I tried both quick and full format, no go. I don't know whats going on with these zip files. This one said that there was no files to extract as well. And when I try to right click and just choose open it tells me that the file is corrupt??
This is getting really frustrating and I'm sorry to be taking up so much of your time.

[quote name=\'guestolo\' post=\'254617\' date=\'Dec 10 2006, 09:41 AM\']You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within[/quote]

cripplecreekranch · « **Reply #6 on:** December 10, 2006, 07:56:22 PM »

Ok, I went an got the downloads from elsewhere.....at least I think they are the same ones. Here is both logs for you because I wasn't sure which one you would prefer.

FIND_STUFF

doesn't exist HKEY_LOCAL_MACHINE\CurrentControlSet\Services\Java
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Java
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Java
doesn't exist SYSTEM\CurrentControlSet\Services\ServiceHost
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:000001e8
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:1a,35,7b,6d,df,43,1f,65,c4,b3,85,a3,30,4a,22,22,61,61,38,36,33,\
31,63,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,89,52,d9,d1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:32,0f,48,b4,cd,8d,5b,16,e2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:a8,54,14,c0,59,97

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:48,0a,70,5d,61,f2,93,54,dd,5d,35,94,c7,c9,dd,3f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:da,2e,0b,cb,19,e1,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,6f,e3,94,f8,79,c4,01
"Type"=dword:00000031

RUN_KEYS

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip]
@="{E0D79304-84BE-11CE-9641-444553540000}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
@="NAV Helper"

[quote name=\'guestolo\' post=\'254617\' date=\'Dec 10 2006, 09:41 AM\']You should be able to use a CD
Set bios to boot to CD first
Strike that, it's in floppy diskette format

Did you try the quick format or Full format?
Do a full format
Your Floppy could of died, or you will have to check the connections inside the computer
Floppy drives are real cheap

But let's take a look at those runkeys
Runkeys.bat works on my side
Did you Unzip it first?

Let's try this instead
Download Find_Stuff.zip
EXTRACT the contents to desktop
Double click on Find_Stuff.bat
A dos window will open>>Scan and put a folder by the name "Files" on your desktop

Open the Files folder and post the contents of Look1.txt from within[/quote]

guestolo · « **Reply #7 on:** December 11, 2006, 12:46:06 AM »

That doesn't help cripplecreekranch
The Find_Stuff I was posting to you if for other keys in the registry

Can you do the following
Right click on Find_Stuff.bat and select EDIT
In the window that opens, select EDIT>>Select All
EDIT>>DELETE

Keep the window open
You should now have a blank Find_Stuff.bat file

In it's place, Copy>>Paste to the empty file
the Whole contents below in the Code box
DO NOT include the word "code" please

Code: [Select]

If not Exist files MkDir Files

echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices >files\ok1.txt

regedit /a files\ok1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce >files\ok2.txt

regedit /a files\ok2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run >files\ok3.txt

regedit /a files\ok3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok4.txt

regedit /a files\ok4.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run >files\ok14.txt

regedit /a files\ok14.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok15.txt

regedit /a files\ok15.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx >files\ok16.txt

regedit /a files\ok16.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"


echo doesn't exist HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg >files\ok5.txt

regedit /a files\ok5.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg"

cd files

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt
  
Type look.txt | find  /v /i "REGEDIT4" >> compare.txt 
Type compare.txt | find  /i "doesn't exist " >> compare2.txt
Type compare.txt | find  /v /i "doesn't exist" >> compare1.txt 

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt

Now close Find_Stuff.bat and SAVE the changes
Delete the FILES folder on your desktop
Double click on Find_Stuff.bat and post the new contents of Look1.txt in the new Files folder

cripplecreekranch · « **Reply #8 on:** December 11, 2006, 10:35:47 AM »

Sorry, I thought I was being smart and saving you a step. I hope I did this right.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="

?"
"hkey"="HKCU"
"command"="

?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="

?"
"hkey"="HKCU"
"command"="

?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[quote name=\'guestolo\' post=\'255059\' date=\'Dec 10 2006, 09:46 PM\']That doesn't help cripplecreekranch
The Find_Stuff I was posting to you if for other keys in the registry

Can you do the following
Right click on Find_Stuff.bat and select EDIT
In the window that opens, select EDIT>>Select All
EDIT>>DELETE

Keep the window open
You should now have a blank Find_Stuff.bat file

In it's place, Copy>>Paste to the empty file
the Whole contents below in the Code box
DO NOT include the word "code" please

Code: [Select]

If not Exist files MkDir Files

echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices >files\ok1.txt

regedit /a files\ok1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce >files\ok2.txt

regedit /a files\ok2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run >files\ok3.txt

regedit /a files\ok3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok4.txt

regedit /a files\ok4.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run >files\ok14.txt

regedit /a files\ok14.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce >files\ok15.txt

regedit /a files\ok15.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce"


echo doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx >files\ok16.txt

regedit /a files\ok16.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"


echo doesn't exist HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg >files\ok5.txt

regedit /a files\ok5.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg"

cd files

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt
  
Type look.txt | find  /v /i "REGEDIT4" >> compare.txt 
Type compare.txt | find  /i "doesn't exist " >> compare2.txt
Type compare.txt | find  /v /i "doesn't exist" >> compare1.txt 

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt

Now close Find_Stuff.bat and SAVE the changes
Delete the FILES folder on your desktop
Double click on Find_Stuff.bat and post the new contents of Look1.txt in the new Files folder[/quote]

guestolo · « **Reply #9 on:** December 11, 2006, 08:31:48 PM »

Do you still have Hijackthis?
Can you double click to Open Hijackthis.exe
>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Just want to see what it looks like, then we'll go from there
I'll link you to that recording software also, just let's see what we find first please

Oh, and can you still let me know the following
Can you also double check to make sure that your CDRW is found in "MyComputer"

cripplecreekranch · « **Reply #10 on:** December 14, 2006, 10:41:07 AM »

Yes, the cd is in my computer. I got another floppy, but it doesn't fit into my computer....back to town to try to find another. I live in a really, really small one horse town.

Here's the hijack list

ACDSee
Ad-Aware SE Personal
Adobe Reader 7.0.8
BattleStrike
ccCommon
CCleaner (remove only)
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Desktop Taipei
Digital Cam
EPSON Printer Software
Family Tree Maker 9.0
HijackThis 1.99.1
HP Precisionscan Pro 3.1
Hunting Unlimited 2
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.6
LiveUpdate 3.0 (Symantec Corporation)
LOTR The Return of the King tm
Macromedia Flash Player 8
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office 2000 Disc 2
Microsoft Picture It! Photo 2002
Microsoft Plus! for Windows XP
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
PestPatrolv5
PhoneTools
QuickTime
Santa Cruz
Shockwave
SPBBC
Symantec
WinASO Registry Optimizer 2.8
Windows Defender Signatures
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinZip
WinZip Self-Extractor

[quote name=\'guestolo\' post=\'255290\' date=\'Dec 11 2006, 05:31 PM\']Do you still have Hijackthis?
Can you double click to Open Hijackthis.exe
>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Just want to see what it looks like, then we'll go from there
I'll link you to that recording software also, just let's see what we find first please

Oh, and can you still let me know the following
Can you also double check to make sure that your CDRW is found in "MyComputer"[/quote]

guestolo · « **Reply #11 on:** December 14, 2006, 09:17:42 PM »

Can you do the following
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Double click on fix.reg and allow to add/merge to the registry
Reboot your computer

Back in Windows
We should update your version of Java for Security reasons
Malware can exploit older versions

Download the latest version of Sun Java
Use the Windows OFFLINE installation
h ttp://www.java.com/en/download/manual.jsp
I'm sorry, the forum is having problems, I can't direct link you to the download
If you can copy>>paste the above url to your browser address bar, remove the space between the h and the ttp
You can get there directly

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation Multi-language

Save the file to your Desktop.
Don't install it yet

Open your Windows control panel>>Start>>control Panel
Ensure you are in Classic view
Double click to open the Java Icon>>Under the General tab select "Delete Files"
Leave all 3 selections checked and click OK
Exit Java

Access your Add/remove programs via Control Panel
Remove
J2SE Runtime Environment 5.0 Update 6
Reboot again

then install the latest version from the installer on your desktop
You can delete the installer once installed
The updater is not that reliable, I usually go into Windows Control panel and open the Java icon
Click on the Update tab, and uncheck
"Check Automatically"
Apply it and click Never at the prompt
Check manually every month or so for updates

Come back here
Double click on find_stuff.bat again
Post the contents of look1.txt

NOTE: I see an entry related to HP's Share-to-Web
Did you have this install and uninstall it?

P.S. Can you NOT click the Reply button just beneath my reply
Instead, use the ADD REPLY button, just a bit lower
That will eliminate the quote response

cripplecreekranch · « **Reply #12 on:** December 17, 2006, 12:10:38 PM »

I did have hp share to web, it came on my computer and yes I think I did take it off. Is that a problem?
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

guestolo · « **Reply #13 on:** December 17, 2006, 10:25:18 PM »

Can you delete fix.reg on the desktop

remake a new fix.reg
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

Double click on fix.reg and allow to add/merge to the registry
Reboot your computer

Are you still having problems? Did you manage to get the new firmware installed?

Here's the link to the burning software I mentioned before, not compatible with all CD/DVD drives
But I believe yours is compatible
Take a look
www.cdburnerxp.se/

cripplecreekranch · « **Reply #14 on:** December 29, 2006, 11:21:04 AM »

thanks for the link! I don't know why you were having me make the changes to my registry?? As for the firmware I'm still trying to get a new floppy drive. The one they had woundn't fit and now I have to order one. Like I said before I live in a really small town and this kind of thing takes a while. I will let you know as soon as I get the drive. Thanks & hope you had a Merry Christmas

cripplecreekranch · « **Reply #15 on:** January 08, 2007, 10:18:15 AM »

Ok, I got the floppy fixed finally. Dloaded the firmware no problem. When I try to reboot with the disk in it just goes back to windows. When I uninstall the cd and reboot with the disk found new hardware come on and puts it back.

I can click on the file on the floppy and get the dos window to come up. It asks for another disk, says its doing it's thing. But when I check the version in my device manager it says the old version.

Now what?

guestolo · « **Reply #16 on:** January 09, 2007, 01:38:24 AM »

You will have to probably enter SETUP (BIOS) and set the FLOPPY to First boot device

That's why it's bypassing it

cripplecreekranch · « **Reply #17 on:** January 09, 2007, 11:08:54 AM »

went to bios and found three things and the cd rom came on first then the harddrive then the removable drive. Here's the order i put them in:

removable drive
cd-rom
harddrive

It didn't actually say floppy anywhere, but windows did not start and the black screen told me to remove disks or
other media, press any key to restart. Still getting nowhere.

cripplecreekranch · « **Reply #18 on:** January 10, 2007, 04:42:30 PM »

OK, forgot about the other disk the firmware had me make.......what a dummy. I now have version 109b in my field of drive. The crappy part is that after all that, the cd is still comming on.

guestolo · « **Reply #19 on:** January 12, 2007, 01:03:20 AM »

I'm kind of grasping here, but I would like to ensure we eliminate malware completely
If this doesn't show anything, I would like to try another route
Eg.. disable scheduled tasks, etc...

But first, if you could
==Download AVG Anti-Spyware 7.5

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).

I'll need to see this log later
Reboot the computer

Back in Windows
Can you post the log from AVG-Antispyware
On top of that, just as a triple check
Download [color=\"#0000FF\"]gmer.zip[/color]
Unzip it to the desktop.
Double click on gmer.exe

Click on Scan.
DO NOT select 'Show All'
When the scan has run click Copy and paste the results (if any) into this thread

News:

Author Topic: cripplecreekranch topic (Read 2006 times)