Author Topic: help...OLDMAN, i'm creating a new thread as advised by u  (Read 38905 times)

0 Members and 1 Guest are viewing this topic.

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #30 on: November 28, 2007, 09:29:28 PM »
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [03/31/2003 12:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-29 04:09:47 ------------


michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #31 on: November 28, 2007, 09:48:27 PM »
hi Oldman,

forgot to inform u that i cant find this

HKEY_CLASSES_ROOT>AutoRun>2>Shell>open>Command

in my registry key.

i just check my C:drive n out of sudden a lots of hidden files n folders were shown out(previouly none)

and one of them is the MS DOS application name NTDELECT.COM(47kb).

should i delete this file too?

in a lost now as i may hv done a lot of error to my pc now bcos of not properly follow ur instruction.

as at now, my pc still boot n runs normally.

hope i'm giving u a clear information in troubleshooting the error on my pc.


Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #32 on: November 28, 2007, 10:22:22 PM »
Hi

What is the error you are recieving?

NTDELECT.COM

I'd move it to the chest.

right click the "a" icon, select start avast, click on the chest

in the chest, click users button
right click in the white window and select add
browse to the NTDELECT.COM(47kb) file, click on it and then click add.
once the file is in the chest, you'll see it in the window, close the chest

Now go and delete the file.

In windows explorer, click tools, folder options, view tab


-uncheck Show hidden files and folders.

-check Hide protected operating system files (recommended)

As for the reg key. Is this the one that you thought you deleted? I'll have to look it up and see if it's required. I'll get back to you on that.

The log looks fine.

Open OTMOVEIT then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #33 on: November 28, 2007, 11:38:39 PM »
hi Oldman.

as instructed, i've moved the NTDELECT,COM into virus chest followed by manual deletion of this file from my C:drive then proceed wt the uncheck of my hidden file.

then i'm using the OTMoveIT to do the clean up. after the clean up were done, it request for a reboot

which i click yes.

from then on, my pc were unable to boot into windows wt no error message display.

it keeps restart but unable to boot into windows.

i'm now login from my frens pc.

need help badly now.

thanks
michaelong

p/s: might be inconvenience for me to follow your advice if i can log in wt my own pc.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #34 on: November 28, 2007, 11:45:00 PM »
Did you get the right file as there is a legitimate file called NTDETECT.COM which starts your system


http://pcsupport.about.com/od/fixtheproblem/ht/ntldrntdetect.htm  fix here

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #35 on: November 28, 2007, 11:49:47 PM »
hi essexboy,

thanks for your quick response n your link.

indeed i've deleted the NTDELECT.COM file(MS DOS application 47kb) from my C:drive

thought it was a virus. :( ???

« Last Edit: November 28, 2007, 11:59:38 PM by michaelong »

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #36 on: November 29, 2007, 12:03:12 AM »
Look very carefully at the spelling in your post "ntde L ect" and essexboy's "ntde T ect". If the file was spelled like essexboy's then that was a windows file.

Do you or your friend have a xp cd?

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #37 on: November 29, 2007, 12:12:46 AM »
hi Oldman,

now i start to recall that it seems like NTDETECT.COM n not NTDELECT.com.
think i i've deleted it wrongly.
got a phobia towards those words start wt NT.COM
i got the cd on hand but i've forgotten the admin password
which stopped me from doing the neccessary reinstallation of those missing file.
any other option beside the recovery console?
thx Oldman for your quick reply. ;D ;D

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #38 on: November 29, 2007, 12:26:13 AM »
Can't remember the pass word, hey. Can understand the phobia.

Well if you are sure your friend's computer is clean, you could put your hd in his as a slave drive and copy the file. I think,   ??? I'll have to check with some others just to make certain that will work. So wait till you hear from me, ok?

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #39 on: November 29, 2007, 12:52:06 AM »
hi Oldman,

i'm thinking of doing the repair instead of recovery since i cant remember the passwords.

will let u know when i'm done wt the repair.

not sure if the cd compatible bcos previously i installed the windows wt my original acer recovery cd sp1.

i'm now using the xp sp2 oem retail for the repair.

til then, i'm off to my repairs. ;D

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #40 on: November 29, 2007, 01:25:27 AM »
I don't know if that will work, your system is oem,so the authentication number will be different.

Is your computer capble of using floppys? I have a ntfs bootdisk capable of read/write. I can send it to you by e-mail

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #41 on: November 29, 2007, 01:41:17 AM »
hi Oldman,

it works, when i enter my oem cd key.

as for floppy, sad to say that it wasn't supported on my laptop.

anyway, i'm now halfway wt my repairing but it seems to be taking ages.... :-\ :-\

dont know whats wrong...felt like more than an hours already n still not yet done.


michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #42 on: November 29, 2007, 02:08:35 AM »
argh Oldman, landing myself into deeper problem.

finally when the windows repair process done, it boot into windows and  request for activation

which i did but it doesnt recognise my oem cd key.

i cant log on into windows now.

what can i do now.

pls help.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #43 on: November 29, 2007, 02:19:02 AM »
That's what I tried to warn you about. oem and retail don't mix. I was posting to tell you that I also have an iso (cd) version that probably would have worked.

I think you are going to have to use your acer cd to restore it back to factory, which means a reformat.

Before you do that I think if you use the number on the cd, the repair will work and you can get your stuff off the computer and restore it later.

If you chose repair all of your personal stuff will be intact.

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #44 on: November 29, 2007, 02:35:06 AM »
hi Oldman,

will try to repair wt the original recovery cd(4 cds) but seems to recall(if i'm not mistaken) that no cd keys were needed during installation.

forgot if there is a repair option provided.

scared of not being able to back up if the oem cd does not provide this option.

mean time, i'll wait for your further advice before proceed wt the repairing.

been making too many mistakes from bad to worst.

thanks for your advice n curse myself for not heeding your advice earlier.

regards
michaelong
« Last Edit: November 29, 2007, 02:50:48 AM by michaelong »