TechSpot

Strange issue with View Workgroup

By jobeard
Mar 11, 2009
  1. Usually I'm answering questions but this time I'm stumped.
    View Entire Network->Microsoft Windows Network->Workgroup is strange in that
    1. all systems on the Lan show-up alright and
    2. I can browse or expand any to see the actual shares on the other systems except ---
    3. my local system itself!​
    4. All other systems can access the local shares correctly with user/pwd, but
    5. the list of active systems is sans the local system.
    Strange! This once was correct;
    (1,2 and 4) says the firewall is not an issue (ports 135-139+445 are open to all LAN based systems and the broadcast port is open too)
    and that the Computer Browser is operating.
    I can even Map a Share which is local to the same system
    eg: t:\RealEstate -> \\local\c:\RealEstate

    System is XP/Pro + SP2 which is current
    Yes I've even tested with the firewall shudown (SunBelt Personal FW 4)

    The attachment is a list of the settings applied.
    (the local system IsDomainMaster and all others never provide Master Browser Support; OS X, Win/98se, Linux6/7)
     

    Attached Files:

  2. simplepcguy

    simplepcguy TS Rookie

    Just wondering, have you checked the Event Log to see if you have any "Browser Wars" going on (read: any forced Browser Elections)? I recently had a strange one like this and it ended up being, somehow, that even thought the client was a DHCP client, the "node type" (see ipconfig /all) got changed away from "hybrid".

    Just a thought. But the above node type issue really jacked the Browser Election functions and I found it in the Event Log.
     
  3. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    good call but no joy. (thanks for the suggestion)

    currently
    Code:
    Windows IP Configuration
            Host Name . . . . . . . . . . . . : ltbeard
            Primary Dns Suffix  . . . . . . . :
            Node Type . . . . . . . . . . . . : [COLOR="Red"]Mixed[/COLOR]
            IP Routing Enabled. . . . . . . . : No
            WINS Proxy Enabled. . . . . . . . : No
            DNS Suffix Search List. . . . . . : socal.rr.com
    I moved away from hybrid to Mixed to change the order of the network query

    Code:
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    Key: NodeType
    Value Type: REG_DWORD - Number
    Valid Range: 1,2,4,8 (B-node, P-node, M-node, H-node) 
    An M-node computer broadcasts first, and then queries the name server.
    An H-node computer queries the name server first, and then broadcasts.
    As this is a Workgroup system w/o a DC, there is no WINS server so why request something that is known to fail?
    (btw: same symptom even with Hybrid setting)

    Firewall log shows broadcast on port 137 (192.168.x.255:147)
    Outbound traffic (192.168.x.y:445)
    Inbound traffice (192.168.x.y:139)

    Event ID: 6004 (said by MS to be safely ignored)
    • Event Type: Error
      Event Source: EventLog
      Event Category: None
      Event ID: 6004
      Date: 2009-03-13
      Time: 09:53
      User: N/A
      Computer: LTBEARD
      Description:
      A driver packet received from the I/O subsystem was invalid. The data is the packet.

      For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
      Data:
      0000: 0c 00 e0 00 0e 00 00 00 ..à.....
      0008: 9e b2 40 4e fc a3 c9 01 ž²@Nü£É.
      0010: 40 00 00 00 00 00 00 00 @.......
      0018: 00 00 00 00 04 00 4e 00 ......N.
      0020: 00 00 00 00 cb 0b 00 80 ....Ë..€
      0028: 00 00 00 00 10 00 00 c0 .......À
      0030: 00 00 00 00 00 00 00 00 ........
      0038: 00 00 00 00 00 00 00 00 ........
      0040: 4d 00 52 00 78 00 53 00 M.R.x.S.
      0048: 6d 00 62 00 00 00 5c 00 m.b...\.
      0050: 44 00 65 00 76 00 69 00 D.e.v.i.
      0058: 63 00 65 00 5c 00 4c 00 c.e.\.L.
      0060: 61 00 6e 00 6d 00 61 00 a.n.m.a.
      0068: 6e 00 52 00 65 00 64 00 n.R.e.d.
      0070: 69 00 72 00 65 00 63 00 i.r.e.c.
      0078: 74 00 6f 00 72 00 00 00 t.o.r...
      0080: 57 00 4f 00 52 00 4b 00 W.O.R.K.
      0088: 47 00 52 00 4f 00 55 00 G.R.O.U.
      0090: 50 00 00 00 4e 00 65 00 P...N.e.
      0098: 74 00 42 00 54 00 5f 00 t.B.T._.
      00a0: 54 00 63 00 70 00 69 00 T.c.p.i.
      00a8: 70 00 5f 00 7b 00 44 00 p._.{.D.
      00b0: 35 00 37 00 33 00 31 00 5.7.3.1.
      00b8: 36 00 39 00 43 00 2d 00 6.9.C.-.
      00c0: 43 00 38 00 38 00 31 00 C.8.8.1.
      00c8: 2d 00 34 00 33 00 30 00 -.4.3.0.
      00d0: 31 00 2d 00 38 00 41 00 1.-.8.A.
      00d8: 30 00 43 00 2d 00 00 00 0.C.-...
    but I suspect this is still related

    This morning I just uninstalled the IPX/SPX stack (not present on network) and
    now nothing is shown under Workgroup.
    (event occurs before and after uninstall :( )

    I think I'm going to reinstall IPX/SPX and see if that will jog the symptoms ...
     
  4. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    There use to be 'Browser Election' events, but as this PC is the major and the others are considered minor, I set this PC
    IsDomainMaster = TRUE
    MaintainServerList = Yes ​
    and all other systems are DomainMaster = FALSE

    [edit] Should be Domain Master = No [/edit]
     
  5. simplepcguy

    simplepcguy TS Rookie

    Still recommend Hybrid "h node"

    Hey Jobeard, While I fully agree that "mixed" makes more sense and a simple windows workgroup doesn't have a WINS server, the way I fixed the network (a friend's home network running wifi), was by setting the "always on" PC from "mixed" back to "hybrid". Used same reg hack to force it too. In testing I also played around with making "IsDomainMaster = True" and "MaintainServerList = Yes", (don't you miss the old days when you could simply set this in the NIC's properties), but I found his network finally became most stable when I returned everything to default. Again, I fully agree that the way I tried and the way you have it should be the more stable as you don't want the other PC's, especially the non Windows PC's to attempt to become the Master Browser. In my friend's case, all of the other PCs were laptop so I wanted his "always on" desktop to stay the Master Browser. Honestly, I took several packet captures (my native profession) and I had Browser Wars until I returned everything to default and set everyone to h-nodes. Go figure. I chalked it up to WIN-XP simply wanting its way instead of the logical way. Are you saying that when you remove IPX that the entire Browser List goes away? If so, are you sure you're not segmented somehow such that your Broadcast frames aren't getting end-to-end on your LAN? Thinking out loud.
     
  6. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    good info there :) I'll do some more work as suggested.

    as to segmenting; nope. all systems are in the x..x.x.1-x.x.x.4 range attached to a common router :)

    yes, removal of IPX stopped the display of all workgroup names!
    I'll first try the type=Hybrid again and report back.

    tnx: 10^6
    Jeff
     
  7. simplepcguy

    simplepcguy TS Rookie

    Try setting both: nodes to type "h" and return the Browser Parameters too.

    I just double checked both of my XP-Pro PCs, currently on, on my Windows workgroup (w/o WINS server), both the laptop and the (always on) desktop have:
    IsDomainMaster = False
    MaintainServerList = Auto

    Again, while several papers at both technet and M/S talk about setting these to the values you currently have, my actual testing is that it settles down and acts properly when set as above and all of the DHCP clients are h-nodes. Go figure :confused:

    Remove (temp) IPX and do these steps. Then wait long enough for the Master Browser to build a new Browser List and then to distribute it to the other PC. I would wait some time and let it settle down. Maybe flame one or two of them off, then on, to "kick start" the new list.
     
  8. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    ok, will do; meanwhile, I just went to my Mac and modified the smb.conf to read(in part)
    [global]
    ...
    browseable = yes
    preferred master = no
    local master = yes
    domain master = auto
    workgroup = WORKGROUP
    name resolve order = hosts lmhosts bcast​
    Guess what; All systems appear under Workgoup :)
    run->cmd /k net view​
    also show all (has to if the GUI is to work)

    hmm; now, WHICH system is the MASTER browser???
     
  9. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    done
    sheez; DomainMaster = FALSE would ensure any other system wins :( grrr.
    In an election sequence, I want my system to win ALWAYS.

    Prior post: which is M.B.?; clearly the Mac as putting it to sleep then reverts to prior behavior, nothing shown UNTIL the mac comes online again.

    just wonderful; Samba config works as advertise; MS doc leads you into the swamp :(
     
  10. simplepcguy

    simplepcguy TS Rookie

    I think this has to do with the difference between the "Domain Master Browser" and the "Master Browser". The Domain Master Browser is assumed to be, almost expected to be, on another segment/LAN therefore each "local" segment/LAN has a Master Browser. These workgroups exist on local LANs and therefore really don't care about the DomainMasterBrowser, nor do they expect there to be a WINS Server.

    I'm not familiar with MAC's playing in the NETB world, but my first read (before I scrolled down) of your MAC settings, my assumption was the MAC would be the local Master Browser, because of the "local master = yes". Indeed it was. Is there a setting of "auto" for that value? I have seen on two occasions, where MACs come on line and force a Browser Election, and win, regardless of the "silly" built-in, I'm bigger than you are" rule that M/S uses (which dates back to the old LANMAN specs).

    Back to Windows: I believe "IsDomainMaster" causes a PC to keep the Domain Master Browser function, whereas in workgroups, you only need a "Master Browser" role active. So I leave it to its default of "False" and let them Broadcast each other to establish the local Master Browser.

    Obviously, I'm just trying to help....
     
  11. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    >>Obviously, I'm just trying to help....

    Good comments --- you are and I appreciate another head musing over the issue.
    I'll attempt to neuter the Mac and try the IsMaster change ...
     
     
  12. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    here's the (sad) results

    C:\Documents and Settings\nMaster>nbtstat -c
    Local Area Connection:
    Node IpAddress: [0.0.0.0] Scope Id: []
    NetBIOS Remote Cache Name Table
    Name Type Host Address Life [sec]
    ------------------------------------------------------------
    WORKGROUP <00> UNIQUE 208.67.216.132 557

    Thats part of the OpenDNS stuff, but has no right to access my workgroup:
    Action taken: set firewall to DENY the remote address (208.67.216.132)
    took same action on the \\emac's firewall so as to not cache it there either

    XP IsDomainMaster = TRUE
    MaintainServerList = AUTO
    system \\emac off line (ie sleeping)

    C:\Documents and Settings\nMaster>nbtstat -n
    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Local Name Table
    Name Type Status
    ---------------------------------------------
    LTBEARD <00> UNIQUE Registered
    LTBEARD <20> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    WORKGROUP <1E> GROUP Registered
    WORKGROUP <1D> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered << OK THERE IS ONE!

    however; browsing workgroup is futile (no systems do not show up at all)​

    XP IsDomainMaster = Yes
    MaintainServerList = AUTO
    (emac sleeping)
    C:\Documents and Settings\nMaster>nbtstat -n
    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Local Name Table
    Name Type Status
    ---------------------------------------------
    LTBEARD <00> UNIQUE Registered
    LTBEARD <20> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    WORKGROUP <1E> GROUP Registered
    WORKGROUP <1D> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered

    however; browsing workgroup is futile (no systems do not show up at all)​

    C:\Documents and Settings\nMaster>nbtstat -a emac
    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Remote Machine Name Table
    Name Type Status
    ---------------------------------------------
    EMAC <00> UNIQUE Registered
    EMAC <03> UNIQUE Registered
    EMAC <20> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered << emac is Master
    WORKGROUP <00> GROUP Registered
    WORKGROUP <1D> UNIQUE Registered
    WORKGROUP <1E> GROUP Registered

    and of course, browsing works on all systems​

    (sleep the emac again)
    XP IsDomainMaster = FALSE
    MaintainServerList = AUTO
    C:\Documents and Settings\nMaster>nbtstat -n
    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Local Name Table
    Name Type Status
    ---------------------------------------------
    LTBEARD <00> UNIQUE Registered
    LTBEARD <20> UNIQUE Registered
    LTBEARD <03> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    WORKGROUP <1E> GROUP Registered
    WORKGROUP <1D> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered <<<
    and
    C:\Documents and Settings\nMaster>nbtstat -a ltbeard
    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Remote Machine Name Table
    Name Type Status
    ---------------------------------------------
    LTBEARD <00> UNIQUE Registered
    LTBEARD <20> UNIQUE Registered
    LTBEARD <03> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    WORKGROUP <1E> GROUP Registered
    WORKGROUP <1D> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered <<<​

    yet, NO JOY on workgroup (no systems do not show up at all)
    This is the apparent solution, but no browsing results :grrr:

    btw: on the \\eMac, the test is
    nmblookup -M -- -
    -----------------------
    query __MSBROWSE__ on 192.168.x.255
    192.168.x.4 __MSBROWSER__ <01> << which is the XP!

    I'm at a total loss :eek: :confused:
     
  13. simplepcguy

    simplepcguy TS Rookie

    J.O. Beard, this is a very strange one indeed.

    Shooting from the hip here, but I would change the workgroup name to something other than workgroup. First do your prefered Master Browser, let it reboot and let's see if it can see itself (plus maybe the "WORKGROUP" workgroup that might still be advertised). Then change the MAC to the same new workgroup name, but leave the others alone. It will be interesting to see how it follows the new workgroup name. It should, but then again, this thing is not playing by the rule now is it. :rolleyes:
     
  14. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    any port in a storm --- progress to follow ...
     
  15. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    XP IsDomainMaster = FALSE
    MaintainServerList = AUTO
    (emac sleeping)
    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Local Name Table
    Name Type Status
    ---------------------------------------------
    LTBEARD <00> UNIQUE Registered
    KITTYHAWK <00> GROUP Registered
    LTBEARD <03> UNIQUE Registered
    LTBEARD <20> UNIQUE Registered
    JEFF <03> UNIQUE Registered
    KITTYHAWK <1E> GROUP Registered
    KITTYHAWK <1D> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered
    no joy

    XP IsDomainMaster = FALSE
    MaintainServerList = Yes
    (emac sleeping)
    C:\Documents and Settings\Jeff>nbtstat -a ltbeard
    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Remote Machine Name Table
    Name Type Status
    ---------------------------------------------
    LTBEARD <00> UNIQUE Registered
    KITTYHAWK <00> GROUP Registered
    LTBEARD <03> UNIQUE Registered
    LTBEARD <20> UNIQUE Registered
    JEFF <03> UNIQUE Registered
    KITTYHAWK <1E> GROUP Registered​

    alter old boat anchor (98se) to same workgroup = KITTYHAWK
    C:\Documents and Settings\Jeff>nbtstat -a 98sedesktop

    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Remote Machine Name Table
    Name Type Status
    ---------------------------------------------
    98SEDESKTOP <00> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    98SEDESKTOP <03> UNIQUE Registered
    98SEDESKTOP <20> UNIQUE Registered
    WORKGROUP <1E> GROUP Registered

    BUT; not seen here C:\Documents and Settings\Jeff>nbtstat -n

    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Local Name Table
    Name Type Status
    ---------------------------------------------
    LTBEARD <00> UNIQUE Registered
    KITTYHAWK <00> GROUP Registered
    LTBEARD <03> UNIQUE Registered
    LTBEARD <20> UNIQUE Registered
    JEFF <03> UNIQUE Registered
    KITTYHAWK <1E> GROUP Registered
    KITTYHAWK <1D> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered
    expected to also see 98SEDESKTOP <00> UNIQUE Registered
    and 98sedesktop can not browse KITTYHAWK either

    emac settings for the above were unmodified (system left sleeping)

    brought online
    C:\Documents and Settings\Jeff>nbtstat -a emac

    Local Area Connection:
    Node IpAddress: [192.168.0.4] Scope Id: []
    NetBIOS Remote Machine Name Table
    Name Type Status
    ---------------------------------------------
    EMAC <00> UNIQUE Registered
    EMAC <03> UNIQUE Registered
    EMAC <20> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    WORKGROUP <1E> GROUP Registered​

    and not joined to KITTYHAWK (as expected)
    purely fyi on OS X:
    accessing \\ltbeard\sharename works regardless of the workgroup name
    (ie while it is shown and can be altered in the prompt, it doesn't matter (kittyhawk, workgroup, some_bogus_name) as long as the user/pwd is correct :blackeye:​

    [edit] browsing from the emac works fine with XP as the <browser>:confused: [/edit]
     
  16. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    I Give UP!

    wasted a whole day w/o progress and there is a viable alternative;

    View Workgroup provides two servicves:
    1. enumerate which systems are online
    2. and list shares on each system
    An alternative approach is run->\\systemname which will provide (2) if that system
    is online. There is no solution for (1) when you have no idea of what's available on the subnet,
    but HEY -- this is a small home lan and I better be able to count and name everything in the house :)

    This alternative works to access (in my case) OS X, Win/98se, Linux6/7 and even local XP/shares.
    The reverse access to Win/XP Pro from each system works per normal platform specifics.

    I am done here.

    Thanks for your time and input to this process.

    For the record; the specific config options at this juncture are:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    NodeType Dword 0x08 (ie Hybrid)

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
    IsDomainMaster REG_SZ Yes

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
    MaintainServerList REG_SZ Yes

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
    IsDomainMaster Dword 0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
    IRPStackSize Dword 0x25
     
  17. simplepcguy

    simplepcguy TS Rookie

    Hey J.O.,

    Not to open an old wound this early ;) , but I was racking my brain about this and thought of something I came across a few years back that worked, but I'm not sure exactly what the setting does under the M/S covers, but I thought I would throw it out to you (just in case).

    I had loaded a 3rd party "security lockdown patch" on one of my WinXPPro PCs and it would no longer see the workgroup. I found that (among other things) it changed the setting for "Use Simple File Sharing". I get to that setting by doing a right-click on Start, then Explore, then Tools, Folder Options, View, and then scroll down to the bottom of the list. If Use Simple File Sharing is checked, then uncheck it. If it is unchecked, then check it.

    Again, I'm most likely telling you something you already know, but just in case. This worked for me, but I really don't know why. I investigated some, but couldn't find anything definitive.

    Your call. Take care.
     
  18. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    hmm; interesting and I might toggle that setting to see the effect -- HOWEVER,
    I want more than Simple Sharing (which then forces access to be authenticated as
    opposed to using the Guest Access route).

    I'll report back later -- other 'real work' necessary today :)

    tnx
     
  19. mflynn

    mflynn TS Rookie Posts: 2,793

    The mention of Simple File Sharing rang a bell with me. I had an issue don't remember that tho, but it took reversing what I had and rebooting then putting it back.

    After simplepcguy's post and the above if no joy do this:

    D/L and install Windows Resource Kit
    Listed as 2003 but works in Vista, XP and 2K
    http://www.microsoft.com/downloads/...69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en

    The install must be to the default location do not change

    Then do the below

    Left Drag mouse and Copy for Pasting all text in the box below.
    Make sure the slider bar goes to bottom from the @ to the end of the second exit.
    Then paste to the black screen of an open command prompt.
    Code:
    @echo off
    :: Fix Access denied
    cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
    
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
    
    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
    exit
    exit
    Reboot to test!

    Mike
     
  20. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    > Dear jobeard,
    >
    > The mention of Simple File Sharing rang a bell with me. I had an issue don't remember that tho,
    > but it took reversing what I had and rebooting then putting it back.
    >
    > After simplepcguy's post and the above if no joy do this:
    >
    > D/L and install Windows Resource Kit
    > Listed as 2003 but works in Vista, XP and 2K
    > http://www.microsoft.com/downloads/...69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en
    >

    hmm; I have Pgm Files\Win Resource Kits\Tools but the readme.html is imprecise as to any release date or versioning :(


    > cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
    >
    > subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    > subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
    > subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
    > subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
    > subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
    >
    I have no issues with regedit nor NTFS permissions

    > secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
    hmm; Tools\secedit not present; my version is other than yours


    > :: Remove AntiVirus2009
    > attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
    > attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
    > attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
    > attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"

    Antivirus 2009 is not present on this system anywhere :)

    > del "%UserProfile%\Desktop\Antivirus 2009.lnk" /f /q
    > del "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk" /f /q
    > del "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll" /f /q
    > del "%UserProfile%\Start Menu\Antivirus 2009\*.*" /f /q
    >
    > rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"
    >
    > attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
    > rd /s/q "c:\Program Files\Antivirus 2009"
    >
    > attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
    not present
    > attrib -h -s -r c:\WINDOWS\system32\scui.cpl
    not present
    > attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
    not present

    >

    > reg delete HKEY_CURRENT_USER\Software\75319611769193918898704537500611
    > reg delete HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
    > reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
    > reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
    > reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"​

    these keys are not present either :)

    I greatly appreciate the input and effort there :grinthumb
     
  21. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    not a problem
    sadly -- still no joy
     
  22. mflynn

    mflynn TS Rookie Posts: 2,793

    LOL!

    JO I posted the AntiVirus 2009 stuff by accident and removed it I thought pretty quickly.

    But the post as it is now is what I intended!

    But from your post I have no idea what you did.

    True you may not have an Obvious permissions issue. But then that's what everyone thinks. But you are not everyone!:D

    Did you reverse the Simple file sharing then reboot and reverse it back?

    And did you do the copy/paste operation? I know you can find the scedit but if not the rest is complete the scedit is just a kicker!

    Mike
     
  23. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    the email notice included the data at the time of <submit> :)
    simple regedit and NTFS inspections
    yes, but I need to follow-up to verify that the stinking <everyone> group is not present :(
    As there were none of those items present, I did not -- if I had found just one, I would have abandon the inspection and opted for your instructions :)

    Again, thank you
     
  24. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,446   +324

    hmm; just discovered that NET SEND was not allowed (port 138 on the broadcast address).

    there may be more firewall issues here ...
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.