Trouble with DVD drive - done the 8 steps

[narcodave]

Mike
Thanks for such a thorough reply. I really appreciate all the help given. I managed to work through everything listed. I have written what I did below.

Windows Search did not find ???????????????e, advanced search did not find it either.
It no longer appears in Regseeker.
I managed to disable most of the services listed, some services were not shown.
Ccleaner ran twice all clear. Ran ATF cleaner/K cleaner.

I created a new restore point and ran diskcleanup as requested.

LookinAround .
Thanks once again for your input.

To answer your question the CD/DVD disappears for the whole time between reboots. It does not come and go.
Ran autoruns again. The pesky ???????????????e is still there. I have tried unchecking it and rerunning autoruns and also trying to delete it. Each time it reappears. I have included the Autoruns text file.

Sorry but with the RegDelNull application I am confused or lacking the knowledge to install it where you asked. I have the zip folder but cannot extract it to system32, get the message access denied. If I save it to system 32 first it is not shown under the directory. I am not computer savvy enough to work out what needs doing. If you could expand some more I will try again. At present I have saved it to my hard drive and await further info on how to install it and running from an "elevated position.

Ok thats all for now, thanks once again

 

[mflynn]

Ok we are teamed up here so I will leave the Regnull to LookinAround and I will tackle farther Malware searches.

With the exception of this. Boot into BIOS and find the QuickBoot setting and disable it. This makes the BIOS double check the RAM and a couple other things and report them to the screen. In my 30 years doing this work i have had situations where a device did not have time to initialize and this gives it more time.

Do not do this yet but the next step is to Reverse the Plug and Pray, I mean Plug and Play setting in the BIOS! Only do this after all below is done and we still have issues!

As this is a startup autorun, something is putting it back.

Do this as a test for me.
1. In normal mode use HJT to remove it then close and rerun HJT again and see if still back.
If so it is not being removed at all in first place.

Repeat as above with AutoRuns delete and close Autoruns and then run again.

2. Repeat #1 above exactly in Safe Mode!

3. Get me results from above.

Then..

We ran DrWeb Cureit in Safe mode and perhaps it was not able to see it as it (???????e) is not running in Safe Mode.

So delete the DRweb you have, download and run another but run this time in normal mode.

Then to be D-Double sure get and run this also!
http://majorgeeks.com/Kaspersky_Virus_Removal_Tool_d4515.html

Mike

 

[narcodave]

Hi Mike

Sorry for delay in replying but it was the New Year festival here in Thailand.
So here is what I managed.
I ran HJT and autoruns in normal mode and safe mode, no difference, the entry remains.
Kaspersky virus checker came back clean. Ran Dr Wed cureit but entry still remains.

Rebooted into Bios and this is where I get stuck. I did not see any where to reverse the plug and play setting from the options displayed, also did not see anywhere to disable the quick boot. I am using Vista Home premium, don't know if this matters or I am just not looking in the right place. Any help as always appreciated

 

[mflynn]

No BIOS is on the Motherboard, Vista has not booted yet and is not a factor here.

Go into BIOS again and get the BIOS name and version. Something like Award, Phoenix or AMD and a Rev number.

Mike

 

[narcodave]

Mike

Under BIOS is says:

BIOS Version V2.70
VGA BIOS Version ATI UMA V 008.050I.017000.18675

Hope this is what you are after.

Dave

 

[narcodave]

Was this information no help or is it just the problem is unsolveable?

Dave

 

[LookinAround]

Hi narcodave :wave:

I lost track of your thread amongs the shuffle of other things. Will read through to catch up and post back again sometime later today. Hope you enjoyed your New Years!

 

[LookinAround]

Hi Narcodave

About your ????????? issue
I can still see it in your Autoruns file. I’d like to next see it from your registry's point of view. Then we'll run RegDelNull

• Open an [post=728156]elevated Command Prompt Window (click for info to open / copy/ paste to this window[/post]
• Copy/paste each of the two command lines below into the command window. Each will create a file on your desktop
  

  regedit /E “%userprofile%\desktop\hklm_run.txt” "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
  regedit /E “%userprofile%\desktop\hkcu_run.txt” "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"

• Attach the files hkcu_run.txt and hklm_run.txt to your next post:
• As for RegDelNull, unzip RegDelNull.zip. Copy RegDellNull.exe to C:\ root folder on your C: drive. Then copy/paste to an elevated prompt window
  

  C:\regdelnull -s hklm 
  C:\regdelnull –s hkcu

• Does it find any embedded nulls?

I'll follow up a bit later with info about your CD issue

 

[kritius]

From looking back over the thread ComboFix was run, several issues pop out from reading the log that were not followed up on.

Norton has not been removed properly and the system isn't recognising Avira, or AVG8 which are also seemingly still installed.

p2p still installed/recognised and with a direct route through the firewall.

If you were to go by the last log alone (and please don't) a script would have been,

Run the removal tools for Norton and AVG and then,

Folder::
d:\program files\BitTorrent
c:\users\dave webster\AppData\Roaming\BitTorrent

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
"?????????"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0AB2071-D905-4001-BC3F-B0112B046820}"=-
"{36FFC604-EE12-40B3-9776-4040907DC824}"=-
"TCP Query User{F57CAB69-BC2E-44B6-9BA8-AB6E47B5691C}c:\\users\\dave webster\\program files\\dna\\btdna.exe"=-
"UDP Query User{AA66C541-56F3-411B-A302-9B7269B5B211}c:\\users\\dave webster\\program files\\dna\\btdna.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=-

This should have been done after ComboFix was run initially.

 

[LookinAround]

Thanks kritius

Narcodave

Pls continue working with kritius until your system gets a "clean-bill-of-health". I'll then be back if there's any remaining system/hardware (vs malware) issues (i'm currently suspect your CD/DVD issue is BIOS/hardware related. But let's see about that when kritius is done with you!)

 

[kritius]

Uninstall the version of combofix that you have,

go to start > run and type combofix /u

OTListIt2 by OldTimer

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please attach these files and post it with your next reply.