MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Hardware Support arrow Hardware Devices Problems arrow Topic: Cd drive is possessed! Has a life of its own!
June 04, 2020, 11:11:37 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 04, 2020, 11:11:37 PM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Cd drive is possessed! Has a life of its own!  (Read 2081 times)
jjames
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« on: July 11, 2004, 02:33:22 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: XP
Problem Application Name & Version: dunno
Problem Hardware Make & Model: IDE CDR/ RW 8X4X32
....which sits below a SAMSUNG DVD-ROM SD-6125
Error Messages:



Cheesy
hi there. Hope someone can help.
Basically one of my cd drives has a life of its own.
Shocked
Im qutie sure its nothing todo with bugs or viruses, i have got full protection and firewalls , mcfee latest protection, against evils.


I am using windows XP, now the thing is, ive been using this about half a year, and i never had any cd problems before, its the same cd drive. Then i got some viruses and reformatted and started using full protection and cleared all last bugs and viruses.

But it still comes alive!:( And it does it when it wants, and at the startup before windows even loads  its possessed!?

Tech support line said its hardware fault, how can it be a fault, it worked perfect till i got infected, & even after reformat & install protection its still crazy.
 
Undecided
someone help please, and can email the post to me also JJP@MAIL2UK.COM

MANY THANKS,

Jon w/ possessed cd drive  Grin
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: July 11, 2004, 03:33:20 PM »

Hi Jon..


**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**

Now...Would you please download Hijackthis---Important---Create a permanent folder
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from here
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
or here
http://aumha.org/downloads/hijackthis.exe

Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
jjames
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: July 12, 2004, 08:14:03 PM »

Tongue
hi cactas thanks very much for advice, here is the log that u ask for, hope u can be of some help, many thanks so far Smiley

jon.

Logfile of HijackThis v1.98.0
Scan saved at 21:12:58, on 12/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\Program Files\PPLU\pplw.exe
D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
D:\Program Files\Common files\updmgr\updmgr.exe
d:\windows\temp\adware\fsg_4104.exe
C:\My Documents\J. Folder\Auto Mouse Clicker\AutoMouseClicker.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\The Pickups\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [PPLockUp] D:\Program Files\PPLU\pplw.exe
O4 - HKLM\..\Run: [User Logger] D:\Program Files\UL\UsrLog.exe run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [McAfee Guardian] "D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [updmgr] D:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Trickler] "d:\windows\temp\adware\fsg_4104.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunOnce: [BullguardoptIn] D:\WINDOWS\Temp\BullGuard\bulldownload.exe
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C8D9A6A-BD8D-458D-A9A7-A451122C9966}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C8D9A6A-BD8D-458D-A9A7-A451122C9966}: NameServer = 195.92.195.94 195.92.195.95

Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: July 13, 2004, 02:30:24 AM »

Ok here's what i want you to do jjames...

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

updmgr.exe


Turn off System Restore. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL


O4 - HKLM\..\Run: [PPLockUp] D:\Program Files\PPLU\pplw.exe
O4 - HKLM\..\Run: [User Logger] D:\Program Files\UL\UsrLog.exe run

O4 - HKLM\..\Run: [updmgr] D:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Trickler] "d:\windows\temp\adware\fsg_4104.exe"

O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)


D:\Program Files\Common files\updmgr\updmgr.exe
d:\windows\temp\adware\fsg_4104.exe


Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

Post back and let us know how its going.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
jjames
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #4 on: July 14, 2004, 06:01:46 PM »

hi again cactus, thanks again for help.

i took ur advice, nad heres the news.

Being an intermediate comp user, there were a couple of things in ur list that i didnt fix/delete with "hijack" or manual delete, as i knew they were normal programs.
such as pplu.exe is a password program i installed.
And regarding temp folders, there were a couple such as specific windows updates from microsoft & sys32 "UPTEMP" folder with some important looking few files which i dared not touch.

Apart from that i followed ur instructions pretty much & this is the outcome.
Keep in mind i have a registered version of Mcfee virus protection scanner, firewall & a registry fixer. All of them are uptodate & detect no bugs or viruses.

The cd drive stopped going in an out Cheesy.... but now it does nothing Sad lol

Power is evident, but the power button is lit up RED Undecided. Its a cd rewriter, there is a writing and disk-in L-E-D light buttons.
Only the disk in is lit red, and there is no sign of life.

Undecided what todo. Huh? hope u can help again, regards

JON
« Last Edit: July 14, 2004, 06:04:17 PM by jjames » Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #5 on: July 14, 2004, 11:43:44 PM »

Post a new HJT Logfile....


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
jjames
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: July 15, 2004, 08:43:25 PM »

quote:
Originally posted by Cactus

Post a new HJT Logfile....


Cactus



Smiley here ya go mr cactus
thx
...

Logfile of HijackThis v1.98.0
Scan saved at 21:38:22, on 15/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\Program Files\PPLU\pplw.exe
D:\Program Files\UL\UsrLog.exe
D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\My Documents\System Programs & Files\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [PPLockUp] D:\Program Files\PPLU\pplw.exe
O4 - HKLM\..\Run: [User Logger] D:\Program Files\UL\UsrLog.exe run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [McAfee Guardian] "D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/15c455b88a0ab0ad9018/netzip/RdxIE601.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C8D9A6A-BD8D-458D-A9A7-A451122C9966}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C8D9A6A-BD8D-458D-A9A7-A451122C9966}: NameServer = 195.92.195.95 195.92.195.94



Logged

 
jjames
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #7 on: August 22, 2004, 12:38:50 PM »

Undecided

sorry to bother you guys, but if mr cactus or anyone else is around who can help still it would be much appriciated. I still have problems Huh?Embarrassed

thanks,

JON
Logged

 
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« Reply #8 on: January 13, 2005, 11:33:15 PM »

Hi there, I don't know if Cactus noticed or not, your version of HijackThis is outdated. The new version may find something that he can work with. You can download it here >>> http://www.spywareinfo.com/~merijn/files/HijackThis.exe Just thought I'd help.
Take Care
Tony
Logged

 
Chammy
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 12


Bookmark and Share

View Profile
« Reply #9 on: January 20, 2005, 10:07:16 PM »

Hey jjames,  thats the same processes I read on my Taskmanager also. All you have there is what I have also. Are these viruses cactus? I'm very concerned.
Logged

?
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 24, 2019, 04:03:01 PM