Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DVD Drives Suddenly don't AutoPlay [Solved]


  • This topic is locked This topic is locked

#46
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 346 posts
Crowbar, I set the search engine in Internet Explorer as you suggested. I also ran Malwarebytes and ESET Online Scanner last night. I'm at work now, and when I get home I will post the logs.
  • 0

Advertisements


#47
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 346 posts

The version of MBAM I have doesn't allow the quick scan, so I selected Custom and scanned the entire C:\ drive which is where I have Windows XP and other programs.  (I don't know why it considered the AdwCleaner program as malware.)  The ESET Online Scanner log follows after the MBAM log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/23/2014
Scan Time: 7:39:03 PM
Logfile: Malewarebytes log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.23.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Robert

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 448251
Time Elapsed: 2 hr, 52 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.AI, C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe, , [5c69d6574e2d1026b38b93ddcb3625db],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=825d1550b1849741844aa6762bdea4e7
# engine=18021
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-24 11:53:18
# local_time=2014-04-24 07:53:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5889 16768446 80 100 194934335 242956266 0 231839598
# compatibility_mode=8201 16776701 100 100 3142 163521210 0 0
# scanned=165489
# found=16
# cleaned=0
# scan_time=10027
# nod_component=V3 Build:0x30000000
sh=AFD4C5BE68BEB1874253342B336ABFB66090875F ft=1 fh=fac42028bb66406e vn="a variant of Win32/DealPly.I potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{4951C443-AB5D-4F15-A593-23DE599BBCAB}\RP23\A0010426.exe"
sh=C3263C889C59DE6EE0FEC6D0E3186E2F1F5D245A ft=1 fh=615783887b929f9d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{4951C443-AB5D-4F15-A593-23DE599BBCAB}\RP23\A0010428.exe"
sh=AFD4C5BE68BEB1874253342B336ABFB66090875F ft=1 fh=fac42028bb66406e vn="a variant of Win32/DealPly.I potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{4951C443-AB5D-4F15-A593-23DE599BBCAB}\RP25\A0010743.exe"
sh=B4999423560821078A701C830A844565417020A9 ft=0 fh=0000000000000000 vn="a variant of Generik.LBDXRD trojan" ac=I fn="C:\System Volume Information\_restore{4951C443-AB5D-4F15-A593-23DE599BBCAB}\RP27\A0010785.msi"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{4951C443-AB5D-4F15-A593-23DE599BBCAB}\RP35\A0011335.exe"
sh=6532E702EB130B7875CA7026ECD85950455D3DD5 ft=1 fh=0b51c5b377466bac vn="a variant of MSIL/Injector.AJP trojan" ac=I fn="F:\Games\Echoes of the Past 4 The Revenge of the Witch Collector's Edition [FINAL]\Echoes of the Past 4 The Revenge of the Witch Collector's Edition [FINAL].exe"
sh=FE9278DF3059AE7ABF9763AC67A8DB3CCF02C210 ft=1 fh=cfa18f16964461ef vn="a variant of MSIL/Injector.AJP trojan" ac=I fn="F:\Games\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL]\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL].exe"
sh=9AD551F10022126268241BB39E20DD340D8C47D2 ft=1 fh=5725295b227c03a7 vn="a variant of MSIL/Injector.AJP trojan" ac=I fn="F:\Games\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL]\setup.exe"
sh=06EFEFA6BDDE2B9687992AEA84E540711206A7D9 ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.PJR trojan" ac=I fn="F:\Games\Haunted Legends The Queen of Spades Collector's Edition\hltqos-jaguar.iso"
sh=A3401C8D94C4626EF644521D901956546A935899 ft=1 fh=e8ab8586c82227a8 vn="MSIL/Agent.NAV trojan" ac=I fn="F:\Games\Hidden Expedition Devils Triangle with Strategy Guide - New HOG\DevilsTriangle.exe"
sh=B4B1B451D2EACB85C0321DE0B0B6D6D1E9F9F752 ft=1 fh=6e26043e0529c1f3 vn="a variant of MSIL/Injector.SC trojan" ac=I fn="F:\Games\Macabre.Mysteries.Curse.of.the.Nightingale.v1.0.MERRY.CHRISTMAS-TE\Setup.exe"
sh=DA31F0899408CEF627342E54CA4A6DF7BD84FA99 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\Games\Maestro Music Of Death Collector's Edition v2[FINAL]\Maestro Music Of Death Collector's Edition v2 [FINAL].iso"
sh=E4D2EBECB603C51CD4A3063191ED7665F8675BC6 ft=1 fh=176af96af651a837 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="F:\PROGRAM MASTERS\IsoBuster Pro 3.1 Build 3.1.0.0 Final\isobuster_all_lang.exe"
sh=2740AF4EAB0672E755920856D7D0E26AAD08AB08 ft=0 fh=0000000000000000 vn="Win32/HackTool.WpaKill.C potentially unsafe application" ac=I fn="Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\AntiWAT.XP.2k3.Activator.zip"
sh=354CBEAAED498DEAF7B5B17FDCFBA67BD53D0692 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\Antiwpa-V3.4.6 for X64 and X86.ZiP"
sh=DE44EA1FE63D858756CA81EB3F1D631210D68D99 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.O potentially unsafe application" ac=I fn="Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\Generic Antiwpa-2.3-WinXP-2k3.ZiP"

 

(I notice that some of the ESET findings refer to games that I have on F:\ and Z:\ drives.  These are "hidden object games" and I suspect the findings are false positives.)
 


Edited by Jackpine, 24 April 2014 - 06:50 PM.

  • 0

#48
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts

Hi Jackpine,
I am not worried about MBAM detecting one of our tools, they wont be there much longer. ;)

In the ESET scan, the first 5 detections are in your system restore area - I will clear those restore points on our cleanup.

Those detections of those game files:  I don't think they are false positives, they don't look like FP's to me,
it all depends on where you got them from.  Remember my warning about uTorrent? If you downloaded those games via torrents,
I will bet the farm that they are infected.  Most executables downloaded via torrents will come with a nasty suprise.

I also see some Windows XP cracks on your Z: drive - this is a great way to get infected, they love to hide nasty little surprises in those kind of files, and I have to mention that they are illegal as well.
I have previously advised you to get rid of uTorrent, I still feel this is the source of your problems....
Please seriously consider dumping Windows XP as Microsoft has stopped any security patches, any new exploits will remain unpatched.

I will supply an OTL script to delete these files, its up to you to run it or not.

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :files
    F:\Games\Echoes of the Past 4 The Revenge of the Witch Collector's Edition [FINAL]\Echoes of the Past 4 The Revenge of the Witch Collector's Edition [FINAL].exe
    F:\Games\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL]\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL].exe
    F:\Games\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL]\setup.exe
    F:\Games\Haunted Legends The Queen of Spades Collector's Edition\hltqos-jaguar.iso
    F:\Games\Hidden Expedition Devils Triangle with Strategy Guide - New HOG\DevilsTriangle.exe
    F:\Games\Macabre.Mysteries.Curse.of.the.Nightingale.v1.0.MERRY.CHRISTMAS-TE\Setup.exe
    F:\Games\Maestro Music Of Death Collector's Edition v2[FINAL]\Maestro Music Of Death Collector's Edition v2 [FINAL].iso
    F:\PROGRAM MASTERS\IsoBuster Pro 3.1 Build 3.1.0.0 Final\isobuster_all_lang.exe
    Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\AntiWAT.XP.2k3.Activator.zip
    Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\Antiwpa-V3.4.6 for X64 and X86.ZiP
    Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\Generic Antiwpa-2.3-WinXP-2k3.ZiP
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

After that ....
Subject to no further problems :)

I will remove my tools now and give some security recommendations,
I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

Oh look, I seem to have made a mess on your desktop with all of my tools, let's clean them all up, and reset some System Restore points at the same time.

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run

The program will run for a few moments and then notepad will open with a log. You can paste the log in your next reply

javaicon.gif
Do you use Java  If you do not use it, you are better off uninstalling it completely.  Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list.  If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent
Please intstall this program to ensure that the crypto ransomware malware does not take hold of your system.
CryptoPrevent.JPG


mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infected in the first place
Microsoft - Help prevent malware infection on your PC


Keep safe :wave:


  • 0

#49
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 346 posts

Crowbar, I ran the OTL fix.  Log is below.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
F:\Games\Echoes of the Past 4 The Revenge of the Witch Collector's Edition [FINAL]\Echoes of the Past 4 The Revenge of the Witch Collector's Edition [FINAL].exe moved successfully.
F:\Games\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL]\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL].exe moved successfully.
F:\Games\Haunted Hotel 4 Charles Dexter Ward With Guide [FINAL]\setup.exe moved successfully.
F:\Games\Haunted Legends The Queen of Spades Collector's Edition\hltqos-jaguar.iso moved successfully.
F:\Games\Hidden Expedition Devils Triangle with Strategy Guide - New HOG\DevilsTriangle.exe moved successfully.
F:\Games\Macabre.Mysteries.Curse.of.the.Nightingale.v1.0.MERRY.CHRISTMAS-TE\Setup.exe moved successfully.
F:\Games\Maestro Music Of Death Collector's Edition v2[FINAL]\Maestro Music Of Death Collector's Edition v2 [FINAL].iso moved successfully.
F:\PROGRAM MASTERS\IsoBuster Pro 3.1 Build 3.1.0.0 Final\isobuster_all_lang.exe moved successfully.
Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\AntiWAT.XP.2k3.Activator.zip moved successfully.
Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\Antiwpa-V3.4.6 for X64 and X86.ZiP moved successfully.
Z:\DOWNLOADS\Windows XP Home SP3 en-US IE8 NET4 WMP11 Feb11 2014\Patch\Generic Antiwpa-2.3-WinXP-2k3.ZiP moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Robert
->Temp folder emptied: 26383445 bytes
->Temporary Internet Files folder emptied: 436015 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118523449 bytes
->Flash cache emptied: 2109 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73280 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 139.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04252014_175826

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

I will report back in 24 hours.
 


  • 0

#50
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts

:thumbsup:


  • 0

#51
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 346 posts

Hi Crowbar,

 

Everything is running well.  No signs of strange behaviour, and my optical drive autoplay function continues to operate correctly!

 

Thank you for your help in all this, and to phillpower2 as well (who I thanked earlier when he solved the autoplay problem.)


  • 0

#52
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts

You are most welcome Jackpine!

 

I do hope you get a computer with a newer operating system soon, I am concerned for your online safety!

If you end up with a brand new machine, try Start 8 for Windows 8 and 8.1 - it makes it more tolerable.

 

:)


  • 0

#53
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP