Optical Drive not detected after S.M.A.R.T. removal

[Roadtrekie]

Is the loss of CD/ROM DVD player a result of S.M.A.R.T. trojan/rootkit/whatever it is?

aswMBR crashed twice.
this is the second time trying to post this question--I got 500 error last time, so I don't know if this is a repeat or not.

Got a time out error this time, but got back up. It won't let me upload the OTL.txt.

 

[Jack]

Hi and welcome to the MALWARE TIPS forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

STEP 1. Run a scan with Kaspersky Virus Removal Tool
Click <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow external" rel="nofollow"><>here</></a> to download the Kaspersky Virus Removal Tool.
<ol>
<li>Save it to your desktop.</li>
<li>Double click the setup file to run it.</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />
STEP 2: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">RogueKiller Download Link</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.

<hr />
STEP 3: Run a scan with Eset Online Scanner.

<ol>
<li>Download ESET Online Scanner utility.
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET Online Scanner Download Link</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />


STEP 4: Run Windows Repair All in One
Download <><a title="External link" href="http://www.tweaking.com/content/page/windows_repair_all_in_one.html" rel="nofollow">Windows Repair by Tweaking.com</a></> to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com
<ol>
<li>Double-click <>tweaking.com_windows_repair_aio.zip</> and extract the <>Tweaking.com - Windows Repair</> folder to your desktop.</li>
<li>Now open this folder and double-click <>Repair_Windows.exe</>.</li>
<li>Click the <>Start Repairs</> tab on the far right.</li>
<li>Click the <>Start</> button (bottom right)
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.</li>
<li>Click <>Unselect All</></li>
<li>Put a checkmark in the following items:
<ul>
<li>Repair Hosts File</li>
<li>Remove Temp Files</li>
<li>Repair CD/DVD Missing/Not working</li>
<li>Remove Policies Set By Infections</li>
<li>Set Windows Services To Default Startup</li>
</ul>
Note: Leave everything else unchecked</li>
<li>Put a checkmark in <>Restart System When Finished</></li>
<li>Now click the <>Start</> button (bottom right)</li>
</ol>
<hr />
STEP 5: Download and run OTL

1. Please download the OTL utility from here : http://oldtimer.geekstogo.com/OTL.exe
2. Right-click on OTL.exe and select Run as Administrator to start OTL.
3. Double click on OTL.exe to run it.
4. Under the Custom Scan box paste this in:
   
   

   %SYSTEMDRIVE%\*.exe
   %ALLUSERSPROFILE%\Application Data\*.exe
   %APPDATA%\*.
   /md5start
   atapi.sys
   explorer.exe
   winlogon.exe
   Userinit.exe
   svchost.exe
   csrss.exe
   PrintIsolationHost.exe
   consrv.dll
   /md5stop
   %systemroot%\*. /mp /s
   hklm\software\clients\startmenuinternet|command /rs
   hklm\software\clients\startmenuinternet|command /64 /rs
   %systemroot%\system32\*.dll /lockedfiles
   %systemroot%\Tasks\*.job /lockedfiles
   %systemroot%\system32\drivers\*.sys /lockedfiles
   CREATERESTOREPOINT

5. Click the Quick Scan button.The scan wont take long.
   
6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
   Please post this 2 logs in your first reply.

<hr />

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.Kaspersky log
2.RogueKiller log
3.ESET log
4.OTL logs
5.Let me know if you had any problems with the above instructions and also let me know how things are running now!

 

[Roadtrekie]

Hi Jack-
Thanks for your help. I completed all the scans but still can't see my DVD drive. The scans did pick up a number of infections. One other problem I found when I was trying to back up some image folders was that I couldn't select multiple folders. That problem is now fixed.
I'm going to try the drive in another computer to see if it's a hardware problem. The drawer opens and closes, so it's a long shot, but a shot nonetheless.
No "Attachments" option appears under this editor box. Also, when I click on the image thumbnails on the "How to usethe attachment system" I get a page that says I don't have permission to access this page.
Please advise and I'll attach the logs to my next post.
Thanks again!

 

[Jack]

Good,you can check to see if it;s a hardware problem or not.Did you run the Windows Repair All in One utility?
Next,we will need to do an Combofix scan:

STEP 1 : Run a scan with Combofix
 
Download ComboFix from one of the following locations: 

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 
<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
<ul>
<li><>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em>performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><em>Click on <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="nofollow external"><>this link</></a> to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.</em>
-----------------------------------------------------------</li>
</ul>
<ul>
<li>Close any open browsers.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</></li>
<li>Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.</li>
<li>If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------</li></ul>

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
   
3. When finished, it shall produce a log for you. 
   [*]Please include the C:\ComboFix.txt in your next reply.

Notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li>  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />
What's next?

Please post in your next reply:
1.Combofix log
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[Roadtrekie]

The DVD worked fine on another computer (though it took some searching to find cabling that would work--it's 5 years old and still uses Molex connectors).

I ran Combofix. The computer rebooted and I waited until the txt report popped up, which I saved to my desktop. I then clicked on outlook.exe in my quicklaunch bar and got this message:
"Illegal operation attempted on a registry key that has been marked for deletion."
I got the same message when I tried to launch IE9 and the snip tool, so have switched to the older computer.

Yikes! What do I do?

 

[Jack]

Please reboot your computer to fix that notification.... Next,please add the combofix log to this thread.

 

[Roadtrekie]

I forgot to mention that I did run Window Repair before OTL, as you suggested in your original reply.
I'm back up and running now with no scary messages. Here's the ComboFix log, attached.

Well, it won't let me attached the combofix.txt file. I get "Loading. Please wait..." and a twirl that never stops or, when I try an update or edit, it gives me a 500 error.

 

[Roadtrekie]

But now, there it is!?

 

[Jack]

Thank you.I'll take a look at it shortly.
In the mean time,can you please run this Microsoft FixIt utility,to see if this will restore your DVD issue:
- http://support.microsoft.com/mats/cd_dvd_drive_problems/en-us

 

[Roadtrekie]

The Microsoft FixIt utility didn't work.

 

[Roadtrekie]

I tried the following:
Changed SATA connections--I have 4 3G's. No effect.
Changed cable: No effect.
Per advice of ASUS, who made the MB and the drive, I reset the CMOS and flashed the BIOS to their most current version: No effect.
After rebooting several times, once getting a bluescreen, another getting a DOS message that went by too fast for me to read it, I switched the drive cable to a 6G port (it's a 3G drive).
On reboot, I have access to the drive, but it still doesn't show up in the SATA drive info of the BIOS. It DOES show up as a bootable device, and works, at least for now. I'm not sure what's going on but will check with ASUS when I have some time, having lost too many days already to deal with it at the moment.

Thanks for all your help and, if you ever find a person who thinks spreading viruses is fun, I'll help with the lynching.

Roadtrekie