No disk error on startup - HJT log included

[Guy Snape]

When I log in (only as myself, other logins don't seem to have this
problem) I get an error message:

Windows - No Disk
There is no disk in the drive. Please insert a disk into drive .
Cancel/Try Again/Continue

Note the space before the full stop in "Please insert a disk into drive
.." which seems to suggest that it doesn't even know what drive it wants
a disk in.

Any ideas which of the following is causing this?

Many thanks,

- guy
--------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:20:20, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Documents and Settings\Guy\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by ntl:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F3 - REG:win.ini: run=
O2 - BHO: Google Web Accelerator Helper -
{69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -
(no file)
O3 - Toolbar: Google Web Accelerator -
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost
Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program
Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowsServicesStartup]
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe 1
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and
Settings\Guy\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program
Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Google AdSense Preview Tool -
http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

 

[Gerry Cornell]

Guy

You have a number of questionable items listed.
http://www.elephantboycomputers.com/page2.html#Removing_Malware

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

When I log in (only as myself, other logins don't seem to have this
problem) I get an error message:

Windows - No Disk
There is no disk in the drive. Please insert a disk into drive .
Cancel/Try Again/Continue

Note the space before the full stop in "Please insert a disk into
drive ." which seems to suggest that it doesn't even know what drive
it wants a disk in.

Any ideas which of the following is causing this?

Many thanks,

- guy
--------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:20:20, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Documents and Settings\Guy\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
=
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896 R1 -
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by ntl:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F3 - REG:win.ini: run=
O2 - BHO: Google Web Accelerator Helper -
{69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IeCaptureBho Object -
{7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file)
O3 - Toolbar: Google Web Accelerator -
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program
Files\Agnitum\Outpost
Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Picasa Media
Detector] C:\Program
Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowsServicesStartup]
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe 1
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and
Settings\Guy\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program
Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Google AdSense Preview Tool -
http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet
Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development
a.s.
- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,
s.r.o.
- C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG -
C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) -
Agnitum -
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

 

[Kerry Brown]

When I log in (only as myself, other logins don't seem to have this
problem) I get an error message:

Windows - No Disk
There is no disk in the drive. Please insert a disk into drive .
Cancel/Try Again/Continue

Note the space before the full stop in "Please insert a disk into drive ."
which seems to suggest that it doesn't even know what drive it wants a
disk in.

Any ideas which of the following is causing this?

Yes, you are infected. This is not the appropriate place to get help with
HJT. See any of the following forums. For more use your favorite search
engine.

http://forums.techguy.org/54-security/

http://forums.majorgeeks.com/showthread.php?t=38752

http://www.bleepingcomputer.com/forums/forum22.html

http://www.tomcoyote.org/hjt/

 

[Rock]

When I log in (only as myself, other logins don't seem to have this
problem) I get an error message:

Windows - No Disk
There is no disk in the drive. Please insert a disk into drive .
Cancel/Try Again/Continue

Note the space before the full stop in "Please insert a disk into drive
." which seems to suggest that it doesn't even know what drive it wants
a disk in.

Any ideas which of the following is causing this?

Don't post HijackThis logs here. There are specialty forums for that.

Forums to Interpret HijackThis Logs:
http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com

 

[Guy Snape]

Don't post HijackThis logs here. There are specialty forums for that.

Apologies, I found this group via google group search for hijackthis and
there isn't an obvious FAQ on group nettiquette - I guess I needed the
meta-faq. I could have posted *without* the log, I thought I was
providing some helpful information. A bit more googling revealed that
hjt logs are obviously a bit of a bugbear round here, so once again, my
apologies, I shall take the problem to an appropriate forum.

Forums to Interpret HijackThis Logs:
http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com

- guy

 

[Rock]

Apologies, I found this group via google group search for hijackthis and
there isn't an obvious FAQ on group nettiquette - I guess I needed the
meta-faq. I could have posted *without* the log, I thought I was providing
some helpful information. A bit more googling revealed that hjt logs are
obviously a bit of a bugbear round here, so once again, my apologies, I
shall take the problem to an appropriate forum.


- guy

No problem Guy. There are several reasons we redirect folks elsewhere.
Firstly this is not a malware removal forum although many folks do post here
with that type of problem, and we try to help out with links to sites about
malware removal. Best to go to where the experts are. With respect to
HijackThis, it's a specially area so it's even more important to go to a
place were those experts are. It takes skill and training to properly
interpret HJT logs so you need to go to the best locations. Lastly this
group is about the XP OS, and though malware affects it's workings it's not
an XP OS issue per se. We would be inundated with HJT logs if that were the
case making this newsgroup unworkable. Thanks for understanding.

 

[Guy Snape]

No problem Guy. There are several reasons we redirect folks elsewhere.
Firstly this is not a malware removal forum although many folks do post
here with that type of problem, and we try to help out with links to
sites about malware removal. Best to go to where the experts are. With
respect to HijackThis, it's a specially area so it's even more important
to go to a place were those experts are. It takes skill and training to
properly interpret HJT logs so you need to go to the best locations.
Lastly this group is about the XP OS, and though malware affects it's
workings it's not an XP OS issue per se. We would be inundated with HJT
logs if that were the case making this newsgroup unworkable. Thanks for
understanding.

Actually, I don't think this is a malware issue, I'm guessing that it's
a hangover from some aborted install process or something like that,
maybe one of my children's Scooby Doo games or something. I shall keep
searching.

- guy

 

[Kerry Brown]

Actually, I don't think this is a malware issue, I'm guessing that it's a
hangover from some aborted install process or something like that, maybe
one of my children's Scooby Doo games or something. I shall keep
searching.

- guy

You definitely have a malware problem.

O4 - HKLM\..\Run: [WindowsServicesStartup]
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe 1

This is something masquerading as a Windows service. There are other
questionable entries as well. One of the experts at a HJT forum will be able
to get you fixed in no time.

 

[Guy Snape]

Actually, I don't think this is a malware issue, I'm guessing that
it's a hangover from some aborted install process or something like
that, maybe one of my children's Scooby Doo games or something. I
shall keep searching.

- guy

You definitely have a malware problem.

O4 - HKLM\..\Run: [WindowsServicesStartup]
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe 1

This is something masquerading as a Windows service. There are other
questionable entries as well. One of the experts at a HJT forum will be
able to get you fixed in no time.

Many thanks - that appears to be a worm :-(
Don't know why AVG didn't pick it up.

- guy

 

[Kerry Brown]

Actually, I don't think this is a malware issue, I'm guessing that it's
a hangover from some aborted install process or something like that,
maybe one of my children's Scooby Doo games or something. I shall keep
searching.

- guy

You definitely have a malware problem.

O4 - HKLM\..\Run: [WindowsServicesStartup]
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe 1

This is something masquerading as a Windows service. There are other
questionable entries as well. One of the experts at a HJT forum will be
able to get you fixed in no time.

Many thanks - that appears to be a worm :-(
Don't know why AVG didn't pick it up.

There are more questionable entries. Post your log in an appropriate forum
and let the HJT experts help you.

 

[Guy Snape]

Actually, I don't think this is a malware issue, I'm guessing that
it's a hangover from some aborted install process or something like
that, maybe one of my children's Scooby Doo games or something. I
shall keep searching.

- guy



You definitely have a malware problem.

O4 - HKLM\..\Run: [WindowsServicesStartup]
C:\DOCUME~1\Guy\LOCALS~1\Temp\svchost.exe 1

This is something masquerading as a Windows service. There are other
questionable entries as well. One of the experts at a HJT forum will
be able to get you fixed in no time.

Many thanks - that appears to be a worm :-(
Don't know why AVG didn't pick it up.

There are more questionable entries. Post your log in an appropriate
forum and let the HJT experts help you.

Done that, awaiting replies. Thanks again.

- guy

 

[Kerry Brown]

Done that, awaiting replies. Thanks again.

- guy

You're welcome.