Solved

CD Drawer continuously opens and closes

Posted on 2004-04-08
19
1,111 Views
Last Modified: 2010-04-12
I have heard that this can be caused by a trojan. I have run norton AV and TDS-3 but they both say my system is clear. It is driving me nuts and pauses my computer frequently. I have win98 on a packard bell imedia computer. help please! I am a bit dim when it comes to computers so keep it simple please :)
0
Comment
Question by:Dicky
  • 6
  • 3
  • 2
  • +6
19 Comments
 
LVL 27

Expert Comment

by:Dabas
ID: 10788953
Hi Dicky:
Try running ADAware which is a free utility which you can download from www.adaware.com

Dabas
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10788954
Dicky,

So does you CD drawer opens even when you are not doing any application running ?

Check for spywares using this

Use spybot ,ad-ware ,CWshredder and post the log from Hijackthis here

After installing them, First Update them and then run

Spyware/Adware removal tools:
------------------------------

What is spyware : http://www.spychecker.com/spyware.html

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml

Ad-aware : http://www.webattack.com/download/dladaware.shtml

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml

Pest Patrol : http://www.pestpatrol.com/

Trojan Remover :http://www.simplysup.com/
0
 

Author Comment

by:Dicky
ID: 10788969
wow that was a fast response, I'll go do as you suggest

thanks
0
 

Author Comment

by:Dicky
ID: 10789054
OK adaware deleted 29 things
spybot found a load of stuff under 4 difft headings:

Backweb lite, Download accelerator plus ads and ebay toolbar. CW Shredder said nothing found.

hijack this log:
Logfile of HijackThis v1.97.7
Scan saved at 03:48:16, on 09/04/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\IISYSTEM WIPER\SYSTEMWIPER.EXE
C:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\POPUPKILLER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPODEV07.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOEVM07.EXE
C:\WINDOWS\SYSTEM\HPOIPM07.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\HPOID407.EXE
C:\PROGRAM FILES\AOL 9.0\WAOL.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOSTS07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOFXM07.EXE
C:\PROGRAM FILES\AOL 9.0\SHELLMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\ASHAMPOO\ASHAMP~1\POPUP.DLL
O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [reminder.exe] C:\Program Files\BackWeb\tuner\reminder.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\PopUpKiller.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

hope this means something to you.

The cd drawer hasnt opened or closed for a while now so maybe u fixed it! It does happen randomly tho.

As to whether it happens when im not running an application...I dont know, I only turn the comp on when I have to use it!
0
 

Author Comment

by:Dicky
ID: 10789056
oops

spybot also found 1 item called DSO Exploit
0
 

Author Comment

by:Dicky
ID: 10789062
ahhh, its still happening :(
0
 
LVL 27

Expert Comment

by:Dabas
ID: 10789065
Dicky:
Probably you got rid of it.

Dabas
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10789068
Have you updated the spyare definitions in spybot and then ran it ?

if yes then you can safely delete the items it shows cos they are spywares .. reboot your system and then check if the proble arises
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Dicky
ID: 10789076
yes it said I have current version. I should delete them all?
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10789082
yes go ahead and delete them
then restart the machine

then do hijackthis and post the log .. there could be a difference
0
 

Author Comment

by:Dicky
ID: 10789128
ok, its still opening and closing tho...

Logfile of HijackThis v1.97.7
Scan saved at 04:15:14, on 09/04/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\IISYSTEM WIPER\SYSTEMWIPER.EXE
C:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\POPUPKILLER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPODEV07.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOEVM07.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\HPOIPM07.EXE
C:\WINDOWS\SYSTEM\HPOID407.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOSTS07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOFXM07.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\ASHAMPOO\ASHAMP~1\POPUP.DLL
O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [reminder.exe] C:\Program Files\BackWeb\tuner\reminder.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\PopUpKiller.exe
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

0
 
LVL 6

Expert Comment

by:akboss
ID: 10794570
this was also an old VB script.
notice the message that said to click here.

<script LANGUAGE="VBScript">
<!--
MsgBox "Click here to recieve a free cup holder",64,"Your free Cup holder"
Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
End If
-->
</SCRIPT>

also does anyone else have access like a prank playing friend?

look for gift.zip.

runs the same program but lets you anchor it to any icon ,etc. that they wish.
0
 
LVL 4

Expert Comment

by:nyck6623
ID: 10843905
this sounds like netbus.... If i remember correctly that trojan could remotely open your cdrom
0
 

Expert Comment

by:sillesca
ID: 10845016
hello Dicky,

It's may be possibly also electrical problems with your CD-ROM drive, it's a new one?
0
 

Expert Comment

by:Chris-Moore
ID: 10872586
Hiya

This may sound silly BUT we had some Dell GX240 machines and the CD button was a plastic extender that when pressed hit the recessed CDROM drive eject button.

Problem was this plastic extender got stuck quite often and it only took a tap on the desk to get the CD drawer to open on its own.  If you have a similar construction for the CD eject button ensure its pulled out and does not get stuck inwards.....

This was probably the worst design feature on the Dells.....

hope this helps and good luck!
0
 
LVL 11

Expert Comment

by:ghana
ID: 11107003
I had a look at the last HijackThis logfile. There seems to be an adware called backWeb installed on your computer:
C:\PROGRAM FILES\BACKWEB\PROGRAM\BACKWEB.EXE
O4 - HKLM\..\Run: [reminder.exe] C:\Program Files\BackWeb\tuner\reminder.exe

See:
http://www.liutilities.com/products/wintaskspro/processlibrary/backweb/
http://www.kephyr.com/spywarescanner/library/backwebclient/index.phtml

"Bazooka Adware and Spyware Scanner" claims to be able to remove BackWeb: http://www.kephyr.com/spywarescanner/index.html

If this won't work I would recommend to remove the registry item, terminate the backweb process and delete the folder backweb.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11359321
PAQed - no points refunded (of 500)

modulo
Community Support Moderator
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now