Disc Drive Is Opening And Closing Intermittently, please see Hijackhis log Options

[abelman]

My CD-ROM disc drive has been open and closing on its own intemittently - often 10-20 times in a minute. I ran a HijackThis scan, and my log is below. Can someone help me identify what's causing this, and anything in the log, which is problematic. Thanks for your help.


Logfile of HijackThis v1.98.2
Scan saved at 11:25:22 AM, on 9/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Abel Feldhamer\Application Data\ttuh.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\imapi.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Ahead\NeroNET\NeroNET.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\mobsync.exe
C:\WINDOWS\System32\uhkprgcr.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0915379b547e57fc7f174520805bc480\update\update.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\WINDOWS\System32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: search
O2 - BHO: (no name) - {30AC187E-EA6B-5DEE-D671-63550BDA2743} - C:\WINDOWS\System32\hvntraq.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: thunk meal - {028F5CB0-086F-3E0E-DAAF-A416C0F0473D} - C:\PROGRA~1\MAPIBA~1\drive drv.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpySweeper_BT01] "C:\Program Files\Webroot\Spy Sweeper\Bt01.exe" /SpySweeper_BT01
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Abel Feldhamer\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Mmcxprg] C:\WINDOWS\System32\uhkprgcr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-lc-8.fordham.edu/iNotes6.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02cffe05b9ba1e...ip/RdxIE601.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/insta...00/SYSsfitb.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stam...file=stamps.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47844FE7-43ED-4FBC-B4DF-4C748802F386}: NameServer = 192.168.2.1

[little eagle]

Hello abelman
HijackThis is in a zip file.
If you run it out of a compressed file, like a zip file, instead of running it from a directory, the backups will not be made.

After unzipping the file. you'll end up with the file itself, which is Hijackthis.exe, and that's the one you'll need to doubleclick.'

Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
Copy and paste HijackThis.exe to the new folder.

Please go to add and remove programs and remove,
WinTools

Close all Browser and Program Windows and have HijackThis fix the following by checking the box beside each and then clicking on Fix checked.

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {30AC187E-EA6B-5DEE-D671-63550BDA2743} - C:\WINDOWS\System32\hvntraq.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (file missing)

O3 - Toolbar: thunk meal - {028F5CB0-086F-3E0E-DAAF-A416C0F0473D} - C:\PROGRA~1\MAPIBA~1\drive drv.dll (file missing)

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Abel Feldhamer\Application Data\ttuh.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02cffe05b9ba1e...ip/RdxIE601.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/insta...00/SYSsfitb.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

The following have randomly named file names, and as such are normally malware, UNLESS you know what they are, and they are from a safe source,
please check for removal.

O4 - HKCU\..\Run: [Mmcxprg] C:\WINDOWS\System32\uhkprgcr.exe

The following activeX controls will reinstall when(and if) you revisit that website, UNLESS you know they are from a safe source, check to remove.

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-lc-8.fordham.edu/iNotes6.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stam...file=stamps.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab


Reboot afterwards in SAFE MODE. If you don't know how click here
Delete the following files and folder listed

C:\PROGRA~1\COMMON~1\WinTools Folder

C:\WINDOWS\System32\hvntraq.dll <<<file only
C:\Documents and Settings\Abel Feldhamer\Application Data\ttuh.exe<<<file only
C:\WINDOWS\System32\uhkprgcr.exe <<<file only

Some of these files and folders might have the hidden atribute
How to show hidden files and folders in Windows Instructions here

Then Download System Security Suite. Extract it from the zip file into a folder.
http://www.igorshpak.net/software/3ssetup104.zip
Under "items to clear" click all. Then click "clear selected items"

Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves at the moment.

This post has been edited by little eagle: Sep 12 2004, 03:11 PM

[little eagle]

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.