| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91262 | 2008-07-01 11:56:00 | 2 problems | mkms (12127) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 684239 | 2008-07-01 11:56:00 | Hi guys Its me again. Now i have another 2 problems. 1. My CD writer tray opens frequently and even if we insert a disk or just close it, it again opens on its own. When enquired they say it is due 2 virus. Can u help me in this. I have posted my HJT Report below. 2. I had opened an Excel file named Daily Expenses Report 2008-09 and while working on it due to power cut, i closed it immediately. But later on when i switched on the system i could not find the file ( evenwith search command). All my a/c datas are in that file. Is it due to virus or else has it been deleted (by mistake). plssss help me asap. regards mkms |
mkms (12127) | ||
| 684240 | 2008-07-01 12:00:00 | Sorry, i found it now. it was renamed as 5EBF0000. So, only one problem. I forgot to paste my HJT Report. Here it is. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:36:43 PM, on 1/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\ZoneTick\zonetick.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\ZoneTick\timesync.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\mukundh\Desktop\Magic.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eastern-engineering.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - javadl.sun.com O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - www.adobe.com O17 - HKLM\System\CCS\Services\Tcpip\..\{B34CEC76-A870-43A9-8F9C-93F5104213FB}: NameServer = 218.248.240.24,218.248.240.208 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ZoneTick Time (ZTime) - WR Consulting - C:\Program Files\ZoneTick\timesync.exe -- End of file - 5870 bytes |
mkms (12127) | ||
| 684241 | 2008-07-01 21:56:00 | The Hijack Log looks clean - no real nasties, a couple of items can be removed that are not needed on startup, but nothing that should cause the problem - There are a couple of prank programs that do that but if your AV is saying there are no viruses then it could be faulty hardware. With the computer turned off, remove the side cover, check the molex ( power) plug is in tight, and has not come lose. If it is tight you can try unplugging it and trying a different connection. If it still opens and closes, if you have one, try a different Drive, The drive may be faulty - leave it hanging out the side to test (wont hurt it). |
wainuitech (129) | ||
| 684242 | 2008-07-01 22:06:00 | 1. My CD writer tray opens frequently and even if we insert a disk or just close it, it again opens on its own. When enquired they say it is due 2 virus. Who is they? They are idiots. |
pctek (84) | ||
| 684243 | 2008-07-01 22:10:00 | 2. I had opened an Excel file named Daily Expenses Report 2008-09 and while working on it due to power cut, i closed it immediately. But later on when i switched on the system i could not find the file ( evenwith search command). All my a/c datas are in that file. Is it due to virus or else has it been deleted (by mistake). plssss help me asap. regards mkms I assume you have looked in the folder where you normally save it? You could try an undelete program, to search for files that are marked deleted, but physically still on the disk. (have to mention the word backup too...) |
utopian201 (6245) | ||
| 684244 | 2008-07-01 22:11:00 | Who is they? They are idiots. I think there used to be a trojan in the IRC days which opened your cd tray as prank. |
utopian201 (6245) | ||
| 684245 | 2008-07-02 05:36:00 | UR right Utopian201. I still get an alert / warning message about trojan horse viruses. any solution pls..? |
mkms (12127) | ||
| 684246 | 2008-07-02 05:46:00 | Does your virus scanner pick anything up? Virus scanners tend to be useless against trojans; they only pick up viruses. The best defence against trojans is a firewall. What firewall are you using? (dont say windows firewall, that doesn't count) That will block any incoming requests to open the cd drive. Then you will be able to see what program is listening on that port, then remove it. |
utopian201 (6245) | ||
| 684247 | 2008-07-04 12:00:00 | Yes, I do have only windows firewall. can u suggest any s/w to remove trojans ? | mkms (12127) | ||
| 684248 | 2008-07-04 12:38:00 | Get Trojan Remover, Super Anti Spyware and Sypbot SD. Also, download a free trial of NOD32 Anti-virus and run a scan with that. |
beeswax34 (63) | ||
| 1 | |||||