Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • This topic is locked This topic is locked
3 replies to this topic

#1 ghodsi


  • Members
  • 1 posts
  • Local time:06:15 AM

Posted 12 February 2009 - 10:31 AM

when I clik on D: it won't open. my computer is slow when my son play.

DDS (Ver_09-02-01.01) - NTFSx86
Run by user at 23:15:47.70 on Thu 02/12/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1256.981.1033.18.759.343 [GMT 8:00]

AV: AVG AntiiVirus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\3.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\3.bin\MWSSRCAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLL
BHO: FG2CatchUrl: {1f364306-aa45-47b5-9f9d-39a8b94e7ef1} - c:\program files\flashget network\flashget universal\comdlls\bhoCATCH.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ertyuop] c:\windows\system32\rttrwq.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cdoosoft] c:\windows\system32\olhrwef.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -H
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [FlashGet] "c:\program files\flashget network\flashget universal\FlashGet.exe" /min
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UDC Integration]
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\3.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\3.bin\MWSBAR.DLL,S
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
dRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
dRun: [msnsc] c:\windows\system32\msnsc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: &Download All by FlashGet - c:\program files\flashget network\flashget universal\comdlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\flashget network\flashget universal\comdlls\Bholink.htm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
SEH: hook dll rising: {bb4c402f-882a-4526-8c08-51278ea437c1} - c:\windows\system32\afmain1.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-5 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 298264]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\3.bin\mwssvc.exe [2009-2-12 28762]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2009-1-21 18688]

============== File Associations ===============

scrfile="%1" /S "%3"

=============== Created Last 30 ================

2009-02-12 22:14 28,672 a------- c:\windows\system32\f3PSSavr.scr
2009-02-12 13:37 737,280 a------- c:\windows\iun6002.exe
2009-02-12 13:37 <DIR> --d----- c:\windows\system32\athan
2009-02-12 13:34 <DIR> --d----- c:\program files\Athan
2009-02-12 01:55 <DIR> --d----- c:\program files\LizardTech
2009-02-12 01:43 5,632 a------- c:\windows\system32\udcpm.dll
2009-02-12 01:43 <DIR> --d--r-- C:\UDC Output Files
2009-02-12 01:43 <DIR> --d----- c:\program files\Universal Document Converter
2009-02-11 21:00 5,632 a------- c:\windows\system32\ptpusb.dll
2009-02-11 21:00 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-02-11 21:00 159,232 a------- c:\windows\system32\ptpusd.dll
2009-02-11 21:00 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-02-09 22:20 <DIR> --d----- c:\program files\FunWebProducts
2009-02-09 22:20 <DIR> --d----- c:\program files\MyWebSearch
2009-02-09 13:26 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-09 13:26 <DIR> --d----- c:\program files\Norton Security Scan
2009-02-05 13:33 <DIR> --d----- c:\program files\USBAntiVirus
2009-02-05 03:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-05 02:38 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-05 02:38 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-05 02:38 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-05 02:38 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-05 02:38 <DIR> --d----- c:\docume~1\user\applic~1\AVGTOOLBAR
2009-02-05 02:38 <DIR> --d----- c:\program files\AVG
2009-02-05 02:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-05 02:24 <DIR> --d----- c:\program files\Trend Micro
2009-02-05 01:31 8,704 a------- c:\windows\system32\ssbtsr.exe
2009-02-05 01:31 <DIR> --d----- c:\program files\ScanSpyware
2009-02-05 00:41 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-27 01:37 <DIR> --d----- c:\program files\common files\STDUtility
2009-01-27 01:36 <DIR> --d----- C:\Downloads
2009-01-27 01:28 <DIR> --d----- c:\windows\speech
2009-01-27 01:26 <DIR> --d----- c:\program files\Babylon
2009-01-27 01:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2009-01-27 01:25 <DIR> --d----- c:\docume~1\user\applic~1\Babylon
2009-01-27 01:25 <DIR> --d----- c:\docume~1\user\applic~1\BITS
2009-01-27 01:24 <DIR> --d----- C:\profiles
2009-01-27 01:24 <DIR> --d----- c:\program files\FlashGet Network
2009-01-25 14:59 <DIR> --d----- c:\windows\system32\Adobe
2009-01-22 11:55 42 a------- c:\windows\naw.ini
2009-01-22 11:54 220,672 a------- c:\windows\system32\BC450RTL.dll
2009-01-22 11:54 13,312 a------- c:\windows\system32\AGT.dll
2009-01-22 11:54 <DIR> --d----- c:\program files\common files\Accent Shared
2009-01-22 11:54 <DIR> --d----- c:\program files\Narcis Soft
2009-01-22 11:26 <DIR> --d----- c:\program files\WolfPack
2009-01-22 11:23 <DIR> --d----- c:\docume~1\user\applic~1\Uniblue
2009-01-22 11:19 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-01-22 11:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-01-22 11:05 <DIR> --d----- c:\program files\Yahooligans
2009-01-22 10:35 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-01-22 03:37 16,254 a------- c:\windows\system32\PINTLPAE.HLP
2009-01-22 03:36 57,398 ac------ c:\windows\system32\dllcache\imjpdadm.exe
2009-01-22 03:35 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-01-22 03:34 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-01-22 03:34 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-01-22 03:33 74,240 ac------ c:\windows\system32\dllcache\usbui.dll
2009-01-22 03:33 74,240 a------- c:\windows\system32\usbui.dll
2009-01-22 03:30 <DIR> --d----- c:\program files\common files\ODBC
2009-01-22 03:30 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-22 03:29 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-01-22 03:28 9,748 a----r-- c:\windows\SETA4.tmp
2009-01-22 03:27 9,798 a----r-- c:\windows\SET84.tmp
2009-01-22 03:26 <DIR> --d----- c:\windows\system32\CatRoot2
2009-01-22 03:26 <DIR> --d----- c:\windows\system32\CatRoot
2009-01-22 03:26 <DIR> --d----- C:\DriverPack_WLAN_V601
2009-01-22 03:26 80,512 a------- c:\windows\system32\drivers\Rtnicxp.sys
2009-01-22 03:24 <DIR> --d----- C:\Documents and Settings
2009-01-22 03:23 858 a------- c:\windows\system32\$winnt$.inf
2009-01-22 01:54 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-01-21 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-01-21 23:33 <DIR> --d----- c:\docume~1\user\applic~1\Insightful
2009-01-21 23:30 <DIR> --d----- c:\program files\Insightful
2009-01-21 23:08 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-01-21 21:45 <DIR> --d----- c:\program files\Yahoo!
2009-01-21 21:25 <DIR> --d----- c:\program files\AI - Series
2009-01-21 21:23 <DIR> --d----- c:\program files\ASUS
2009-01-21 21:23 <DIR> --d----- c:\documents and settings\user\WINDOWS
2009-01-21 21:19 <DIR> --d----- c:\program files\Analog Devices
2009-01-21 20:35 <DIR> --ds---- c:\documents and settings\user\UserData
2009-01-21 19:46 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-21 19:45 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-21 19:44 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-21 19:42 <DIR> --d----- c:\program files\Online Services
2009-01-21 19:41 <DIR> --d----- c:\program files\HashTab Shell Extension
2009-01-21 19:41 <DIR> --d----- c:\program files\Unlocker
2009-01-21 19:41 <DIR> --d----- c:\program files\Microsoft PowerToys
2009-01-21 19:41 <DIR> --d----- c:\program files\MSN Messenger
2009-01-21 19:41 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-21 19:41 <DIR> --d----- c:\program files\Messenger
2009-01-21 19:41 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-21 19:40 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-01-23 22:33 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-21 21:25 845,968 a------- c:\windows\system32\AI - Series.scr
2009-01-21 19:42 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 23:16:25.46 ===============

Attached Files

BC AdBot (Login to Remove)


#2 extremeboy


  • Malware Response Team
  • 12,975 posts
  • Gender:Male
  • Local time:06:15 PM

Posted 23 February 2009 - 04:16 PM


Seems like one of those flash-drive worms. Perform the following:

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with:
-MBAM Scan log
-New DDS logs

With Regards,
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy


  • Malware Response Team
  • 12,975 posts
  • Gender:Male
  • Local time:06:15 PM

Posted 26 February 2009 - 04:38 PM


Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy


  • Malware Response Team
  • 12,975 posts
  • Gender:Male
  • Local time:06:15 PM

Posted 28 February 2009 - 07:56 AM


Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users