Thread: Virus Suspected - Computer slow and programs closing unexpectedly
View Single Post
Old 11-13-2008, 09:51 PM   #1 (permalink)
scoricha
Registered User
 
Join Date: Nov 2008
Posts: 34
OS: XP


Virus Suspected - Computer slow and programs closing unexpectedly
Hello,

My computer (XP Op system) has been running slowly for about a month. Programs are constantly closing unexpectedly (especially Yahoo Messenger and Gmail email notifier). Many times IE won't even open. I have AT&T Yahoo DSL which provides online protection (anti-spyware, anti-virus, pop-up blocker), but it doesn't detect anything.

Last week I ran a virus remover program that supposedly removed a couple Trojan viruses, but not I notice similarly named files are back in my C:\WINDOWS\system32 folder (__c008D1F2.dat and __c002224A.dat), which I suspect are new Trojan viruses, but they cannot be deleted - Access is denied.

Please help me get my computer back! Thank you for helping!

Here is my dds report:


DDS (Version 1.0) - NTFSx86
Run by HP_Administrator at 23:36:15.50 on Thu 11/13/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1351 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Playskool\MADE FOR ME Software\HbDetect.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://cm.my.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [HbDetect.exe] c:\program files\playskool\made for me software\HbDetect.exe
uRun: [A00F59DDC49.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F59DDC49.exe
uRun: [A00F5A5A803.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F5A5A803.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [CaAvTray] "c:\program files\yahoo!\antivirus\CAVTray.exe"
mRun: [CAVRID] "c:\program files\yahoo!\antivirus\CAVRID.exe"
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\windows\installer\{00000409-78e1-11d2-b60f-006097c998e7}\outicon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
Notify: __c002224A - c:\windows\system32\__c002224A.dat
Notify: __c00280F1 - c:\windows\system32\__c00280F1.dat
Notify: __c0069664 - c:\windows\system32\__c0069664.dat
Notify: __c008D1F2 - c:\windows\system32\__c008D1F2.dat
Notify: __c009B5E0 - c:\windows\system32\__c009B5E0.dat
Notify: __c00CC610 - c:\windows\system32\__c00CC610.dat

============= SERVICES / DRIVERS ===============

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe

=============== Created Last 30 ================

2008-11-13 23:21 250 a------- c:\windows\gmer.ini
2008-11-11 19:58 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:57 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-10-29 20:27 25,088 a------- c:\windows\system32\__c008D1F2.dat
2008-10-29 20:27 25,088 a------- c:\windows\system32\__c002224A.dat
2008-10-29 13:42 <DIR> --d----- c:\windows\system32\NtmsData
2008-10-28 08:35 663 a------- C:\xcrashdump.dat
2008-10-26 10:19 35,328 a------- c:\windows\system32\~.exe
2008-10-24 00:32 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 11:28 56 a---h--- c:\windows\system32\ezsidmv.dat
2008-10-18 11:24 <DIR> --d----- c:\program files\Skype
2008-10-15 11:40 <DIR> --d----- c:\windows\BBSTORE
2008-10-15 11:40 <DIR> --d----- c:\program files\The Learning Company
2008-10-15 11:39 0 a------- c:\windows\SETUP32.INI
2008-10-15 06:10 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-10-15 06:10 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 06:09 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 06:09 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 06:09 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 06:09 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe

==================== Find3M ====================

2008-11-08 12:02 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Move Networks
2008-11-06 12:08 <DIR> --d----- c:\program files\HP
2008-11-03 15:10 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WeatherBug
2008-10-28 22:45 <DIR> --d----- c:\program files\GemMaster
2008-10-15 11:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Digital Interactive Systems Corporation
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-20 00:30 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-08-20 00:30 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-08-20 00:30 666,112 a------- c:\windows\system32\wininet.dll
2008-08-20 00:30 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 00:30 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-08-19 16:52 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-04-09 16:51 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Download Manager
2008-03-28 09:42 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Snapfish
2008-03-11 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\espionServerData
2008-01-14 20:58 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Playskool
2007-12-19 23:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2007-10-10 22:11 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WinBatch
2007-09-11 23:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-09-11 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2007-09-10 20:03 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HPQ
2006-08-24 02:17 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2006-08-24 02:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2006-08-24 01:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 23:36:37.04 ===============
Attached Files
File Type: txt Gmer.txt (15.2 KB, 1 views)
File Type: zip Attach.zip (3.0 KB, 2 views)
scoricha is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here