Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Sluggish XP SP2 performance, frequent OS dumps, likely due to Malware/Spyware

This is a discussion on Sluggish XP SP2 performance, frequent OS dumps, likely due to Malware/Spyware within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi all - my WinXP SP2 PC suffers from strolling cpu and net browsing performance, and suspiciously frequent blue screen


 
 
Thread Tools Search this Thread
Old 03-03-2009, 03:43 AM   #1
Guest
 
Join Date: Mar 2009
Posts: 3
OS:



Hi all - my WinXP SP2 PC suffers from strolling cpu and net browsing performance, and suspiciously frequent blue screen failures and dumps. Problem probably due to the download of bittorrent files.

Can you please have a look at this. I attach the required information and archive.

FYI I ran a Kaspersky online scan too, which found the following items, none of them looking critical though.

File name Threat name Threats count
C:\Documents and Settings\dumontie\Desktop\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1

C:\Documents and Settings\dumontie\My Documents\Softs&Tools\dap53.exe Infected: not-a-virus:AdWare.Win32.Dap.g 1

C:\Documents and Settings\dumontie\My Documents\Softs&Tools\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1


Thanks a lot.


DDS (Ver_09-02-01.01) - NTFSx86
Run by DUMONTIE at 9:57:50,20 on 03/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1033.18.1534.792 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\C4ebreg\c4ebreg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Bouygues Telecom\Kit Internet Mobile\RUS.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\wrtService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.24\pmonmh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\UltraNav Keyboard\SkdUNav.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Documents and Settings\dumontie\Start Menu\Programs\Startup\VPTray.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dumontie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://w3.ibm.com/
uSearch Page = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com
uSearch Bar = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*https://fr.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyServer = http=localhost:9090 ftp=localhost:9093 https=localhost:9090
uInternet Settings,ProxyOverride = w3-501.ibm.com;localhost;127.0.0.1;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: Bluepages bar: {fe84ccf9-b385-4058-b43d-f2794eebdd8a} - mscoree.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [KeyWallet] c:\progra~1\keywal~1\KWallet.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t network client\NetSP.exe" -show
uRun: [IBM RecordNow!]
uRun: [CUCore Agent]
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
mRun: [TrackPointSrv] tp4serv.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [stgclean] c:\sdwork\w32main2.exe /cleanup
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [pmonmh] c:\program files\ibm\my help\plugins\\com.ibm.myhelp.common_1.2.24/pmonmh.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
mRun: [ipmcmu] c:\program files\ibm\ipm client migration utility\ipmcmu.exe "c:\program files\ibm\IPM Client Migration Utility"
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [defergui] c:/sdwork/defergui.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UltraNav Keyboard] c:\program files\lenovo\ultranav keyboard\SkdUNav.exe
mRun: [AirCardEnabler]
mRun: [WatcherHelper] "c:\program files\sierra wireless inc\3g watcher\WaHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\dumontie\start menu\programs\startup\ccApp.exe
StartupFolder: c:\documents and settings\dumontie\start menu\programs\startup\VPTray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\SCHEDULE.BAT
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://webscanner.kaspersky.fr/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {1ACECAFE-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} - hxxps://w3-501.ibm.com/transform/crm/europe/fr/callcenter/16285/applets/siebelhtml.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207958233567
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} - hxxps://w3-501.ibm.com/transform/crm/europe/fr/callcenter/16285/applets/SiebExtMailClient.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.5304513889
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} - hxxp://w3.ibm.com/tools/print/plugin/gpwsx.cab
DPF: {C0D2212A-5EF2-44F8-9441-1DB60F128112} - hxxps://w3-501.ibm.com/transform/crm/europe/fr/callcenter/16285/applets/SiebelOptionPack.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {06F71357-BCEA-4F0B-8322-B22D362933ED} = 9.143.28.14,9.143.26.14
TCP: {6EA2C6DA-57CA-4F31-9453-A1943F61B484} = 9.143.28.14,9.143.26.14
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dumontie\applic~1\mozilla\firefox\profiles\default.lev\
FF - prefs.js: browser.startup.homepage - hxxp://w3.ibm.com/
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 9093
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9090
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-17 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2004-4-6 88576]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-4-14 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-5-7 11520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-26 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-26 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-26 107272]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-5-7 6016]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2004-4-6 4736]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-4-6 16384]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-12-7 4442]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-1-25 8576]
R2 AppnApi;AppnApi;c:\windows\system32\drivers\appnapi.sys [2003-11-11 119136]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-26 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-26 298264]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 IBM_LLC2;Pilote LLC2 de Communications Personnelles IBM;c:\windows\system32\drivers\llc2.sys [2003-11-11 101344]
R2 ISAMSvc;IBM Standard Asset Manager Service;c:\program files\c4ebreg\c4ebreg.exe [2008-11-19 417008]
R2 NsTrcNT;NsTrcNT;c:\windows\system32\drivers\nstrcnt.sys [2003-11-11 12060]
R2 pdlnctdl;Twinax CUT Adapter;c:\windows\system32\drivers\pdlnctdl.sys [2003-11-11 12288]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);c:\windows\system32\drivers\pdlndldl.sys [2003-11-11 58880]
R2 RUS;Remote Utility Service;c:\program files\bouygues telecom\kit internet mobile\RUS.exe [2007-10-11 27472]
R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 TSM Scheduler;TSM Scheduler;c:\program files\tivoli\tsm\baclient\dsmcsvc.exe [2008-6-17 3145728]
R2 WRTService;WRT Service;c:\windows\wrtService.exe [2007-8-8 122880]
R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [2006-5-19 180864]
R3 Anydlc;Anydlc;c:\windows\system32\drivers\anydlc.sys [2003-11-11 38204]
R3 Appn;Appn;c:\windows\system32\drivers\appn.sys [2003-11-11 1274944]
R3 AppnBase;AppnBase;c:\windows\system32\drivers\appnbase.sys [2003-11-11 193856]
R3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-8-14 508544]
R3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-8-14 3768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 KLOGNT;KLOGNT;c:\windows\system32\drivers\klognt.sys [2003-11-11 24588]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090302.002\naveng.sys [2009-3-2 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090302.002\navex15.sys [2009-3-2 876144]
R3 pdlnacom;PDLC Adapter -- COM;c:\windows\system32\drivers\pdlnacom.sys [2003-11-11 74992]
R3 pdlnafac;PDLC Adapter Factory;c:\windows\system32\drivers\pdlnafac.sys [2003-11-11 36048]
R3 pdlnatcm;Twinax Adapter Common;c:\windows\system32\drivers\pdlnatcm.sys [2003-11-11 20480]
R3 pdlnatdl;Twinax Adapter;c:\windows\system32\drivers\pdlnatdl.sys [2003-11-11 18432]
R3 pdlncbas;PDLC CxM Classes;c:\windows\system32\drivers\pdlncbas.sys [2003-11-11 6784]
R3 pdlncfwk;PDLC Connection Manager;c:\windows\system32\drivers\pdlncfwk.sys [2003-11-11 160288]
R3 pdlndint;PDLC DLC Classes;c:\windows\system32\drivers\pdlndint.sys [2003-11-11 12800]
R3 pdlndlpb;PDLC LAPB;c:\windows\system32\drivers\pdlndlpb.sys [2003-11-11 70144]
R3 pdlndoem;PDLC OEM Interface;c:\windows\system32\drivers\pdlndoem.sys [2003-11-11 18944]
R3 pdlndqll;PDLC QLLC;c:\windows\system32\drivers\pdlndqll.sys [2003-11-11 53248]
R3 pdlndsdl;PDLC SDLC;c:\windows\system32\drivers\pdlndsdl.sys [2003-11-11 67072]
R3 pdlndtdl;Twinax DLC;c:\windows\system32\drivers\pdlndtdl.sys [2003-11-11 51712]
R3 pdlnebas;PDLC Environment;c:\windows\system32\drivers\pdlnebas.sys [2003-11-11 8608]
R3 pdlnecfg;PDLC Configuration;c:\windows\system32\drivers\pdlnecfg.sys [2003-11-11 50336]
R3 pdlnemap;PDLC Mapper;c:\windows\system32\drivers\pdlnemap.sys [2003-11-11 67136]
R3 pdlnemsg;PDLC Message Driver;c:\windows\system32\drivers\pdlnemsg.sys [2003-11-11 12768]
R3 pdlnepkt;PDLC Buffer Manager;c:\windows\system32\drivers\pdlnepkt.sys [2003-11-11 19984]
R3 pdlnshay;PDLC Hayes At signalling;c:\windows\system32\drivers\pdlnshay.sys [2003-11-11 59504]
R3 pdlnslea;PDLC SDLC Leased;c:\windows\system32\drivers\pdlnslea.sys [2003-11-11 22384]
R3 pdlnsv25;PDLC V25bis signalling;c:\windows\system32\drivers\pdlnsv25.sys [2003-11-11 54416]
R3 pdlnsx25;PDLC X.25;c:\windows\system32\drivers\pdlnsx25.sys [2003-11-11 58432]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-4-14 6528]
S1 ShldDrv;Panda File Shield Driver; [x]
S2 gupdate1c8e55cde6db500;Google Update Service (gupdate1c8e55cde6db500);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2007-3-5 97920]
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [2004-6-7 13952]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2004-4-6 46108]
S3 dblhost;Diginext DBL Hosting Service;c:\program files\bouygues telecom\kit internet mobile\dblhost.exe [2007-10-11 75088]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2004-10-20 21344]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-27 29744]
S3 gwiopm;gwiopm;\??\c:\program files\wst\gwiopm.sys --> c:\program files\wst\gwiopm.sys [?]
S3 IBMTRP;IBM Token-Ring PCI Adapter (Generic);c:\windows\system32\drivers\IBMTRP.SYS [2002-9-20 109085]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 S3Inc;S3Inc;c:\windows\system32\drivers\s3mt3d.sys [2002-9-12 41216]
S3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [2007-3-26 43904]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-8-14 184320]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-8-29 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-8-29 140672]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-4-21 14336]
S4 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [2008-3-21 19328]
S4 MyHelp;My Help;c:\program files\ibm\my help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe [2007-5-16 81920]

=============== Created Last 30 ================

2009-03-02 10:08 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-02 09:16 268 a---h--- C:\sqmdata13.sqm
2009-03-02 09:16 244 a---h--- C:\sqmnoopt13.sqm
2009-03-02 09:12 268 a---h--- C:\sqmdata12.sqm
2009-03-02 09:12 244 a---h--- C:\sqmnoopt12.sqm
2009-03-01 12:28 244 a---h--- C:\sqmnoopt11.sqm
2009-03-01 12:28 232 a---h--- C:\sqmdata11.sqm
2009-03-01 12:27 244 a---h--- C:\sqmnoopt10.sqm
2009-03-01 12:27 232 a---h--- C:\sqmdata10.sqm
2009-02-27 17:20 <DIR> --d----- C:\adsmcfg
2009-02-26 14:19 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-26 13:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-26 13:52 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-26 13:52 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-26 13:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-26 13:51 <DIR> --d----- c:\program files\AVG
2009-02-26 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-25 17:58 <DIR> --d----- c:\windows\system32\Kaspersky Lab
2009-02-24 10:52 <DIR> --d----- c:\temp\baclient
2009-02-22 14:00 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-21 16:29 32,930 a------- c:\windows\scunin.dat
2009-02-21 16:29 94,208 a------- c:\windows\ScUnin.exe
2009-02-21 16:29 967 a------- c:\windows\ScUnin.pif
2009-02-21 16:29 <DIR> --d----- c:\program files\Starcraft
2009-02-18 23:49 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-17 22:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-17 22:20 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-12 16:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sports Interactive
2009-02-12 11:40 <DIR> --d----- c:\program files\TRU WATCHER
2009-02-12 11:39 <DIR> --d----- c:\docume~1\dumontie\applic~1\ICS
2009-02-12 11:38 26,760 a----r-- c:\windows\system32\drivers\swmsflt.sys
2009-02-12 11:34 <DIR> --d----- c:\program files\common files\Funk Software
2009-02-12 11:34 <DIR> --d----- c:\program files\Bouygues Telecom
2009-02-12 11:34 69 a------- c:\windows\init.ini
2009-02-12 11:32 17,024 ac------ c:\windows\system32\dllcache\usbohci.sys
2009-02-12 11:32 17,024 a------- c:\windows\system32\drivers\usbohci.sys
2009-02-09 01:01 <DIR> --d----- C:\ppmaterecord
2009-02-09 01:00 <DIR> --d----- c:\docume~1\dumontie\applic~1\PPMate
2009-02-09 01:00 <DIR> --d----- c:\program files\common files\Synacast
2009-02-08 16:37 <DIR> --d----- c:\program files\LucasArts
2009-02-07 13:10 268 a---h--- C:\sqmdata09.sqm
2009-02-07 13:10 244 a---h--- C:\sqmnoopt09.sqm
2009-02-07 13:09 268 a---h--- C:\sqmdata08.sqm
2009-02-07 13:09 244 a---h--- C:\sqmnoopt08.sqm
2009-02-06 21:26 <DIR> --d----- c:\program files\BitTorrent
2009-02-05 23:21 268 a---h--- C:\sqmdata07.sqm
2009-02-05 23:21 244 a---h--- C:\sqmnoopt07.sqm
2009-02-05 21:08 244 a---h--- C:\sqmnoopt06.sqm
2009-02-05 21:08 232 a---h--- C:\sqmdata06.sqm
2009-02-01 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-02-01 17:06 <DIR> --d----- c:\program files\TVUPlayer

==================== Find3M ====================

2009-03-02 10:07 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-07 10:37 61,792 a------- c:\docume~1\dumontie\applic~1\GDIPFONTCACHEV1.DAT
2008-05-05 21:13 15,397 a------- c:\program files\settings.dat
2008-01-11 16:34 389,120 a------- c:\documents and settings\dumontie\stas75_20060810.0001.dll
2007-09-28 16:19 1,139 a------- c:\program files\NettGain1200 Client setup.log
2007-06-06 09:11 139 a------- c:\program files\wsmjunk.txt

============= FINISH: 9:58:42,50 ===============
Attached Files
File Type: zip Attach.zip (5.9 KB, 15 views)
bostella is offline  
Sponsored Links
Advertisement
 
Old 03-05-2009, 10:11 AM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi -

I see no sign of active infection. The items Kaspersky found are as you say, low threat, and flagged due to potential. DAP is considered adware, and so are it's installers.

This may be your biggest issue

Quote:
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
As stated in our pre-posting sticky topic...

https://www.techsupportforum.com/f50/...lp-305963.html

Quote:
If you have more than one antivirus software installed, leave only ONE and uninstall the others
While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, AVG and Symantec. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
-----------------------------------------------------------------------

I also see parts of Panda AntiVirus. Leaving drivers behind might also be a cause for conflict.

What version was it?

Uninstall tools for various versions:

How can I uninstall Panda Titanium Antivirus 2005
https://www.pandasecurity.com/homeuse...014&IdIdioma=2

How can I uninstall Panda Titanium 2006 Antivirus+Antispyware?
https://www.pandasecurity.com/homeuse...504&IdIdioma=2

How can I uninstall Panda Platinum 2006 Internet Security?
https://www.pandasecurity.com/homeuse...406&IdIdioma=2

How can I uninstall Panda Antivirus 2007?
https://www.pandasecurity.com/homeuse...210&IdIdioma=2

How can I uninstall Panda Antivirus 2008?
https://www.pandasecurity.com/homeuse...oma=2&pagina=1

How can I uninstall Panda Antivirus Pro 2009 from my computer?
https://www.pandasecurity.com/enterpr...018&idIdioma=2


=====================================

I see no reason to suspect malware as the cause of your issues. If, after uninstalling one of the AV you still have issues, you may wish to seek assistance in the Windows XP section of the forums. Some of the techs there read dumps.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-12-2009, 12:27 PM   #3
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/f50/...lp-305963.html
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:39 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts