[picada]

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Win XP SP1
Problem Application Name & Version: Panda Antivirus (?)
Problem Hardware Make & Model:Toshiba Satellite 2140 CDS
Error Messages:<none>


The main prob here is that frequentely my computer becomes slower and stalls. My task manager shows avengine absorving all the resources and the processor usage is around 100% at those particular times.
i also realized i have a process called winxpdll32.exe i can not identify and i guess it may be malicious - this time i ended it in taskmanager.
Here's my hijackthis log. I'll apreciate any help available.
Thank u all in advance.

Logfile of HijackThis v1.98.2
Scan saved at 13:08:11, on 19-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.85.250:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga

[jvic]

Please submit this file to Kaspersky File Scanner!!!

http://www.kaspersky.com/remoteviruschk.html
Navigate to this file on your computer and post back the results

C:\WINDOWS\System32\winxpdll32.exe

Run hijack this and place a check beside the following:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\html\IntraLaunch.CAB

Restart your computer and post a new hijack this log

[picada]

I did what u wrote and in fact, kaspersky IDed winxpdll32.exe as a trojan. That's curious because neither mcafee nor panda IDed this file.
about the new hijackthis log... here it is

Logfile of HijackThis v1.98.2
Scan saved at 16:06:43, on 24-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programas\Opera\opera.exe
C:\Programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.85.250:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga

[jvic]

Run hijack this and place a check beside the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.85.250:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga

[picada]

ok, it's done.
New Hijack this log:

Logfile of HijackThis v1.98.2
Scan saved at 14:03:56, on 25-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programas\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &R

[jvic]

Your Log is clean.I suggest you get the windows updates.
Prevention
To help in preventing your system from being infected again

* SpywareBlaster will prevent spyware from being installed.
Spywareblaster

* SpywareGuard offers realtime protection from spyware installation attempts.
Spywareguard


To protect yourself further:

* IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
IE/Spyad

* Get the free google toolbar to help stop pop up windows.
Google Toolbar


These steps should be done on a regular basis.

1.You should run a scan with Ad-Aware regularly (Keep the definitions updated)

2.Run windows updates at least once a month

3.Keep your antivirus updated weekly

4.I also suggest that you delete any files from "temp", "tmp" folders.
In Internet Explorer, click on
"Tools" => "Internet Options" => "Delete Files" and select the box that says
"Delete All Offline Content" and click on "OK" twice.

[picada]

Thank u very much for ur help.
I already have Ad-Aware and Spybot Search and Destroy installed is this enough, or should i get Spywareblaster and Spywareguard? are they more trustworthy?
About updates, i don't know why, i just can't get a correct windows update.
i'm still trying to understand this particular problem.

[jvic]

I run adaware/spybot/spyware blaster/spyware guard and IE Spyad

[picada]

k! i got the picture...
thanx.

[jvic]

As your problems seem to be resolved I will close this thread.
If for any reason you need it reopened please PM a mod and supply a
link to this thread