Malware Infection

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

j_guy

Thread Starter
Joined
Apr 21, 2010
Messages
2
Hey,
Posting here is a bit of a last resort as I rarely post in forums. Especially tech forums. But, I am at my wits end. I've gone through so many pages and trials and software to figure out why my computer is so slow. If anyone could help me out, I would appreciate it as I am no good at this.
The symptoms include: Everything is slow. I'm sorry, I really don't know how else to explain it. I have a Avira log and have checked sites for the detected files, but I end up in messing with my registry and I was always told not to mess with it. haha. Anyway, any help would be great.

Avira AntiVir Personal
Report file date: April 21, 2010 00:16

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOMEPC

Version information:
BUILD.DAT : 10.0.0.565 32097 Bytes 4/12/2010 16:29:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 16:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 15:29:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 15:29:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 15:29:03
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 15:29:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 15:29:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 15:29:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 15:29:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 15:29:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 19:43:21
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 19:24:21
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 21:41:40
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 13:25:53
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 13:39:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 17:01:24
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 14:24:56
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 11:04:23
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 13:23:02
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 21:47:50
VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 23:11:22
VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 21:53:48
VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 17:56:47
VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 09:56:20
VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 13:43:55
VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 13:59:22
VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 16:43:17
VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 16:43:17
VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 16:43:17
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 16:16:21
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 20:05:26
AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 22:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 15:09:47
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 15:09:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 16:34:51
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 15:09:46
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 22:43:13
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 20:05:25
AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 20:05:25
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 13:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 20:05:25
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 16:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 16:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 16:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 16:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 18:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4c08f175\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: April 21, 2010 00:16
The repair of rootkits is only in interactive mode possible!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'freefixer.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'ZuneBusEnum.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ZuneLauncher.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\explorer.exe>
[DETECTION] Is the TR/Patched.AA.522 Trojan
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\system32\spoolsv.exe>
[DETECTION] Contains HEUR/Malware suspicious code
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\system32\lsass.exe>
[DETECTION] Is the TR/Patched.Gen Trojan
Scan process 'services.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\system32\services.exe>
[DETECTION] Is the TR/Patched.Gen Trojan
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32\xbr.dll'
C:\WINDOWS\system32\xbr.dll
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bjwdno> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '56abeb9b.qua'.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bjwdno> was removed successfully.


End of the scan: April 21, 2010 00:29
Used time: 13:02 Minute(s)

The scan has been done completely.

0 Scanned directories
38 Files were scanned
4 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
33 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top