1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware Infection

Discussion in 'Virus & Other Malware Removal' started by j_guy, Apr 21, 2010.

Thread Status:
Not open for further replies.
  1. j_guy

    j_guy Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    2
    Hey,
    Posting here is a bit of a last resort as I rarely post in forums. Especially tech forums. But, I am at my wits end. I've gone through so many pages and trials and software to figure out why my computer is so slow. If anyone could help me out, I would appreciate it as I am no good at this.
    The symptoms include: Everything is slow. I'm sorry, I really don't know how else to explain it. I have a Avira log and have checked sites for the detected files, but I end up in messing with my registry and I was always told not to mess with it. haha. Anyway, any help would be great.

    Avira AntiVir Personal
    Report file date: April 21, 2010 00:16

    Scanning for 1990003 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : HOMEPC

    Version information:
    BUILD.DAT : 10.0.0.565 32097 Bytes 4/12/2010 16:29:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 16:37:38
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03
    VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 15:29:03
    VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 15:29:03
    VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 15:29:03
    VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 15:29:03
    VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 15:29:03
    VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 15:29:03
    VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 15:29:03
    VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 15:29:03
    VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 19:43:21
    VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 19:24:21
    VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 21:41:40
    VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 13:25:53
    VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 13:39:58
    VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 17:01:24
    VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 14:24:56
    VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 11:04:23
    VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 13:23:02
    VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 21:47:50
    VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 23:11:22
    VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 21:53:48
    VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 17:56:47
    VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 09:56:20
    VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 13:43:55
    VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 13:59:22
    VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 16:43:17
    VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 16:43:17
    VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 16:43:17
    Engineversion : 8.2.1.210
    AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 16:16:21
    AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 20:05:26
    AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 22:38:41
    AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 15:09:47
    AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 15:09:47
    AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 16:34:51
    AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 15:09:46
    AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 22:43:13
    AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 20:05:25
    AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 20:05:25
    AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 13:04:22
    AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 20:05:25
    AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 16:15:06
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 16:35:46
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 16:39:51
    AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 16:22:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 18:14:29

    Configuration settings for the scan:
    Jobname.............................: avguard_async_scan
    Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4c08f175\guard_slideup.avp
    Logging.............................: low
    Primary action......................: repair
    Secondary action....................: quarantine
    Scan master boot sector.............: on
    Scan boot sector....................: off
    Process scan........................: on
    Scan registry.......................: off
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: high

    Start of the scan: April 21, 2010 00:16
    The repair of rootkits is only in interactive mode possible!

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'freefixer.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'ZuneBusEnum.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'ZuneLauncher.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Module is infected -> <C:\WINDOWS\explorer.exe>
    [DETECTION] Is the TR/Patched.AA.522 Trojan
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Module is infected -> <C:\WINDOWS\system32\spoolsv.exe>
    [DETECTION] Contains HEUR/Malware suspicious code
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Module is infected -> <C:\WINDOWS\system32\lsass.exe>
    [DETECTION] Is the TR/Patched.Gen Trojan
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Module is infected -> <C:\WINDOWS\system32\services.exe>
    [DETECTION] Is the TR/Patched.Gen Trojan
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting the file scan:

    Begin scan in 'C:\WINDOWS\system32\xbr.dll'
    C:\WINDOWS\system32\xbr.dll
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bjwdno> was removed successfully.
    [NOTE] The file was moved to the quarantine directory under the name '56abeb9b.qua'.
    [NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bjwdno> was removed successfully.


    End of the scan: April 21, 2010 00:29
    Used time: 13:02 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    38 Files were scanned
    4 Viruses and/or unwanted programs were found
    1 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    1 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    33 Files not concerned
    0 Archives were scanned
    0 Warnings
    1 Notes


    The scan results will be transferred to the Guard.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918209

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice