Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

dangerous malware? HELP PLEASE!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

dangerous malware? HELP PLEASE!

Unread postby dniw9 » March 17th, 2013, 9:57 pm

Hi, yesterday, I played games with my cousins. One time we were passing installers using a flash drive then it happened that his desktop is heavily filled with malwares and/or viruses? without me knowing. Yeah I was being irresponsible. Anyway, I ran a virus/malware scan using antivir/avira today. Here's the report:



Avira Free Antivirus
Report file date: Monday, March 18, 2013 08:20


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : User
Computer name : USER-PC

Version information:
BUILD.DAT : 13.0.0.3185 47702 Bytes 1/30/2013 10:13:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 3/17/2013 16:23:33
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 3/17/2013 16:23:34
LUKE.DLL : 13.6.0.602 67808 Bytes 3/17/2013 16:28:13
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 3/17/2013 16:32:35
AVREG.DLL : 13.6.0.600 250592 Bytes 3/17/2013 16:32:31
avlode.dll : 13.6.2.624 434912 Bytes 3/17/2013 16:32:46
avlode.rdf : 13.0.0.38 15231 Bytes 3/17/2013 16:32:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:46:37
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:52:56
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 15:59:15
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 16:01:37
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:03:45
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 16:05:11
VBASE006.VDF : 7.11.41.250 4902400 Bytes 9/6/2012 16:06:42
VBASE007.VDF : 7.11.50.230 3904512 Bytes 11/22/2012 16:08:30
VBASE008.VDF : 7.11.60.10 6627328 Bytes 2/7/2013 16:10:55
VBASE009.VDF : 7.11.60.11 2048 Bytes 2/7/2013 16:10:55
VBASE010.VDF : 7.11.60.12 2048 Bytes 2/7/2013 16:10:56
VBASE011.VDF : 7.11.60.13 2048 Bytes 2/7/2013 16:10:56
VBASE012.VDF : 7.11.60.14 2048 Bytes 2/7/2013 16:10:57
VBASE013.VDF : 7.11.60.62 351232 Bytes 2/8/2013 16:11:04
VBASE014.VDF : 7.11.60.115 190976 Bytes 2/9/2013 16:11:06
VBASE015.VDF : 7.11.60.177 282624 Bytes 2/11/2013 16:11:10
VBASE016.VDF : 7.11.60.249 215552 Bytes 2/13/2013 16:11:15
VBASE017.VDF : 7.11.61.65 151040 Bytes 2/15/2013 16:11:20
VBASE018.VDF : 7.11.61.135 159232 Bytes 2/18/2013 16:11:26
VBASE019.VDF : 7.11.61.163 152064 Bytes 2/18/2013 16:11:32
VBASE020.VDF : 7.11.61.207 164352 Bytes 2/19/2013 16:11:36
VBASE021.VDF : 7.11.62.43 206336 Bytes 2/21/2013 16:11:40
VBASE022.VDF : 7.11.64.106 1510912 Bytes 3/11/2013 16:12:12
VBASE023.VDF : 7.11.64.157 137216 Bytes 3/12/2013 16:12:15
VBASE024.VDF : 7.11.64.233 159744 Bytes 3/14/2013 16:12:20
VBASE025.VDF : 7.11.65.19 143360 Bytes 3/15/2013 16:12:23
VBASE026.VDF : 7.11.65.63 150528 Bytes 3/17/2013 16:12:28
VBASE027.VDF : 7.11.65.64 2048 Bytes 3/17/2013 16:12:28
VBASE028.VDF : 7.11.65.65 2048 Bytes 3/17/2013 16:12:29
VBASE029.VDF : 7.11.65.66 2048 Bytes 3/17/2013 16:12:30
VBASE030.VDF : 7.11.65.67 2048 Bytes 3/17/2013 16:12:30
VBASE031.VDF : 7.11.65.70 13312 Bytes 3/17/2013 16:12:31
Engine version : 8.2.12.16
AEVDF.DLL : 8.1.2.10 102772 Bytes 3/17/2013 16:16:45
AESCRIPT.DLL : 8.1.4.98 475516 Bytes 3/17/2013 16:14:17
AESCN.DLL : 8.1.10.0 131445 Bytes 3/17/2013 16:14:12
AESBX.DLL : 8.2.5.12 606578 Bytes 3/17/2013 16:16:52
AERDL.DLL : 8.2.0.88 643444 Bytes 3/17/2013 16:14:10
AEPACK.DLL : 8.3.2.2 827767 Bytes 3/17/2013 16:14:01
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 3/17/2013 16:13:51
AEHEUR.DLL : 8.1.4.248 5804409 Bytes 3/17/2013 16:13:48
AEHELP.DLL : 8.1.25.2 258423 Bytes 3/17/2013 16:13:00
AEGEN.DLL : 8.1.6.16 434549 Bytes 3/17/2013 16:12:56
AEEXP.DLL : 8.4.0.12 192886 Bytes 3/17/2013 16:16:57
AEEMU.DLL : 8.1.3.2 393587 Bytes 3/17/2013 16:12:49
AECORE.DLL : 8.1.31.2 201080 Bytes 3/17/2013 16:12:46
AEBB.DLL : 8.1.1.4 53619 Bytes 3/17/2013 16:12:43
AVWINLL.DLL : 13.6.0.480 26480 Bytes 3/17/2013 15:39:51
AVPREF.DLL : 13.6.0.480 51056 Bytes 3/17/2013 16:23:27
AVREP.DLL : 13.6.0.480 178544 Bytes 3/17/2013 16:32:33
AVARKT.DLL : 13.6.0.624 260832 Bytes 3/17/2013 16:22:14
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 3/17/2013 16:22:53
SQLITE3.DLL : 3.7.0.1 397704 Bytes 3/17/2013 16:30:17
AVSMTP.DLL : 13.6.0.480 62832 Bytes 3/17/2013 16:23:55
NETNT.DLL : 13.6.0.480 16240 Bytes 3/17/2013 16:29:04
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 3/17/2013 15:40:21
RCTEXT.DLL : 13.6.0.480 66928 Bytes 3/17/2013 15:40:22

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Monday, March 18, 2013 08:20

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\261
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\PEGA
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9B24EB76-9906-4850-8F12-D5EE8A342308}\Connection\Name
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\LanaMap
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{817DFCD5-6CA2-4D10-9D4A-EAC83C271974}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\GroupOrderList\FSFilter Anti-Virus
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{817DFCD5-6CA2-4D10-9D4A-EAC83C271974}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Parameters\Isatap\{817DFCD5-6CA2-4D10-9D4A-EAC83C271974}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Parameters\Interfaces\{817dfcd5-6ca2-4d10-9d4a-eac83c271974}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\VSS\Diag\SystemRestore\SrCreateRp (Enter)
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\VSS\Diag\SystemRestore\SrCreateRp (Leave)
[NOTE] The registry entry is invisible.
C:\Windows\System32\wshtcpip.dll
[NOTE] The registry entry is invisible.
C:\Windows\System32\wshtcpip.dll
[NOTE] The registry entry is invisible.
C:\Windows\System32\wshtcpip.dll
[NOTE] The registry entry is invisible.
C:\Windows\System32\wship6.dll
[NOTE] The registry entry is invisible.
C:\Windows\System32\wship6.dll
[NOTE] The registry entry is invisible.
C:\Windows\System32\wshqos.dll
[NOTE] The registry entry is invisible.
C:\Windows\System32\wshqos.dll
[NOTE] The registry entry is invisible.
C:\Windows\System32\wshqos.dll
[NOTE] The registry entry is invisible.
C:\Windows\system32\MSAFD.DLL
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\APN\Updater\homepageurl_lmd
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\APN\Updater\homepageurl_lmd
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\APN\Updater\homepageurl_lmd
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Avira\AntiVir Desktop\profDataStr
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Internet Explorer\TypedURLs
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane\ExpandedState
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\1
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\0
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ini
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg\MRUListEx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\0
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\MRUListEx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030420130311
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013031120130312
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2846313594-1304962795-3165109416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013031720130318
[NOTE] The registry entry is invisible.

The scan of running processes will be started:
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'NvXDSync.exe' - '46' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '26' Module(s) have been scanned
Scan process 'GFNEXSrv.exe' - '31' Module(s) have been scanned
Scan process 'spoolsv.exe' - '82' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'SASCORE64.EXE' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '68' Module(s) have been scanned
Scan process 'avguard.exe' - '77' Module(s) have been scanned
Scan process 'Ath_CoexAgent.exe' - '41' Module(s) have been scanned
Scan process 'adminservice.exe' - '31' Module(s) have been scanned
Scan process 'rndlresolversvc.exe' - '26' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'taskhost.exe' - '54' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'Explorer.EXE' - '183' Module(s) have been scanned
Scan process 'PHotkey.exe' - '61' Module(s) have been scanned
Scan process 'MsgTranAgt.exe' - '23' Module(s) have been scanned
Scan process 'MsgTranAgt64.exe' - '17' Module(s) have been scanned
Scan process 'ATouch64.exe' - '26' Module(s) have been scanned
Scan process 'PVDesktop.exe' - '30' Module(s) have been scanned
Scan process 'PVDAgent.exe' - '20' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '68' Module(s) have been scanned
Scan process 'MsOsd.exe' - '29' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'Updater.exe' - '42' Module(s) have been scanned
Scan process 'avgnt.exe' - '91' Module(s) have been scanned
Scan process 'avscan.exe' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'LMS.exe' - '34' Module(s) have been scanned
Scan process 'daemonu.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'UNS.exe' - '46' Module(s) have been scanned
Scan process 'taskeng.exe' - '29' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '27' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1501' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files (x86)\BasicScan\basicscan.dll
[DETECTION] Is the TR/BHO.Zwangi.5671 Trojan
C:\Program Files (x86)\BasicScan\basicscan.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
C:\ProgramData\BasicScan\basicscan115.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
C:\Users\User\AppData\Local\RavenBleuSA\bin\1.0.16.0\RavenBleuUninstaller.exe
[0] Archive type: NSIS
--> [PluginsDir]/Install.dll
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.282624.7
[WARNING] Infected files in archives cannot be repaired
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\6020235-7f59b4eb
[0] Archive type: ZIP
--> zz/bc.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Lacompal.Gen exploit
[WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\DATA1.CAB.gpotato
[0] Archive type: CAB (Microsoft)
--> bin\AOgame.exe
[WARNING] The file could not be written!
C:\Users\User\Downloads\Programs\XvidSetup.exe
[DETECTION] Is the TR/Graftor.Elzob.15338.1 Trojan
[0] Archive type: Runtime Packed
--> C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab
[1] Archive type: CAB (Microsoft)
--> upgrade.exe
[2] Archive type: NSIS
--> [UnknownDir]/basicscan.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
[WARNING] Infected files in archives cannot be repaired
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
Begin scan in 'D:\'
--> \\?\D:\zywxsoft\The_Lost_Titans\f_1_5_darkcrypt.7z
[WARNING] The file could not be read!
D:\zywxsoft\The_Lost_Titans\f_1_5_darkcrypt.7z
[WARNING] The file could not be read!
--> \\?\D:\zywxsoft\The_Lost_Titans\w_3_theseashore.7z
[WARNING] The file could not be read!
D:\zywxsoft\The_Lost_Titans\w_3_theseashore.7z
[WARNING] The file could not be read!

Beginning disinfection:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
[NOTE] The file was moved to the quarantine directory under the name '5156df0e.qua'!
C:\Users\User\Downloads\Programs\XvidSetup.exe
[DETECTION] Is the TR/Graftor.Elzob.15338.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '49c3f0af.qua'!
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\6020235-7f59b4eb
[DETECTION] Contains recognition pattern of the EXP/JAVA.Lacompal.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '1b4bab81.qua'!
C:\Users\User\AppData\Local\RavenBleuSA\bin\1.0.16.0\RavenBleuUninstaller.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.282624.7
[NOTE] The file was moved to the quarantine directory under the name '7db8e590.qua'!
C:\ProgramData\BasicScan\basicscan115.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
[NOTE] The file was moved to the quarantine directory under the name '3839c8ae.qua'!
C:\Program Files (x86)\BasicScan\basicscan.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
[NOTE] The file was moved to the quarantine directory under the name '4722facf.qua'!
C:\Program Files (x86)\BasicScan\basicscan.dll
[DETECTION] Is the TR/BHO.Zwangi.5671 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0b9ad685.qua'!


End of the scan: Monday, March 18, 2013 09:49
Used time: 1:27:34 Hour(s)

The scan has been done completely.

24082 Scanned directories
348506 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
348498 Files not concerned
2077 Archives were scanned
5 Warnings
67 Notes
603308 Objects were scanned with rootkit scan
71 Hidden objects were found


I really am hoping that someone can help me. By the way, i have a pretty busy schedule but I will do my best to reply here asap when i will have the time. Thanks malwareremoval.com!
dniw9
Active Member
 
Posts: 1
Joined: March 17th, 2013, 9:51 pm
Advertisement
Register to Remove

Re: dangerous malware? HELP PLEASE!

Unread postby NonSuch » March 18th, 2013, 1:19 am

We need more than a description of your problem and the results of a virus scan.

By posting just a description of your problems it is likely that your topic will be passed by and you will not receive the help you're looking for.

We need to know what's running on your computer so we can give you appropriate instructions.

May I draw your attention to THIS topic, which you should have read, and which tells you what we need you to post so that we can help you.

This topic will now be closed.

If you still need help, please start a new thread with:

  • FRST.txt
  • Addition.txt
  • Details of your problems.

If for any reason you can't run FRST, please let us know in your post.

User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware