Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ebase.dll


  • This topic is locked This topic is locked
37 replies to this topic

#1 XSheWolfX

XSheWolfX

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 24 August 2014 - 12:28 PM

Hi,

 

Please can you assist in fixing the only error coming up at moment: missing ebase.dll, (though been aware of PC issues for a few weeks now).

 

Slow, spam and crashing (only 2years old)

 

Thanks so much.

 

Lee :smash: 


Edited by hamluis, 24 August 2014 - 03:47 PM.
Moved to AII at SleepyDude's request


BC AdBot (Login to Remove)

 


m

#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,935 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 AM

Posted 24 August 2014 - 02:46 PM

Hi :welcome: to BC,

 

Can you execute the following and post the log please?

 

Download MiniToolBox and save the file to the Desktop.
Close the browser and run the tool, check the following options:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)

     

     

  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

Click on Go.

Post the resulting log in your next reply.
 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 24 August 2014 - 03:08 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by SheWolf (administrator) on 24-08-2014 at 22:04:25
Running from "C:\Users\SheWolf\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : SheWolf-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 8C-89-A5-E3-A4-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b172:cf0f:3754:5ee3%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24 August 2014 09:46:14 PM
   Lease Expires . . . . . . . . . . : 25 August 2014 09:46:14 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 244091301
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-AB-5A-8C-8C-89-A5-E3-A4-0B
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2c0f:fb50:4002:800::1000
 74.125.233.46
 74.125.233.32
 74.125.233.33
 74.125.233.34
 74.125.233.35
 74.125.233.36
 74.125.233.37
 74.125.233.38
 74.125.233.39
 74.125.233.40
 74.125.233.41
 
 
Pinging google.com [74.125.233.39] with 32 bytes of data:
Reply from 74.125.233.39: bytes=32 time=14ms TTL=55
Reply from 74.125.233.39: bytes=32 time=92ms TTL=55
 
Ping statistics for 74.125.233.39:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 92ms, Average = 53ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=326ms TTL=44
Reply from 98.139.183.24: bytes=32 time=323ms TTL=44
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 323ms, Maximum = 326ms, Average = 324ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...8c 89 a5 e3 a4 0b ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    276
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::b172:cf0f:3754:5ee3/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/24/2014 09:46:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 07:54:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 07:00:06 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (08/24/2014 06:13:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 09:23:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 01:43:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2014 01:43:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2014 01:43:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/22/2014 05:39:53 PM) (Source: Google Update) (User: SheWolf-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (08/22/2014 02:53:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/24/2014 09:56:27 PM) (Source: DCOM) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (08/24/2014 09:52:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (08/24/2014 09:50:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (08/24/2014 09:46:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
pICVhkof
 
Error: (08/24/2014 09:46:21 PM) (Source: Service Control Manager) (User: )
Description: The BitGuard service failed to start due to the following error: 
%%2
 
Error: (08/24/2014 09:46:14 PM) (Source: Service Control Manager) (User: )
Description: The Wsys Service service failed to start due to the following error: 
%%2
 
Error: (08/24/2014 09:46:14 PM) (Source: Service Control Manager) (User: )
Description: The IePlugin Services service failed to start due to the following error: 
%%2
 
Error: (08/24/2014 09:46:14 PM) (Source: Service Control Manager) (User: )
Description: The Desk 365 service service failed to start due to the following error: 
%%2
 
Error: (08/24/2014 09:46:08 PM) (Source: BugCheck) (User: )
Description: 0x0000001a (0x00005001, 0xc0802000, 0x00000048, 0x04b496fe)C:\Windows\MEMORY.DMP
 
Error: (08/24/2014 09:46:08 PM) (Source: BugCheck) (User: )
Description: 
 
 
Microsoft Office Sessions:
=========================
Error: (08/24/2014 09:46:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 07:54:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 07:00:06 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (08/24/2014 06:13:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 09:23:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 01:43:56 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\innovative solutions\drivermax\DPInst\ia64\dpinst.exe
 
Error: (08/23/2014 01:43:55 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\innovative solutions\drivermax\DPInst\amd64\dpinst.exe
 
Error: (08/23/2014 01:43:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Desk 365\eDhelper64.exe
 
Error: (08/22/2014 05:39:53 PM) (Source: Google Update)(User: SheWolf-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (08/22/2014 02:53:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{13088D41-3475-A25E-BE76-5B4D36939498}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
bl (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center InstallProxy (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Desk 365 (HKLM\...\Desk 365) (Version: 1.15.8 - 337 Technology Limited.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
LG Burning Tool (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.5218a - CyberLink Corp.)
LG Burning Tool (Version: 6.2.5218a - CyberLink Corp.) Hidden
LG CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2808 - CyberLink Corp.)
LG CyberLink Media Suite (Version: 8.0.2808 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (Version: 2.0.3718 - CyberLink Corp.) Hidden
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.1209.01 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
ph (Version: 1.0.0 - Your Company Name) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Super-Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.006 - MSI)
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
uTorrentControl_v2 Toolbar (HKLM\...\uTorrentControl_v2 Toolbar) (Version: 6.11.2.6 - uTorrentControl_v2)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 8.0.3.3 - Webroot)
Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. )
 
========================= Devices: ================================
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 90%
Total physical RAM: 1526.7 MB
Available physical RAM: 138.63 MB
Total Pagefile: 3053.4 MB
Available Pagefile: 896.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.11 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:181.54 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SHEWOLF-PC
 
Administrator            Guest                    SheWolf                  
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
19-08-2014 04:14:38 Windows Update
19-08-2014 09:29:04 Installed Compatibility Pack for the 2007 Office system
20-08-2014 01:00:15 Windows Update
20-08-2014 18:47:15 Removed AVG 2014
20-08-2014 18:50:44 Removed AVG 2014
20-08-2014 19:46:55 Windows Update
24-08-2014 19:54:47 January 
 
**** End of log ****


#4 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 24 August 2014 - 03:13 PM

Is it just the driver's issue?

 

Please confirm if last post is what you wanted - feel like I've stripped lol



#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,935 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 AM

Posted 24 August 2014 - 03:36 PM

Hi,

 

You did ok. I see some malware on the log I will ask a Mod to move your topic to the Am I infected? What do I do? section of the forum.

 

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 24 August 2014 - 03:44 PM

B)



#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,935 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 AM

Posted 24 August 2014 - 04:00 PM

I see you have two Antivirus programs installed:

- Bitdefender Antivirus Free Edition

- Webroot SecureAnywhere

 

Contrary to what some people think, having more than one antivirus program doesn't give you more protection. With several Real-Time protections active the computer becomes slower accessing files and could crash due to resource conflicting, also you could get False Alarms when one AV starts identifying as virus the files from the other antivirus program. On next steps I will ask you to remove some of those programs. If you didn't buy Webroot SecureAnywhere please remove that one and keep Bitdefender Free.

 

» You have some programs installed that are dubious or Adware related that I would like you to uninstall...

 

Open Start > Control Panel > then Add or Remove Programs, locate these programs on the list and uninstall them:

  • µTorrent
  • uTorrentControl_v2 Toolbar
  • Whilokii
  • Desk 365

 

» Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte/I Agree)
     
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

» Download JRT to your Desktop

  • Disable your AntiVirus and AntiSpyware applications
    (If you have difficulty properly disabling your security programs, refer to this link.)
  • Right click on the icon JRT.jpg and choose Run as Administrator. Make sure all other windows are closed & follow the prompts.
    (The tool will start scanning your system please be patient as this can take a while to complete depending on your system's specifications and the program you have installed)
  • On completion Notepad will open showing the log JRT.txt (the log is saved to your desktop). Please copy and paste its contents on your next reply
  • Enable your AntiVirus and AntiSpyware applications

Edited by SleepyDude, 24 August 2014 - 04:01 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 25 August 2014 - 03:44 PM

Apologies for the delay.

 

Thank you.

 

Busy doing all as suggested and will revert with the reports asap.

 

You are amazing :love4u:



#9 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 25 August 2014 - 04:20 PM

AdwCleaner Log:
 
# AdwCleaner v3.308 - Report created 25/08/2014 at 22:49:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : SheWolf - SHEWOLF-PC
# Running from : C:\Users\SheWolf\Downloads\adwcleaner_3.308.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BitGuard
[#] Service Deleted : desksvc
[#] Service Deleted : IePluginServices
[#] Service Deleted : WsysSvc
Service Deleted : {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\WindowsProtectManger
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Desk 365
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\Gophoto.it
Folder Deleted : C:\Program Files\gs supporter
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\OnlineHD.TV
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\Tbccint
Folder Deleted : C:\Program Files\Common Files\337
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\SheWolf\AppData\Local\Conduit
Folder Deleted : C:\Users\SheWolf\AppData\Local\globalUpdate
Folder Deleted : C:\Users\SheWolf\AppData\Local\torch
Folder Deleted : C:\Users\SheWolf\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\SheWolf\AppData\LocalLow\Delta
Folder Deleted : C:\Users\SheWolf\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\SheWolf\AppData\Roaming\337Games
Folder Deleted : C:\Users\SheWolf\AppData\Roaming\Babylon
Folder Deleted : C:\Users\SheWolf\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\SheWolf\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\SheWolf\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcchgihapndnkdbcfeldhlgblagnfao
File Deleted : C:\Users\SheWolf\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
File Deleted : C:\END
File Deleted : C:\Windows\system32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w.sys
File Deleted : C:\Users\SheWolf\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\SheWolf\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Deleted : C:\Users\SheWolf\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\SheWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
File Deleted : C:\Users\SheWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Desk 365 RunAsStdUser
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\SheWolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\SheWolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\SheWolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\ae8a8db568e810
Key Deleted : HKLM\SOFTWARE\ae8a8db568e810
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_filzip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_filzip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\do-searchSoftware
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsProtectManger
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\SystemK
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\Wpm
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\SheWolf\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
 
[ File : C:\Users\SheWolf\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\SheWolf\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : ainbkicbloikcngphmjfpjdemblcojdd
Deleted [Extension] : aipfmkinhleccnodemkoofnnofpbbpac
Deleted [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : iaimhpklononapfjngelgdokckfjekfc
Deleted [Extension] : jcdgjdiieiljkfkdcloehkohchhpekkn
Deleted [Extension] : lkcchgihapndnkdbcfeldhlgblagnfao
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
Deleted [Extension] : ogfjmhfnldnajmfaofeiaepghjenbgjo
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
Deleted [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk
 
*************************
 
AdwCleaner[R0].txt - [14910 octets] - [25/08/2014 22:45:21]
AdwCleaner[S0].txt - [14661 octets] - [25/08/2014 22:49:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14722 octets] ##########


#10 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 25 August 2014 - 04:38 PM

JRT Log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by SheWolf on 2014/08/25 at 23:32:29.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-931832994-1781046335-47412457-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{344913D7-E0EC-42B1-95E5-260EE6D9AE06}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\SheWolf\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\SheWolf\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Program Files\qualitink"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/08/25 at 23:35:12.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,935 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 AM

Posted 25 August 2014 - 05:44 PM

Hi,
 

Apologies for the delay.

No need for apologize.
 

You are amazing :love4u:

 

:) My pleasure. Its the error message about missing ebase.dll gone?

 

 

Plenty of adware removed but we need to make sure that there isn't more! Let's install a program an do a scan, also you can keep it and run a scan from time to time to make sure the computer is clean.

 

9OoOKtajgSmoOAS611kOcmffOCc4Sw.png Install and Run Malwarebytes

  • Please download Malwarebytes' Anti-Malware from here or here
  • Double Click the mbam-setup-2.x.x or mbam-setup MBAM2.jpg to install the application.
  • On the last step of installation make sure you uncheck the box Enable free trial of Malwarebytes Anti-Malware Premium then click Finish.
    MBAM2_Trial.png
  • If an update is found, it will download and install the latest updates automatically if not click Update Now »
    MBAM2_Updating.png
  • Click the Settings tab, and check the box next to Scan for rootkits:
    MBAM2_Settings.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM2_Scan.png
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, it will show the results:
    MBAM2_threat-detected.jpg
  • Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    Failure to reboot normally will prevent Malwarebytes from removing all the malware.
    MBAM2_RestartPrompt.png
  • After restarting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information


  • The log is automatically saved by MBAM and can be viewed by going to the History tab, clicking on Application Logs:
    MBAM2_Log.png
  • Select (check) the box next to Scan Log. Choose the most current scan, and click on the View button:
  • In the bottom of the Scanning History Log window that opens, click on Export > Save to Text file (*.txt) button. Save the report to your Desktop.
  • Copy & Paste the entire contents of the report log in your next reply.

 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 25 August 2014 - 06:22 PM

Beautiful!

 

Will do.

 

Lol. I entirely 'missed' not seeing ebase.dll pop up, + additional malware online spam all gone!

 

Thank you sooooo much.

 

Dont even know how to thank you - just quickly and quietly jumping on board to help :hug: 

 

Awesome.

 

Thank you again.

 

xxx



#13 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 27 August 2014 - 02:36 PM

PC crashed again and it took time (again) for her to reboot, so just downloading and will revert on your last email now.

 

Got so busy with work - but now that I have to work and cant...lol

 

Thanks.



#14 XSheWolfX

XSheWolfX
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Africa
  • Local time:10:42 AM

Posted 27 August 2014 - 02:39 PM

While I've got you.

 

Was using AVG (long time), and just changed to Bitfender because AVG was popping up all the time and driving me crazy.

 

I realise now perhaps this was just the malware?

 

I'm baisically asking which of the two do you think is better as Bitfender not complying to my liking either.



#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,935 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 AM

Posted 27 August 2014 - 03:16 PM

Hi,
 

PC crashed again and it took time (again) for her to reboot, so just downloading and will revert on your last email now.
 
Got so busy with work - but now that I have to work and cant...lol
 
Thanks.

 
Besides the Malwarebytes scan we need to run some more to make sure nothing is hidden. After this we can do some checks about those crashes.
 

While I've got you.

Was using AVG (long time), and just changed to Bitfender because AVG was popping up all the time and driving me crazy.

I realise now perhaps this was just the malware?

I'm baisically asking which of the two do you think is better as Bitfender not complying to my liking either.

 

AVG isn't exactly something we recommend right now due to some bad options the company made...

You are running Bitdefender free or paid version?

 

Bitdefender it's a good av but it can be heavy if your machine doesn't have enough resources.

 

One thing you must do is make sure AVG is completely gone by running the uninstall tool available here that matches the version uninstalled.


Edited by SleepyDude, 27 August 2014 - 03:29 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users