Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

FileParade + very slow startup and shutdown

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 7th, 2015, 10:24 am

ESET Log:

C:\$Recycle.Bin\S-1-5-21-4008453203-116359934-4206298802-1001\$R1D7663.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-4008453203-116359934-4206298802-1001\$ROQCY1S.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-4008453203-116359934-4206298802-1001\$R01O1LI.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-4008453203-116359934-4206298802-1001\$RBTBAGX.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-4008453203-116359934-4206298802-1001\$RVNSNZ4.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application
C:\Users\Admin\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\MSI47EB.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm
Advertisement
Register to Remove

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 7th, 2015, 6:30 pm

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1003 -> {15D6AACC-F402-4335-8BD8-20BB5E8A8DB5} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
C:\Users\Admin\Downloads\ccsetup415.exe
C:\Windows\Installer\MSI47EB.tmp
C:\Windows\System32\Adobe\Shockwave 11\gt.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
    • Please let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 7th, 2015, 7:44 pm

So grateful for your help, Gary.

Should I be concerned that Java 6 Update 45 is still showing in the Control Panel -> Programs list?
I think things feel pretty good.
Fixlog shown below...


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Admin at 2015-02-07 18:28:59 Run:3
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Stephen & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1003 -> {15D6AACC-F402-4335-8BD8-20BB5E8A8DB5} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
C:\Users\Admin\Downloads\ccsetup415.exe
C:\Windows\Installer\MSI47EB.tmp
C:\Windows\System32\Adobe\Shockwave 11\gt.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll
EmptyTemp:
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4008453203-116359934-4206298802-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15D6AACC-F402-4335-8BD8-20BB5E8A8DB5}" => Key deleted successfully.
HKCR\CLSID\{15D6AACC-F402-4335-8BD8-20BB5E8A8DB5} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
C:\Users\Admin\Downloads\ccsetup415.exe => Moved successfully.
C:\Windows\Installer\MSI47EB.tmp => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 11\gt.exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\APISupport\APISupport.dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\plugins\ChromeApiPlugin.dll => Moved successfully.
EmptyTemp: => Removed 43.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:31:29 ====
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 7th, 2015, 8:39 pm

Try removing the old Java version using the Java uninstaller tool ... https://www.java.com/en/download/faq/un ... olinfo.xml ... please let me know if it is successful.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 8th, 2015, 9:20 am

I tried the tool but it didn't have any success. However, I just tried the normal uninstall under Control Panel -> Programs again, and this time I think it worked. Thanks for the fantastic help!!
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 8th, 2015, 12:06 pm

Good, I'm glad you seem to have got it uninstalled anyway.

Time to remove the programs we've been using to clean your computer, then I'll make a few suggestions about computer security.

First ...

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check all the boxes then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

Then ...

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 15th, 2015, 2:15 am

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware