Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox and Windows File Explorer Running slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox and Windows File Explorer Running slow

Unread postby scruvs » February 25th, 2015, 12:35 pm

Firefox and Windows File Explorer Running are running slow in Windows 8.1. Half-second delays between keystrokes and the text appearing on the screen.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by nathan (administrator) on NATHAN on 25-02-2015 11:28:14
Running from C:\Users\Nathan.MAIN\Desktop
Loaded Profiles: nathan (Available profiles: Nathan & UpdatusUser & nathan)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Windows\SysWOW64\TSSchBkpService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1726297449-671702483-674205844-1109\...\Run: [TSTimer] => C:\Program Files (x86)\Timeslips\TSTimer.exe [2437216 2010-04-01] (Sage Software, Inc.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL =
SearchScopes: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> DefaultScope {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309656&CUI=UN42804838301081320&UM=2
SearchScopes: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309656&CUI=UN42804838301081320&UM=2
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF Homepage: https://www.google.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\user.js
FF SearchPlugin: C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\searchplugins\safeguard-secure-search.xml
FF Extension: LastPass - C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\Extensions\support@lastpass.com [2014-12-30]
FF Extension: Garmin Communicator - C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-30]
FF Extension: KeyBar 2.1 - C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\Extensions\{cef81415-2059-4dd5-9829-1aef3cf27f4f} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-02-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234344 2015-02-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 TSScheduleBackup; C:\Windows\SysWOW64\TSSchBkpService.exe [705024 2008-08-15] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-07] (GFI Software)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-24] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 11:28 - 2015-02-25 11:28 - 00014095 _____ () C:\Users\Nathan.MAIN\Desktop\FRST.txt
2015-02-25 11:27 - 2015-02-25 11:28 - 00000000 ____D () C:\FRST
2015-02-25 11:27 - 2015-02-25 11:27 - 02087936 _____ (Farbar) C:\Users\Nathan.MAIN\Desktop\FRST64.exe
2015-02-25 10:42 - 2015-02-25 10:42 - 00323875 _____ () C:\Users\Nathan.MAIN\Downloads\047114414984
2015-02-25 10:41 - 2015-02-25 10:41 - 00355242 _____ () C:\Users\Nathan.MAIN\Downloads\047114414983
2015-02-24 10:08 - 2015-02-24 10:08 - 00117347 _____ () C:\Users\Nathan.MAIN\Downloads\7278967171_20150223_163549.wav
2015-02-24 09:18 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-24 09:18 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-24 09:18 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-24 09:18 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-24 09:18 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-24 09:18 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-24 09:18 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-24 09:18 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-24 09:18 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-24 09:18 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-24 09:18 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-24 09:18 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-23 09:21 - 2015-02-23 09:21 - 00000118 _____ () C:\Users\Nathan.MAIN\Downloads\2014 summer fall.zip
2015-02-23 08:25 - 2015-02-23 08:25 - 01628585 _____ () C:\Users\Nathan.MAIN\Downloads\8-15-cv-00356-MSS-AEP.zip
2015-02-23 08:04 - 2015-02-23 08:04 - 03287190 _____ () C:\Users\Nathan.MAIN\Downloads\3-15-cv-00178-HES-MCR.zip
2015-02-20 10:35 - 2015-02-20 10:35 - 00129918 _____ () C:\Users\Nathan.MAIN\Downloads\8132735000_20150220_101805.wav
2015-02-19 13:46 - 2015-02-19 13:46 - 00000962 _____ () C:\Users\Nathan.MAIN\AppData\Local\recently-used.xbel
2015-02-19 09:50 - 2015-02-19 09:50 - 00002523 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
2015-02-19 09:50 - 2015-02-19 09:50 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-02-19 09:50 - 2015-02-19 09:50 - 00002064 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2015-02-19 09:44 - 2015-02-19 09:45 - 335472296 _____ (Adobe Systems Incorporated) C:\Users\Nathan.MAIN\Downloads\AcrobatStd_10_Web_WWEFD.exe
2015-02-19 09:23 - 2015-02-19 09:23 - 00181665 _____ () C:\Users\Nathan.MAIN\Downloads\5712728867_20150219_084141.wav
2015-02-18 15:01 - 2015-02-18 15:01 - 00000000 ___SD () C:\Users\Nathan.MAIN\Documents\My Data Sources
2015-02-18 13:50 - 2015-02-18 13:50 - 00082144 _____ () C:\Users\Nathan.MAIN\Downloads\7275412696_20150218_121019.wav
2015-02-18 10:06 - 2015-02-18 10:06 - 00046944 _____ () C:\Users\Nathan.MAIN\Downloads\4076490080_20150217_173118.wav
2015-02-18 09:46 - 2015-02-18 09:46 - 02654310 _____ () C:\Users\Nathan.MAIN\Downloads\8-15-cv-00326-EAK-MAP.zip
2015-02-18 09:29 - 2015-02-18 09:29 - 05971885 _____ () C:\Users\Nathan.MAIN\Downloads\3-15-cv-00170-TJC-MCR.zip
2015-02-18 02:29 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-18 02:29 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-17 14:57 - 2015-02-17 14:57 - 00323604 _____ () C:\Users\Nathan.MAIN\Downloads\7277100666_20150217_123543.wav
2015-02-16 13:06 - 2015-02-16 13:06 - 00298625 _____ () C:\Users\Nathan.MAIN\Downloads\7277100666_20150216_114213.wav
2015-02-10 20:48 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 20:48 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 20:48 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 20:48 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 20:48 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 20:48 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 20:48 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 20:48 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 20:47 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 20:47 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 20:47 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 20:47 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 20:47 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 20:47 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 20:47 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 20:47 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 20:47 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 20:47 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 20:47 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 20:47 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 20:47 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 20:47 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 20:47 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 20:47 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 20:47 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 20:47 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 20:47 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 20:47 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 20:47 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 20:47 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 20:47 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 20:47 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 20:47 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 20:47 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 20:47 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 20:47 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 20:47 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 20:47 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 20:47 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 20:47 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 20:47 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 20:47 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 20:47 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 20:46 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 20:46 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 20:46 - 2015-01-10 04:25 - 00112960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2015-02-10 20:46 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 20:46 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 20:46 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 20:46 - 2015-01-10 03:21 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2015-02-10 20:46 - 2015-01-10 03:20 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-02-10 20:46 - 2015-01-10 03:20 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-02-10 20:46 - 2015-01-10 03:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2015-02-10 20:46 - 2015-01-10 03:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-02-10 20:46 - 2015-01-10 01:51 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2015-02-10 20:46 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 20:46 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 20:46 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 20:46 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 20:46 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 20:46 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 20:46 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 20:46 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 15:09 - 2015-02-10 15:09 - 00000000 __SHD () C:\Users\Nathan.MAIN\AppData\Local\EmieUserList
2015-02-10 15:09 - 2015-02-10 15:09 - 00000000 __SHD () C:\Users\Nathan.MAIN\AppData\Local\EmieSiteList
2015-02-10 15:09 - 2015-02-10 15:09 - 00000000 __SHD () C:\Users\Nathan.MAIN\AppData\Local\EmieBrowserModeList
2015-02-10 14:16 - 2015-02-10 14:16 - 00018441 _____ () C:\Users\Nathan.MAIN\Downloads\viewdocument(4).ashx
2015-02-10 10:50 - 2015-02-10 10:50 - 00468987 _____ () C:\Users\Nathan.MAIN\Downloads\047114350490
2015-02-10 10:23 - 2015-02-10 10:23 - 01894788 _____ () C:\Users\Nathan.MAIN\Downloads\6-15-cv-00186-PGB-TBS.zip
2015-02-10 08:50 - 2015-02-16 10:53 - 00001949 _____ () C:\Users\Public\Desktop\CTS 7.lnk
2015-02-10 08:50 - 2015-02-10 08:50 - 00000000 ____D () C:\Users\Nathan.MAIN\AppData\Roaming\FlexTracPrint
2015-02-09 13:00 - 2015-02-09 13:00 - 00061217 _____ () C:\Users\Nathan.MAIN\Downloads\7274396827_20150209_113332.wav
2015-02-06 07:58 - 2015-02-06 07:58 - 00825620 _____ () C:\Users\Nathan.MAIN\Downloads\6-15-cv-00162-ACC-DAB.zip
2015-02-04 16:15 - 2015-02-04 16:15 - 00197239 _____ () C:\Users\Nathan.MAIN\Downloads\7272786509_20150204_161541.wav
2015-02-04 15:32 - 2015-02-04 15:32 - 25405777 _____ () C:\Users\Nathan.MAIN\Downloads\2015-MWI-Materials.zip
2015-02-04 13:19 - 2015-02-04 13:19 - 00189851 _____ () C:\Users\Nathan.MAIN\Downloads\MYL
2015-02-04 13:06 - 2015-02-04 13:06 - 00093174 _____ () C:\Users\Nathan.MAIN\Downloads\7274429735_20150204_122054.wav
2015-02-02 14:24 - 2015-02-02 14:24 - 00454703 _____ () C:\Users\Nathan.MAIN\Downloads\8-15-cv-00195-CEH-AEP.zip
2015-02-02 10:57 - 2015-02-02 10:57 - 00418923 _____ () C:\Users\Nathan.MAIN\Downloads\8-15-cv-00193-JSM-EAJ.zip
2015-02-01 10:42 - 2015-02-01 10:42 - 00062285 _____ () C:\Users\Nathan.MAIN\Downloads\20150201_074153331_STORAGE_1630643550.tif
2015-01-26 16:48 - 2015-01-26 16:48 - 00270236 _____ () C:\Users\Nathan.MAIN\Downloads\5712729191_20150126_152739.wav
2015-01-26 09:20 - 2015-01-26 09:20 - 00102827 _____ () C:\Users\Nathan.MAIN\Downloads\9546272017_20150126_081029.wav

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 11:23 - 2015-01-21 12:07 - 02013949 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-25 11:23 - 2013-02-28 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 11:23 - 2013-02-08 16:34 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 11:23 - 2013-02-08 15:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 11:22 - 2015-01-21 12:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-25 11:22 - 2014-01-23 08:36 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-25 11:22 - 2014-01-23 08:36 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-25 11:22 - 2013-08-22 09:46 - 00372631 _____ () C:\WINDOWS\setupact.log
2015-02-25 11:22 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 11:22 - 2013-03-04 13:40 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-25 11:22 - 2013-02-08 14:51 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-02-25 11:21 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-25 11:11 - 2013-03-18 07:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-25 11:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-25 10:49 - 2013-02-08 16:34 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 10:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-24 10:13 - 2013-02-08 15:06 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1726297449-671702483-674205844-1109
2015-02-24 09:28 - 2014-11-21 03:43 - 00867660 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-24 09:21 - 2015-01-21 12:10 - 00000000 ____D () C:\Users\Nathan.MAIN
2015-02-24 09:20 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 09:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-24 08:56 - 2014-11-21 03:34 - 00007528 _____ () C:\WINDOWS\PFRO.log
2015-02-22 08:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-22 08:37 - 2013-03-04 13:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-02-22 08:36 - 2013-03-04 13:41 - 00107392 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-02-22 08:36 - 2013-03-04 13:41 - 00092520 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-02-22 08:36 - 2013-03-04 13:41 - 00035688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-02-19 13:47 - 2013-02-27 17:26 - 00000000 ____D () C:\Users\Nathan.MAIN\.gimp-2.8
2015-02-19 09:53 - 2013-08-22 09:44 - 00481208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-19 09:49 - 2013-02-08 15:25 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-19 09:49 - 2013-02-08 15:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-18 16:00 - 2014-10-28 09:26 - 00000000 ____D () C:\CT$Temp
2015-02-18 11:41 - 2014-08-05 12:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-18 11:41 - 2014-08-05 12:43 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-18 11:41 - 2014-08-05 12:43 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-18 11:41 - 2014-08-05 12:43 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-18 11:41 - 2014-08-05 12:43 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-18 11:41 - 2014-08-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-18 10:12 - 2013-06-11 10:39 - 00000000 ___RD () C:\Users\Nathan.MAIN\Dropbox
2015-02-18 10:12 - 2013-06-11 10:38 - 00000000 ____D () C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox
2015-02-17 09:07 - 2013-06-11 10:39 - 00001083 _____ () C:\Users\Nathan.MAIN\Desktop\Dropbox.lnk
2015-02-17 09:07 - 2013-06-11 10:38 - 00000000 ____D () C:\Users\Nathan.MAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-17 09:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-16 10:53 - 2014-10-28 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlexTrac
2015-02-11 03:39 - 2014-03-24 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 03:39 - 2013-02-08 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 03:38 - 2013-08-11 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 03:31 - 2013-02-09 03:17 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 08:50 - 2014-10-28 09:24 - 00000000 ____D () C:\Program Files (x86)\FlexTrac
2015-02-05 13:26 - 2013-02-08 17:33 - 00123264 _____ () C:\Users\Nathan.MAIN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-04 14:12 - 2013-03-18 07:33 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 08:44 - 2013-02-08 16:34 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 08:44 - 2013-02-08 16:34 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 14:31 - 2014-11-21 11:23 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-11-21 11:23 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 09:14 - 2015-01-21 12:41 - 00003080 __RSH () C:\ProgramData\ntuser.pol
2015-01-27 09:13 - 2015-01-20 09:13 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-01-27 09:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-27 09:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-27 09:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-01-27 09:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-01-27 09:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-27 09:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2013-02-13 19:42 - 2013-02-13 19:42 - 14823424 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-02-11 12:38 - 2014-12-12 15:04 - 0022059 _____ () C:\Users\Nathan.MAIN\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-02-19 13:46 - 2015-02-19 13:46 - 0000962 _____ () C:\Users\Nathan.MAIN\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Nathan.MAIN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw85fgy.dll
C:\Users\Nathan.MAIN\AppData\Local\Temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 10:13

==================== End Of Log ============================


Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by nathan at 2015-02-25 11:29:02
Running from C:\Users\Nathan.MAIN\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Amicus Attorney 2009 Small Firm (HKLM-x32\...\AmicusSmallFirmAttorney) (Version: - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.1.10.01 (HKLM\...\AutoHotkey) (Version: 1.1.10.01 - Lexikos)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CoolUtils Mail Viewer (HKLM-x32\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
Dropbox (HKU\S-1-5-21-1726297449-671702483-674205844-1109\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FairCom Crystal Driver (HKLM-x32\...\{1698B560-DB7C-11D2-BAAA-00207814ABF0}) (Version: - )
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM-x32\...\{09538C28-E130-4210-A8F3-1D175EE2DDF1}) (Version: 3.1.21.46 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM-x32\...\{CEBBF68C-4C3F-4D9B-8482-428E01064C31}) (Version: 3.5.385.1020 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-1726297449-671702483-674205844-1109\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
IP/CTS_6301 (HKLM-x32\...\{5C55AF00-11A6-4DF9-96C4-30E18015E6F5}) (Version: 6.3.01 - FlexTrac Systems, Inc.)
IP/CTS_7201 (HKLM-x32\...\{AFE7DAC6-E98A-4240-B7E6-A059B31C032B}) (Version: 7.2.01 - FlexTrac | TORViC Technologies, Inc.)
IP/CTS_7202 (HKLM-x32\...\{65A6D1E6-FEE9-4906-903D-83C3EAF0267E}) (Version: 7.2.02 - FlexTrac | TORViC Technologies, Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lichdom: Battlemage (HKLM-x32\...\Steam App 261760) (Version: - Xaviant)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{36E0F777-19FE-4454-BB2D-84206758EA85}) (Version: 4.1.2651 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Pivot 1.0.4.5 (HKLM-x32\...\Pivot_is1) (Version: 1.0.4.5 - )
ProView (HKLM-x32\...\{ADE0B38C-6131-493F-B557-92A0A4C79A07}) (Version: 1.7.0 - Thomson Reuters)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealLegal E-Transcript Bundle Viewer (HKLM-x32\...\{53ABC694-1E23-49D1-A63D-EB5FEAE8FB8C}) (Version: 6.1.0.1199 - Thomson Reuters)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Timeslips 2009 Local (HKLM-x32\...\{311C16F8-F8B4-4831-8B51-7F0D96BA143C}) (Version: 17.0.1.0 - Sage Software, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1726297449-671702483-674205844-1109_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nathan.MAIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-02-2015 09:41:34 Removed Adobe Acrobat X Standard.
24-02-2015 09:18:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2013-10-22 14:56 - 00447822 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2120CC0C-1E01-4CBF-8DF9-88BDC4BA9AFC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {31A7B64B-6B07-4297-A1EF-C213C12F6477} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {381DF6C7-9C85-44EF-83EC-E72FBF833A42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: {4608CF9C-D717-4DB1-B694-1C9196B52367} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: {4B73C889-0DD6-4095-BA05-BC54853E0286} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {4E369737-7053-4A06-A0D4-68F779477FDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {972B73DF-D7CB-4D9E-83EA-7FEAE3245373} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {A13F9071-3CA6-4C20-90FB-27FE0E31556E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {B922B1E4-C3AD-4E2A-8F60-C8F9A797C202} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {BA82FA8F-047D-47CA-A785-CE5928B431DA} - System32\Tasks\{1B4292AA-3927-490E-8384-DF77130F9CF3} => pcalua.exe -a \\W2K8DC\Data\TEAM2009\INSTALL\SETUP.EXE -d \\W2K8DC\Data\TEAM2009\INSTALL
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-21 12:07 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-08 16:43 - 2008-08-15 09:49 - 00705024 _____ () C:\Windows\SysWOW64\TSSchBkpService.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2013-10-07 15:25 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-07 15:25 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-07 15:25 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-07 15:25 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-07 15:25 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-12-30 09:24 - 2014-12-30 09:24 - 01020928 _____ () C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Nathan.MAIN\Downloads\noname(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Nathan.MAIN\Downloads\noname(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Nathan.MAIN\Downloads\noname(3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Nathan.MAIN\Downloads\noname(4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Nathan.MAIN\Downloads\noname(5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Nathan.MAIN\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1726297449-671702483-674205844-1109\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.3

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run: => "IntelliType Pro"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1726297449-671702483-674205844-1109\...\StartupApproved\Run: => "TSTimer"

==================== Accounts: =============================

Administrator (S-1-5-21-1017215530-2946982772-1156603604-500 - Administrator - Disabled)
Guest (S-1-5-21-1017215530-2946982772-1156603604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1017215530-2946982772-1156603604-1003 - Limited - Enabled)
Nathan (S-1-5-21-1017215530-2946982772-1156603604-1001 - Administrator - Enabled) => C:\Users\Nathan
UpdatusUser (S-1-5-21-1017215530-2946982772-1156603604-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 11:22:42 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/25/2015 03:59:47 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/24/2015 10:15:22 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/24/2015 09:22:50 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/24/2015 09:18:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/24/2015 08:57:36 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/24/2015 05:57:26 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/23/2015 05:23:32 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/22/2015 04:20:25 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/21/2015 03:53:05 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.


System errors:
=============
Error: (02/25/2015 11:24:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/25/2015 11:24:44 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/25/2015 11:22:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%14001

Error: (02/25/2015 04:00:28 AM) (Source: DCOM) (EventID: 10010) (User: MAIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/25/2015 03:59:58 AM) (Source: DCOM) (EventID: 10010) (User: MAIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/24/2015 09:24:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/24/2015 09:24:57 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/24/2015 09:22:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%14001

Error: (02/24/2015 08:59:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/24/2015 08:59:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (11/12/2014 01:35:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1214 seconds with 300 seconds of active time. This session ended with a crash.

Error: (11/12/2014 09:56:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 413 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/05/2014 09:47:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/22/2014 02:58:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/22/2014 02:57:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/15/2014 10:04:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1863 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/14/2014 03:29:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/14/2014 09:59:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/14/2014 09:58:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/03/2014 03:42:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 562 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-02-24 10:14:29.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-19 10:13:23.667
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-18 11:46:34.828
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-18 11:20:52.577
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-17 09:22:49.303
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-29 05:15:46.145
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-22 05:11:18.040
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 17%
Total physical RAM: 8187.61 MB
Available physical RAM: 6768.41 MB
Total Pagefile: 9467.61 MB
Available Pagefile: 7828.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.23 GB) (Free:24.03 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:180.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 15901590)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 119.2 GB) (Disk ID: 062A2FFC)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm
Advertisement
Register to Remove

Re: Firefox and Windows File Explorer Running slow

Unread postby Gary R » February 26th, 2015, 7:46 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox and Windows File Explorer Running slow

Unread postby Gary R » February 26th, 2015, 7:51 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi scruvs

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8.1, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Before we start to remove the signs of infection I see in your FRST logs, I'd like you to run a couple of extra scans for me, so that I've got a more complete picture of what we need to deal with.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

I'd like you to run a search for me using FRST.

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » February 27th, 2015, 3:05 pm

Thanks for your help, Gary.

1. Registry backed up.
C:\RegBackup\NATHAN\2.27.2015_1.42.14-PM

2. AdwCleaner log (Please make sure this is what you expect). File was named AdwCleaner[R0].txt and located in a slightly different folder.

# AdwCleaner v4.111 - Logfile created 27/02/2015 at 13:44:54
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : nathan - NATHAN
# Running from : C:\Users\Nathan.MAIN\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\lucky leap
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Toolbar Cleaner
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Conduit

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E}
Key Found : HKLM\SOFTWARE\adawaretb
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309656
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0 (x86 en-US)

*************************

AdwCleaner[R0].txt - [4156 bytes] - [27/02/2015 13:44:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4215 bytes] ##########
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » February 27th, 2015, 3:06 pm

3. FRST64 Search:

Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by nathan at 2015-02-27 13:55:19
Running from C:\Users\Nathan.MAIN\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Classes\ActivatableClasses\CLSID\{B4D3E147-E963-562E-B1CB-6D689103948E}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"

[HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109_Classes\ActivatableClasses\CLSID\{B4D3E147-E963-562E-B1CB-6D689103948E}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Trolltech]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
""="Conduit Community Alerts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]
"{cef81415-2059-4dd5-9829-1aef3cf27f4f}"="http://search.conduit.com?SearchSource=10&CUI=UN42804838301081320&UM=2&ctid=CT3309656"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
""="Conduit Community Alerts"

[HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\AppDataLow\Software\Conduit]

[HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Conduit]

[HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309656&CUI=UN42804838301081320&UM=2"

[HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E}]
"FaviconURL"="http://search.conduit.com/favicon.ico"

====== End Of Search ======
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby Gary R » February 28th, 2015, 1:20 am

OK, let's get started on cleaning your computer.

First ...

Please uninstall ... Spybot S&D ... since it will interfere with the cleanup process.

You can re-install it once we've got your machine clean.

Reboot your computer once its uninstalled

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
SearchScopes: HKLM-x32 -> DefaultScope {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL =
SearchScopes: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> DefaultScope {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3309656&CUI=UN42804838301081320&UM=2
SearchScopes: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3309656&CUI=UN42804838301081320&UM=2
Toolbar: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.as ... ource=3&q= {searchTerms}
FF Extension: KeyBar 2.1 - C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\Extensions\{cef81415-2059-4dd5-9829-1aef3cf27f4f} [2013-12-12]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
C:\Windows\System32\drivers\gfiark.sys
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-07] (GFI Software)
C:\Windows\System32\drivers\gfibto.sys
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Conduit]
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E}]
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner fix log
  • Fixlog.txt
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » March 2nd, 2015, 10:58 am

1. ADWCleaner fix log

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 09:22:02
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : nathan - NATHAN
# Running from : C:\Users\Nathan.MAIN\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\lucky leap
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309656
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4322 bytes] - [27/02/2015 13:44:54]
AdwCleaner[R1].txt - [4381 bytes] - [02/03/2015 09:18:57]
AdwCleaner[R2].txt - [4440 bytes] - [02/03/2015 09:20:45]
AdwCleaner[S0].txt - [4201 bytes] - [02/03/2015 09:22:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4260 bytes] ##########
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » March 2nd, 2015, 11:01 am

2. Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by nathan at 2015-03-02 09:27:22 Run:1
Running from C:\Users\Nathan.MAIN\Desktop
Loaded Profiles: nathan (Available profiles: Nathan & UpdatusUser & nathan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 -> DefaultScope {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL =
SearchScopes: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> DefaultScope {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3309656&CUI=UN42804838301081320&UM=2
SearchScopes: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> {32BE75B5-78E8-4B6A-A704-59F1AB506D4E} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3309656&CUI=UN42804838301081320&UM=2
Toolbar: HKU\S-1-5-21-1726297449-671702483-674205844-1109 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.as ... ource=3&q= {searchTerms}
FF Extension: KeyBar 2.1 - C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\Extensions\{cef81415-2059-4dd5-9829-1aef3cf27f4f} [2013-12-12]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
C:\Windows\System32\drivers\gfiark.sys
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-07] (GFI Software)
C:\Windows\System32\drivers\gfibto.sys
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Conduit]
[-HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E}]
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1726297449-671702483-674205844-1109\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1726297449-671702483-674205844-1109\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E} => Key not found.
HKCR\CLSID\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E} => Key not found.
HKU\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
C:\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\Extensions\{cef81415-2059-4dd5-9829-1aef3cf27f4f} => Moved successfully.
gfiark => Service deleted successfully.
C:\Windows\System32\drivers\gfiark.sys => Moved successfully.
gfibto => Unable to stop service
gfibto => Service deleted successfully.
C:\Windows\System32\drivers\gfibto.sys => Moved successfully.
HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Trolltech => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Trolltech => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} => Key not found.
HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\AppDataLow\Software\Conduit => Key not found.
HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Conduit => Key not found.
HKEY_USERS\S-1-5-21-1726297449-671702483-674205844-1109\Software\Microsoft\Internet Explorer\SearchScopes\{32BE75B5-78E8-4B6A-A704-59F1AB506D4E} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 852.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:29:28 ====
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » March 2nd, 2015, 11:06 am

3. Performance:

Firefox seems better, but still laggy. The lag is somewhat inconsistent. I am not sure that the lag is normal.

I receive a 0.25 second lag between key strokes, selecting menus, and using scroll bars.
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby Gary R » March 2nd, 2015, 11:11 am

OK, lets see if we've missed anything ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » March 2nd, 2015, 12:53 pm

ESET.txt

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\FRST\Quarantine\C\Users\Nathan.MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\d2zmri0n.default\Extensions\{cef81415-2059-4dd5-9829-1aef3cf27f4f}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi134-Free_RAR_Extract_Frog-SEO-10804840.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi213-CoolUtils_Mail_Viewer-SEO-75975867.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Nathan.MAIN\Downloads\FreeVideoToFlashConverter.exe Win32/OpenCandy potentially unsafe application
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip(1).exe a variant of Win32/InstallCore.D potentially unwanted application
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip(1).exe a variant of Win32/InstallCore.D potentially unwanted application
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby Gary R » March 2nd, 2015, 1:49 pm

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi134-Free_RAR_Extract_Frog-SEO-10804840.exe
C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi213-CoolUtils_Mail_Viewer-SEO-75975867.exe 
C:\Users\Nathan.MAIN\Downloads\FreeVideoToFlashConverter.exe
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip(1).exe 
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip.exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip(1).exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip.exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\InstallFreeRARExtractFrog.exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\KeyFinderInstaller.exe
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

What's the performance like now ?



.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » March 2nd, 2015, 2:11 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by nathan at 2015-03-02 13:05:46 Run:2
Running from C:\Users\Nathan.MAIN\Desktop
Loaded Profiles: nathan (Available profiles: Nathan & UpdatusUser & nathan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi134-Free_RAR_Extract_Frog-SEO-10804840.exe
C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi213-CoolUtils_Mail_Viewer-SEO-75975867.exe
C:\Users\Nathan.MAIN\Downloads\FreeVideoToFlashConverter.exe
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip(1).exe
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip.exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip(1).exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip.exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\InstallFreeRARExtractFrog.exe
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\KeyFinderInstaller.exe
EmptyTemp:
*****************

C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi134-Free_RAR_Extract_Frog-SEO-10804840.exe => Moved successfully.
C:\Users\Nathan.MAIN\Downloads\cbsidlm-cbsi213-CoolUtils_Mail_Viewer-SEO-75975867.exe => Moved successfully.
C:\Users\Nathan.MAIN\Downloads\FreeVideoToFlashConverter.exe => Moved successfully.
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip(1).exe => Moved successfully.
D:\Documents and Settings\nathan.MAIN\Local Settings\temp\ICReinstall\cnet2_XMLViewer_zip.exe => Moved successfully.
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip(1).exe => Moved successfully.
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\cnet2_XMLViewer_zip.exe => Moved successfully.
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\InstallFreeRARExtractFrog.exe => Moved successfully.
D:\Documents and Settings\nathan.MAIN\My Documents\Downloads\KeyFinderInstaller.exe => Moved successfully.
EmptyTemp: => Removed 116.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:06:07 ====
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby scruvs » March 2nd, 2015, 2:12 pm

System, and Firefox in particular, appears to be performing normally. Performance is greatly improved.
scruvs
Active Member
 
Posts: 11
Joined: October 7th, 2013, 4:03 pm

Re: Firefox and Windows File Explorer Running slow

Unread postby Gary R » March 2nd, 2015, 7:26 pm

Excellent. In that case, I think we can close this topic. All we need to do now is remove the programs we've been using to clean your machine.

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check all the boxes then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 91 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware