Computer very slow

[janicegonder]

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Janice (12-12-2018 19:33:37) Run:1
Running from C:\Users\Janice\Downloads
Loaded Profiles: Janice (Available Profiles: Janice)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2080133714-3568119728-3782012947-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {9C83AADC-C942-4CC8-8B38-71B983B8B574} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2080133714-3568119728-3782012947-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 0123121541080883mcinstcleanup; C:\Users\Janice\AppData\Local\Temp\012312~1.EXE -cleanup -nolog [X] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2080133714-3568119728-3782012947-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0B8ED248D38F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E8EBE161-2240-405C-9C9C-A0A71979CBE6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
C:\Windows\Temp\*.*
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\" => removed successfully
HKU\S-1-5-21-2080133714-3568119728-3782012947-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C83AADC-C942-4CC8-8B38-71B983B8B574} => removed successfully
HKLM\Software\Classes\CLSID\{9C83AADC-C942-4CC8-8B38-71B983B8B574} => not found
"HKU\S-1-5-21-2080133714-3568119728-3782012947-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\System\CurrentControlSet\Services\0123121541080883mcinstcleanup => removed successfully
0123121541080883mcinstcleanup => service removed successfully
HKU\S-1-5-21-2080133714-3568119728-3782012947-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0B8ED248D38F} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EBE161-2240-405C-9C9C-A0A71979CBE6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EBE161-2240-405C-9C9C-A0A71979CBE6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\adobegc.log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\HighPerformancePlan.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\PowerPlan.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 169288843 B
Java, Flash, Steam htmlcache => 2366 B
Windows/system/drivers => 5204080 B
Edge => 8281770 B
Chrome => 793674011 B
Firefox => 1221891920 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5849208 B
systemprofile32 => 0 B
LocalService => 4418127 B
LocalService => 0 B
NetworkService => 468156 B
NetworkService => 0 B
Janice => 128596565 B

RecycleBin => 369593419 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:38:20 ====





# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-12-2018
# Duration: 00:00:22
# OS: Windows 10 Home
# Scanned: 32299
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.SearchEncrypt Search Encrypt - A Private Search Engine
PUP.Optional.YourFreeOnlineForms Forms

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



RogueKiller Anti-Malware V13.0.16.0 (x64) [Dec 10 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Janice [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2018/12/12 20:00:07 (Duration : 00:21:04)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O87 - Firewall
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4BCA8125-04C1-4FC0-9D7F-8710261BA265} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ignf875.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DA3F0599-DB0E-4FAB-A618-F98741E708C8} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ignf875.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{19E83436-F331-4453-9BA2-45547DAEE1AB} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ign27db.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{34D5B468-5762-4896-A502-0CC0BAF11652} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ign27db.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{13F219A4-83FE-46FD-80B9-F76CEB0ED181}C:\users\janice\appdata\local\logmein client\lmiignition.exe -- (LogMeIn, Inc.) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\janice\appdata\local\logmein client\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\logmein client\lmiignition.exe) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{AFC45370-3068-4A35-A6B8-BB5526BE33E5}C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B88458C1-08A2-4117-A62C-2FFF960F570D}C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9EE52069-2A23-4724-863F-27694B7BB7C3} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{302D28FF-95D8-4263-8506-4D3F070566B8} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1ECFD799-A21D-4AF7-A11E-98E5B2CA0FD7}C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{387F2C87-8B61-454F-85CA-8472C0357DCD}C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{820293D6-AD92-448A-BB01-137F407282FB}C:\users\janice\appdata\local\logmein client\lmiignition.exe -- (LogMeIn, Inc.) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\logmein client\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\logmein client\lmiignition.exe) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FBBEF430-597D-4373-BE5D-5C7E6D3482CB}C:\users\janice\appdata\local\logmein client\lmiignition.exe -- (LogMeIn, Inc.) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\logmein client\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\logmein client\lmiignition.exe) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Firefox Addon
[PUP.SearchEncrypt (Potentially Malicious)] Search Encrypt (C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\v29r1ped.default-1543662796318\extensions\@searchencrypt) -- @searchencrypt -> Found

[Juliet]

I can see the Fixlog.txt worked as expected.
Did you allow AdwCleaner and RogueKiller to delete what they found?

How is the computer now?

[janicegonder]

The computer is working much better. Yes, both programs deleted what they found

[Juliet]

Let's check for remnants

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here

• Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
• Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
• After the installation IS complete let it update if it asks.
• Under SETTINGS.....APPLICATIONS leave everything at default
• Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
• Then go to the Dashboard and click on SCAN NOW
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  Upon completion of the scan (or after the reboot), click the Reports tab.
  Double-click the Scan Log.
  At the bottom click Export and choose Text file.
  
  Save the file to your desktop and include its content in your next reply.
  
  You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
• Then click on POST
• Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

• Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
• Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
• After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
• Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
• If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
• After the restart, open EEK again (in the C:\EEK folder);
• This time, click on Logs;
• From there, go under the Quarantine Log tab, and click on the Export button;
• Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

[Juliet]

bump......

[Juliet]

Glad we could help.
Since this issue appears resolved ... this Topic is closed.