Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Janice (12-12-2018 19:33:37) Run:1
Running from C:\Users\Janice\Downloads
Loaded Profiles: Janice (Available Profiles: Janice)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2080133714-3568119728-3782012947-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {9C83AADC-C942-4CC8-8B38-71B983B8B574} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2080133714-3568119728-3782012947-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 0123121541080883mcinstcleanup; C:\Users\Janice\AppData\Local\Temp\012312~1.EXE -cleanup -nolog [X] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2080133714-3568119728-3782012947-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0B8ED248D38F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E8EBE161-2240-405C-9C9C-A0A71979CBE6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
C:\Windows\Temp\*.*
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\" => removed successfully
HKU\S-1-5-21-2080133714-3568119728-3782012947-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C83AADC-C942-4CC8-8B38-71B983B8B574} => removed successfully
HKLM\Software\Classes\CLSID\{9C83AADC-C942-4CC8-8B38-71B983B8B574} => not found
"HKU\S-1-5-21-2080133714-3568119728-3782012947-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\System\CurrentControlSet\Services\0123121541080883mcinstcleanup => removed successfully
0123121541080883mcinstcleanup => service removed successfully
HKU\S-1-5-21-2080133714-3568119728-3782012947-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0B8ED248D38F} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EBE161-2240-405C-9C9C-A0A71979CBE6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EBE161-2240-405C-9C9C-A0A71979CBE6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\adobegc.log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\HighPerformancePlan.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\PowerPlan.log => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 169288843 B
Java, Flash, Steam htmlcache => 2366 B
Windows/system/drivers => 5204080 B
Edge => 8281770 B
Chrome => 793674011 B
Firefox => 1221891920 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5849208 B
systemprofile32 => 0 B
LocalService => 4418127 B
LocalService => 0 B
NetworkService => 468156 B
NetworkService => 0 B
Janice => 128596565 B
RecycleBin => 369593419 B
EmptyTemp: => 2.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:38:20 ====
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-12-2018
# Duration: 00:00:22
# OS: Windows 10 Home
# Scanned: 32299
# Detected: 2
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
PUP.Optional.SearchEncrypt Search Encrypt - A Private Search Engine
PUP.Optional.YourFreeOnlineForms Forms
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
RogueKiller Anti-Malware V13.0.16.0 (x64) [Dec 10 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Janice [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2018/12/12 20:00:07 (Duration : 00:21:04)
いいいいいいいいいいいい Processes いいいいいいいいいいいい
いいいいいいいいいいいい Process Modules いいいいいいいいいいいい
いいいいいいいいいいいい Services いいいいいいいいいいいい
いいいいいいいいいいいい Tasks いいいいいいいいいいいい
いいいいいいいいいいいい Registry いいいいいいいいいいいい
>>>>>> O87 - Firewall
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4BCA8125-04C1-4FC0-9D7F-8710261BA265} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ignf875.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DA3F0599-DB0E-4FAB-A618-F98741E708C8} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ignf875.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{19E83436-F331-4453-9BA2-45547DAEE1AB} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ign27db.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{34D5B468-5762-4896-A502-0CC0BAF11652} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ign27db.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{13F219A4-83FE-46FD-80B9-F76CEB0ED181}C:\users\janice\appdata\local\logmein client\lmiignition.exe -- (LogMeIn, Inc.) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\janice\appdata\local\logmein client\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\logmein client\lmiignition.exe) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{AFC45370-3068-4A35-A6B8-BB5526BE33E5}C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B88458C1-08A2-4117-A62C-2FFF960F570D}C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9EE52069-2A23-4724-863F-27694B7BB7C3} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{302D28FF-95D8-4263-8506-4D3F070566B8} -- v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ign5605.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1ECFD799-A21D-4AF7-A11E-98E5B2CA0FD7}C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{387F2C87-8B61-454F-85CA-8472C0357DCD}C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\temp\ign47bb.tmp\lmiignition.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{820293D6-AD92-448A-BB01-137F407282FB}C:\users\janice\appdata\local\logmein client\lmiignition.exe -- (LogMeIn, Inc.) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\janice\appdata\local\logmein client\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\logmein client\lmiignition.exe) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FBBEF430-597D-4373-BE5D-5C7E6D3482CB}C:\users\janice\appdata\local\logmein client\lmiignition.exe -- (LogMeIn, Inc.) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\janice\appdata\local\logmein client\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| (C:\users\janice\appdata\local\logmein client\lmiignition.exe) -> Found
いいいいいいいいいいいい WMI いいいいいいいいいいいい
いいいいいいいいいいいい Hosts File いいいいいいいいいいいい
いいいいいいいいいいいい Files いいいいいいいいいいいい
いいいいいいいいいいいい Web browsers いいいいいいいいいいいい
>>>>>> Firefox Addon
[PUP.SearchEncrypt (Potentially Malicious)] Search Encrypt (C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\v29r1ped.default-1543662796318\extensions\@searchencrypt) -- @searchencrypt -> Found