Pc Running Slow And Getting Slower

Greetings and welcome to the Major Geeks Malware Forum.

Please do this

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download FRST64 and save the file on your Desktop
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
• Please attach the reports to your reply

===================================================

Things I would like to see in your next reply.

• Attached reports

 

Thank you for the reports.

There is no evidence of malicious software on your system. However, there are some things we need to address.

I do not recommend using programs, or parts of programs that automate the changing of Registry entries. I would recommend uninstalling the programs listed in the Revo instructions. At the very least if we could remove them for now then you can reinstall them once we sort things out that would be helpful.

Let's start with this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

• Download Revo Uninstaller Free Portable and save it to your Desktop
• Right click on the folder and select Extract All..., then click Extract
• Double click on the RevoUninstaller-Portable folder
• Right click on RevoUPort and select Run as administrator
• Click OK on the License Agreement
• From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

Code:

Wise Care 365
Wise Data Recovery 3.87
Wise Disk Cleaner
Wise Memory Optimizer 4.1.6
Wise Registry Cleaner
Tweaking.com - Windows Repair

• If the program's uninstaller appears work through the steps to remove the program(s)
• Be sure the Advanced option is selected then click Scan
• For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
• Once done click Finish
• Reboot your computer

===================================================

Uninstalling Adobe Flash Player

--------------------

Note: Adobe Flash Player is no longer supported and is a security risk.

• Download Adobe Flash Player Uninstaller and save it to your Desktop
  
• Right click on the icon and select Run as administrator
  
• Click Uninstall then Done to reboot your computer

===================================================

Java Out of Date

--------------------

Java is known to have ongoing security concerns. If you know you don't need it, or even if you are unsure, I would recommend uninstalling it. If it is necessary in the future you will be alerted for the need to download it.

If you would rather have the program on your system skip the above and complete the Clean Install of Java Using JavaRa instructions here.
===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST64 icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST64 will do it for you

Code:

Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\SysWOW64\Macromed
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-07-01] (Adobe Inc. -> )
HKU\S-1-5-21-64531484-4004407286-3706521261-1001\...\Run: [] => [X] 
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.22.0\GoogleDriveFS.exe --startup_mode (No File) 
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.22.0\GoogleDriveFS.exe --startup_mode (No File) 
Task: {120C48D3-4581-420E-AB42-8092A0846DBA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {7DE9F695-734C-425E-9DEB-CED21EBD341B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-teelions@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe  -mode=scheduled (No File) 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File 
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File 
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File 
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File 
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> No File 
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} -  No File 
FirewallRules: [{3953C0C8-BA41-442D-B75C-7FD3AE3BDF05}] => (Allow) C:\Program Files\Fortect\MainService.exe => No File 
FirewallRules: [{DB5EFBD9-B33B-47BD-8618-6656DC39B24E}] => (Allow) C:\Program Files\Fortect\MainService.exe => No File 
CustomCLSID: HKU\S-1-5-21-64531484-4004407286-3706521261-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-64531484-4004407286-3706521261-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-64531484-4004407286-3706521261-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-64531484-4004407286-3706521261-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-64531484-4004407286-3706521261-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-64531484-4004407286-3706521261-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-64531484-4004407286-3706521261-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> no filepath 
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION 
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION 
HKU\S-1-5-21-64531484-4004407286-3706521261-1001\...\Policies\system: [shell] explorer.exe <==== ATTENTION 
AlternateDataStreams: C:\Windows:AstInfo [0] 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] 
AlternateDataStreams: C:\Users\teeli\Cookies:iX6cqMa2gBwWQ7BJYlOV [2010] 
AlternateDataStreams: C:\Users\teeli\AppData\Local\CZNS3k2Gb6:W4HUclWdLZy6pDVqYakkJQXK [2106] 
AlternateDataStreams: C:\Users\teeli\AppData\Local\YeX8AAtniLxO9pv:HJYM3JLVFh6RZ4ASlX0jsQNzL [2352] 
Task: {8C325C55-BF3A-43CF-9DCF-D46A516F38DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-01] (Adobe Inc. -> Adobe) 
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-07-01] (Adobe Inc. -> ) 
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-07-01] (Adobe Inc. -> ) 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-01] (Adobe Inc. -> Adobe) 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
• Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
• Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Programs removed?
• Flash Player uninstalled?
• Java uninstalled or updated?
• Fixlog

 

If you ran the Farbar Recovery Scan Tool Fix step in my last post it should have created a Fixlog.txt report in the C:\Users\teeli\Desktop\Cleanup\Farbar Recovery Scan Tool folder. This is the same folder from where you ran FRST64.exe.

 

I modified the script to remove the parts you are concerned about. Although it is running better there still may be some system related issues, in particular Windows Update.

If you are willing, please run the modified script so we can address the potential system issues.