You guys are awesome and I appreciate your help.
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.
Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
CreateRestorePoint: SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Toolbar: HKLM-x32 - iYogiPMToolbar - {CF729B85-4F13-45E7-A1EF-75A32EDBD532} - C:\Program Files (x86)\iYogi\iYogiPasswordManager\iYogiPMToolbar.dll No File Toolbar: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF HKLM-x32\...\Firefox\Extensions: [iYogi@iYogi.com] - C:\Program Files (x86)\iYogi\iYogiPasswordManager\iYogiPassMgr.xpi => not found CHR HKLM-x32\...\Chrome\Extension: [fpeifmajolhnfocdndkhkpbdiaohpnmg] - C:\Program Files (x86)\iYogi\iYogiPasswordManager\ChromeExtension\ChromeToolBar.crx <not found> S3 scan; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION 2018-03-19 10:20 - 2015-03-02 13:26 - 000000000 ____D C:\Program Files (x86)\TechGenie 2018-03-19 10:20 - 2014-08-14 19:28 - 000000000 ____D C:\Program Files (x86)\iYogi Support Dock 2015-06-25 07:53 - 2015-06-25 07:53 - 000026936 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\DseShExt-x64.dll 2015-06-25 07:53 - 2015-06-25 07:53 - 000028984 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\DseShExt-x86.dll 2015-06-25 07:53 - 2015-06-25 07:53 - 000032568 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\SDShelEx-win32.dll 2015-06-25 07:53 - 2015-06-25 07:53 - 000032056 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\SDShelEx-x64.dll 2018-03-19 10:10 - 2012-03-09 02:57 - 001682432 _____ (iYogi Inc) C:\Users\Terri\AppData\Local\Temp\uninst000.exe 2015-05-20 14:06 - 2013-01-14 09:34 - 000007680 _____ () C:\Users\Terri\AppData\Local\Z@!-2a809d76-88be-40fd-9c2f-7bee87f7c434.tmp 2015-05-20 14:06 - 2013-01-14 09:34 - 000007168 _____ () C:\Users\Terri\AppData\Local\Z@S!-e299fa99-8280-4e84-b0e0-eb18fdd0b8a0.tmp Task: {08CCDD46-CF49-4EF3-913D-2BB7686910BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {0BC9BB65-94FF-4F2F-B2ED-2FEBC5977F2E} - System32\Tasks\TweakBit\PCSpeedUp\Start PCSpeedUp ?n logon => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe [2018-01-11] (TweakBit) <==== ATTENTION Task: {248143D8-7A4E-40B7-AD1F-574BC97B50C5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {2AD822BA-8A77-4176-B125-62FBCC0CF9EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {2E73D1A2-E7F8-48E8-9549-F87F63A76A2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {36E57232-1B61-4D11-803A-25A45464CAD2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {440CE6DF-561A-401F-991F-476367205404} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {47240613-99BF-4652-8890-929296A4E99F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {8D340956-A06E-46A1-AE5C-4F4ECF069894} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {A191CEC6-88FE-4615-9A7F-086801D83407} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {A8E7AC82-1018-4527-B623-E060D2BDF1FE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {BD9D7621-8E92-4682-A91F-C5B5A975C7D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C0DC343E-7DBA-4AD9-8B02-C4FCEEEFA943} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk" HKLM\...\StartupApproved\StartupFolder: => "TechGenie.lnk" HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\Run32: => "iYogi Support Dock" HKLM\...\StartupApproved\Run32: => "TechGenieRealTime" HKLM\...\StartupApproved\Run32: => "AntivirusUpdateApp" HKLM\...\StartupApproved\Run32: => "InboxAce EPM Support" HKLM\...\StartupApproved\Run32: => "DivXMediaServer" HKU\S-1-5-21-1580677906-789884366-343230679-1001\...\StartupApproved\Run: => "OneDrive" EmptyTemp: Hosts: CMD: ipconfig /flushdns
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 394 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware