Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Runs Slowly, Many Extra Addons, HELP

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Runs Slowly, Many Extra Addons, HELP

Unread postby reddog1992000 » March 18th, 2018, 8:43 pm

I am helping my mother to clean her computer. She was using a service called iYogi and I am seeing all kinds of extra "helper" software popup. It runs very slow, she is also worried that she has a virus that may have compromised her passwords for email and such. I am not sure about that but am attempting to reclaim her email accounts, but we wanted to start with cleaning her computer first. I am uploading the attachments because there are too many characters to fit within the forum topic.

You guys are awesome and I appreciate your help.
You do not have the required permissions to view the files attached to this post.
reddog1992000
Regular Member
 
Posts: 51
Joined: December 13th, 2013, 3:57 pm
Advertisement
Register to Remove

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby Gary R » March 19th, 2018, 2:24 am

Looking over your logs, I'll be back once I've looked them over.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby Gary R » March 19th, 2018, 4:45 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Reddog

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's a few items in your logs that need attention, but before we deal with them ...

iYogi have a less than stellar reputation, and I strongly recommend that you remove their products, which for the most part are going to do nothing beneficial for your machine.

https://www.bbb.org/new-york-city/busin ... k-ny-99062
https://www.infoworld.com/article/26197 ... posed.html
https://krebsonsecurity.com/2012/03/agh ... i-support/

Please uninstall the following programs ...

µTorrent
360 Total Security
iPNA
iYogi Support Dock
iYogiPasswordManager
MaintenanceTool
TechGenie
TuneUp Utilities 2014
TuneUpTool


... and when finished reboot your computer.

Next ....

Run a new scan with FRST and post/attach me your new Frst.txt and Addition.txt logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby reddog1992000 » March 19th, 2018, 1:29 pm

Okay here you go
You do not have the required permissions to view the files attached to this post.
reddog1992000
Regular Member
 
Posts: 51
Joined: December 13th, 2013, 3:57 pm

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby Gary R » March 19th, 2018, 2:01 pm

OK, looking better already, so onto the next stage ...

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it (don't include Code: Select all) ....
Code: Select all
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKLM-x32 - iYogiPMToolbar - {CF729B85-4F13-45E7-A1EF-75A32EDBD532} - C:\Program Files (x86)\iYogi\iYogiPasswordManager\iYogiPMToolbar.dll No File
Toolbar: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Firefox\Extensions: [iYogi@iYogi.com] - C:\Program Files (x86)\iYogi\iYogiPasswordManager\iYogiPassMgr.xpi => not found
CHR HKLM-x32\...\Chrome\Extension: [fpeifmajolhnfocdndkhkpbdiaohpnmg] - C:\Program Files (x86)\iYogi\iYogiPasswordManager\ChromeExtension\ChromeToolBar.crx <not found>
S3 scan; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION
2018-03-19 10:20 - 2015-03-02 13:26 - 000000000 ____D C:\Program Files (x86)\TechGenie
2018-03-19 10:20 - 2014-08-14 19:28 - 000000000 ____D C:\Program Files (x86)\iYogi Support Dock
2015-06-25 07:53 - 2015-06-25 07:53 - 000026936 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\DseShExt-x64.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 000028984 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\DseShExt-x86.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 000032568 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\SDShelEx-win32.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 000032056 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\SDShelEx-x64.dll
2018-03-19 10:10 - 2012-03-09 02:57 - 001682432 _____ (iYogi Inc) C:\Users\Terri\AppData\Local\Temp\uninst000.exe
2015-05-20 14:06 - 2013-01-14 09:34 - 000007680 _____ () C:\Users\Terri\AppData\Local\Z@!-2a809d76-88be-40fd-9c2f-7bee87f7c434.tmp
2015-05-20 14:06 - 2013-01-14 09:34 - 000007168 _____ () C:\Users\Terri\AppData\Local\Z@S!-e299fa99-8280-4e84-b0e0-eb18fdd0b8a0.tmp
Task: {08CCDD46-CF49-4EF3-913D-2BB7686910BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0BC9BB65-94FF-4F2F-B2ED-2FEBC5977F2E} - System32\Tasks\TweakBit\PCSpeedUp\Start PCSpeedUp ?n logon => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe [2018-01-11] (TweakBit) <==== ATTENTION
Task: {248143D8-7A4E-40B7-AD1F-574BC97B50C5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2AD822BA-8A77-4176-B125-62FBCC0CF9EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2E73D1A2-E7F8-48E8-9549-F87F63A76A2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {36E57232-1B61-4D11-803A-25A45464CAD2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {440CE6DF-561A-401F-991F-476367205404} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {47240613-99BF-4652-8890-929296A4E99F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D340956-A06E-46A1-AE5C-4F4ECF069894} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A191CEC6-88FE-4615-9A7F-086801D83407} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8E7AC82-1018-4527-B623-E060D2BDF1FE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BD9D7621-8E92-4682-A91F-C5B5A975C7D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C0DC343E-7DBA-4AD9-8B02-C4FCEEEFA943} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TechGenie.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run32: => "iYogi Support Dock"
HKLM\...\StartupApproved\Run32: => "TechGenieRealTime"
HKLM\...\StartupApproved\Run32: => "AntivirusUpdateApp"
HKLM\...\StartupApproved\Run32: => "InboxAce EPM Support"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-1580677906-789884366-343230679-1001\...\StartupApproved\Run: => "OneDrive"
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns

  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log, and let me know how the computer is running now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby reddog1992000 » March 20th, 2018, 1:00 am

It is much faster at startup. What should I tell her about using for antivirus software? Do you have a preference?

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Terri (19-03-2018 21:53:48) Run:2
Running from C:\Users\Terri\Downloads
Loaded Profiles: Terri (Available Profiles: Terri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM-x32 - iYogiPMToolbar - {CF729B85-4F13-45E7-A1EF-75A32EDBD532} - C:\Program Files (x86)\iYogi\iYogiPasswordManager\iYogiPMToolbar.dll No File
Toolbar: HKU\S-1-5-21-1580677906-789884366-343230679-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM-x32\...\Firefox\Extensions: [iYogi@iYogi.com] - C:\Program Files (x86)\iYogi\iYogiPasswordManager\iYogiPassMgr.xpi => not found
CHR HKLM-x32\...\Chrome\Extension: [fpeifmajolhnfocdndkhkpbdiaohpnmg] - C:\Program Files (x86)\iYogi\iYogiPasswordManager\ChromeExtension\ChromeToolBar.crx <not found>
S3 scan; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION
2018-03-19 10:20 - 2015-03-02 13:26 - 000000000 ____D C:\Program Files (x86)\TechGenie
2018-03-19 10:20 - 2014-08-14 19:28 - 000000000 ____D C:\Program Files (x86)\iYogi Support Dock
2015-06-25 07:53 - 2015-06-25 07:53 - 000026936 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\DseShExt-x64.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 000028984 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\DseShExt-x86.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 000032568 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\SDShelEx-win32.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 000032056 _____ (TuneUp Software) C:\Users\Terri\AppData\Local\Temp\SDShelEx-x64.dll
2018-03-19 10:10 - 2012-03-09 02:57 - 001682432 _____ (iYogi Inc) C:\Users\Terri\AppData\Local\Temp\uninst000.exe
2015-05-20 14:06 - 2013-01-14 09:34 - 000007680 _____ () C:\Users\Terri\AppData\Local\Z@!-2a809d76-88be-40fd-9c2f-7bee87f7c434.tmp
2015-05-20 14:06 - 2013-01-14 09:34 - 000007168 _____ () C:\Users\Terri\AppData\Local\Z@S!-e299fa99-8280-4e84-b0e0-eb18fdd0b8a0.tmp
Task: {08CCDD46-CF49-4EF3-913D-2BB7686910BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0BC9BB65-94FF-4F2F-B2ED-2FEBC5977F2E} - System32\Tasks\TweakBit\PCSpeedUp\Start PCSpeedUp ?n logon => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe [2018-01-11] (TweakBit) <==== ATTENTION
Task: {248143D8-7A4E-40B7-AD1F-574BC97B50C5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2AD822BA-8A77-4176-B125-62FBCC0CF9EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2E73D1A2-E7F8-48E8-9549-F87F63A76A2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {36E57232-1B61-4D11-803A-25A45464CAD2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {440CE6DF-561A-401F-991F-476367205404} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {47240613-99BF-4652-8890-929296A4E99F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D340956-A06E-46A1-AE5C-4F4ECF069894} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A191CEC6-88FE-4615-9A7F-086801D83407} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8E7AC82-1018-4527-B623-E060D2BDF1FE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BD9D7621-8E92-4682-A91F-C5B5A975C7D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C0DC343E-7DBA-4AD9-8B02-C4FCEEEFA943} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TechGenie.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run32: => "iYogi Support Dock"
HKLM\...\StartupApproved\Run32: => "TechGenieRealTime"
HKLM\...\StartupApproved\Run32: => "AntivirusUpdateApp"
HKLM\...\StartupApproved\Run32: => "InboxAce EPM Support"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-1580677906-789884366-343230679-1001\...\StartupApproved\Run: => "OneDrive"
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-1580677906-789884366-343230679-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-1580677906-789884366-343230679-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CF729B85-4F13-45E7-A1EF-75A32EDBD532}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{CF729B85-4F13-45E7-A1EF-75A32EDBD532}" => removed successfully
"HKU\S-1-5-21-1580677906-789884366-343230679-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\iYogi@iYogi.com" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fpeifmajolhnfocdndkhkpbdiaohpnmg" => removed successfully
"HKLM\System\CurrentControlSet\Services\scan" => removed successfully
scan => service removed successfully
C:\Program Files (x86)\TechGenie => moved successfully
C:\Program Files (x86)\iYogi Support Dock => moved successfully
C:\Users\Terri\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
C:\Users\Terri\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
C:\Users\Terri\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
C:\Users\Terri\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
C:\Users\Terri\AppData\Local\Temp\uninst000.exe => moved successfully
C:\Users\Terri\AppData\Local\Z@!-2a809d76-88be-40fd-9c2f-7bee87f7c434.tmp => moved successfully
C:\Users\Terri\AppData\Local\Z@S!-e299fa99-8280-4e84-b0e0-eb18fdd0b8a0.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08CCDD46-CF49-4EF3-913D-2BB7686910BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08CCDD46-CF49-4EF3-913D-2BB7686910BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BC9BB65-94FF-4F2F-B2ED-2FEBC5977F2E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC9BB65-94FF-4F2F-B2ED-2FEBC5977F2E}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\TweakBit\PCSpeedUp\Start PCSpeedUp ?n logon" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCSpeedUp\Start PCSpeedUp ?n logon => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{248143D8-7A4E-40B7-AD1F-574BC97B50C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{248143D8-7A4E-40B7-AD1F-574BC97B50C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2AD822BA-8A77-4176-B125-62FBCC0CF9EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AD822BA-8A77-4176-B125-62FBCC0CF9EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E73D1A2-E7F8-48E8-9549-F87F63A76A2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E73D1A2-E7F8-48E8-9549-F87F63A76A2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36E57232-1B61-4D11-803A-25A45464CAD2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36E57232-1B61-4D11-803A-25A45464CAD2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{440CE6DF-561A-401F-991F-476367205404}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{440CE6DF-561A-401F-991F-476367205404}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47240613-99BF-4652-8890-929296A4E99F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47240613-99BF-4652-8890-929296A4E99F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D340956-A06E-46A1-AE5C-4F4ECF069894}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D340956-A06E-46A1-AE5C-4F4ECF069894}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A191CEC6-88FE-4615-9A7F-086801D83407}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A191CEC6-88FE-4615-9A7F-086801D83407}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8E7AC82-1018-4527-B623-E060D2BDF1FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E7AC82-1018-4527-B623-E060D2BDF1FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD9D7621-8E92-4682-A91F-C5B5A975C7D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD9D7621-8E92-4682-A91F-C5B5A975C7D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0DC343E-7DBA-4AD9-8B02-C4FCEEEFA943}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0DC343E-7DBA-4AD9-8B02-C4FCEEEFA943}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Microsoft Office.lnk" => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TechGenie.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\TechGenie.lnk" => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\WinZip Preloader.lnk" => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Update Notifier.lnk" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\iYogi Support Dock" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iYogi Support Dock" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\TechGenieRealTime" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TechGenieRealTime" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AntivirusUpdateApp" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AntivirusUpdateApp" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\InboxAce EPM Support" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InboxAce EPM Support" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\DivXMediaServer" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer" => not found
"HKU\S-1-5-21-1580677906-789884366-343230679-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\OneDrive" => removed successfully
"HKU\S-1-5-21-1580677906-789884366-343230679-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OneDrive" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48814906 B
Java, Flash, Steam htmlcache => 3895 B
Windows/system/drivers => 435605 B
Edge => 7995076 B
Chrome => 84586374 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 7859 B
LocalService => 18010 B
NetworkService => 56976 B
Terri => 13253852 B

RecycleBin => 45275 B
EmptyTemp: => 153.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-03-2018 21:57:55)

C:\WINDOWS\System32\Tasks\TweakBit\PCSpeedUp\Start PCSpeedUp ?n logon => Could not move

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCSpeedUp\Start PCSpeedUp ?n logon => could not remove. Access Denied.

==== End of Fixlog 21:57:55 ====
reddog1992000
Regular Member
 
Posts: 51
Joined: December 13th, 2013, 3:57 pm

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby Gary R » March 20th, 2018, 1:46 am

According to the FRST logs she has Avast installed as her anti-virus and anti-spyware ....

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)


However, at the time of scan it was disabled, and Windows Defender was enabled and was protecting her computer.

So, at this point you have a couple of options .....

  • Enable Avast, and use that to protect the machine. When you enable Avast, Windows Defender will be disabled.
  • Uninstall Avast and let Windows Defender continue to protect her machine.

My personal choice would be to uninstall Avast, and to use Windows Defender, since that will put a lighter load on her processor, and help speed things up.

Contrary to popular belief, Windows Defender is a perfectly adequate AV program. It doesn't have the "bells and whistles" that come with some of the 3rd party AV programs, but it will protect your computer just as well as they do.

Most people get infected because of their browsing habits, not because of which AV they have fitted.

NO anti-virus program will keep your computer safe if you don't browse with caution.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby reddog1992000 » March 20th, 2018, 10:08 am

Thank you for that. Are we pretty much finished up then?
reddog1992000
Regular Member
 
Posts: 51
Joined: December 13th, 2013, 3:57 pm

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby Gary R » March 20th, 2018, 11:09 am

Unless you've got any further problems, I'm finished.

I don't see any signs of infection in the logs you've supplied, and the symptoms you described do not lead me to believe your machine is infected, however if you wish we can run an online scan to make sure.

The choice is up to you.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby reddog1992000 » March 20th, 2018, 8:09 pm

Nope, thank you. I'll turn on Windows defender for her. Thanks for your help :)
reddog1992000
Regular Member
 
Posts: 51
Joined: December 13th, 2013, 3:57 pm

Re: Computer Runs Slowly, Many Extra Addons, HELP

Unread postby Gary R » March 21st, 2018, 1:53 am

You're welcome. :)

Please take the time to read the following article ... https://www.malwareremoval.com/forum/vi ... 60#p557960 ... which discusses some of the things to do to better secure a computer against infection.

THIS TOPIC IS NOW CLOSED
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 310 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware