Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

updateadmin

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

updateadmin

Unread postby albert1949 » January 12th, 2015, 11:53 pm

I have a malware called updateadmin which I cannot get rid of using the control panel uninstall. This malware takes me to ads that I do not want.

Your assistance is greatly appreciated.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2014 6:28:46 PM
System Uptime: 1/12/2015 8:14:15 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0C2KJT
Processor: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz | CPU 1 | 2800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 190.603 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 206.821 GiB free.
K: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP26: 12/17/2014 11:01:17 PM - Windows Update
RP27: 12/20/2014 7:24:16 PM - Windows Backup
RP28: 12/21/2014 7:37:29 PM - Windows Backup
RP29: 12/21/2014 7:47:18 PM - Windows Backup
RP30: 12/28/2014 7:01:13 PM - Windows Backup
RP31: 1/4/2015 7:00:14 PM - Windows Backup
RP32: 1/11/2015 7:00:15 PM - Windows Backup
RP33: 1/12/2015 8:45:07 PM - Checkpoint by HitmanPro
.
==== Installed Programs ======================
.
Adobe Digital Editions 4.0
Adobe Flash Player 15 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2015
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Definition Update for Microsoft Office 2010 (KB2910899) 64-Bit Edition
Dell Resource CD
GeniusBox 2.0
Google Chrome
Google Update Helper
iTunes
Java 7 Update 72
Java Auto Updater
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Modem Diagnostic Tool
MP3 Rocket
NetWaiting
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
UpdateAdmin
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
1/6/2015 8:47:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
1/12/2015 10:09:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.72.2
Run by AL at 22:50:48 on 2015-01-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3895.2777 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Users\AL\AppData\Local\GeniusBox\Client.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://Taplika.com/?f=1&a=tpl_tight2_15 ... 989028&ir=
uProxyServer = hxxp=127.0.0.1:49175;https=127.0.0.1:49175
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{047CB1BA-2C54-4E11-ABDA-AD617CA8CEEC} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-28 1255736]
.
=============== Created Last 30 ================
.
2015-01-13 00:15:52 -------- d-----w- C:\Windows\System32\appmgmt
2015-01-12 00:42:40 -------- d-----w- C:\Users\AL\AppData\Local\GeniusBox
2015-01-12 00:42:36 -------- d-----w- C:\Users\AL\AppData\Local\UpdateAdmin
2014-12-24 02:48:19 -------- d-----w- C:\Users\AL\AppData\Local\DriverToolkit
2014-12-24 02:48:15 -------- d-----w- C:\Program Files (x86)\DriverToolkit
2014-12-22 21:29:23 -------- d-----w- C:\Windows\AutoKMS
2014-12-22 21:28:20 -------- d-----w- C:\ProgramData\Microsoft Toolkit
2014-12-20 22:16:32 -------- d-----w- C:\Users\AL\AppData\Local\Adobe_Systems_Incorporate
2014-12-17 23:20:15 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-17 23:20:15 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
.
==================== Find3M ====================
.
2014-12-09 02:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-11-29 00:10:09 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-11-29 00:10:09 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-11-29 00:10:09 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-11-29 00:10:08 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-11-29 00:10:08 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-11-29 00:10:08 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-11-29 00:09:26 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-11-29 00:09:26 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-11-29 00:09:02 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-11-29 00:04:24 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-11-29 00:04:24 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-11-27 19:55:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-11-27 19:55:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-11-27 19:49:56 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-26 00:22:56 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 00:22:56 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 09:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-19 02:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 02:05:21 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 01:33:13 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
.
============= FINISH: 22:51:07.70 ===============
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm
Advertisement
Register to Remove

Re: updateadmin

Unread postby Cypher » January 13th, 2015, 11:05 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.




Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: updateadmin

Unread postby albert1949 » January 13th, 2015, 11:26 pm

# AdwCleaner v4.107 - Report created 13/01/2015 at 21:41:57
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : AL - AL-PC
# Running from : C:\Users\AL\Downloads\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
Folder Deleted : C:\Users\AL\AppData\LocAL\GeniusBox
Folder Deleted : C:\Users\AL\AppData\LocAL\UpdateAdmin
File Deleted : C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\StormWatchApp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v39.0.2171.95

[C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
[C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=18b8dd47000000000000002564eaecfb&affilt=3
[C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=mp30102&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0E0A0E0C0F0B0D0DyEyBtN0D0Tzu0SyByDyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=762133152&ir=
[C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0E0A0E0C0F0ByDzyyBzztN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAyDtDyC0A0D0D0BtGzytAyE0DtGtDzyyEtAtGzz0F0AtBtGtBtByD0ByCtByCzyyD0B0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DyCzyyByD0EtCtG0F0A0E0BtGyE0F0A0EtG0AtD0A0CtGtAyDtDyDzz0CzztC0F0AtAzy2Q&cr=173989028&ir=

*************************

AdwCleaner[R0].txt - [4694 octets] - [13/01/2015 21:36:25]
AdwCleaner[S0].txt - [4069 octets] - [13/01/2015 21:41:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4129 octets] ##########

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by AL at 2015-01-13 22:23:01
Running from C:\Users\AL\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{5569655A-9653-42CD-A599-5617DF767D2A}) (Version: 12.37.01 - Broadcom Corporation)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.1 - MP3 Rocket Inc)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

17-12-2014 23:01:17 Windows Update
20-12-2014 19:24:16 Windows Backup
21-12-2014 19:37:29 Windows Backup
21-12-2014 19:47:18 Windows Backup
28-12-2014 19:01:13 Windows Backup
04-01-2015 19:00:14 Windows Backup
11-01-2015 19:00:15 Windows Backup
12-01-2015 20:45:07 Checkpoint by HitmanPro
13-01-2015 21:56:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0284C3A2-9C12-407B-B369-65EE18A6DC3B} - System32\Tasks\Check Updates => C:\Users\AL\AppData\Local\GeniusBox\updater.exe
Task: {0FEA6823-66A0-4633-BD6F-D93957D95252} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5AECD7E5-41C9-489E-895D-0D396A1DAB02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-26] (Google Inc.)
Task: {5BEC3C21-014F-4966-A71B-A9C7B913358A} - System32\Tasks\Validate Installation => C:\Users\AL\AppData\Local\GeniusBox\updater.exe
Task: {6F91B6F9-19C7-460B-A370-D9A6F865D390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-26] (Google Inc.)
Task: {B26B96E2-E8B1-4BC5-8F06-AF7DAC82ABC9} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\AL\AppData\Local\GeniusBox\client.exe"
Task: {C5E947A4-9F2F-4942-B473-D68D421D34FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D4EF2D7B-582A-43C7-A51D-B5ED8770DBFC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1544753468-1480976245-751527611-1000
Task: {ED51586C-6205-49DF-9991-EAC0044E025A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-22] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1544753468-1480976245-751527611-500 - Administrator - Disabled)
AL (S-1-5-21-1544753468-1480976245-751527611-1000 - Administrator - Enabled) => C:\Users\AL
Guest (S-1-5-21-1544753468-1480976245-751527611-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1544753468-1480976245-751527611-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 07:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (An invalid argument was supplied.)

Error: (01/11/2015 08:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9266

Error: (01/11/2015 08:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9266

Error: (01/11/2015 08:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2015 08:38:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8268

Error: (01/11/2015 08:38:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8268

Error: (01/11/2015 08:38:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2015 08:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7269

Error: (01/11/2015 08:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7269

Error: (01/11/2015 08:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/13/2015 09:56:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/13/2015 09:42:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (01/13/2015 09:41:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/13/2015 09:41:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/13/2015 09:41:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (01/13/2015 09:41:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/13/2015 09:41:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/13/2015 09:41:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/13/2015 09:41:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/13/2015 09:19:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.


Microsoft Office Sessions:
=========================
Error: (01/12/2015 07:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (An invalid argument was supplied.)

Error: (01/11/2015 08:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9266

Error: (01/11/2015 08:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9266

Error: (01/11/2015 08:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2015 08:38:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8268

Error: (01/11/2015 08:38:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8268

Error: (01/11/2015 08:38:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2015 08:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7269

Error: (01/11/2015 08:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7269

Error: (01/11/2015 08:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 3895.12 MB
Available physical RAM: 2606.4 MB
Total Pagefile: 7788.42 MB
Available Pagefile: 6406.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.73 GB) (Free:189.8 GB) NTFS
Drive j: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:206.82 GB) NTFS
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 90000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by AL (administrator) on AL-PC on 13-01-2015 22:22:03
Running from C:\Users\AL\Downloads
Loaded Profile: AL (Available profiles: AL)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1544753468-1480976245-751527611-1000] => http=127.0.0.1:49172;https=127.0.0.1:49172
HKU\S-1-5-21-1544753468-1480976245-751527611-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3 ... E5A8&SSPV=
CHR StartupUrls: Default -> "hxxp://Taplika.com/?f=7&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0E0A0E0C0F0ByDzyyBzztN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAyDtDyC0A0D0D0BtGzytAyE0DtGtDzyyEtAtGzz0F0AtBtGtBtByD0ByCtByCzyyD0B0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DyCzyyByD0EtCtG0F0A0E0BtGyE0F0A0EtG0AtD0A0CtGtAyDtDyDzz0CzztC0F0AtAzy2Q&cr=173989028&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-26]
CHR Extension: (YouTube) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Google Search) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Google Sheets) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-26]
CHR Extension: (Google Wallet) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-26]
CHR Extension: (Gmail) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-26]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-1544753468-1480976245-751527611-1000\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 22:22 - 2015-01-13 22:22 - 00010548 _____ () C:\Users\AL\Downloads\FRST.txt
2015-01-13 22:20 - 2015-01-13 22:22 - 00000000 ____D () C:\FRST
2015-01-13 22:20 - 2015-01-13 22:20 - 02124288 _____ (Farbar) C:\Users\AL\Downloads\FRST64.exe
2015-01-13 21:46 - 2015-01-13 21:46 - 00004245 _____ () C:\Users\AL\Desktop\AdwCleaner[S0].txt
2015-01-13 21:35 - 2015-01-13 21:41 - 00000000 ____D () C:\AdwCleaner
2015-01-13 21:34 - 2015-01-13 21:34 - 02191360 _____ () C:\Users\AL\Downloads\adwcleaner_4.107.exe
2015-01-13 19:48 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:48 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:48 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 19:48 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 19:48 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 19:48 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 19:48 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 19:48 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 19:48 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 19:48 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:48 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:48 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:48 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 22:51 - 2015-01-12 22:51 - 00014375 _____ () C:\Users\AL\Desktop\dds.txt
2015-01-12 22:51 - 2015-01-12 22:51 - 00005968 _____ () C:\Users\AL\Desktop\attach.txt
2015-01-12 22:50 - 2015-01-12 22:50 - 00688992 ____R (Swearware) C:\Users\AL\Downloads\dds.scr
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-11 19:42 - 2015-01-11 19:42 - 00004428 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-11 19:42 - 2015-01-11 19:42 - 00004220 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-11 19:42 - 2015-01-11 19:42 - 00003836 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-11 19:42 - 2015-01-11 19:42 - 00000064 _____ () C:\Users\AL\AppData\Local\543103c6c673b3f823f1c9d2b31c229b
2015-01-11 19:40 - 2015-01-11 19:40 - 79497296 _____ () C:\Users\AL\Downloads\7zip-setup.exe
2015-01-10 21:46 - 2015-01-10 21:46 - 00882504 _____ ( ) C:\Users\AL\Downloads\mp3rocket (2).exe
2015-01-10 21:12 - 2015-01-10 21:12 - 00882504 _____ ( ) C:\Users\AL\Downloads\mp3rocket (1).exe
2015-01-10 20:17 - 2015-01-10 20:18 - 00000133 _____ () C:\Users\AL\Desktop\Craiglist.url
2015-01-08 21:02 - 2015-01-08 21:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-08 21:02 - 2015-01-08 21:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-07 22:38 - 2015-01-13 21:30 - 00008900 _____ () C:\Users\AL\Desktop\Weight Chart.xlsx
2015-01-01 21:46 - 2015-01-01 21:46 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-01 19:37 - 2015-01-01 19:37 - 00001787 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (11).acsm
2015-01-01 14:37 - 2015-01-10 15:15 - 00000125 _____ () C:\Users\AL\Desktop\Pandora Internet Radio - Listen to Free Music You'll Love.url
2014-12-30 16:29 - 2014-12-30 16:29 - 03668905 _____ () C:\Users\AL\Downloads\IMG_2158.MOV
2014-12-27 16:09 - 2014-12-27 16:09 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (10).acsm
2014-12-27 16:06 - 2014-12-27 16:06 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (9).acsm
2014-12-27 16:05 - 2014-12-27 16:05 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (8).acsm
2014-12-24 22:49 - 2014-12-24 22:49 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (7).acsm
2014-12-24 10:30 - 2014-12-24 10:30 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (6).acsm
2014-12-24 10:21 - 2014-12-24 10:21 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (5).acsm
2014-12-24 10:20 - 2014-12-24 10:20 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (4).acsm
2014-12-24 10:19 - 2014-12-24 10:19 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (3).acsm
2014-12-23 23:31 - 2014-12-23 23:31 - 00000000 ____D () C:\Users\AL\Documents\Fax
2014-12-23 21:48 - 2014-12-23 21:52 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-12-23 21:48 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\AL\AppData\Local\DriverToolkit
2014-12-23 21:47 - 2014-12-23 21:47 - 02448688 _____ (Megaify Software ) C:\Users\AL\Downloads\driver_setup.exe
2014-12-22 16:29 - 2015-01-13 22:02 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-22 16:29 - 2014-12-23 08:17 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-22 16:28 - 2014-12-22 16:28 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-12-20 17:16 - 2014-12-20 17:18 - 00000000 ____D () C:\Users\AL\Documents\My Digital Editions
2014-12-20 17:16 - 2014-12-20 17:16 - 00002178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk
2014-12-20 17:16 - 2014-12-20 17:16 - 00002166 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2014-12-20 17:16 - 2014-12-20 17:16 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (2).acsm
2014-12-20 17:16 - 2014-12-20 17:16 - 00000000 ____D () C:\Users\AL\AppData\Local\Adobe_Systems_Incorporate
2014-12-20 17:16 - 2014-12-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-12-20 17:16 - 2014-12-20 17:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-20 17:14 - 2014-12-20 17:14 - 07680016 _____ (Adobe Systems Incorporated) C:\Users\AL\Downloads\ADE_4.0_Installer.exe
2014-12-20 17:14 - 2014-12-20 17:14 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798 (1).acsm
2014-12-20 17:09 - 2014-12-20 17:09 - 00001791 _____ () C:\Users\AL\Downloads\RunningDream9780375896798.acsm
2014-12-17 18:20 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 18:20 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 09:04 - 2014-12-17 09:04 - 00262144 _____ () C:\Windows\Minidump\121714-23056-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 22:12 - 2014-11-25 18:27 - 02011714 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 22:09 - 2014-11-25 18:58 - 00000000 ____D () C:\Users\AL\Documents\Outlook Files
2015-01-13 22:07 - 2009-07-13 23:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 22:07 - 2009-07-13 23:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 22:02 - 2014-11-26 19:37 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 22:02 - 2014-11-25 18:46 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{32C26912-984F-40C4-8FC2-167F68B6534C}
2015-01-13 22:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 22:01 - 2009-07-13 23:51 - 00030817 _____ () C:\Windows\setupact.log
2015-01-13 21:59 - 2014-11-25 19:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:56 - 2014-11-25 19:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 21:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 21:43 - 2014-11-25 19:01 - 00075914 _____ () C:\Windows\PFRO.log
2015-01-13 21:42 - 2014-11-26 19:37 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 19:40 - 2014-11-25 19:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-12 20:51 - 2014-11-28 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-11 19:41 - 2014-11-26 19:37 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-11 19:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-01-10 22:40 - 2014-11-27 14:51 - 00000000 ____D () C:\Users\AL\Incomplete
2015-01-10 22:30 - 2009-07-14 02:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-10 21:31 - 2014-11-27 14:49 - 00000000 ____D () C:\Users\AL\AppData\Roaming\MP3Rocket
2015-01-08 21:02 - 2014-11-25 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-23 22:29 - 2009-07-14 00:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 20:38 - 2014-11-25 18:45 - 00000000 ____D () C:\Users\AL\AppData\Local\Microsoft Help
2014-12-20 17:16 - 2014-11-25 19:23 - 00000000 ____D () C:\Users\AL\AppData\Roaming\Adobe
2014-12-17 09:04 - 2014-12-04 20:48 - 494074667 _____ () C:\Windows\MEMORY.DMP
2014-12-17 09:04 - 2014-12-04 20:48 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\AL\AppData\Local\Temp\HitmanPro.exe
C:\Users\AL\AppData\Local\Temp\Quarantine.exe
C:\Users\AL\AppData\Local\Temp\SpOrder.dll
C:\Users\AL\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 12:47

==================== End Of Log ============================
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: updateadmin

Unread postby Cypher » January 14th, 2015, 11:39 am

Hi albert,
We need to run a fix, once done let me know how your computer is running now.
If you're still having problems let me know what they are.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Java 7 Update 72
UpdateAdmin


Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    ProxyServer: [S-1-5-21-1544753468-1480976245-751527611-1000] => http=127.0.0.1:49172;https=127.0.0.1:49172
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3 ... E5A8&SSPV=
    CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
    CHR HKU\S-1-5-21-1544753468-1480976245-751527611-1000\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
    CHR StartupUrls: Default -> "hxxp://Taplika.com/?f=7&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0E0A0E0C0F0ByDzyyBzztN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAyDtDyC0A0D0D0BtGzytAyE0DtGtDzyyEtAtGzz0F0AtBtGtBtByD0ByCtByCzyyD0B0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DyCzyyByD0EtCtG0F0A0E0BtGyE0F0A0EtG0AtD0A0CtGtAyDtDyDzz0CzztC0F0AtAzy2Q&cr=173989028&ir="
    C:\Users\AL\AppData\Local\Temp\HitmanPro.exe
    C:\Users\AL\AppData\Local\Temp\Quarantine.exe
    C:\Users\AL\AppData\Local\Temp\SpOrder.dll
    C:\Users\AL\AppData\Local\Temp\sqlite3.dll
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads folder as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: updateadmin

Unread postby albert1949 » January 14th, 2015, 6:38 pm

Hope I did this correctly!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by AL at 2015-01-14 17:30:31 Run:1
Running from C:\Users\AL\Downloads
Loaded Profiles: AL (Available profiles: AL)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyServer: [S-1-5-21-1544753468-1480976245-751527611-1000] => http=127.0.0.1:49172;https=127.0.0.1:49172
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3 ... E5A8&SSPV=
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-1544753468-1480976245-751527611-1000\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR StartupUrls: Default -> "hxxp://Taplika.com/?f=7&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0E0A0E0C0F0ByDzyyBzztN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAyDtDyC0A0D0D0BtGzytAyE0DtGtDzyyEtAtGzz0F0AtBtGtBtByD0ByCtByCzyyD0B0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DyCzyyByD0EtCtG0F0A0E0BtGyE0F0A0EtG0AtD0A0CtGtAyDtDyDzz0CzztC0F0AtAzy2Q&cr=173989028&ir="
C:\Users\AL\AppData\Local\Temp\HitmanPro.exe
C:\Users\AL\AppData\Local\Temp\Quarantine.exe
C:\Users\AL\AppData\Local\Temp\SpOrder.dll
C:\Users\AL\AppData\Local\Temp\sqlite3.dll

EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKU\S-1-5-21-1544753468-1480976245-751527611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKU\S-1-5-21-1544753468-1480976245-751527611-1000\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\AL\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\AL\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\AL\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\AL\AppData\Local\Temp\sqlite3.dll => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:31:05 ====
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: updateadmin

Unread postby Cypher » January 15th, 2015, 6:49 am

albert1949 wrote:Hope I did this correctly!

Yes, you did it correctly :)
albert1949 wrote:I have a malware called updateadmin which I cannot get rid of using the control panel uninstall. This malware takes me to ads that I do not want.

How is your computer running now, are you still having problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: updateadmin

Unread postby albert1949 » January 15th, 2015, 10:34 pm

It is running better, but I did get one adware yesterday. Updateadmin is still showing on the control panel. Is this OK?
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: updateadmin

Unread postby Cypher » January 16th, 2015, 7:24 am

It is running better, but I did get one adware yesterday.

Which browser are you seeing the adware in?
Updateadmin is still showing on the control panel. Is this OK?

I need you to rrun another scan for me.

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :filefind
    *UpdateAdmin*
    
    :folderfind
    *UpdateAdmin*
    
    :Regfind
    UpdateAdmin

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: updateadmin

Unread postby albert1949 » January 16th, 2015, 8:41 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 19:13 on 16/01/2015 by AL
Administrator - Elevation successful

========== filefind ==========

Searching for "*UpdateAdmin*"
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin\UpdateAdmin.lnk.vir --a---- 1482 bytes [00:42 12/01/2015] [00:42 12/01/2015] AC8FA263EA9558A5967852684FFEBA00
C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll --a---- 225600 bytes [22:57 01/06/2011] [22:57 01/06/2011] 8A62E57F39AB14C2CD29A84FD684A512

========== folderfind ==========

Searching for "*UpdateAdmin*"
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin d------ [02:41 14/01/2015]

========== Regfind ==========

Searching for "UpdateAdmin"
[HKEY_CURRENT_USER\Software\DownloadAdmin\UpdateAdmin]
[HKEY_CURRENT_USER\Software\DownloadAdmin\UpdateAdmin]
"MainExe"=""C:\Users\AL\AppData\Local\UpdateAdmin\UpdateAdmin.exe" /REFRESH"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\129\52C64B7E]
"@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"="Apple Software Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
@="AppleSoftwareUpdateAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSched.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSchedul]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSchedul\CurVer]
@="AppleSoftwareUpdateAdmin.ASUTaskSched.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85]
"ProductName"="UpdateAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0]
@="AppleSoftwareUpdateAdmin 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\InProcServer32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}]
"LocalizedString"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\Elevation]
"IconReference"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\InprocServer32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}]
"LocalizedString"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\Elevation]
"IconReference"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\InprocServer32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ProgID]
@="AppleSoftwareUpdateAdmin.ASUTaskSched.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\VersionIndependentProgID]
@="AppleSoftwareUpdateAdmin.ASUTaskSchedul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SoftwareUpdateAdmin.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
@="AppleSoftwareUpdateAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0]
@="AppleSoftwareUpdateAdmin 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\AL\AppData\Local\UpdateAdmin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B139F5E9EF26C04B8C9F7A0936C025E]
"324B4B70AD4E1D7438725B98BEB4BE85"="01:\Software\Microsoft\Windows\CurrentVersion\Run\UpdateAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A9DC0BE2A849024F80EC478414705F1]
"324B4B70AD4E1D7438725B98BEB4BE85"="01:\Software\DownloadAdmin\UpdateAdmin\MainExe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\861FFC7CAB0DBC242AEC9BA73C78BFD9]
"324B4B70AD4E1D7438725B98BEB4BE85"="01:\Software\DownloadAdmin\UpdateAdmin\shortcut"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AC758C26D2FBD11BA272103658D5939]
"46B5A9879DD95AB419A50FCFA0B1B7EF"="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85\InstallProperties]
"DisplayName"="UpdateAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}]
"DisplayName"="UpdateAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\InProcServer32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}]
"LocalizedString"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\Elevation]
"IconReference"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\InprocServer32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}]
"LocalizedString"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\Elevation]
"IconReference"="@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\InprocServer32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ProgID]
@="AppleSoftwareUpdateAdmin.ASUTaskSched.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\VersionIndependentProgID]
@="AppleSoftwareUpdateAdmin.ASUTaskSchedul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SoftwareUpdateAdmin.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
@="AppleSoftwareUpdateAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0]
@="AppleSoftwareUpdateAdmin 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32]
@="C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
[HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000\Software\DownloadAdmin\UpdateAdmin]
[HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000\Software\DownloadAdmin\UpdateAdmin]
"MainExe"=""C:\Users\AL\AppData\Local\UpdateAdmin\UpdateAdmin.exe" /REFRESH"
[HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000\Software\Classes\Local Settings\MuiCache\129\52C64B7E]
"@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"="Apple Software Update"
[HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000_Classes\Local Settings\MuiCache\129\52C64B7E]
"@C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll,-101"="Apple Software Update"

-= EOF =-
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: updateadmin

Unread postby Cypher » January 17th, 2015, 8:42 am

Hi,
Which browser are you seeing the adware in?

Yo didn't answer this question, let me know in your next reply please.

We need to run another fix.

Please download Add Remove Program Cleaner to your desktop.

  • Right-click on addremovecleaner and select " Run as administrator " to run it.
  • Locate UpdateAdmin in the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list.
  • At the prompt click on Yes then Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :reg
    [-HKEY_CURRENT_USER\Software\DownloadAdmin\UpdateAdmin]
    [-HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\129\52C64B7E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSched.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSchedul]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSchedul\CurVer]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\InProcServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\Elevation]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\Elevation]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\VersionIndependentProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SoftwareUpdateAdmin.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Users\AL\AppData\Local\UpdateAdmin\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin\"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B139F5E9EF26C04B8C9F7A0936C025E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A9DC0BE2A849024F80EC478414705F1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\861FFC7CAB0DBC242AEC9BA73C78BFD9]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AC758C26D2FBD11BA272103658D5939]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\InProcServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\Elevation]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\Elevation]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\VersionIndependentProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SoftwareUpdateAdmin.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32]
    [-HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000\Software\DownloadAdmin\UpdateAdmin]
    [-HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000\Software\DownloadAdmin\UpdateAdmin]
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: updateadmin

Unread postby albert1949 » January 17th, 2015, 4:08 pm

The last adware i encounter was on google chrome.

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\DownloadAdmin\UpdateAdmin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\129\52C64B7E\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16D99191-6280-4B33-A2F5-04805A0FC582}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSched.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSchedul\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSchedul\CurVer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\InProcServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\Elevation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\Elevation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ProgID\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\VersionIndependentProgID\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SoftwareUpdateAdmin.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16D99191-6280-4B33-A2F5-04805A0FC582}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B139F5E9EF26C04B8C9F7A0936C025E\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A9DC0BE2A849024F80EC478414705F1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\861FFC7CAB0DBC242AEC9BA73C78BFD9\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AC758C26D2FBD11BA272103658D5939\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\InProcServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\Elevation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\Elevation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\ProgID\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\VersionIndependentProgID\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SoftwareUpdateAdmin.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16D99191-6280-4B33-A2F5-04805A0FC582}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\0\win32\ not found.
Registry key HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000\Software\DownloadAdmin\UpdateAdmin\ not found.
Registry key HKEY_USERS\S-1-5-21-1544753468-1480976245-751527611-1000\Software\DownloadAdmin\UpdateAdmin\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\AL\Downloads\cmd.bat deleted successfully.
C:\Users\AL\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: AL
->Temp folder emptied: 2139889 bytes
->Temporary Internet Files folder emptied: 30213293 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 340834831 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5507 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 356.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172015_150412

Files\Folders moved on Reboot...
C:\Users\AL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\AL\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: updateadmin

Unread postby albert1949 » January 17th, 2015, 4:16 pm

Forgot to tell you that computer is running better now. I have not had any adware issues since the last one about 4-5 days ago.

Thank you for your help!!
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: updateadmin

Unread postby Cypher » January 18th, 2015, 7:37 am

Hi,
Thank you for your help!!

You're most welcome :)
Forgot to tell you that computer is running better now. I have not had any adware issues since the last one about 4-5 days ago.

In that case you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

We removed an outdated version of Java, if you use it you can reinstall the latest version.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 8u25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: updateadmin

Unread postby Cypher » January 19th, 2015, 7:42 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 487 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware