possible malware + ...SoftwareUpdater.Ui.exe

[DMAN]

Greetings,

I recently purchased Avast Internet security and used it for about a month... then I installed Avast free antivirus. A few days later i tried to register or 'update from free antivirus to internet security and was unable to. i called customer service for assistance via remote desktop. I was sent the license again and the 'tech' attempted to insert the license into the actual folder manually. a message popped up saying something like ' i would need administrative access to insert; i have admin access and the 'tech' still couldn't insert license into avast folder. The tech informed me that i would need to have an engineer look at my computer due to the clutter "unclean computer environment" which may prohibit access to files folders. a week later i just double clicked the license file for avast internet security and i was able to execute it successfully.

I keep getting a popup box that asks me whenever i am on my computer ' do i want to run '...SoftwareUpdater.Ui.exe' and it is an unknown program to me so i would always hit cancel. I recently tried to use spyhunter4 (for free)and figured that the program was a fraud, i was unable to find the file in "uninstall programs" folder to remove it... i end up doing a system restore asap to get rid of it. (thank goodness). all of this has led to my curiosity as to why avast did not detect a treat for both the spyhunter program and also the ...SoftwareUpdater.Ui.exe.

So far i have run malwarebytes prog which helps. Then i ran OTL prog and saved a log on desktop and i also ran ASWMBR prog and also saved a log of that. I have not proceeded further as i am not sure what els to do.
Please Help, your suggestions will be greatly appreciated.

DMAN ~Daniel.mercelina@gmail.com

[Asyn]

So far i have run malwarebytes prog which helps. Then i ran OTL prog and saved a log on desktop and i also ran ASWMBR prog and also saved a log of that. I have not proceeded further as i am not sure what els to do.
Please Help, your suggestions will be greatly appreciated.

Please attach your logs.

[DMAN]

I ran OTL first, then ASWMBR. my otl log is 539kb and forum wont let me post I have "extras.txt" from OTL. I will run it again and submit shortly.

[Pondus]

upload OTL.txt log to a fileshare site and give download link here

[DMAN]

aswMBR log from last night, OTL log just ran. I can upload last night otl log to site if necessary.

[essexboy]

We are looking at adware here, as bundled with free programmes

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-3273590272-1513638436-2738719698-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={4010A09A-389A-4215-86B1-63EE5E4B18C7}&mid=a66d7177f44747d38f266939b2b2991e-88a511d26746d03ba39a6ce206fceefcbd3ed882&lang=en&ds=AVG&pr=sa&d=2013-05-21 13:41:52&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&CUI=UN32013349082234932&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "VisualBee V.11 Customized Web Search"
[2014/01/07 09:58:31 | 000,000,000 | ---D | M] (VisualBee V.11) -- C:\Users\Jem How\AppData\Roaming\Mozilla\Firefox\Profiles\t4etx7uy.default\extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}
[2013/11/02 19:40:17 | 000,001,005 | ---- | M] () -- C:\Users\Jem How\AppData\Roaming\Mozilla\Firefox\Profiles\t4etx7uy.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3273590272-1513638436-2738719698-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
[2012/10/28 10:15:37 | 000,097,654 | ---- | C] () -- C:\ProgramData\aiigccogwspmuzu
[2013/08/30 12:18:37 | 000,000,000 | ---D | M] -- C:\Users\Jem How\AppData\Roaming\AVG

:Files
C:\Users\MoHamm\AppData\Local\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}
C:\Users\MoHamm\AppData\Local\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[DMAN]

after I ran the OTL the last time and the computer rebooted I still received the message of -User Account Control Window "Do you want to allow...Changes to this computer" then I ran adwcleaner. both logs are below.

when I ran the OTL prog the very first time I set the "file Scans" file age of 360 days, I believe that's why I wasn't able to attach log to post.... the second time around I think I set it to 60 days...

does it matter how many days or essentially will the necessary files that are harming my computer show up anyways?

[essexboy]

after I ran the OTL the last time and the computer rebooted I still received the message of -User Account Control Window "Do you want to allow...Changes to this computer"

Was it OTL as it finished removing temporary files ?

[essexboy]

How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\S-1-5-21-3273590272-1513638436-2738719698-1003..\Run: [Apple Computer] rundll32.exe "C:\Users\MoHamm\AppData\Local\Best Buy pc app\Apple Computer\vhefgecfw.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-21-3273590272-1513638436-2738719698-1003..\Run: [Diagnostics] rundll32 "C:\Users\MoHamm\AppData\Local\Microsoft\Diagnostics\ijtthwd.dll",NVCoInstallerW File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[DMAN]

I'm pretty confident that the work that You and the Avast team have assisted me with in resolving the many issues on my computer has indeed cleaned up the computer.
I am greatly thankful for your service.
I haven't seen the "...SoftwareUpdater.Ui.exe..." pop up and the two "...dll" files have also been removed.
To answer last post
The prior time that I ran OTL (before these final logs attached below,) the "...SofwareUpdater.Ui..." I believe showed up after Temp files finished removed.

I will continue to Use AVAST as The best all around Antivirus(compared to others  I have used) and service; and will continue to recommend to other people.

Thank You. 

[essexboy]

If all is well tomorrow let me know and I will tidy up

[DMAN]

Greetings,
so far the computer has been responding a bit quicker. Ie browser still seems slow n experience 'not responding' glitches from time to time. I may just uninstall and reinstall an updated version. other then that...all is well. I greatly appreciate the work u and avast team has provided to resolve issues on my pc.

[essexboy]

You have IE11, have you tried disabling the Avast Online Security add on ?

[DMAN]

I do have ie11. My Ie browser would be slow, or crash frequently... I will try it without the add on. Tnx

[DMAN]

I did disable Avast Online Security toolbar... the web browser runs much faster. TNX. Havent had any problems with the computer since the main/ initial fix.