Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Iminent removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Iminent removal

Unread postby Helmut13 » April 18th, 2013, 1:52 pm

Hi,

accidentially I installed Iminent but I am not able to remove it again. I removed it via the control panel but it is still there.

Here are my logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Helmut at 19:33:46 on 2013-04-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.433 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Umbrella\umbrella.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Iminent\Iminent.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Iminent\Iminent.Messengers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Personal Backup 5\Persbackup.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appId=9AF94BB ... 50C4872322
uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: d:\helmut\startm~1\programs\startup\persba~1.lnk - c:\program files\personal backup 5\Persbackup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{BC345F6E-9F23-47B9-AE66-964AF52B67CA} : NameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\helmut\application data\mozilla\firefox\profiles\7jn99jlg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-09 19:00; webbooster@iminent.com; c:\program files\iminent\webbooster@iminent.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-1 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-19 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-19 368176]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-9 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-9 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-9 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2012-10-9 31920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-19 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-1 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-19 45248]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-10-9 216072]
R2 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2013-4-2 2795048]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2012-10-9 4463864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-1 164736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-13 09:37:01 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-04-13 09:37:01 19352 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2013-04-13 09:37:01 18581400 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-04-13 09:37:01 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-04-13 09:37:00 272280 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-04-10 18:45:03 -------- d-----w- d:\helmut\application data\Iminent
2013-04-10 18:28:55 -------- d-----w- c:\documents and settings\all users\application data\Iminent
2013-04-09 17:07:43 -------- d-----w- c:\windows\system32\appmgmt
2013-04-09 17:00:29 -------- d-----w- d:\helmut\application data\Toolbar4
2013-04-09 16:59:49 -------- d-----w- c:\program files\common files\Umbrella
2013-04-09 16:59:41 -------- d-----w- c:\program files\Iminent
2013-04-09 16:57:42 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-04-09 16:57:27 -------- d-----w- c:\program files\FirstRowSportApp.com
2013-04-01 10:22:21 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-01 10:22:19 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-01 10:22:17 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-26 11:23:51 -------- d-----w- C:\HOLIDAY
2013-03-21 18:28:56 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 18:28:56 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M ====================
.
2013-04-18 17:34:19 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-18 17:34:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 12:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:32:51 41664 ----a-w- c:\windows\avastSS.scr
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 19:40:34,31 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09.10.2012 19:59:28
System Uptime: 18.04.2013 19:19:55 (0 hours ago)
.
Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 53,891 GiB free.
D: is FIXED (NTFS) - 346 GiB total, 279,475 GiB free.
E: is FIXED (NTFS) - 293 GiB total, 258,565 GiB free.
F: is FIXED (NTFS) - 293 GiB total, 283,215 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 932 GiB total, 644,318 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP108: 09.03.2013 15:35:23 - System Checkpoint
RP109: 10.03.2013 18:32:36 - System Checkpoint
RP110: 12.03.2013 19:24:39 - System Checkpoint
RP111: 13.03.2013 20:57:14 - System Checkpoint
RP112: 13.03.2013 21:39:00 - Software Distribution Service 3.0
RP113: 19.03.2013 18:05:58 - System Checkpoint
RP114: 20.03.2013 19:07:07 - System Checkpoint
RP115: 21.03.2013 20:31:41 - Software Distribution Service 3.0
RP116: 24.03.2013 13:37:42 - System Checkpoint
RP117: 30.03.2013 14:37:14 - System Checkpoint
RP118: 01.04.2013 13:49:53 - System Checkpoint
RP119: 04.04.2013 09:39:58 - System Checkpoint
RP120: 05.04.2013 10:28:53 - System Checkpoint
RP121: 07.04.2013 10:53:46 - System Checkpoint
RP122: 09.04.2013 18:34:00 - System Checkpoint
RP123: 09.04.2013 19:23:12 - Removed Iminent Toolbar For Internet Explorer
RP124: 10.04.2013 14:18:50 - Software Distribution Service 3.0
RP125: 11.04.2013 14:31:20 - Software Distribution Service 3.0
RP126: 12.04.2013 17:26:39 - System Checkpoint
RP127: 13.04.2013 17:54:25 - System Checkpoint
RP128: 15.04.2013 20:24:50 - System Checkpoint
RP129: 17.04.2013 20:49:07 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) - Deutsch
ArcSoft PhotoStudio 5.5
avast! Free Antivirus
Broadcom Gigabit Integrated Controller
Canon iP4300
Canon MP Navigator EX 2.0
Canon Setup Utility 2.3
Canon Utilities My Printer
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
Compatibility Pack für 2007 Office System
ElsterFormular
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
ImageJ 1.46r
Iminent
Intel(R) Graphics Media Accelerator Driver
Konz 2013
Malwarebytes Anti-Malware Version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 20.0.1 (x86 de)
Mozilla Maintenance Service
Online Armor 6.0
PDFCreator
Personal Backup 5.4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Steuer 2012
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VLC media player 2.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== End Of File ===========================

Thank you very much
Helmut
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm
Advertisement
Register to Remove

Re: Iminent removal

Unread postby pgmigg » April 18th, 2013, 2:57 pm

Hello Helmut13,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Iminent removal

Unread postby pgmigg » April 18th, 2013, 7:05 pm

Hello Helmut13,

Let start to clean your machine from some additional diagnostic... :)

Step 1.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of OTL.txt file ONLY in your next reply.

Step 2.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Bandoo*
    *Babylon*
    *Conduit*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Babylon*
    *Bandoo*
    *Conduit*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Babylon
    Bandoo
    Conduit
    searchab
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file after OTL Scan run
  3. Contents of a Extras.txt log file after OTL Scan run
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Iminent removal

Unread postby Helmut13 » April 21st, 2013, 5:03 am

Hi pgmigg,

sorry for the late reply but firstly I did not realise that the message was to long.

Everything you told me worked fine and here are my logs:

OTL logfile created on: 19.04.2013 17:43:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Helmut\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1014,07 Mb Total Physical Memory | 592,29 Mb Available Physical Memory | 58,41% Memory free
2,38 Gb Paging File | 1,57 Gb Available in Paging File | 65,73% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 53,68 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Drive D: | 345,58 Gb Total Space | 279,48 Gb Free Space | 80,87% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 258,56 Gb Free Space | 88,25% Space Free | Partition Type: NTFS
Drive F: | 292,96 Gb Total Space | 283,21 Gb Free Space | 96,67% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 644,32 Gb Free Space | 69,17% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
PRC - [2013.04.02 16:35:26 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe
PRC - [2013.04.02 16:35:26 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe
PRC - [2013.04.02 16:31:26 | 002,795,048 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\Umbrella.exe
PRC - [2013.03.13 17:14:04 | 006,082,048 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- E:\Monika\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2012.10.02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012.10.02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2009.10.19 02:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.04.19 12:07:14 | 002,083,840 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13041900\algo.dll
MOD - [2013.04.11 19:49:11 | 001,859,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\599dafdc2e7440f40792fd41ee460b40\System.Web.Services.ni.dll
MOD - [2013.04.11 19:48:45 | 018,054,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\bd48e8c448c615fc58d62ef6ec77e4ab\System.ServiceModel.ni.dll
MOD - [2013.04.11 19:47:51 | 001,077,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2427db2d075e87545c2b3decd0e8890c\System.IdentityModel.ni.dll
MOD - [2013.04.11 19:45:53 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\08d2055e7d4004c054090f7a05f36eda\System.Configuration.Install.ni.dll
MOD - [2013.04.11 19:44:51 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\f711a3947215ce03c71314d0fd35c171\System.Transactions.ni.dll
MOD - [2013.04.11 19:44:50 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\907b4a91ff6e213b94f0d5f2de6526f2\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.04.11 19:44:47 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\033adbf1a8b8244700121f8784e27908\SMDiagnostics.ni.dll
MOD - [2013.04.11 19:44:45 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\cb18987e708b9658078ead051f693d16\System.Runtime.Serialization.ni.dll
MOD - [2013.04.11 19:44:38 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\acf3c1c09598ff28c926aaeb9fcf5b4e\System.Xaml.ni.dll
MOD - [2013.04.11 15:05:14 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\72897fe2c7ab10621e90526863a3a492\PresentationFramework.ni.dll
MOD - [2013.04.11 15:04:44 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a0e2726fc2be626fad953d1a3ec49051\PresentationCore.ni.dll
MOD - [2013.04.11 15:04:20 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\97318300be8453ef8a4b934f5f79b9ac\WindowsBase.ni.dll
MOD - [2013.04.11 14:59:40 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\14b55546abb9ff105fb08138cc121ca6\System.Windows.Forms.ni.dll
MOD - [2013.04.11 14:59:23 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\1c27a7c883c2dfe6fb67a7296ab0bc2d\System.Drawing.ni.dll
MOD - [2013.04.11 14:59:04 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ffea95c32cab6d4e56ff8027c1b8de21\System.Core.ni.dll
MOD - [2013.04.11 14:58:59 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\4e2cac0827fc76ba1caa25443cc4ca61\System.Xml.ni.dll
MOD - [2013.04.11 14:58:52 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\a5abe2f70b67e025cccd8e5007d7efa5\System.Configuration.ni.dll
MOD - [2013.04.11 14:58:49 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\da100161503047a994c55c9832d72ce7\System.ni.dll
MOD - [2013.04.11 14:58:36 | 014,413,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU


========== Services (SafeList) ==========

SRV - [2013.04.18 19:34:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 11:37:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.02 16:31:26 | 002,795,048 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.03.07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.03.07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012.10.02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012.10.02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012.10.02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2005.03.17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.09.17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=9AF94BB ... toolbox&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com/?appId=9AF94BB ... 50C4872322
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=9AF94BB ... toolbox&q={searchTerms}
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-813497703-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-343818398-813497703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.01 12:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2013.04.09 19:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 11:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.10.13 14:18:36 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Extensions
[2013.04.10 20:53:47 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Firefox\Profiles\7jn99jlg.default\extensions
[2013.04.13 11:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.13 11:37:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.07 12:23:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.07 12:23:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.07 12:23:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.07 12:23:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.10 15:08:36 | 000,002,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\StartWeb.xml
[2013.02.07 12:23:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.07 12:23:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: http://start.iminent.com/?appId=9AF94BB ... 50C4872322
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.iminent.com/?appId=9AF94BB ... 50C4872322
CHR - Extension: No name found = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\2.0.0.0_0\
CHR - Extension: No name found = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: No name found = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.13.4.1_0\

O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC345F6E-9F23-47B9-AE66-964AF52B67CA}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.09 19:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.13 11:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 20:45:03 | 000,000,000 | ---D | C] -- D:\Helmut\Application Data\Iminent
[2013.04.10 20:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iminent
[2013.04.09 19:07:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013.04.09 19:00:29 | 000,000,000 | ---D | C] -- D:\Helmut\Application Data\Toolbar4
[2013.04.09 18:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2013.04.09 18:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Iminent
[2013.04.09 18:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013.04.09 18:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- D:\Helmut\Start Menu\Programs\FirstRowSportApp.com
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\FirstRowSportApp.com
[2013.04.01 12:22:17 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.03.29 13:08:40 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\Infrarotkabine
[2013.03.29 10:02:21 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP-Dateien
[2013.03.29 10:02:00 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG-Dateien
[2013.03.26 13:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holiday Island
[2013.03.26 13:23:51 | 000,000,000 | ---D | C] -- C:\HOLIDAY
[2013.03.24 17:59:10 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\lp_gs_2000_jgst__4-Dateien
[2013.03.21 20:28:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013.03.21 20:28:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
[2013.04.19 17:33:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.19 17:31:01 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.04.19 17:28:03 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.19 17:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.19 16:52:25 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.19 16:52:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.18 19:34:19 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.04.18 19:34:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.04.14 15:18:12 | 000,002,435 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2013.04.13 17:31:30 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.04.13 11:30:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.11 15:02:33 | 000,504,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.11 15:02:33 | 000,081,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.10 20:28:51 | 000,000,596 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.10 19:29:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013.04.10 19:09:38 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.10 14:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.09 18:57:27 | 000,000,499 | ---- | M] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:02 | 000,432,932 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm
[2013.03.26 13:23:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\setup.lst
[2013.03.26 13:23:23 | 000,000,018 | ---- | M] () -- C:\WINDOWS\ssetup.ini
[2013.03.24 18:49:50 | 000,000,488 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2013.03.24 18:41:20 | 000,002,437 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003 (2).lnk
[2013.03.24 17:59:14 | 000,279,813 | ---- | M] () -- D:\Helmut\Desktop\lp_gs_2000_jgst__4.pdf
[2013.03.24 14:05:03 | 000,000,600 | ---- | M] () -- D:\Helmut\Local Settings\Application Data\PUTTY.RND
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.13 11:30:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.10 20:28:22 | 000,000,596 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.09 18:57:27 | 000,000,499 | ---- | C] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.01 12:22:21 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.04.01 12:22:19 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:00 | 000,432,932 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm
[2013.03.26 13:23:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.lst
[2013.03.26 13:23:23 | 000,000,018 | ---- | C] () -- C:\WINDOWS\ssetup.ini
[2013.03.24 17:59:07 | 000,279,813 | ---- | C] () -- D:\Helmut\Desktop\lp_gs_2000_jgst__4.pdf
[2013.01.02 21:02:14 | 000,000,488 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.10.14 10:28:12 | 000,000,600 | ---- | C] () -- D:\Helmut\Local Settings\Application Data\PUTTY.RND
[2012.10.12 18:12:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.10.09 21:45:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.10.09 21:44:29 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.09 20:59:17 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012.10.09 20:59:17 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012.10.09 19:59:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.10.09 19:53:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013.01.02 20:53:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.02 21:13:35 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\Buhl Data Service
[2012.10.25 18:45:27 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\Canon
[2012.12.09 15:14:02 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\elsterformular
[2013.04.10 20:45:03 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\Iminent
[2012.10.13 14:05:50 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\OnlineArmor
[2012.11.10 18:21:42 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\pdfforge
[2012.11.16 19:22:05 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\PersBackup5
[2013.04.09 19:23:17 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\Toolbar4

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 19.04.2013 17:43:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Helmut\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1014,07 Mb Total Physical Memory | 592,29 Mb Available Physical Memory | 58,41% Memory free
2,38 Gb Paging File | 1,57 Gb Available in Paging File | 65,73% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 53,68 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Drive D: | 345,58 Gb Total Space | 279,48 Gb Free Space | 80,87% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 258,56 Gb Free Space | 88,25% Space Free | Partition Type: NTFS
Drive F: | 292,96 Gb Total Space | 283,21 Gb Free Space | 96,67% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 644,32 Gb Free Space | 69,17% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Monika\Application Data\Dropbox\bin\Dropbox.exe" = E:\Monika\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Iminent\Iminent.exe" = C:\Program Files\Iminent\Iminent.exe:*:Enabled:Iminent Firewall Rule -- (Iminent)
"C:\Program Files\Iminent\Iminent.Messengers.exe" = C:\Program Files\Iminent\Iminent.Messengers.exe:*:Enabled:Iminent.Messengers Firewall Rule -- (Iminent)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}" = Iminent
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"avast" = avast! Free Antivirus
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ElsterFormular" = ElsterFormular
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImageJ_is1" = ImageJ 1.46r
"InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OnlineArmor_is1" = Online Armor 6.0
"Personal Backup 5_is1" = Personal Backup 5.4
"VLC media player" = VLC media player 2.0.3
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06.01.2013 13:07:24 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 1406.
Could not write value Assembly to key \SOFTWARE\Classes\CLSID\{CE39D6F3-DAB7-41b3-9F7D-BD1CC4E92399}\InprocServer32\3.0.0.0.
System error . Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 06.01.2013 13:07:26 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'KB2604110'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
3.0-KB2604110_20130106_170701718-Msi0.txt.

Error - 06.01.2013 13:07:27 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb2604110,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
1406.

Error - 06.01.2013 13:55:23 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1406.Could
not write value Class to key \Software\Classes\CLSID\{A0E2E749-63CE-3651-8F4F-F5F996344C32}\InprocServer32\2.0.0.0.
System error . Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 06.01.2013 13:58:00 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2729450'
could not be installed. Error code 1603. Additional information is available in
the log file D:\Helmut\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2729450_20130106_175222109-Msi0.txt.

Error - 06.01.2013 13:58:11 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2729450,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
1406.

Error - 06.01.2013 14:00:47 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1406.Could
not write value Class to key \Software\Classes\CLSID\{6F674828-9081-3B45-BC39-791BD84CCF8F}\InprocServer32\2.0.0.0.
System error . Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 06.01.2013 14:02:18 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2686828'
could not be installed. Error code 1603. Additional information is available in
the log file D:\Helmut\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2686828_20130106_175826437-Msi0.txt.

Error - 06.01.2013 14:02:19 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2686828,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
1406.

Error - 15.01.2013 13:58:31 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application oasrv.exe, version 6.0.0.1736, faulting module
oasrv.exe, version 6.0.0.1736, fault address 0x00004a5f.

[ System Events ]
Error - 05.04.2013 03:27:13 | Computer Name = COMPUTER | Source = Print | ID = 6161
Description = The document Christine Garbe, Uni Lüneburg - referat_christina_garbe.pdf
owned by Monika failed to print on printer Canon iP4300. Data type: NT EMF 1.008.
Size of the spool file in bytes: 288706520. Number of bytes printed: 16034792.
Total number of pages in the document: 125. Number of pages printed: 0. Client machine:
\\COMPUTER. Win32 error code returned by the print processor: 13 (0xd).

Error - 09.04.2013 13:01:39 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7034
Description = The Yontoo Desktop Updater service terminated unexpectedly. It has
done this 1 time(s).

Error - 09.04.2013 13:07:19 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for ImagePath with the following
error: %%5


< End of report >
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: Iminent removal

Unread postby Helmut13 » April 21st, 2013, 5:04 am

and the systemlook:


SystemLook 30.07.11 by jpshortstuff
Log created at 18:01 on 19/04/2013 by Helmut
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\minibar\adapters\conduit.js --a---- 616 bytes [17:00 09/04/2013] [13:37 28/03/2013] A4DA43BEE99B0EB8AEAF52F08829CBB3

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
C:\Documents and Settings\All Users\Start Menu\Programs\Iminent\Iminent.lnk --a---- 1092 bytes [16:59 09/04/2013] [16:59 09/04/2013] 1F3D3C57565D49A9EE4B8360F1F23697
C:\Program Files\Iminent\Iminent.AxImp.dll --a---- 193584 bytes [14:35 02/04/2013] [14:35 02/04/2013] D4498731B5F9561EA001776BAA125554
C:\Program Files\Iminent\Iminent.Booster.UI.dll --a---- 587312 bytes [14:35 02/04/2013] [14:35 02/04/2013] CE4BB145808A9F2B8C12DAD3E0ADDB7E
C:\Program Files\Iminent\Iminent.Business.Connect.dll --a---- 39472 bytes [14:35 02/04/2013] [14:35 02/04/2013] 5D8730045F84E478BCE00DD09B1A42BB
C:\Program Files\Iminent\Iminent.Business.dll --a---- 169520 bytes [14:35 02/04/2013] [14:35 02/04/2013] 2E677C25648A8513CED9A2139468EB36
C:\Program Files\Iminent\Iminent.Entity.dll --a---- 19504 bytes [14:35 02/04/2013] [14:35 02/04/2013] 50C1756E33E74CEDF2012B061F2CA26A
C:\Program Files\Iminent\Iminent.exe --a---- 1074736 bytes [14:35 02/04/2013] [14:35 02/04/2013] C849445FF9F85A2A58E38E105518B64A
C:\Program Files\Iminent\Iminent.exe.config --a---- 2160 bytes [08:57 14/12/2012] [08:57 14/12/2012] E0DCCD0CC3808594C49AADF131247227
C:\Program Files\Iminent\Iminent.InstallLog --a---- 463 bytes [18:28 10/04/2013] [18:28 10/04/2013] ECE774D9DF48D2622E781EEFCBB587B9
C:\Program Files\Iminent\Iminent.InstallState --a---- 5126 bytes [18:28 10/04/2013] [18:28 10/04/2013] 616753ACC693E461BF66E2CCEA63AAB2
C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll --a---- 6321712 bytes [14:35 02/04/2013] [14:35 02/04/2013] EAA5BE5B7DE3516BC3342D7A2772B9FB
C:\Program Files\Iminent\Iminent.Mediator.dll --a---- 118320 bytes [14:35 02/04/2013] [14:35 02/04/2013] D92D90DC971CEBFA27CDA3AC80509FAC
C:\Program Files\Iminent\Iminent.Messengers.exe --a---- 884784 bytes [14:35 02/04/2013] [14:35 02/04/2013] CC3FDEF742497F1F019B9B852980570D
C:\Program Files\Iminent\Iminent.Messengers.exe.config --a---- 1768 bytes [08:57 14/12/2012] [08:57 14/12/2012] 5FD11EE850F7BE3B8AC1352831561BEC
C:\Program Files\Iminent\Iminent.Services.dll --a---- 1523760 bytes [14:35 02/04/2013] [14:35 02/04/2013] 4BC5814C396F5C50EA5B9C5904E38C61
C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll --a---- 245840 bytes [17:01 09/04/2013] [12:37 22/01/2013] 2D690FCDFE41F4389D23A5DCD7DB5C99
C:\Program Files\Iminent\Iminent.WinCore.dll --a---- 47664 bytes [14:35 02/04/2013] [14:35 02/04/2013] E9F1D83873A353B6396BE3D340296D22
C:\Program Files\Iminent\Iminent.WinCore.WLM.WinEvents.dll --a---- 39984 bytes [14:35 02/04/2013] [14:35 02/04/2013] 7C17BBC41DCA8688813763447703F255
C:\Program Files\Iminent\Iminent.WinCore.WLM15.dll --a---- 2141744 bytes [14:35 02/04/2013] [14:35 02/04/2013] D67BCEBF9A1CF25E0DA7069E0F6FE8F4
C:\Program Files\Iminent\Iminent.WinCore.Yahoo.dll --a---- 152112 bytes [14:35 02/04/2013] [14:35 02/04/2013] 232C2D2C2396D5AEDA802F4896EF6EBC
C:\Program Files\Iminent\Iminent.Windows.dll --a---- 134704 bytes [14:35 02/04/2013] [14:35 02/04/2013] 51078522A29F50C129589AC078594B27
C:\Program Files\Iminent\Iminent.Workflow.dll --a---- 204336 bytes [14:35 02/04/2013] [14:35 02/04/2013] 41B47532AA7BCE8084C7185589D7C7A5
C:\Program Files\Iminent\de\Iminent.Booster.UI.resources.dll --a---- 5632 bytes [14:32 02/04/2013] [14:32 02/04/2013] 46961AE1761276EC8B706434923B35D5
C:\Program Files\Iminent\de\Iminent.Business.Connect.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] F0B847A40D73DB661AD6F5A651918EDA
C:\Program Files\Iminent\de\Iminent.Messengers.resources.dll --a---- 5632 bytes [14:32 02/04/2013] [14:32 02/04/2013] 3867D5A6BEF5A065EEFF395DC2F45018
C:\Program Files\Iminent\de\Iminent.resources.dll --a---- 4608 bytes [14:32 02/04/2013] [14:32 02/04/2013] E903DE2373BB7E709B3FE6D4796B3758
C:\Program Files\Iminent\de\Iminent.Services.resources.dll --a---- 7168 bytes [14:32 02/04/2013] [14:32 02/04/2013] F66E86EAF325B61CCFC4C3DD62F17744
C:\Program Files\Iminent\en\Iminent.Booster.UI.resources.dll --a---- 11264 bytes [14:32 02/04/2013] [14:32 02/04/2013] FF9B291116219BF5EA4F436807EAF2E2
C:\Program Files\Iminent\en\Iminent.Business.Connect.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 0F198FAEEE6D8582F28E34440F897EC3
C:\Program Files\Iminent\en\Iminent.Messengers.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 9462876B224D27C4AADF3905239ADC8B
C:\Program Files\Iminent\en\Iminent.resources.dll --a---- 4608 bytes [14:32 02/04/2013] [14:32 02/04/2013] 23AE146151A7AB7BD882DF9062929533
C:\Program Files\Iminent\en\Iminent.Services.resources.dll --a---- 6656 bytes [14:32 02/04/2013] [14:32 02/04/2013] B6AB08766DD21032B55D5984EF2DFB7D
C:\Program Files\Iminent\es\Iminent.Booster.UI.resources.dll --a---- 11264 bytes [14:32 02/04/2013] [14:32 02/04/2013] 5681CA9A3DEA4A4E676435B642C195E0
C:\Program Files\Iminent\es\Iminent.Business.Connect.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] AA8FFBFD94F9D094283C2F832C3ED322
C:\Program Files\Iminent\es\Iminent.Messengers.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 3AC971865D2416911600A495E1E0833C
C:\Program Files\Iminent\es\Iminent.resources.dll --a---- 4608 bytes [14:32 02/04/2013] [14:32 02/04/2013] D0994B7AEEBC4CAA47614DAF59D9C40A
C:\Program Files\Iminent\es\Iminent.Services.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 90F9157A7421E97C03ADB44F01161A00
C:\Program Files\Iminent\fr\Iminent.Booster.UI.resources.dll --a---- 11776 bytes [14:32 02/04/2013] [14:32 02/04/2013] FF9B1F8F4D1FB80D4B2497AAA8521E70
C:\Program Files\Iminent\fr\Iminent.Business.Connect.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 5445B0DCB477050E67889EE915198314
C:\Program Files\Iminent\fr\Iminent.Messengers.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 2164718E0EC0F89BDB2DD982BDD2BD56
C:\Program Files\Iminent\fr\Iminent.resources.dll --a---- 4608 bytes [14:32 02/04/2013] [14:32 02/04/2013] 6285F58B48250624D696AD12847D39A9
C:\Program Files\Iminent\fr\Iminent.Services.resources.dll --a---- 7168 bytes [14:32 02/04/2013] [14:32 02/04/2013] 5DE0ED23729751E8A5E9262E79FEF968
C:\Program Files\Iminent\it\Iminent.Booster.UI.resources.dll --a---- 11776 bytes [14:32 02/04/2013] [14:32 02/04/2013] AA610C71C0799EB8F8004479ABC7DFAD
C:\Program Files\Iminent\it\Iminent.Business.Connect.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 7EA11D8BF0589CA4DD8146F3C2C182A8
C:\Program Files\Iminent\it\Iminent.Messengers.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 081AEFA901662A71231A37B387D872D2
C:\Program Files\Iminent\it\Iminent.resources.dll --a---- 4608 bytes [14:32 02/04/2013] [14:32 02/04/2013] EE4C6226892D82E09AFE515D30424A94
C:\Program Files\Iminent\it\Iminent.Services.resources.dll --a---- 6656 bytes [14:32 02/04/2013] [14:32 02/04/2013] 5E1C51592AFEC45DFA42A431970FECCF
C:\Program Files\Iminent\ro\Iminent.Booster.UI.resources.dll --a---- 11264 bytes [14:32 02/04/2013] [14:32 02/04/2013] CA5C157A62695E82E75F32B37DFA9398
C:\Program Files\Iminent\ro\Iminent.Messengers.resources.dll --a---- 5632 bytes [14:32 02/04/2013] [14:32 02/04/2013] DF2B3FF08475A96EEEA0172EE553C7B9
C:\Program Files\Iminent\ro\Iminent.Services.resources.dll --a---- 6656 bytes [14:32 02/04/2013] [14:32 02/04/2013] D03B3135880BD3ADF9867588AC5F2294
C:\Program Files\Iminent\tr\Iminent.Booster.UI.resources.dll --a---- 12288 bytes [14:32 02/04/2013] [14:32 02/04/2013] 8282D4F87D45668547118F9BA6785D16
C:\Program Files\Iminent\tr\Iminent.Business.Connect.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 5687A9CB0FD0606FF25C2A15F0C5C46C
C:\Program Files\Iminent\tr\Iminent.Messengers.resources.dll --a---- 6144 bytes [14:32 02/04/2013] [14:32 02/04/2013] 7E5BEC16EC8DA02A03DFF7CC99FCF56B
C:\Program Files\Iminent\tr\Iminent.resources.dll --a---- 4608 bytes [14:32 02/04/2013] [14:32 02/04/2013] D58C99B2040574EEF48B2FF05ED923A4
C:\Program Files\Iminent\tr\Iminent.Services.resources.dll --a---- 7168 bytes [14:32 02/04/2013] [14:32 02/04/2013] 9FCB06C7CBDBBC4B9C18FB13A8BF291E
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\minibar\content\images\iminentbutton.png --a---- 4589 bytes [17:00 09/04/2013] [13:37 28/03/2013] AAC16376AEF02465588FA38CA5FBDC07
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\minibar\content\images\iminentbutton_bg.png --a---- 1131 bytes [17:00 09/04/2013] [13:37 28/03/2013] 04C6DE822710FED77B72069826D2DCAD
C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js --a---- 111 bytes [09:36 13/04/2013] [17:00 09/04/2013] 1A177B871EA13FC04538082710502711
C:\WINDOWS\Prefetch\IMINENT.EXE-0BB956D6.pf --a---- 59212 bytes [18:27 10/04/2013] [15:34 19/04/2013] 3C8EDE7938EADBF9AEF0DCE8CDF37919
C:\WINDOWS\Prefetch\IMINENT.MESSENGERS.EXE-053D2FF6.pf --a---- 20856 bytes [14:53 19/04/2013] [15:34 19/04/2013] 617D0F4EDA3267CAA3345E9577A1AC2D

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
C:\Documents and Settings\All Users\Application Data\Iminent d------ [18:28 10/04/2013]
C:\Documents and Settings\All Users\Application Data\Iminent\Mediator\Datas\Cache\apix.iminent.com d------ [18:28 10/04/2013]
C:\Documents and Settings\All Users\Start Menu\Programs\Iminent d------ [16:59 09/04/2013]
C:\Program Files\Iminent d------ [16:59 09/04/2013]
C:\Program Files\Iminent\webbooster@iminent.com d------ [17:00 09/04/2013]

Searching for "*Tarma*"
C:\Documents and Settings\All Users\Application Data\Tarma Installer d------ [16:57 09/04/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Babylon"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Conduit"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
[HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Faq]
[HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Services]
[HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\iminent.com]
[HKEY_CURRENT_USER\Software\Iminent]
[HKEY_CURRENT_USER\Software\Iminent\SearchTheWeb]
"Scope"="http://search.iminent.com/?appId=9AF94BB8-F0B4-4060-B771-B150C4872322&ref={reference}&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.iminent.com/?appId=9AF94BB8-F0B4-4060-B771-B150C4872322"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
"Url"="http://start.iminent.com/?appId=9AF94BB8-F0B4-4060-B771-B150C4872322&ref=toolbox&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
"FaviconPath"="C:\Program Files\Iminent\inst\SearchTheWeb.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Iminent\Iminent.exe"="Iminent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Iminent\Iminent.Messengers.exe"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}]
@="Iminent.Mediator.Communication.ContractBase"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}\InprocServer32]
"Class"="Iminent.Mediator.Communication.ContractBase"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}\InprocServer32]
"Assembly"="Iminent.Mediator, Version=6.14.22.0, Culture=neutral, PublicKeyToken=cbcfebbeb4826528"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}\InprocServer32]
"CodeBase"="file:///C:/Program Files/Iminent/Iminent.Mediator.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}]
@="Iminent.Business.Tinyfying.DownloadArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}\InprocServer32]
"Class"="Iminent.Business.Tinyfying.DownloadArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}\InprocServer32]
"Assembly"="Iminent.Business, Version=6.14.22.0, Culture=neutral, PublicKeyToken=cbcfebbeb4826528"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}\InprocServer32]
"CodeBase"="file:///C:/Program Files/Iminent/Iminent.Business.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iminent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iminent\DefaultIcon]
@=""C:\Program Files\Iminent\Iminent.exe",0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iminent\shell\open\command]
@=""C:\Program Files\Iminent\Iminent.exe" /uri %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs]
@="Iminent.Business.Tinyfying.DownloadArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase]
@="Iminent.Mediator.Communication.ContractBase"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00]
"ProductName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00\SourceList]
"PackageName"="iminent.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00\SourceList]
"LastUsedSource"="n;1;D:\Helmut\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00\SourceList\Net]
"1"="D:\Helmut\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Iminent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Iminent\Assemblies]
"Iminent"="C:\Program Files\Iminent\Iminent.WinCore.WLM15.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Iminent\Mediator\Server]
"ProcPath"="C:\Program Files\Iminent\Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Loader]
"Iminent"="software\Iminent\Assemblies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301}]
"AppName"="Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301}]
"AppPath"="C:\Program Files\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]
"AppPath"="C:\Program Files\IMinent Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]
"AppPath"="C:\Program Files\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]
"AppName"="Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]
"AppPath"="C:\Program Files\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]
"AppName"="Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
"Url"="http://start.iminent.com/?appId=9AF94BB8-F0B4-4060-B771-B150C4872322&ref=toolbox&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
"FaviconPath"="C:\Program Files\Iminent\inst\SearchTheWeb.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\ro\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Start Menu\Programs\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\System.Windows.Interactivity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\Software\Iminent\WebBooster\Scripts\minibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\tr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\CurrentLcid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\SearchTheWeb\UserHomePageDecision"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\SearchTheWeb\OldStartPage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\fr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\Software\Iminent\SearchTheWeb\BHO_catchAboutPages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Messengers.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\es\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\it\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\it\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\f_in_box.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Loader\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\en\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\es\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\WPFLocalizeExtension.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\ApplicationProgramsFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\inst\msacm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\es\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\en\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\Software\Iminent\SearchTheWeb\Scope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\de\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\System.Windows.Interactivity.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\tr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Iminent\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\de\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\tr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\tr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.WinCore.Yahoo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IminentMessenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.WinCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\ro\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\es\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\ro\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\de\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\Software\Iminent\WebBooster\Scripts\sslminibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\en\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\it\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\tr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D304257D6684A84BA3F2F87E942E310]
"00000000000000000000000000000000"="C:\Program Files\IMinent Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\InstallationOwner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Windows.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Iminent\SearchEngineOptin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\UniverselyWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files\Iminent\UniverselyWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\es\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\ro\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\de\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\es\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\fr\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.AxImp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\fr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\fr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\inst\main.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\System.Data.SQLite.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\it\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\de\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Business.Connect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\en\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\fr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\fr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\SearchEngineOptin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Iminent\Mediator\Server\ProcPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Workflow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Booster.UI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Mediator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\SearchTheWeb\UserSTWDecision"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.WinCore.WLM15.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\HomePageAlreadySet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\en\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\SysTray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\it\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
"ACFD5B980E184AE4A8A0F404781ADD00"="00:\iminent\URL Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\de\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.WinCore.WLM.WinEvents.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\WPFLocalizeExtension.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\es\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\it\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Iminent\Assemblies\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
"ACFD5B980E184AE4A8A0F404781ADD00"="02:\SOFTWARE\Iminent\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\en\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287]
"00000000000000000000000000000000"="C:\Program Files\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7]
"ACFD5B980E184AE4A8A0F404781ADD00"="01:\SOFTWARE\Iminent\SearchTheWeb\OldDefaultScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Entity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\en\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\fr\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\Iminent.Business.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\de\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Iminent\it\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
"InstallLocation"="C:\Program Files\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
"InstallSource"="D:\Helmut\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iminent"="C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IminentMessenger"="C:\Program Files\Iminent\Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
"InstallLocation"="C:\Program Files\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
"InstallSource"="D:\Helmut\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"webbooster@iminent.com"="C:\Program Files\Iminent\webbooster@iminent.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSSetup VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 Service1 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Personal Backup PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 4.0.0.0 Microsoft.Transactions.Bridge 3.0.0.0 Mi
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iminent\Iminent.exe"="C:\Program Files\Iminent\Iminent.exe:*:Enabled:Iminent Firewall Rule"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iminent\Iminent.Messengers.exe"="C:\Program Files\Iminent\Iminent.Messengers.exe:*:Enabled:Iminent.Messengers Firewall Rule"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSSetup VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 Service1 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Personal Backup PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 4.0.0.0 Microsoft.Transactions.Bridge 3.0.0.0 Mi
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSSetup VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 Service1 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Personal Backup PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 4.0.0.0 Microsoft.Transactions.Bridge 3.0.0.0 Mi
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iminent\Iminent.exe"="C:\Program Files\Iminent\Iminent.exe:*:Enabled:Iminent Firewall Rule"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iminent\Iminent.Messengers.exe"="C:\Program Files\Iminent\Iminent.Messengers.exe:*:Enabled:Iminent.Messengers Firewall Rule"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSSetup VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 Service1 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Personal Backup PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 4.0.0.0 Microsoft.Transactions.Bridge 3.0.0.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iminent\Iminent.exe"="C:\Program Files\Iminent\Iminent.exe:*:Enabled:Iminent Firewall Rule"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iminent\Iminent.Messengers.exe"="C:\Program Files\Iminent\Iminent.Messengers.exe:*:Enabled:Iminent.Messengers Firewall Rule"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Faq]
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Services]
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Avast Software\WRC\RatingStorage\iminent.com]
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Iminent]
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Iminent\SearchTheWeb]
"Scope"="http://search.iminent.com/?appId=9AF94BB8-F0B4-4060-B771-B150C4872322&ref={reference}&q={searchTerms}"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.iminent.com/?appId=9AF94BB8-F0B4-4060-B771-B150C4872322"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
"Url"="http://start.iminent.com/?appId=9AF94BB8-F0B4-4060-B771-B150C4872322&ref=toolbox&q={searchTerms}"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
"FaviconPath"="C:\Program Files\Iminent\inst\SearchTheWeb.ico"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Iminent\Iminent.exe"="Iminent"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Iminent\Iminent.Messengers.exe"="Iminent"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\Software\Iminent]
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Iminent\Iminent.exe"="Iminent"
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Iminent\Iminent.Messengers.exe"="Iminent"

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Trolltech]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: Iminent removal

Unread postby pgmigg » April 21st, 2013, 2:20 pm

Hello Helmut13,

Good job! :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Processes
    C:\Program Files\Iminent\Iminent.exe
    C:\Program Files\Iminent\Iminent.Messengers.exe
    C:\Program Files\Common Files\Umbrella\Umbrella.exe
    
    :Services
    Iminent
    
    :Files
    C:\Program Files\Common Files\Umbrella
    D:\Helmut\Application Data\Iminent
    C:\Program Files\Iminent
    C:\Documents and Settings\All Users\Start Menu\Programs\Iminent
    C:\Documents and Settings\All Users\Application Data\Iminent
    C:\Documents and Settings\All Users\Application Data\Tarma Installer
    D:\Helmut\Application Data\Toolbar4
    C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
    C:\WINDOWS\Prefetch\IMINENT.EXE-0BB956D6.pf
    C:\WINDOWS\Prefetch\IMINENT.MESSENGERS.EXE-053D2FF6.pf
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\*.tmp
    
    :OTL
    IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=9AF94BB ... toolbox&q={searchTerms}
    IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
    IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
    IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=9AF94BB ... toolbox&q={searchTerms}
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2013.04.09 19:00:48 | 000,000,000 | ---D | M]
    CHR - homepage: http://start.iminent.com/?appId=9AF94BB ... 50C4872322
    CHR - homepage: http://start.iminent.com/?appId=9AF94BB ... 50C4872322
    O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
    O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Iminent\Iminent.exe" =-
    "C:\Program Files\Iminent\Iminent.Messengers.exe" =-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}" =-
    [-HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Faq]
    [-HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Services]
    [-HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\iminent.com]
    [-HKEY_CURRENT_USER\Software\Iminent]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
    "Url"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
    "FaviconPath"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Iminent\Iminent.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Iminent\Iminent.Messengers.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}\InprocServer32]
    "Class"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}\InprocServer32]
    "Assembly"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}\InprocServer32]
    "CodeBase"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}\InprocServer32]
    "Class"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}\InprocServer32]
    "Assembly"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}\InprocServer32]
    "CodeBase"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iminent]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00]
    "ProductName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00\SourceList]
    "PackageName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00\SourceList]
    "LastUsedSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00\SourceList\Net]
    "1"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Iminent]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Loader]
    "Iminent"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301}]
    "AppName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]
    "AppName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]
    "AppName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
    "Url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
    "FaviconPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\inst\Bootstrapper\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\inst\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\en\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\de\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\es\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\tr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\it\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\fr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\ro\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Documents and Settings\All Users\Start Menu\Programs\Iminent\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896]
    "ACFD5B980E184AE4A8A0F404781ADD00"="-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D304257D6684A84BA3F2F87E942E310]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACFD5B980E184AE4A8A0F404781ADD00\InstallProperties]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Iminent"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IminentMessenger"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
    "webbooster@iminent.com"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
    "Sources"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Iminent]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Iminent\Iminent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Iminent\Iminent.Messengers.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
    "Sources"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Iminent]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
    "Sources"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Iminent]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Iminent\Iminent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Iminent\Iminent.Messengers.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
    "Sources"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Iminent]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Iminent\Iminent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Iminent\Iminent.Messengers.exe"=-
    [-HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Faq]
    [-HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.iminent.com/Help/Services]
    [-HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Avast Software\WRC\RatingStorage\iminent.com]
    [-HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Iminent]
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Iminent\SearchTheWeb]
    "Scope"=-
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
    "Url"=-
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}]
    "FaviconPath"=-
    [-HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Iminent\Iminent.exe"=-
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Iminent\Iminent.Messengers.exe"=-
    [-HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\Software\Iminent]
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Iminent\Iminent.exe"=-
    [HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Iminent\Iminent.Messengers.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Trolltech]
    
    :Commands
    [reboot]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK. It may take a while - please be patient...
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
SystemLook
You should still have SystemLook.exe on your desktop.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Iminent*
    *Tarma*
    *Umbrella*
    
    :folderfind
    *Iminent*
    *Tarma*
    *Umbrella*
    
    :Regfind
    Iminent
    Tarma
    Umbrella
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Iminent removal

Unread postby Helmut13 » April 22nd, 2013, 4:14 pm

Hi pgmigg,

I started OTL and everything seems to run normal but after the restart I could not find any log file neither on the desktop nor in the path you posted.

However, here is my systemlook log-file:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:07 on 22/04/2013 by Helmut
Administrator - Elevation successful

========== filefind ==========

Searching for "*Iminent*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*Umbrella*"
C:\WINDOWS\Prefetch\UMBRELLA.EXE-2A4B9DC6.pf --a---- 51252 bytes [14:53 19/04/2013] [19:52 22/04/2013] 419B66C51DEF792BB4F3168B60CD0A52

========== folderfind ==========

Searching for "*Iminent*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*Umbrella*"
No folders found.

========== Regfind ==========

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}]
@="Iminent.Mediator.Communication.ContractBase"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}]
@="Iminent.Business.Tinyfying.DownloadArgs"

Searching for "Tarma"
No data found.

Searching for "Umbrella"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Umbrella\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92BE82F4D303DB55D901F45A13BBBC98]
"ACFD5B980E184AE4A8A0F404781ADD00"="C:\Program Files\Common Files\Umbrella\Umbrella.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Umbrella]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SProtection]
"ImagePath"="C:\Program Files\Common Files\Umbrella\umbrella.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SProtection]
"ImagePath"="C:\Program Files\Common Files\Umbrella\umbrella.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SProtection]
"ImagePath"="C:\Program Files\Common Files\Umbrella\umbrella.exe"

-= EOF =-

Kind regards
Helmut
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: Iminent removal

Unread postby pgmigg » April 23rd, 2013, 12:21 am

Hello Helmut,
I started OTL and everything seems to run normal but after the restart I could not find any log file neither on the desktop nor in the path you posted.
Actually that file (MMDDYYYY_HHMMSS.log - where "MMDDYYYY_HHMMSS" is date and time of log creation - for example, 12132011_155153.log) should be opened by Notepad after rebooting automatically. Did you see such action?
Perhaps you were not patient enough and did not wait for the opening of that log file. Please don't worry now - we will continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\WINDOWS\Prefetch\UMBRELLA.EXE-2A4B9DC6.pf
    ipconfig /flushdns /c
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Common Files\Umbrella\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92BE82F4D303DB55D901F45A13BBBC98]
    "ACFD5B980E184AE4A8A0F404781ADD00"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Umbrella]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SProtection]
    "ImagePath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SProtection]
    "ImagePath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SProtection]
    "ImagePath"=-
    
    :Commands
    [emptytemp]
    [emptyjava]
    [emptyflash]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK. It may take a while - please be patient...
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Double-click on JRT.exe to run it - the tool will open and start scanning your system.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 3.
AdwCleaner - Search
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Double-click on adwcleaner.exe to run it.
  3. Click on Search.
  4. A logfile will automatically open after the scan has finished.
  5. Please post the content of that logfile with your next reply.
  6. You can find the logfile at C:\AdwCleaner[R1].txt as well.

Step 4.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the JRT.txt log file
  4. Contents of the AdwCleaner[R1].txt log file
  5. Contents of the most recent OTL.txt file after fresh OTL scan
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Iminent removal

Unread postby Helmut13 » April 23rd, 2013, 5:24 pm

Hello pgmigg,

here are my new log files:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\WINDOWS\Prefetch\UMBRELLA.EXE-2A4B9DC6.pf moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Helmut\Desktop\cmd.bat deleted successfully.
D:\Helmut\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Umbrella\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92BE82F4D303DB55D901F45A13BBBC98\\ACFD5B980E184AE4A8A0F404781ADD00 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Umbrella\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SProtection\\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SProtection\\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SProtection\\ImagePath not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Helmut
->Temp folder emptied: 618626670 bytes
->Temporary Internet Files folder emptied: 188245669 bytes
->FireFox cache emptied: 70376295 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 665 bytes

User: MSOCache

User: RECYCLER

User: System Volume Information

User: _OTL

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9664482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1599051696 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 126467640 bytes

Total Files Cleaned = 2.492,00 mb


[EMPTYJAVA]

User: Helmut

User: MSOCache

User: RECYCLER

User: System Volume Information

User: _OTL

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Helmut
->Flash cache emptied: 0 bytes

User: MSOCache

User: RECYCLER

User: System Volume Information

User: _OTL

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04232013_225307

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Helmut on 23.04.2013 at 23:05:19,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] sprotection
Successfully deleted: [Service] sprotection



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "D:\Helmut\Application Data\pdfforge"



~~~ FireFox

Successfully deleted: [File] D:\Helmut\Application Data\mozilla\firefox\profiles\7jn99jlg.default\user.js
Successfully deleted the following from D:\Helmut\Application Data\mozilla\firefox\profiles\7jn99jlg.default\prefs.js

user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1365619881991");
Emptied folder: D:\Helmut\Application Data\mozilla\firefox\profiles\7jn99jlg.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.04.2013 at 23:09:32,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.202 - Logfile created 04/23/2013 at 23:11:16
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Helmut - COMPUTER
# Boot Mode : Normal
# Running from : D:\Helmut\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\StartWeb.xml
Folder Found : D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (de)

File : D:\Helmut\Application Data\Mozilla\Firefox\Profiles\7jn99jlg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14480 octets] - [23/04/2013 23:11:16]

########## EOF - D:\AdwCleaner[R1].txt - [14541 octets] ##########

OTL logfile created on: 23.04.2013 23:14:20 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Helmut\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1014,07 Mb Total Physical Memory | 660,23 Mb Available Physical Memory | 65,11% Memory free
2,38 Gb Paging File | 2,12 Gb Available in Paging File | 88,80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 54,49 Gb Free Space | 73,15% Space Free | Partition Type: NTFS
Drive D: | 345,58 Gb Total Space | 280,17 Gb Free Space | 81,07% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 258,61 Gb Free Space | 88,27% Space Free | Partition Type: NTFS
Drive F: | 292,96 Gb Total Space | 283,21 Gb Free Space | 96,67% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 643,86 Gb Free Space | 69,12% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
PRC - [2013.03.13 17:14:04 | 006,082,048 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2009.10.19 02:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.04.23 14:17:44 | 002,085,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13042300\algo.dll


========== Services (SafeList) ==========

SRV - [2013.04.18 19:34:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 11:37:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.03.07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.03.07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012.10.02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012.10.02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012.10.02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2005.03.17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.09.17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "StartWeb"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.01 12:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 11:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.10.13 14:18:36 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Extensions
[2013.04.10 20:53:47 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Firefox\Profiles\7jn99jlg.default\extensions
[2013.04.13 11:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.13 11:37:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.07 12:23:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.07 12:23:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.07 12:23:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.07 12:23:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.10 15:08:36 | 000,002,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\StartWeb.xml
[2013.02.07 12:23:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.07 12:23:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: http://start.iminent.com/?appId=9AF94BB ... 50C4872322
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.iminent.com/?appId=9AF94BB ... 50C4872322
CHR - Extension: No name found = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\2.0.0.0_0\
CHR - Extension: No name found = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: No name found = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.13.4.1_0\

O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC345F6E-9F23-47B9-AE66-964AF52B67CA}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.09 19:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.23 23:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.04.23 23:04:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.23 23:02:03 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- D:\Helmut\Desktop\JRT.exe
[2013.04.20 13:55:52 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\Badewanne
[2013.04.13 11:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.09 19:07:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- D:\Helmut\Start Menu\Programs\FirstRowSportApp.com
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\FirstRowSportApp.com
[2013.04.01 12:22:17 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.03.29 13:08:40 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\Infrarotkabine
[2013.03.29 10:02:21 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP-Dateien
[2013.03.29 10:02:00 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG-Dateien
[2013.03.26 13:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holiday Island
[2013.03.26 13:23:51 | 000,000,000 | ---D | C] -- C:\HOLIDAY

========== Files - Modified Within 30 Days ==========

[2013.04.23 23:05:41 | 000,619,461 | ---- | M] () -- D:\Helmut\Desktop\adwcleaner.exe
[2013.04.23 23:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.23 23:02:05 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- D:\Helmut\Desktop\JRT.exe
[2013.04.23 23:00:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.23 22:59:59 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.04.23 22:59:58 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.23 22:56:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.23 22:56:41 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.23 17:28:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.20 13:57:25 | 000,002,437 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003 (2).lnk
[2013.04.19 18:00:20 | 000,139,264 | ---- | M] () -- D:\Helmut\Desktop\SystemLook.exe
[2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
[2013.04.18 19:34:19 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.04.18 19:34:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.04.14 15:18:12 | 000,002,435 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2013.04.13 17:31:30 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.04.13 11:30:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.11 15:02:33 | 000,504,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.11 15:02:33 | 000,081,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.10 20:28:51 | 000,000,596 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.10 19:29:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013.04.10 14:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.09 18:57:27 | 000,000,499 | ---- | M] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:02 | 000,432,932 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm
[2013.03.26 13:23:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\setup.lst
[2013.03.26 13:23:23 | 000,000,018 | ---- | M] () -- C:\WINDOWS\ssetup.ini

========== Files Created - No Company Name ==========

[2013.04.23 23:05:41 | 000,619,461 | ---- | C] () -- D:\Helmut\Desktop\adwcleaner.exe
[2013.04.19 18:00:20 | 000,139,264 | ---- | C] () -- D:\Helmut\Desktop\SystemLook.exe
[2013.04.13 11:30:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.10 20:28:22 | 000,000,596 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.09 18:57:27 | 000,000,499 | ---- | C] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.01 12:22:21 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.04.01 12:22:19 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:00 | 000,432,932 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm
[2013.03.26 13:23:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.lst
[2013.03.26 13:23:23 | 000,000,018 | ---- | C] () -- C:\WINDOWS\ssetup.ini
[2013.01.02 21:02:14 | 000,000,488 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.10.14 10:28:12 | 000,000,600 | ---- | C] () -- D:\Helmut\Local Settings\Application Data\PUTTY.RND
[2012.10.12 18:12:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.10.09 21:45:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.10.09 21:44:29 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.09 20:59:17 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012.10.09 20:59:17 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012.10.09 19:59:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.10.09 19:53:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013.01.02 20:53:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.02 21:13:35 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\Buhl Data Service
[2012.10.25 18:45:27 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\Canon
[2012.12.09 15:14:02 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\elsterformular
[2012.10.13 14:05:50 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\OnlineArmor
[2012.11.16 19:22:05 | 000,000,000 | ---D | M] -- D:\Helmut\Application Data\PersBackup5

< End of report >

Helmut
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: Iminent removal

Unread postby pgmigg » April 23rd, 2013, 6:02 pm

Hello Helmut,

Great job, but we are not finished yet! :D Let continue...

Step 1.
AdwCleaner
You should still have adwcleaner.exe on your desktop.
  • Close all open programs and internet browsers.
  • Double-click on adwcleaner.exe to run it.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2.
Change Home Page in Google Chrome
Please use the instructions here
to change your home page to something like google.com or some other clean site. Then reboot your system.

Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Step 4.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[S1].txt log file
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  4. Contents of the most recent OTL.txt file after fresh OTL scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Iminent removal

Unread postby Helmut13 » April 25th, 2013, 3:22 pm

Hello pgmigg,

I am happy that we have some progress. Here are my new logs:

# AdwCleaner v2.202 - Logfile created 04/24/2013 at 21:55:56
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Helmut - COMPUTER
# Boot Mode : Normal
# Running from : D:\Helmut\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\StartWeb.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (de)

File : D:\Helmut\Application Data\Mozilla\Firefox\Profiles\7jn99jlg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14611 octets] - [23/04/2013 23:11:16]
AdwCleaner[S1].txt - [14758 octets] - [24/04/2013 21:55:56]

########## EOF - D:\AdwCleaner[S1].txt - [14819 octets] ##########

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bb9aa91417a8184fbdefd64de9f5ea2d
# engine=13689
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-25 08:20:08
# local_time=2013-04-25 10:20:08 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 93 1010953 143587880 0 0
# compatibility_mode=6401 16777213 66 100 4063477 17695084 0 0
# scanned=443765
# found=12
# cleaned=12
# scan_time=14049
sh=982957D10AF32267196D3837D4F1003D5A2C3C9F ft=1 fh=7689509a05c58463 vn="a variant of Win32/Bundled.Toolbar.Ask application (deleted - quarantined)" ac=C fn="D:\Helmut\My Documents\Downloads\avira_free_antivirus_de-13.0.0.3185.exe"
sh=2698A1115DA8FCCF8DCD7E90BE9D358EDAFD7B2B ft=1 fh=b40872a1c70fdaa5 vn="Win32/Adware.1ClickDownload.X application (cleaned by deleting - quarantined)" ac=C fn="D:\Helmut\My Documents\Downloads\FirstRowSportApp_setup(18_1a).exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\Helmut\My Documents\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="D:\_OTL\MovedFiles\04222013_220000\C_Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=20BA23A921CB341DBAC95DAE66861EA338068522 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwD\Helmut\Local Settings\Temp\AskSLib.dll.gz"
sh=8470973ABE8BBA19A87BD2CC32BB6DD032E3E134 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwD\Helmut\Local Settings\Temp\nsn1C.tmp\FTTDSetup.exe.gz"
sh=A7E5A39886D02711B8C06531A1D125216207E618 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwD\Helmut\Local Settings\Temporary Internet Files\Content.IE5\PF5ESE13\PDFCreator_Stub_5874[1].exe.gz"
sh=24FF7F89DFB27AA339E41CCE1F73108555D96706 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwD\Helmut\Local Settings\Temporary Internet Files\Content.IE5\Y8SO3ZH5\yontoosetup[1].exe.gz"
sh=F918E1874396553F3EA283E5F712418512F2389D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwD\Helmut\My Documents\Downloads\avira_free_antivirus_de-13.0.0.3185.exe.gz"
sh=9EBA5A823565862AEA56B2B16B9683FF0FE9A9E9 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.X application (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwD\Helmut\My Documents\Downloads\FirstRowSportApp_setup(18_1a).exe.gz"
sh=62A55342EEC3C0E98E0415EC87EC100AB56AC2E6 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwD\Helmut\My Documents\Downloads\PDFCreator-1_6_2_2_setup.exe.gz"
sh=28C46114C685A1F0E43118134BCB71AFE0C163DD ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="L:\Backup_Computer\LwE\Monika\Local Settings\Application Data\Mozilla\Firefox\Profiles\d7szmklt.default\Cache\0\AC\35C7Fd01.gz"


OTL logfile created on: 25.04.2013 06:11:08 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Helmut\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1014,07 Mb Total Physical Memory | 460,50 Mb Available Physical Memory | 45,41% Memory free
2,38 Gb Paging File | 2,03 Gb Available in Paging File | 85,33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 54,07 Gb Free Space | 72,58% Space Free | Partition Type: NTFS
Drive D: | 345,58 Gb Total Space | 279,93 Gb Free Space | 81,00% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 258,61 Gb Free Space | 88,27% Space Free | Partition Type: NTFS
Drive F: | 292,96 Gb Total Space | 283,21 Gb Free Space | 96,67% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 643,86 Gb Free Space | 69,12% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
PRC - [2013.03.13 17:14:04 | 006,082,048 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2012.10.02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012.10.02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2009.10.19 02:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.04.24 22:38:25 | 002,086,912 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13042401\algo.dll
MOD - [2013.04.24 13:02:58 | 002,086,912 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13042400\algo.dll
MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU


========== Services (SafeList) ==========

SRV - [2013.04.18 19:34:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 11:37:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.03.07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.03.07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012.10.02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012.10.02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012.10.02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2005.03.17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.09.17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "StartWeb"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.01 12:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 11:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.10.13 14:18:36 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Extensions
[2013.04.10 20:53:47 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Firefox\Profiles\7jn99jlg.default\extensions
[2013.04.13 11:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.13 11:37:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.07 12:23:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.07 12:23:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.07 12:23:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.07 12:23:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.07 12:23:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.07 12:23:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: StartWeb (Enabled)
CHR - default_search_provider: search_url = http://start.iminent.com/?appId=9AF94BB ... toolbox&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: avast! WebRep = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: avast! WebRep = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC345F6E-9F23-47B9-AE66-964AF52B67CA}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.09 19:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.24 22:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.04.23 23:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.04.23 23:04:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.23 23:02:03 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- D:\Helmut\Desktop\JRT.exe
[2013.04.20 13:55:52 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\Badewanne
[2013.04.13 11:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.09 19:07:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- D:\Helmut\Start Menu\Programs\FirstRowSportApp.com
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\FirstRowSportApp.com
[2013.04.01 12:22:17 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.03.29 13:08:40 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\Infrarotkabine
[2013.03.29 10:02:21 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP-Dateien
[2013.03.29 10:02:00 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG-Dateien
[2013.03.26 13:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holiday Island
[2013.03.26 13:23:51 | 000,000,000 | ---D | C] -- C:\HOLIDAY

========== Files - Modified Within 30 Days ==========

[2013.04.25 06:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.25 05:31:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.04.25 05:28:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.24 22:41:23 | 000,145,273 | ---- | M] () -- D:\Helmut\Desktop\SDC10718.JPG
[2013.04.24 22:40:38 | 000,271,976 | ---- | M] () -- D:\Helmut\Desktop\SDC10716.JPG
[2013.04.24 21:59:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.24 21:59:31 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.24 21:58:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.23 23:05:41 | 000,619,461 | ---- | M] () -- D:\Helmut\Desktop\adwcleaner.exe
[2013.04.23 23:02:05 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- D:\Helmut\Desktop\JRT.exe
[2013.04.23 22:56:41 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.20 13:57:25 | 000,002,437 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003 (2).lnk
[2013.04.19 18:00:20 | 000,139,264 | ---- | M] () -- D:\Helmut\Desktop\SystemLook.exe
[2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
[2013.04.18 19:34:19 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.04.18 19:34:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.04.14 15:18:12 | 000,002,435 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2013.04.13 17:31:30 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.04.13 11:30:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.11 15:02:33 | 000,504,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.11 15:02:33 | 000,081,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.10 20:28:51 | 000,000,596 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.10 19:29:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013.04.10 14:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.09 18:57:27 | 000,000,499 | ---- | M] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:02 | 000,432,932 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm
[2013.03.26 13:23:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\setup.lst
[2013.03.26 13:23:23 | 000,000,018 | ---- | M] () -- C:\WINDOWS\ssetup.ini

========== Files Created - No Company Name ==========

[2013.04.24 18:56:18 | 000,145,273 | ---- | C] () -- D:\Helmut\Desktop\SDC10718.JPG
[2013.04.24 18:54:34 | 000,271,976 | ---- | C] () -- D:\Helmut\Desktop\SDC10716.JPG
[2013.04.23 23:05:41 | 000,619,461 | ---- | C] () -- D:\Helmut\Desktop\adwcleaner.exe
[2013.04.19 18:00:20 | 000,139,264 | ---- | C] () -- D:\Helmut\Desktop\SystemLook.exe
[2013.04.13 11:30:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.10 20:28:22 | 000,000,596 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.09 18:57:27 | 000,000,499 | ---- | C] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.01 12:22:21 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.04.01 12:22:19 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:00 | 000,432,932 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm
[2013.03.26 13:23:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.lst
[2013.03.26 13:23:23 | 000,000,018 | ---- | C] () -- C:\WINDOWS\ssetup.ini
[2013.01.02 21:02:14 | 000,000,488 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.10.14 10:28:12 | 000,000,600 | ---- | C] () -- D:\Helmut\Local Settings\Application Data\PUTTY.RND
[2012.10.12 18:12:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.10.09 21:45:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.10.09 21:44:29 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.09 20:59:17 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012.10.09 20:59:17 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012.10.09 19:59:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.10.09 19:53:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013.01.02 20:53:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Helmut
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: Iminent removal

Unread postby pgmigg » April 25th, 2013, 4:05 pm

Hello Helmut,
I am happy that we have some progress.
I am happy too ;) but we are not finished yet...

Step 1.
Edit Chrome Search Engine
  1. Launch Google Chrome, type the following address into the address bar and press Enter:
    Code: Select all
    chrome://chrome/settings/
  2. Click on Manage Search Engines
  3. Highlight Google and select the option for Make Default.
  4. Delete any entries that relate to Iminent.
  5. Restart Chrome...

Step 2.
SystemLook
You should still have SystemLook.exe on your desktop.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Iminent*
    
    :folderfind
    *Iminent*
    
    :Regfind
    Iminent
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SystemLook.txt log file
  3. Contents of the most recent OTL.txt file after fresh OTL scan
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Iminent removal

Unread postby Helmut13 » April 26th, 2013, 2:40 pm

Hello pgmigg,

again my logs:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:26 on 26/04/2013 by Helmut
Administrator - Elevation successful

========== filefind ==========

Searching for "*Iminent*"
No files found.

========== folderfind ==========

Searching for "*Iminent*"
No folders found.

========== Regfind ==========

Searching for "Iminent"
No data found.

-= EOF =-

OTL logfile created on: 26.04.2013 20:28:56 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Helmut\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1014,07 Mb Total Physical Memory | 619,97 Mb Available Physical Memory | 61,14% Memory free
2,38 Gb Paging File | 2,07 Gb Available in Paging File | 86,86% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 53,59 Gb Free Space | 71,94% Space Free | Partition Type: NTFS
Drive D: | 345,58 Gb Total Space | 279,92 Gb Free Space | 81,00% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 258,61 Gb Free Space | 88,27% Space Free | Partition Type: NTFS
Drive F: | 292,96 Gb Total Space | 283,21 Gb Free Space | 96,67% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 643,98 Gb Free Space | 69,13% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
PRC - [2013.03.13 17:14:04 | 006,082,048 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2012.10.02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012.10.02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2009.10.19 02:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.04.26 11:28:32 | 002,086,912 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13042600\algo.dll
MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU


========== Services (SafeList) ==========

SRV - [2013.04.18 19:34:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 11:37:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.03.07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.03.07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012.10.02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012.10.02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012.10.02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2005.03.17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.09.17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-343818398-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "StartWeb"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.01 12:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 11:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.10.13 14:18:36 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Extensions
[2013.04.10 20:53:47 | 000,000,000 | ---D | M] (No name found) -- D:\Helmut\Application Data\Mozilla\Firefox\Profiles\7jn99jlg.default\extensions
[2013.04.13 11:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.13 11:37:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.07 12:23:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.07 12:23:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.07 12:23:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.07 12:23:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.07 12:23:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.07 12:23:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: avast! WebRep = D:\Helmut\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC345F6E-9F23-47B9-AE66-964AF52B67CA}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Helmut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.09 19:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.24 22:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.04.23 23:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.04.23 23:04:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.23 23:02:03 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- D:\Helmut\Desktop\JRT.exe
[2013.04.20 13:55:52 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\Badewanne
[2013.04.13 11:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.09 19:07:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- D:\Helmut\Start Menu\Programs\FirstRowSportApp.com
[2013.04.09 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\FirstRowSportApp.com
[2013.04.01 12:22:17 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.03.29 13:08:40 | 000,000,000 | ---D | C] -- D:\Helmut\Desktop\Infrarotkabine
[2013.03.29 10:02:21 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP-Dateien
[2013.03.29 10:02:00 | 000,000,000 | ---D | C] -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG-Dateien

========== Files - Modified Within 30 Days ==========

[2013.04.26 20:28:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 20:28:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 20:14:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.26 20:14:34 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.04.26 20:13:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.26 18:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.24 22:41:23 | 000,145,273 | ---- | M] () -- D:\Helmut\Desktop\SDC10718.JPG
[2013.04.24 22:40:38 | 000,271,976 | ---- | M] () -- D:\Helmut\Desktop\SDC10716.JPG
[2013.04.23 23:05:41 | 000,619,461 | ---- | M] () -- D:\Helmut\Desktop\adwcleaner.exe
[2013.04.23 23:02:05 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- D:\Helmut\Desktop\JRT.exe
[2013.04.23 22:56:41 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.20 13:57:25 | 000,002,437 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003 (2).lnk
[2013.04.19 18:00:20 | 000,139,264 | ---- | M] () -- D:\Helmut\Desktop\SystemLook.exe
[2013.04.19 17:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Helmut\Desktop\OTL.exe
[2013.04.18 19:34:19 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.04.18 19:34:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.04.14 15:18:12 | 000,002,435 | ---- | M] () -- D:\Helmut\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2013.04.13 17:31:30 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.04.13 11:30:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.11 15:02:33 | 000,504,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.11 15:02:33 | 000,081,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.10 20:28:51 | 000,000,596 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.10 19:29:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013.04.10 14:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.09 18:57:27 | 000,000,499 | ---- | M] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:02 | 000,432,932 | ---- | M] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm

========== Files Created - No Company Name ==========

[2013.04.24 18:56:18 | 000,145,273 | ---- | C] () -- D:\Helmut\Desktop\SDC10718.JPG
[2013.04.24 18:54:34 | 000,271,976 | ---- | C] () -- D:\Helmut\Desktop\SDC10716.JPG
[2013.04.23 23:05:41 | 000,619,461 | ---- | C] () -- D:\Helmut\Desktop\adwcleaner.exe
[2013.04.19 18:00:20 | 000,139,264 | ---- | C] () -- D:\Helmut\Desktop\SystemLook.exe
[2013.04.13 11:30:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.10 20:28:22 | 000,000,596 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.04.09 18:57:27 | 000,000,499 | ---- | C] () -- D:\Helmut\Desktop\FirstRowSportApp.lnk
[2013.04.01 12:22:21 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.04.01 12:22:19 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.03.29 10:02:21 | 000,119,244 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LP.htm
[2013.03.29 10:02:00 | 000,432,932 | ---- | C] () -- D:\Helmut\My Documents\RWK2013_Einzelergebnisse_LG.htm
[2013.03.26 13:23:23 | 000,000,018 | ---- | C] () -- C:\WINDOWS\ssetup.ini
[2013.01.02 21:02:14 | 000,000,488 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.10.14 10:28:12 | 000,000,600 | ---- | C] () -- D:\Helmut\Local Settings\Application Data\PUTTY.RND
[2012.10.12 18:12:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.10.09 21:45:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.10.09 21:44:29 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.09 20:59:17 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012.10.09 20:59:17 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012.10.09 19:59:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.10.09 19:53:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013.01.02 20:53:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Helmut
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: Iminent removal

Unread postby pgmigg » April 26th, 2013, 3:08 pm

Hello Helmut,

Your latest set of logs appear to be clean! :cheers:

This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u21) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From desktop please double-click on jre-7u21-windows-i586.exe to install the newest version.
  3. Follow the on-screen directions and when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Update tab and UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK. Then close the Java Control Panel. Close and exit Control Panel.

Step 2.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow Download now button. If you don't already have Adobe DLM... you may receive a prompt.
    Adobe DLM software removal instructions available here, if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete, please Close and re-open your Internet browser.

Adobe Reader XI - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.

Step 3.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 4.
AdwCleaner - Uninstall
You should still have AdwCleaner on your Desktop.
  • Right click on adwcleaner.exe and select "Run as administrator..." to run it.
  • Click on Uninstall.
  • Confirm with yes.

Step 5.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Double-click on OTL.exe to run it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Then:
Please don't forget to enable all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Iminent removal

Unread postby deltalima » April 29th, 2013, 5:30 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware