Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware repeatedly changing my proxy server

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » October 5th, 2013, 1:42 pm

1. No problem
2. Yes
3. Below
4. I still can't turn on Windows Firewall. One thing I've noticed is that Skype sometimes behaves strangely on long calls. I have superfast internet, so I'm not sure why that would happen, but sometimes it's as if the Internet chokes and drops Skype calls, but everything else seems normal at those times.

ComboFix 13-10-04.02 - Alan 10/05/2013 10:10:42.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.2370 [GMT -7:00]
Running from: c:\users\Alan\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-09-05 to 2013-10-05 )))))))))))))))))))))))))))))))
.
.
2013-10-05 17:21 . 2013-10-05 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-03 03:33 . 2013-10-03 03:34 -------- d-----w- c:\program files (x86)\LibreOffice 4
2013-09-28 21:34 . 2013-09-28 21:34 15641088 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-09-22 17:09 . 2013-09-22 17:09 -------- d-----w- c:\program files (x86)\ESET
2013-09-20 21:57 . 2013-09-20 21:57 -------- d-----w- C:\RegBackup
2013-09-20 21:56 . 2013-09-20 21:56 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-09-20 04:37 . 2013-09-20 04:37 3723656 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-18 16:51 . 2013-09-18 16:56 -------- d-----w- C:\AdwCleaner
2013-09-18 16:19 . 2013-09-18 17:07 -------- d-----w- c:\users\Alan\AppData\Local\NexGenMediaPlayer
2013-09-18 16:19 . 2013-09-18 16:20 -------- d-----w- c:\program files (x86)\NexGen Media Player
2013-09-18 16:12 . 2013-09-18 16:13 -------- d-----w- c:\users\Alan\AppData\Local\WordOv
2013-09-18 14:53 . 2013-09-18 14:53 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2013-09-18 14:53 . 2013-09-18 14:53 -------- d-----w- C:\_OTL
2013-09-18 03:45 . 2013-10-05 17:25 -------- d-----w- c:\users\Alan\AppData\Roaming\Skype
2013-09-17 11:57 . 2013-09-17 11:57 -------- d-----w- c:\windows\ERUNT
2013-09-11 16:21 . 2013-09-12 13:57 -------- d-----w- C:\MGtools
2013-09-11 16:10 . 2013-09-11 16:20 -------- d-----w- c:\programdata\HitmanPro
2013-09-10 21:52 . 2013-09-10 21:52 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
2013-09-10 21:52 . 2013-09-10 21:52 -------- d-----w- c:\programdata\Malwarebytes
2013-09-10 21:52 . 2013-09-10 21:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-10 21:52 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-09 21:56 . 2013-09-09 21:56 -------- d-----w- c:\program files (x86)\privoxy
2013-09-09 21:55 . 2013-09-11 04:52 -------- d-----w- c:\program files (x86)\Web Protect
2013-09-08 20:36 . 2013-10-04 01:44 -------- d-----w- c:\users\Alan\AppData\Local\Spotify
2013-09-08 20:34 . 2013-10-05 17:26 -------- d-----w- c:\users\Alan\AppData\Roaming\Spotify
2013-09-08 04:02 . 2013-09-08 04:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-04 11:07 . 2013-10-04 11:07 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0116DEF0-A00C-44DC-AF92-3117A6DA3B0B}\offreg.dll
2013-09-20 04:37 . 2012-04-15 23:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 04:37 . 2012-01-03 04:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 18:48 . 2013-09-11 18:39 281382 ----a-w- C:\MGlogs.zip
2013-09-05 05:32 . 2013-10-04 10:57 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0116DEF0-A00C-44DC-AF92-3117A6DA3B0B}\mpengine.dll
2013-08-30 07:48 . 2013-05-22 04:13 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-22 04:13 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-05-22 04:13 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-22 04:13 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-22 04:13 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-22 04:13 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-22 04:13 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-22 04:13 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-22 04:10 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-22 04:13 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-24 00:27 . 2013-08-24 00:27 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-08-07 11:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"Facebook Update"="c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-13 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Spotify"="c:\users\Alan\AppData\Roaming\Spotify\Spotify.exe" [2013-10-04 4736000]
"Spotify Web Helper"="c:\users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-04 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-27 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-03-01 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-03-01 863360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
.
c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-3-20 69120]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-9-28 15641088]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-9-28 15641088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys;c:\windows\SYSNATIVE\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys;c:\windows\SYSNATIVE\DRIVERS\BcmBusCtr_64.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [x]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgvzandnetadb.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetgps;LGE AndroidNet for VZW USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgvzandnetgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetgps64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:37]
.
2013-10-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core.job
- c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-13 01:19]
.
2013-10-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000UA.job
- c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-13 01:19]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 08:51]
.
2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 08:51]
.
2013-09-08 c:\windows\Tasks\ReclaimerResumeInstall_Alan.job
- c:\users\Alan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-08 02:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: LastPass - file://c:\users\Alan\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Alan\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-09 10:42; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-28 14:34; support@lastpass.com; c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions\support@lastpass.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\privoxy\privoxy.exe
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2013-10-05 10:36:21 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-05 17:36
ComboFix2.txt 2013-09-20 22:42
.
Pre-Run: 326,352,896 bytes free
Post-Run: 1,037,127,680 bytes free
.
- - End Of File - - EFF1CB678F50073C76331B98FD61EA40
2E5DEBB2116B3417023E0D6562D7ED07
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm
Advertisement
Register to Remove

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » October 5th, 2013, 6:24 pm

Hello mal-an,

OK, let's take care of some of the files from ESET. I'm going to leave the backup files and the AdwCleaner files alone. The backup files are quite old, maybe time to create a new set of backups.
The AdwCleaner files are not a threat and will be removed later. We'll address the Firewall issue also...

Step 1.
Registry Backup (TCRB)
You should have still have this installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

STOP... if you did not complete the above step successfully... do not continue, post back with the problem.


Step 2.
TCRB -Repair Windows Firewall

Please download Tweaking.com-RepairWindowsFirewall.exe ... download and save it to your desktop.
  1. Right click on the Tweaking.com icon on the desktop, Select "Run as Administrator". If UAC prompts, allow the program to run.
    The program will extract some files to a folder created on your desktop.
    A product window will open...
  2. Press the Start button to begin the process.
    The process will start and show the activity in the left side window log.
  3. When completed, copy the results in the log.
  4. Close, exit the program.
  5. Paste the log contents in your next reply.
Please check if your Windows Firewall is functioning normally.


Step 3.
OTL - System Scan
You should still have this on your desktop, if so, ignore the download instructions.
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. When the window appears, make sure Include 64bit Scans is CHECKED.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy the following text...
    Code: Select all
    :Files
    C:\Program Files (x86)\JollyWallet
    C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
    C:\ProgramData\YouTube Downloader\ytd_installer.exe
    C:\Users\Alan\AppData\Local\Updater12555
    C:\Users\Alan\Desktop\desktop\LG Esteem\zergrush
    C:\Users\Alan\Desktop\LG Esteem\zergrush
    C:\Users\All Users\YouTube Downloader\ytd_installer.exe
    D:\ProgramData\YouTube Downloader\ytd_installer.exe
    D:\Users\alan\Desktop\desktop cleanup\m4a-to-mp3-converter.exe
    D:\Users\alan\Downloads\cnet_Mp3CoverDownloaderSetup_exe.exe
    D:\Users\alan\Downloads\DuplicateCleaner_setup.exe
    D:\Users\All Users\YouTube Downloader\ytd_installer.exe
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    
  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  9. Please post the contents of report in your next reply.

Step 4.
SystemLook
You should still have this on your desktop, if so, ignore the download instructions.
Please download SystemLook_x64.exe ... by jpshortstuff and save it to your Desktop.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *datamngr*
    *fantastigames*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *JollyWallet*
    *kelkoopartners*
    *Searchnu*
    *Searchnu*
    *Sweetie*
    *Sweetim*
    *SweetPacks*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *datamngr*
    *fantastigames*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *JollyWallet*
    *kelkoopartners*
    *Searchnu*
    *Searchqu*
    *Sweetie*
    *Sweetim*
    *SweetPacks*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    datamngr
    fantastigames
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    JollyWallet
    kelkoopartners
    Searchnu
    Searchqu
    Sweetie
    Sweetim
    SweetPacks
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.


Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. TCRB backup created successfully?
  3. TCRB Firewall repair output.
  4. OTL scan output.
  5. SystemLook output.
  6. How is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » October 6th, 2013, 4:29 pm

I am working on these steps. Meanwhile, the Firewall is finally working again! Probably not coincidentally, a message popped up on Skype that said btvstack wants to use skype. I denied, of course. Heard of this?
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » October 6th, 2013, 5:56 pm

Any problem executing the instructions? No
TCRB backup created successfully? Yes
TCRB Firewall repair output. Below! Very happy about this!
OTL scan output. Below
SystemLook output. Below
How is the computer behaving? The Firewall is finally working again! Probably not coincidentally, a message popped up on Skype that said btvstack wants to use skype. I denied, of course. Heard of this?

Starting Repairs...
Start (10/6/2013 10:56:20 AM)

05 - Repair Windows Firewall
Start (10/6/2013 10:56:21 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/6/2013 10:57:04 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (10/6/2013 10:57:04 AM)
Total Repair Time: 00:00:44


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account

Files\Folders moved on Reboot...
C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SystemLook 04.09.10 by jpshortstuff
Log created at 11:26 on 06/10/2013 by Alan
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\ConduitAbstractionLayerBack.js.vir --a---- 497312 bytes [16:17 18/09/2013] [16:17 18/09/2013] D7DC050206E596F2E6852D679970A0BF
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\ConduitAbstractionLayerFront.js.vir --a---- 258560 bytes [16:17 18/09/2013] [16:17 18/09/2013] 54C6BB15C77284B67F313797120B35EB
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\js\conduitEnv.js.vir --a---- 93693 bytes [16:17 18/09/2013] [16:17 18/09/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll.vir --a---- 853792 bytes [16:17 18/09/2013] [16:17 18/09/2013] 2D613BA163E7904A5D5EBA654C316A9F
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\Search\plugins\npConduitNewTabPlugin.dll.vir --a---- 62240 bytes [16:17 18/09/2013] [16:17 18/09/2013] 90B0FFB930489F0BC80809AE7C3C0AA0
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [16:17 18/09/2013] [16:17 18/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [16:17 18/09/2013] [16:17 18/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [16:17 18/09/2013] [16:17 18/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_11_331_CT3310511_Images_635119020644138398.png.vir --a---- 2307 bytes [16:20 18/09/2013] [16:20 18/09/2013] DC4CF28758D3BED9198399CE262781C9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif.vir --a---- 950 bytes [16:20 18/09/2013] [16:20 18/09/2013] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif.vir --a---- 322 bytes [16:20 18/09/2013] [16:20 18/09/2013] 948781E4B6478290050ECA4423B89B1E
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\adapters\conduit.js.vir --a---- 1697 bytes [16:13 18/09/2013] [22:19 05/09/2013] 9D273480CDB60C7A79E6669EA05EA1A2
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Temp\CT3310511\conduit.xml.vir --a---- 785 bytes [08:39 29/08/2013] [08:39 29/08/2013] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayer.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayerBack.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayerFront.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [22:40 10/09/2013] [22:40 10/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [22:40 10/09/2013] [22:40 10/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [22:40 10/09/2013] [22:40 10/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\lib\log4conduit.jsm.vir --a---- 760 bytes [22:40 10/09/2013] [22:40 10/09/2013] 93898FE6A232C5FCD838D8168F65D802
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll.vir --a---- 207136 bytes [22:40 10/09/2013] [22:40 10/09/2013] 0E52F63E8BA97B610400840C3057FAA4
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\searchplugins\Conduit.xml.vir --a---- 997 bytes [16:15 18/09/2013] [16:15 18/09/2013] BCF3FEDFA068893EF8555D24048C3607
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [03:32 10/08/2012] [03:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46

Searching for "*datamngr*"
No files found.

Searching for "*fantastigames*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.AxImp.dll.vir --a---- 193584 bytes [19:52 10/09/2013] [19:52 10/09/2013] C11D5317BD008F10150AA9BC9A9F933A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Booster.UI.dll.vir --a---- 587312 bytes [19:52 10/09/2013] [19:52 10/09/2013] C240035A736636E8A7D367589C79F37A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.Connect.dll.vir --a---- 39472 bytes [19:52 10/09/2013] [19:52 10/09/2013] DED4B99711F494385B232AFEC501B056
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.dll.vir --a---- 171056 bytes [19:52 10/09/2013] [19:52 10/09/2013] D78A42B3F5B8DCFCB5553CCA1020DFE4
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.tlb.vir --a---- 8340 bytes [16:13 18/09/2013] [16:13 18/09/2013] 8696A4DD3EA086B97621FDEC1061E6D8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Entity.dll.vir --a---- 19504 bytes [19:52 10/09/2013] [19:52 10/09/2013] 4241754246B3C69A322A2A06E294926B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.config.vir --a---- 2160 bytes [17:57 14/12/2012] [17:57 14/12/2012] E0DCCD0CC3808594C49AADF131247227
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.vir --a---- 1074736 bytes [19:52 10/09/2013] [19:52 10/09/2013] 8112F9B3B4C2EBF3D5C0D465870CEC2F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.InstallLog.vir --a---- 499 bytes [16:13 18/09/2013] [16:13 18/09/2013] B859A4FADC3EE3094A670D3B8B84497F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.InstallState.vir --a---- 5126 bytes [16:13 18/09/2013] [16:13 18/09/2013] 616753ACC693E461BF66E2CCEA63AAB2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll.vir --a---- 6321712 bytes [19:52 10/09/2013] [19:52 10/09/2013] 01DA84F79C202B06D00A3FC2E4A8AA88
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.dll.vir --a---- 118320 bytes [19:52 10/09/2013] [19:52 10/09/2013] 8B57D528BB944D3277D5903537DAB7AF
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.tlb.vir --a---- 40216 bytes [16:14 18/09/2013] [16:14 18/09/2013] 8303CAE255718D51951ED895E243AE80
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.config.vir --a---- 1768 bytes [17:57 14/12/2012] [17:57 14/12/2012] 5FD11EE850F7BE3B8AC1352831561BEC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.vir --a---- 884784 bytes [19:52 10/09/2013] [19:52 10/09/2013] 79E59525DB8CBFAA35F66786B62CFB54
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Services.dll.vir --a---- 1523760 bytes [19:52 10/09/2013] [19:52 10/09/2013] F23027E04BB358B0C106793A25B9913A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll.vir --a---- 245840 bytes [16:14 18/09/2013] [21:37 22/01/2013] 2D690FCDFE41F4389D23A5DCD7DB5C99
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.dll.vir --a---- 47664 bytes [19:52 10/09/2013] [19:52 10/09/2013] 0E0D84D4DC726EEB09628EA02AE03F47
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll.vir --a---- 39984 bytes [19:52 10/09/2013] [19:52 10/09/2013] 6E3B1F4CE53968AF5886E3E741E3D65E
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll.vir --a---- 2141744 bytes [19:52 10/09/2013] [19:52 10/09/2013] 719F338E3F48D2FDF73BDEB63AB4FC33
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll.vir --a---- 152112 bytes [19:52 10/09/2013] [19:52 10/09/2013] 0F8278C79144CD77BE930E93F6C008A0
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Windows.dll.vir --a---- 134704 bytes [19:52 10/09/2013] [19:52 10/09/2013] A879810F041A7C7960D62801C4530A04
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Workflow.dll.vir --a---- 204336 bytes [19:52 10/09/2013] [19:52 10/09/2013] 868B50DA08BF238C094ADE7912244101
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll.vir --a---- 5632 bytes [19:50 10/09/2013] [19:50 10/09/2013] 6FE947C555E6CB854DF21CA9106B0246
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] 517635E001D12589AC648E84261E5BE2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll.vir --a---- 5632 bytes [19:50 10/09/2013] [19:50 10/09/2013] 96EBBF0E58F926CC8207320AF2291CF7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 03610C356921C1E9483FB7EFD3072DE9
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll.vir --a---- 7168 bytes [19:50 10/09/2013] [19:50 10/09/2013] 9413A0A395EE333A6389AA532D0C5E27
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [19:50 10/09/2013] [19:50 10/09/2013] D8A7C09A4B9D1CBDCC7D354D836AB301
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] C2FFE1132955D5B80AD0EC02254C61EA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 95A635A221E94030CC3F5DB709D96B98
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 8AE737681465CE76D017600B97990D95
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll.vir --a---- 6656 bytes [19:50 10/09/2013] [19:50 10/09/2013] 802ECF38AC24B219F1062D187700B98B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [19:50 10/09/2013] [19:50 10/09/2013] 32F0F6734A539CE288E342C7FA1B0B65
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] A9DC1AF3E27753EBFA2BD58FB14C7DD1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] A94C77BCFF7667A48AEEC3850C36D52F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 8B0AA699BE8CA5F179CAEC6C6D10321A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 964026415F308C8722B3092F91DE503B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll.vir --a---- 11776 bytes [19:50 10/09/2013] [19:50 10/09/2013] 9F0F020841DAA7C62D1F2570D231078B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] D0D6EF270843BC2F0F2489AF58C045B0
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 269C967101E90DAC5581A71199488A51
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] E65ACE219149CB231BEE053D4962B1FA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll.vir --a---- 7168 bytes [19:50 10/09/2013] [19:50 10/09/2013] ACD95CC7CF5D9383AC2CDFA4E4C58559
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll.vir --a---- 11776 bytes [19:50 10/09/2013] [19:50 10/09/2013] 09C47417B94E55E603FD835772881C02
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] 567AE681C72B81E298D1BE56588F5675
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] F0293917B27579B5ADBD98C1E272373D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 59A4803ECAAFFE01FDAA259F8183D392
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll.vir --a---- 6656 bytes [19:50 10/09/2013] [19:50 10/09/2013] 091BCE1E19A5256D4F7F6C298D0A7CBB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [19:50 10/09/2013] [19:50 10/09/2013] 0CC7C11713B216E83A3A4C0764F25BA1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll.vir --a---- 5632 bytes [19:50 10/09/2013] [19:50 10/09/2013] ACEB48F277A4770612F6A254903697D3
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll.vir --a---- 6656 bytes [19:50 10/09/2013] [19:50 10/09/2013] 478AA27A69400DB487B9B28B2C348786
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll.vir --a---- 12288 bytes [19:50 10/09/2013] [19:50 10/09/2013] F8426E72497E8ADDC8884A3D97AAA2B1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] 463618179EB672685A3E1EFAF0971E99
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 13783F7B9933BF6D480E1007D5573B6B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 12DD66211E39DB1F24208F5D7F8ECF8D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll.vir --a---- 7168 bytes [19:50 10/09/2013] [19:50 10/09/2013] FF325CA18018FC84F5A464E09E88C1F2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js.vir --a---- 148 bytes [16:13 18/09/2013] [16:13 18/09/2013] 4FC8F32A6DB379F40F562754D0463F67
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk.vir --a---- 1132 bytes [16:13 18/09/2013] [16:13 18/09/2013] 775305071F65C6A6FCB6C377D7A3B03B
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\iminentbutton.png.vir --a---- 4589 bytes [16:13 18/09/2013] [22:20 05/09/2013] AAC16376AEF02465588FA38CA5FBDC07
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\iminentbutton_bg.png.vir --a---- 1131 bytes [16:13 18/09/2013] [22:20 05/09/2013] 04C6DE822710FED77B72069826D2DCAD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\bhp\iminent-logo.png.vir --a---- 1261 bytes [16:13 18/09/2013] [22:20 05/09/2013] FD46023ADE33BF26252CBD5D6D734E2F
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\ql\iminent_bookmark.png.vir --a---- 468 bytes [16:13 18/09/2013] [22:20 05/09/2013] 005E370F0DF2A5F3C61751DF5694EDA0
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\webbooster@iminent.com.xpi.vir --a---- 614544 bytes [16:13 18/09/2013] [22:23 05/09/2013] F342B94B1BDF3C943D34F9DE194DAAF2

Searching for "*JollyWallet*"
C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet-bg.exe --a---- 1052808 bytes [16:11 18/09/2013] [16:11 18/09/2013] E68645722949D26D785C7B1463E4EBEC
C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet.dll --a---- 702600 bytes [16:11 18/09/2013] [16:11 18/09/2013] 3C7B5D51015535A6C96C463513153629
C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet.exe --a---- 1052808 bytes [16:11 18/09/2013] [16:11 18/09/2013] E68645722949D26D785C7B1463E4EBEC
C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet.ico --a---- 9662 bytes [08:29 13/02/2013] [08:29 13/02/2013] 29F570AC2EE6063E171297959BD72CDF
C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet.ini --a---- 161 bytes [16:11 18/09/2013] [16:11 18/09/2013] 24018192C1F778439E7311E6353F8C49

Searching for "*kelkoopartners*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Sweetie*"
No files found.

Searching for "*Sweetim*"
C:\AdwCleaner\Quarantine\C\Users\Alan\Desktop\Continue SweetIM Installation.lnk.vir --a---- 2289 bytes [16:14 18/09/2013] [16:14 18/09/2013] 98BDC88FCE6E0C8BB21CA4405F3B78D7

Searching for "*SweetPacks*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
C:\Program Files (x86)\JDownloader\jd\plugins\hoster\DivShareCom.class --a---- 7464 bytes [15:30 24/12/2012] [15:38 24/12/2012] C904F0A889CFC1D0D7567FAE18E0F7C5
C:\Program Files (x86)\JDownloader\jd\plugins\hoster\MovShareNet.class --a---- 5011 bytes [15:30 24/12/2012] [15:41 24/12/2012] D50976EE34CB5B12F601A5BAAF20E292

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\ProgramData\WildTangent\Game Console - WildGames\UI\htdocs2\Common\product\babylonia d------ [00:10 29/09/2011]
C:\Users\All Users\WildTangent\Game Console - WildGames\UI\htdocs2\Common\product\babylonia d------ [00:10 29/09/2011]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\Conduit d------ [16:55 18/09/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*fantastigames*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Iminent d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Iminent d------ [16:55 18/09/2013]

Searching for "*JollyWallet*"
C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet d------ [16:11 18/09/2013]
C:\_OTL\MovedFiles\09272013_062025\C_Users\Alan\AppData\Local\JollyWallet d------ [16:11 18/09/2013]

Searching for "*kelkoopartners*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Sweetie*"
No folders found.

Searching for "*Sweetim*"
No folders found.

Searching for "*SweetPacks*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\SweetPacks d------ [16:55 18/09/2013]

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D8EF64479F1C24D4AAEAD5CB5E68506A"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D8EF64479F1C24D4AAEAD5CB5E68506A]
"File"="iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Conduit]

Searching for "datamngr"
No data found.

Searching for "fantastigames"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
@="{0.0.0.00000000}.{0f61f3d4-0a2a-4f53-8010-3e64ba82bd16}|\Device\HarddiskVolume2\Users\Alan\AppData\Local\Temp\IminentSetup.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\ro\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\Software\Iminent\WebBooster\Scripts\minibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\CurrentLcid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\f_in_box.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Loader\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\ApplicationProgramsFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\inst\msacm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IminentMessenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\Software\Iminent\WebBooster\Scripts\sslminibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\InstallationOwner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Windows.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.AxImp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\inst\main.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Data.SQLite.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Business.Connect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\SearchEngineOptin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\Mediator\Server\ProcPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Workflow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Mediator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\SysTray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="00:\iminent\URL Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\Assemblies\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Entity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Business.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"InstallSource"="C:\Users\Alan\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"DisplayName"="Iminent"
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
@="{0.0.0.00000000}.{0f61f3d4-0a2a-4f53-8010-3e64ba82bd16}|\Device\HarddiskVolume2\Users\Alan\AppData\Local\Temp\IminentSetup.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "JollyWallet"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Sweetie"
No data found.

Searching for "Sweetim"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\users\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\resources\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\ProgramData\SweetIM\Communicator\conf\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\ProgramData\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\ProgramData\SweetIM\Communicator\Logs\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"HelpLink"="http://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"URLInfoAbout"="http://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"URLUpdateInfo"="http://www.sweetim.com"

Searching for "SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SweetPacksUpdateManager.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"DisplayName"="Update Manager for SweetPacks 1.1"

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6]

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-


Files\Folders moved on Reboot...
C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » October 7th, 2013, 12:27 pm

Hello mal-an,
That's great news about the Firewall!!
a message popped up on Skype that said btvstack wants to use skype. I denied, of course. Heard of this?
BTvstack is used for Blue Tooth... if you use Blue Tooth accessories with your computer, it's OK to use.

OK... we're going to remove a lot of registry entries so please create a System Restore Point, as well as a TCRB backup, before you do anything else.


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Registry Backup (TCRB)
You should have still have this installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.


Step 3.
OTL - System Scan
You should still have this on your desktop, if so, ignore the download instructions.
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. When the window appears, make sure Include 64bit Scans is CHECKED.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy the following text... you're going to paste this into the OTL program...
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
    "@"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\inst\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\en\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\de\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\es\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\tr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\it\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\fr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\ro\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=-
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
    [HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
    "@"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\Bars\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\update\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\conf\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\conf\users\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\contentdb\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Communicator\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\resources\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Communicator\Logs\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Communicator\conf\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\"=-
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SweetPacksUpdateManager.exe]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
    -[HKEY_CURRENT_USER\Software\Trolltech]
    -[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech]

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  9. Please post the contents of report in your next reply.


Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Win 7 SRP and TCRB backup created successfully?
  3. OTL fix run output.
  4. Specifically, how is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » October 11th, 2013, 9:26 am

Hello...
It has been 3 or more days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
If, after 48 hrs., you have not replied to this thread... it will have to be closed!

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » October 11th, 2013, 2:38 pm

Hi Wingman,

Thanks for your patience. I will be able to do these fixes tonight or tomorrow morning. I appreciate your ongoing help.

Alan
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » October 12th, 2013, 10:30 am

OK, that's fine... I'll wait for your reply.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » October 12th, 2013, 11:50 am

Hi there. The Tweaking Backup numbers are not matching. I tried it a few times. Should I continue with OTL? Thanks!
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » October 12th, 2013, 12:27 pm

Go to Computer
Select the C:\ drive
You'll see a C:\RegBackup\ folder... open it and you'll see your Computer name folder... Open it.
You will see several folders with different Dates and Times... choose the most recent one, open that folder and open and copy the Log_Backup.txt file contents.
Paste the contents in your reply

If you successfully create a System Restore Point before running the TCRB step, then proceed with the OTL step.

Please post both the OTL log and the
Log_Backup file contents in your next reply.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » October 12th, 2013, 2:01 pm

Hi Wingman,

The OTL just hangs. I tried it twice. Here's the other log.

Thank you, Mal-an

[10/12/2013 - 8:45:34 AM] System Variables
[10/12/2013 - 8:45:35 AM] --------------------------------------------------------------------------------
[10/12/2013 - 8:45:35 AM] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
[10/12/2013 - 8:45:35 AM] VSS exe To Use: vss_7_64.exe
[10/12/2013 - 8:45:35 AM] Windows Drive: C:
[10/12/2013 - 8:45:35 AM] Windows Folder: Windows
[10/12/2013 - 8:45:35 AM] Windows Path: C:\Windows
[10/12/2013 - 8:45:35 AM] Registry File Location: C:\Windows\System32\Config
[10/12/2013 - 8:45:35 AM] Current Profile: C:\Users\Alan
[10/12/2013 - 8:45:35 AM] Current Profile SID: S-1-5-21-334125316-4088546140-4129291110-1000
[10/12/2013 - 8:45:35 AM] Current Profile Classes: S-1-5-21-334125316-4088546140-4129291110-1000_Classes
[10/12/2013 - 8:45:35 AM] Profiles Location: C:\Users
[10/12/2013 - 8:45:35 AM] Profiles Location 2: C:\Windows\ServiceProfiles
[10/12/2013 - 8:45:35 AM] Local Settings AppData: AppData\Local
[10/12/2013 - 8:45:35 AM] Computer Name: AL-LAPTOP
[10/12/2013 - 8:45:35 AM] OS: Microsoft Windows 7 Home Premium (64-bit)
[10/12/2013 - 8:45:35 AM] OS Architecture: 64-bit
[10/12/2013 - 8:45:35 AM] OS Version: 6.1.7601
[10/12/2013 - 8:45:35 AM] OS Service Pack: Service Pack 1
[10/12/2013 - 8:45:35 AM] --------------------------------------------------------------------------------

[10/12/2013 - 8:45:35 AM] Backup Location: C:\RegBackup\

[10/12/2013 - 8:45:35 AM] Starting: C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe -log:C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\Log_Vss.txt -vssexe:vss_7_64.exe

[10/12/2013 - 8:45:35 AM] Waiting for Volume Shadow Copy snapshot...

[10/12/2013 - 8:46:38 AM] Auto Delete Old Backups Enabled, Working...
[10/12/2013 - 8:46:38 AM] --------------------------------------------------------------------------------
[10/12/2013 - 8:46:38 AM] --------------------------------------------------------------------------------

[10/12/2013 - 8:46:38 AM] Starting Backup...

[10/12/2013 - 8:46:38 AM] Files To Backup:
[10/12/2013 - 8:46:38 AM] --------------------------------------------------------------------------------
[10/12/2013 - 8:46:38 AM] C:\Windows\System32\Config\components
[10/12/2013 - 8:46:38 AM] C:\Windows\System32\Config\default
[10/12/2013 - 8:46:38 AM] C:\Windows\System32\Config\sam
[10/12/2013 - 8:46:38 AM] C:\Windows\System32\Config\security
[10/12/2013 - 8:46:38 AM] C:\Windows\System32\Config\software
[10/12/2013 - 8:46:38 AM] C:\Windows\System32\Config\system
[10/12/2013 - 8:46:38 AM] C:\Users\Alan\AppData\Local\Microsoft\Windows\UsrClass.dat
[10/12/2013 - 8:46:38 AM] C:\Users\Alan\ntuser.dat
[10/12/2013 - 8:46:38 AM] C:\Users\Default User\ntuser.dat
[10/12/2013 - 8:46:38 AM] C:\Users\Default\ntuser.dat
[10/12/2013 - 8:46:38 AM] C:\Windows\ServiceProfiles\LocalService\ntuser.dat
[10/12/2013 - 8:46:38 AM] C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
[10/12/2013 - 8:46:38 AM] --------------------------------------------------------------------------------

[10/12/2013 - 8:46:38 AM] Backing Up Files...:
[10/12/2013 - 8:46:38 AM] --------------------------------------------------------------------------------
[10/12/2013 - 8:46:38 AM] Backing Up File: C:\Windows\System32\Config\components
[10/12/2013 - 8:46:38 AM] Result: Failed - Error: 112: There is not enough space on the disk.


[10/12/2013 - 8:46:38 AM] Backing Up File: C:\Windows\System32\Config\default
[10/12/2013 - 8:46:38 AM] Result: Successful (512 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Windows\System32\Config\default

[10/12/2013 - 8:46:39 AM] Backing Up File: C:\Windows\System32\Config\sam
[10/12/2013 - 8:46:39 AM] Result: Successful (256 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Windows\System32\Config\sam

[10/12/2013 - 8:46:39 AM] Backing Up File: C:\Windows\System32\Config\security
[10/12/2013 - 8:46:39 AM] Result: Successful (256 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Windows\System32\Config\security

[10/12/2013 - 8:46:39 AM] Backing Up File: C:\Windows\System32\Config\software
[10/12/2013 - 8:46:39 AM] Result: Failed - Error: 112: There is not enough space on the disk.


[10/12/2013 - 8:46:39 AM] Backing Up File: C:\Windows\System32\Config\system
[10/12/2013 - 8:46:39 AM] Result: Failed - Error: 112: There is not enough space on the disk.


[10/12/2013 - 8:46:39 AM] Backing Up File: C:\Users\Alan\AppData\Local\Microsoft\Windows\UsrClass.dat
[10/12/2013 - 8:46:39 AM] Result: Successful (4,864 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Users\Alan\AppData\Local\Microsoft\Windows\UsrClass.dat

[10/12/2013 - 8:46:39 AM] Backing Up File: C:\Users\Alan\ntuser.dat
[10/12/2013 - 8:46:40 AM] Result: Failed - Error: 112: There is not enough space on the disk.


[10/12/2013 - 8:46:40 AM] Backing Up File: C:\Users\Default User\ntuser.dat
[10/12/2013 - 8:46:40 AM] Result: Successful (256 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Users\Default User\ntuser.dat

[10/12/2013 - 8:46:40 AM] Backing Up File: C:\Users\Default\ntuser.dat
[10/12/2013 - 8:46:40 AM] Result: Successful (256 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Users\Default\ntuser.dat

[10/12/2013 - 8:46:40 AM] Backing Up File: C:\Windows\ServiceProfiles\LocalService\ntuser.dat
[10/12/2013 - 8:46:40 AM] Result: Successful (256 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Windows\ServiceProfiles\LocalService\ntuser.dat

[10/12/2013 - 8:46:40 AM] Backing Up File: C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
[10/12/2013 - 8:46:40 AM] Result: Successful (256 KB) - C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\C\Windows\ServiceProfiles\NetworkService\ntuser.dat

[10/12/2013 - 8:46:40 AM] --------------------------------------------------------------------------------

[10/12/2013 - 8:46:40 AM] Creating DOS restore bat file for use in the Windows Recovery Console:
[10/12/2013 - 8:46:40 AM] --------------------------------------------------------------------------------
[10/12/2013 - 8:46:40 AM] Already Exists: C:\Windows\tweaking.com-regbackup-AL-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat for use in the dos_restore.cmd file
[10/12/2013 - 8:46:40 AM] Done: C:\RegBackup\AL-LAPTOP\10.12.2013_8.45.34-AM\dos_restore.cmd
[10/12/2013 - 8:46:40 AM] --------------------------------------------------------------------------------
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » October 12th, 2013, 3:38 pm

As you can see from the log you posted... there is not enough room on your disk to contain the backup files.

In looking at an earlier scan it reflects C: is FIXED (NTFS) - 57 GiB total, 5.045 GiB free.
That's less than 10% free space... Windows needs at least 15% free space in order to perform some tasks correctly. Many helpers recommend 20-25% free space. Looking at your other drives, there is not much room on these either.
You should seriously look into freeing up some space on the main drive. Any personal photos or documents, music, etc... should be moved to an external drive.
Please examine your C:\ drive to see what can be moved from it to allow more space...
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » October 20th, 2013, 11:11 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 307 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware