2012-01-26, 02:56

ProxyServer = socks <--Did you set and use this proxy and if so what do you use it for ?

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

2012-01-27, 23:04
I do not ever recall specifically changing proxy settings. I recall looking at them once, and using a proxy website when voting for something I didn't want the website having my IP number, but that's all. I didn't go altering things intentionally.


2012-01-28, 00:49
Lets run a few more programs

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

2012-01-29, 00:55
The Malware Bytes log:

2012-01-29, 00:56
OTL Log:

2012-01-29, 00:58
OTL "Extras" Log:

2012-01-29, 01:45

Is this a company computer ?

2012-01-29, 06:27
No, this is a home computer. No working from home, either.

I don't recall ever visiting either website, and I don't think the other users of the computer have any reason visiting them either.

2012-01-29, 12:18
Good Morning,

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
IE - HKU\S-1-5-21-1220945662-796845957-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,http://www.plimus.com,regnow.com,www...w.com,;*.local
IE - HKU\S-1-5-21-1220945662-796845957-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0



ipconfig /flushdns /c

[start explorer]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

2012-01-30, 07:14
Alright, this first one is the OTL Scan with the special code:

2012-01-30, 07:14
This is the second, fresh OTL scan:

2012-01-30, 11:24
Good Morning,

Things running any better ?

2012-01-31, 01:48
ESET didn't give me the option of seeing/saving a log file. After the scan, it only gave me the option to finish.

The computer seems to be loading faster, so that's good. The automatic update is still disabled. In the icon tray, it comes up as the red shield with an 'X' and says that Automatic Updates is turned off. If I try to turn it back on from the 'Windows Security Center' window, it says that can't be turned on from there, and that I need to go to Control Panel/System and turn it on there. When I go to the Automatic Updates tab of the System menu, it says that Automatic Update is on.

2012-01-31, 02:20
This is what I would do, post here at our sister site for help with Automatic Updates . I will keep this thread open for you so post back and let me know how it went. You can link them to this thread so they can see what we have done.


2012-01-31, 07:43
OK, thank you so much Ken. You helped me big time.


2012-01-31, 10:51

See you when you return

2012-02-08, 00:06
Everything is all fixed now, so you can close the thread here.

2012-02-08, 00:46
Wonderful :bigthumb:

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?

