Hi Sarpton,

I don’t see nothing “essential” in the logs except the various crap files. Why do you think you’re infected?

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3936099400-2982841587-4011832546-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3936099400-2982841587-4011832546-1000\..\URLSearchHook: {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3936099400-2982841587-4011832546-1000\..\SearchScopes\{8F8DB2D7-105D-4502-AF30-B587CD9A3D7E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3299568&CUI=UN40301065426403261&UM=2
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN25951711121565173&ctid=CT3299568&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN25951711121565173&UM=2
CHR - homepage: http://search.conduit.com/?ctid=CT3299568&SearchSource=48&CUI=UN25951711121565173&UM=2
O2 - BHO: (entrusted11 Toolbar) - {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll (Conduit Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (entrusted11 Toolbar) - {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3936099400-2982841587-4011832546-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3936099400-2982841587-4011832546-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3936099400-2982841587-4011832546-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3936099400-2982841587-4011832546-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
 
:Files
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\entrusted11
ipconfig /flushdns /c

:Commands
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

========= then ==========

Follow this instructions from here:
http://forum.avast.com/index.php?topic=53253.0

Run and attach here AdwCleaner, Malwarebytes and aswMBR logs