Fluffermine-D trojan infection

**ken545** · 2013-11-25, 18:22

Were going to run the Clean option, you can uncheck searchprotect, thats sometimes flagged as bad

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

**ReveurGAM** · 2013-11-26, 00:47

# AdwCleaner v3.013 - Report created 26/11/2013 at 06:38:21
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Roligio - ROLIGIO-HP
# Running from : C:\Users\Roligio\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Roligio\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Roligio\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Roligio\AppData\LocalLow\boost_interprocess
[x] Not Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\Extensions\browserprotect@browserprotect.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\invalidprefs.js
File Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Line Deleted : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7015 octets] - [25/11/2013 22:26:50]
AdwCleaner[S0].txt - [7095 octets] - [26/11/2013 06:38:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7155 octets] ##########

**ReveurGAM** · 2013-11-26, 01:02

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Starter x86
Ran by Roligio on 26/11/2013 at 6:49:54,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\system32\sho109C.tmp
Successfully deleted: [File] C:\Windows\system32\sho1168.tmp
Successfully deleted: [File] C:\Windows\system32\sho2327.tmp
Successfully deleted: [File] C:\Windows\system32\sho2811.tmp
Successfully deleted: [File] C:\Windows\system32\sho2E72.tmp
Successfully deleted: [File] C:\Windows\system32\sho47EC.tmp
Successfully deleted: [File] C:\Windows\system32\sho4EF2.tmp
Successfully deleted: [File] C:\Windows\system32\sho4FF6.tmp
Successfully deleted: [File] C:\Windows\system32\sho5021.tmp
Successfully deleted: [File] C:\Windows\system32\sho77C6.tmp
Successfully deleted: [File] C:\Windows\system32\sho77DE.tmp
Successfully deleted: [File] C:\Windows\system32\sho7DA4.tmp
Successfully deleted: [File] C:\Windows\system32\sho8946.tmp
Successfully deleted: [File] C:\Windows\system32\sho976A.tmp
Successfully deleted: [File] C:\Windows\system32\shoA6AF.tmp
Successfully deleted: [File] C:\Windows\system32\shoA828.tmp
Successfully deleted: [File] C:\Windows\system32\shoE6D8.tmp
Successfully deleted: [File] C:\Windows\system32\shoEAF5.tmp
Successfully deleted: [File] C:\Windows\system32\shoFAB2.tmp
Successfully deleted: [File] C:\Windows\system32\shoFE42.tmp

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{0128CF19-4A38-41A1-9FBD-3F1B1E3C4FD7}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{0296E9F1-C3CB-48E4-8412-CD7170D8AAC9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{045BEE8D-7F67-4CFF-AC64-91A2945FED26}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{04E55107-F7E0-4C19-A23F-FBD30E8AC5C4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{05268B9C-FB52-49A4-8E5B-E8EAF836B426}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{05448E6B-F202-43CC-84F0-23A3094E0055}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{06EDDA9C-6217-4E69-BD3D-163800EEE16D}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{08B0905B-5590-4A83-BACD-9F0A1CE23303}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{093D6ADF-B871-44E3-AD54-1B151EEEC2AC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{09A8A5B8-E196-4EA0-B740-BA7AFA58479E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{0F9AFB78-70B5-4156-B075-209F05D01FA6}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1064D8DB-A2BC-46DC-8295-BBCFDAE7D336}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1323A1EF-C1A7-4803-BAD1-239D8BEA6679}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1567FF82-94F3-43A2-962D-0F807DB1968E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{16DF5DD3-96B0-497B-963F-611DBFEFD857}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1913FB5B-E7A0-4135-8ABB-0DBED1B04D82}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{198E6352-9758-4A86-8474-CD4677E52078}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1A16891D-539A-4928-A561-808F6B761A75}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1AC5AB22-2E84-43F0-A577-F4E958AF54CE}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1B75F818-6936-4332-BB13-2D75B6E4F18F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1C6EA360-404F-420E-BCAE-D80F2E0FB0BD}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1D9996D3-B7E1-426C-B5C1-5A1CD3D8ECD5}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1E407C6F-5EE2-41E6-ABA2-10361E73DD71}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1E6B8F84-1FA6-43CD-A4E8-360A49BFF525}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{2273E87F-C46E-4CDD-AD3C-34D16AD0A905}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{227CD2FE-98DE-4BC8-83A8-84B3DAA89D02}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{23CD21F1-E146-49DB-969A-682431FB5515}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{2466AC9B-6424-4F0C-9E8C-B54AC3732925}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{2F7D247D-3343-44D4-9898-DD101CE19BBF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{31EB6618-B132-408E-AEF3-0F775BA3AEF0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{32A4B776-63D1-4E9B-AD73-D68474C8C4FD}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{35F4CEE4-22C7-4A56-A496-655D5C4861CB}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{395F1C78-4EE6-4D84-B058-154AA2DE8D5B}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{3CFAFA7D-8641-4C7A-A1A9-948BD30CF947}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{3E0AC1CE-38EC-490F-AB92-CEE867A47ABF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{405303BD-1742-487D-BC6E-24E7DE596BFA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{41025E12-E654-4647-95D0-34A99AF3EC7E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{416461D6-D8BB-4273-A945-5FDB17C8DE09}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{454D3CB0-780B-437C-98AB-4556A4BCA98F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{4E9116F3-36A3-437F-8173-F9CFD23706DB}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{508BCEBA-0710-47F4-9736-107EE1AE663F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{51F5694E-F0E0-4E2B-82AF-525415623247}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{52D5576E-4A6E-484A-9DA0-F18DB3E21F45}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{54FE3CA1-1DE4-4430-B4C5-9842DCFE6E45}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{567C897A-D88B-4D58-85C7-3FCE04A10C8C}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{59E3F4CD-371E-4B7C-AC57-5FCF046B4803}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{5CAD006B-49E0-492C-B43B-F6B4725BCE80}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{62FA7D66-1FF0-4E2E-A58E-E8A7159B28B0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{62FFA95B-CAAD-49BA-BA60-042950BEA060}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{6CB1C167-59FD-4E16-A375-DA1803350504}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{74174967-0F42-4413-9151-D626C79539DC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{749F3478-8468-4A4F-A2AB-88F130B9AFAA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{7571CBEC-2DEB-4C8D-9E20-F071E09B68CE}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{78BEF714-E33A-4928-897D-81B0A07BD5DA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{8175CC32-5E26-4C69-8680-E3B837912511}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{837C9322-6C9D-41CC-B7FB-DE7BFD7AB1FF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{848583F2-00AA-4802-B11A-D349C8A010D4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{86050653-CDD0-4A9C-AAD8-F9E8155196A0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{87BC4845-00EC-47C5-A8BD-F46342B9F0A4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{894C3FFD-0189-4A0F-A492-721EFC4DC597}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{8A27CF09-5D3E-47B8-9BD5-5576CA5F7F13}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{91498B06-0E6A-47C1-B7CB-A3D4E861E701}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{95755BB5-CE8E-4141-8FEC-14D0E5691CB9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{97CA6C7B-67D7-4393-8034-9CC98C34F28F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{98168EF1-644E-40E4-9819-04AEDF2093B9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{99D3CDAA-EE65-455D-A0EA-717449CDFE55}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{9A16CB8F-FAE9-4F14-9772-9631A9443F7A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A37B5743-0374-4F5A-B934-B64C4A32477E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A6676400-393A-411B-A790-4F0E02CADDF9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A695FBDE-04B3-4031-B95C-54B8191B2C6B}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A8A2AE4E-B34F-4D57-BA80-9CAFBECEC63E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A90A3981-BEA5-4277-A5E7-7A0BA329972F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A962D936-F5A3-4835-BDD2-DB9D1B0A45EB}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A99679CF-4893-4CEC-B0B2-CE851C3D0360}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{ADED006A-F0E7-45F6-B94D-A4639C1FA4A0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{AF97B9B4-5E9F-4087-927F-4BE837E141F9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B2FAA972-B7FE-47AD-AC81-B9400DE3D795}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B6BC8B7F-FBE7-4EF7-819F-7FF497455BFF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B7336F90-759C-407E-8529-C43547C10503}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B99EBC62-EA86-4FE7-B9B8-016D83C65226}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{BE5D26BC-C3BC-4067-AA35-ED5C1D3B6F4F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C0A8A07D-A0F8-4D35-966A-CEECEEFB16DC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C1F1EB25-7662-4E31-988D-F94F8A289CAE}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C9700CCE-DB0C-4B46-BD1A-653FAD9396EA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C9EA5C57-C901-45BE-ADA5-CD99150CBEA8}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{CCADE91F-5208-4FE9-A76E-4251A5AD1F7A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{CE602CC7-62B2-4EA6-88EB-4647EDA5231F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{CF1AE137-4B81-4D36-BEF4-ED6E4DF20349}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{D00AFAC6-3D48-4E9C-9C3E-65B98E1BD0E4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{D193B513-6C4A-4FC1-B89D-05FA31FAECAF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{D883BA26-ABCE-4553-9A2A-2DDDF374F03A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DD32CA6D-EB60-450B-8390-9A74363A939D}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DDF5B2CC-798F-426F-AA29-DB464867500A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DF2B696B-798B-4CD3-8E8B-CEB44C0812BF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DF3594FD-5C84-4502-AF13-DD11A7207EFA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{E41B3E34-01FC-4D45-B6E2-ED7925854452}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{E456AFAD-6294-4A8A-AD1F-9B6E2DCE0B81}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{E5BD974F-7BDA-433C-9F88-D7C3C6F73055}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{EA1B78D3-3F74-4FDA-863A-EA5FEB1396A1}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{EC61FF21-0D8C-470E-B0C1-89E02F0725BC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{EDB140DE-78F6-49B2-9D27-CCE0164DC204}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F23FD1BD-3F12-4FC1-8210-7990D7032A5A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F46DF804-99AD-4192-A95D-48DCA3DC41F6}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F5E3547E-AE85-43A0-8004-29A041E2E63B}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F80B9548-3277-448D-A994-922A5465350C}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F9E265AF-07EE-4E73-A935-110F25ADAA42}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{FD5175EA-B74B-4551-817D-8E4EF69D8715}

~~~ FireFox

Successfully deleted: [File] C:\Users\Roligio\AppData\Roaming\mozilla\firefox\profiles\7zvcof2w.default\extensions\browserprotect@browserprotect.com.xpi
Successfully deleted the following from C:\Users\Roligio\AppData\Roaming\mozilla\firefox\profiles\7zvcof2w.default\prefs.js

user_pref("extensions.TrafficLightSettings.an", "1");
user_pref("extensions.TrafficLightSettings.date", "14 November 2013");
user_pref("extensions.TrafficLightSettings.firstTime", "3");
user_pref("extensions.TrafficLightSettings.hour", "17");
user_pref("extensions.TrafficLightSettings.ls_social", "0");
user_pref("extensions.TrafficLightSettings.ph_sign", "/****************************************************************************************\r\n****************************
Emptied folder: C:\Users\Roligio\AppData\Roaming\mozilla\firefox\profiles\7zvcof2w.default\minidumps [91 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/11/2013 at 6:56:47,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**ken545** · 2013-11-26, 02:11

Lets use OTL to check for leftovers and we can also use it to remove that bad proxy, so go ahead and run a new scan and post the log, dont knock yourself out looking for the extra log, you only get that in the first run.

**ReveurGAM** · 2013-11-26, 07:05

OTL logfile created on: 26/11/2013 10:17:53 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roligio\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,48% Memory free
3,98 Gb Paging File | 2,30 Gb Available in Paging File | 57,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,70 Gb Total Space | 78,26 Gb Free Space | 27,59% Space Free | Partition Type: NTFS
Drive D: | 14,10 Gb Total Space | 1,54 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive E: | 99,00 Mb Total Space | 87,41 Mb Free Space | 88,29% Space Free | Partition Type: FAT32
Drive G: | 931,51 Gb Total Space | 248,64 Gb Free Space | 26,69% Space Free | Partition Type: NTFS

Computer Name: ROLIGIO-HP | User Name: Roligio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Roligio\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Windows\DrvUtils.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe ()
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
PRC - C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe ()

========== Services (SafeList) ==========

SRV - (vToolbarUpdater17.1.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (CDMA Device Utility and Service) -- C:\Windows\DrvUtils.exe ()
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (tctusbser) -- system32\DRIVERS\tctusbser.sys File not found
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (via_cdc_acm) -- C:\Windows\System32\drivers\VIA_USB_SER.sys (VIA Telecom)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VIA_USB_ETS) -- C:\Windows\System32\drivers\VIA_USB_ETS.sys (Via Telecom, Inc.)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (fcusbser) -- C:\Windows\System32\drivers\fcusbser.sys (BM)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/88
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B9fb8c270-7124-11dd-ad8b-0800200c9a66%7D:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: %7Be6c4c3ef-3d4d-42d6-8283-8da73c53a283%7D:2.6.1
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B1ced4832-f06e-413f-aa14-9eb63ad40ace%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: wikilook%40testpilot:2.7.0
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.7
FF - prefs.js..extensions.enabledAddons: trafficlight%40bitdefender.com:0.2.16
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@fancyguo.com/FancyGame,version=1.0.0.1: C:\Users\Roligio\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/12 17:42:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 12:32:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 12:32:41 | 000,000,000 | ---D | M]

[2012/10/15 11:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Extensions
[2013/11/26 06:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions
[2013/11/01 21:33:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/07/27 14:23:44 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\donottrackplus@abine.com
[2013/08/16 23:01:29 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013/05/12 15:40:28 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\anticontainer@downthemall.net.xpi
[2013/11/10 19:07:32 | 000,343,543 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\artur.dubovoy@gmail.com.xpi
[2013/05/20 08:27:20 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\customization@adblockplus.org.xpi
[2013/05/20 08:27:26 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/05/12 15:40:17 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\gmailnoads@mywebber.com.xpi
[2013/07/27 14:32:10 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/05/18 01:46:59 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2013/11/13 07:48:44 | 000,921,410 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\trafficlight@bitdefender.com.xpi
[2013/05/20 09:15:34 | 000,169,939 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\wikilook@testpilot.xpi
[2013/11/24 09:13:26 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/05/20 09:15:34 | 000,018,589 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi
[2013/05/20 09:15:34 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013/05/12 15:40:17 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013/05/12 15:40:16 | 000,023,197 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi
[2013/10/10 11:21:29 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 09:15:33 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/05/12 15:40:16 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/20 09:15:33 | 000,062,136 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi
[2013/05/12 15:40:16 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/11/16 12:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/16 12:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/16 12:33:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/12 17:42:05 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: DownloadAll = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke\2.1.1_0\
CHR - Extension: WOT = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.3.1_0\
CHR - Extension: YouTube = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search All = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.2.5_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: AdBlock = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: avast! Online Security = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Disconnect = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: Google Wallet = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\941e05c1-dbbd-4769-9e24-24d1a874f7e7.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86B1ABA0-7739-4F8B-A0A9-5830396DF100}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F662485A-1E48-424D-92AF-2CEB26B9F4FA}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8c57d54e-9113-11e2-9ccf-9cb70dfba991}\Shell - "" = AutoRun
O33 - MountPoints2\{8c57d54e-9113-11e2-9ccf-9cb70dfba991}\Shell\AutoRun\command - "" = E:\Windows\autorun.exe
O33 - MountPoints2\{c4f01af2-bef1-11e2-905d-9cb70dfba991}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f01af2-bef1-11e2-905d-9cb70dfba991}\Shell\AutoRun\command - "" = E:\.\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 06:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/25 22:26:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/16 12:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/16 00:36:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/16 00:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/14 23:18:59 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/14 23:18:56 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/14 23:18:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/14 23:18:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/14 23:18:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/14 23:18:51 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/14 23:18:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/14 23:18:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/14 23:18:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/14 23:18:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/14 20:10:11 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/11/14 11:56:10 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/14 11:56:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/14 06:55:34 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/14 06:55:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/14 04:20:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/14 04:20:25 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/12 17:54:26 | 000,000,000 | ---D | C] -- C:\Users\Roligio\AppData\Roaming\AVAST Software
[2013/11/12 17:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/11/12 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/26 11:24:54 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 11:18:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 07:24:19 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 06:50:06 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 06:50:06 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 06:43:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/11/26 06:42:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRoligio.job
[2013/11/26 06:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 06:42:06 | 1601,409,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 08:52:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/21 08:52:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/16 00:35:09 | 000,001,074 | ---- | M] () -- C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/16 00:34:51 | 000,000,875 | ---- | M] () -- C:\Users\Roligio\Desktop\ERUNT.lnk
[2013/11/14 20:10:20 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/13 20:57:47 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/12 17:42:28 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/12 17:42:02 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/12 17:42:02 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/12 17:42:02 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/12 17:42:02 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/12 17:42:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/12 17:42:02 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/12 17:42:02 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/12 17:42:01 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/12 17:42:01 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/12 17:42:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/12 17:08:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/11/12 17:06:56 | 000,001,549 | ---- | M] () -- C:\Users\Roligio\Desktop\DivX Movies.lnk
[2013/11/12 17:06:33 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/11/12 17:05:41 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2013/11/11 01:56:25 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/11/11 01:55:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/08 11:53:14 | 000,013,654 | ---- | M] () -- C:\Users\Roligio\Documents\Processing Types.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/16 00:35:09 | 000,001,074 | ---- | C] () -- C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/16 00:34:51 | 000,000,875 | ---- | C] () -- C:\Users\Roligio\Desktop\ERUNT.lnk
[2013/11/14 20:10:20 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/14 20:10:20 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/13 20:57:45 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/12 17:06:33 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/11/08 11:53:13 | 000,013,654 | ---- | C] () -- C:\Users\Roligio\Documents\Processing Types.rtf
[2013/09/26 21:31:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/06/01 20:10:33 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/06/01 20:10:32 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/06/01 20:10:32 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/06/01 20:10:19 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/05/24 11:08:19 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/05/20 15:58:19 | 000,006,656 | ---- | C] () -- C:\Users\Roligio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/16 12:11:11 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/05/09 15:33:00 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ClsCoInstaller.dll
[2013/05/09 15:32:55 | 000,198,144 | ---- | C] () -- C:\Windows\DrvUtils.exe
[2013/05/08 18:29:11 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/08 18:29:11 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/10/12 14:51:36 | 000,000,159 | ---- | C] () -- C:\Windows\System32\eSy_Link.ini
[2012/03/01 16:41:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/30 17:03:28 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/12/30 16:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 08:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/21 17:16:29 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Auslogics
[2013/11/12 17:54:26 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\AVAST Software
[2013/08/13 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\calibre
[2013/05/16 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\DAEMON Tools Lite
[2013/09/19 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\IDT
[2013/06/18 13:22:40 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\OpenOffice.org
[2013/10/09 20:14:50 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Oracle
[2013/06/15 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\runic games
[2013/06/13 11:55:20 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Skip-Bo
[2012/10/05 15:40:38 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\SoftGrid Client
[2012/10/05 15:14:31 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Synaptics
[2012/10/05 15:21:02 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\TP
[2013/06/18 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\WildTangent
[2013/06/12 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Windows Live Writer
[2013/05/08 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\WinPatrol

========== Purity Check ==========

< End of report >

**ken545** · 2013-11-26, 12:39

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

**ReveurGAM** · 2013-11-26, 16:19

All processes killed
========== OTL ==========
HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Roligio\Downloads\cmd.bat deleted successfully.
C:\Users\Roligio\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Roligio
->Java cache emptied: 358406 bytes

Total Java Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Roligio
->Temp folder emptied: 7965858 bytes
->Temporary Internet Files folder emptied: 36159011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106706209 bytes
->Google Chrome cache emptied: 273608427 bytes
->Flash cache emptied: 1556 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10715514 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8895552 bytes
RecycleBin emptied: 516564094 bytes

Total Files Cleaned = 916,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11262013_212756

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

**ken545** · 2013-11-26, 16:41

Good, you have Malwarebytes installed, open it, go to the update tab and update it, then just run the Quick scan, if it picks up entries than post the log , if it comes back with no threats found then let me know.

How is your system behaving now ??

**ReveurGAM** · 2013-11-26, 17:27

Well, when I restarted my computer (as per your OTL script), as often happens now, it hung on a black screen. I turned it off (7 sec. depression of power button) then turned it on, which pushed it into the system repair feature, after which I turned it off and on, and it hung again. I did it one more time and was able to get into Windows. I suspect this is because several months ago I was using System Restore points a lot, going back and forth.

MBAM didn't find anything. Have you actually identified any sort of infection at this point, or is it just PUPs?

BTW, thanks for your speedy responses! I'm going to bed now, so see you tomorrow morning.

FYI, there is a bug on this forum. I don't know if it's actually the forum, or a problem with an extension on FF, or something else, but if I am working on a reply and the software times me out (logs me off), when I select "post" (not knowing that I've been logged out), I then log in to finish posting it and I am taken to a blank screen - and, as I just discovered, my message doesn't get posted although the web address includes "post reply" in it.

Namaste, peace & love,
Glenn

**ken545** · 2013-11-26, 18:02

Glenn,

Just turn your computer on and off normally a few times, it may straighten that out.
Pressing and holding the power button for a few seconds in not a good habit to get into, just should be used for emergencies, I know, sometimes we need to use it. If this happens quite often I can link you to a windows forum that may be able to sort that out

Your logs look clean, nothing to worry about.

As far as the forum, does this just happen with FF or with IE as well ?

The last fix with OTL cleared out all your old restore points and created a new one. Dont know what to tell you, a friend in town had some windows issues using Win 7, first thing I did was to use System Restore to see if it would fix it and after the restore it would not start, had to work on fixing that also.

Thread: Fluffermine-D trojan infection

Thread Tools

Display

AdwCleaner[S0]

JRT log

OTL Log

OTL fix log

MBAM results

Posting Permissions