Conduit Redirect

M

Melbee

New Member
Thread author
Aug 16, 2013
2
0
1
46
So in the last month I'm having problems with redirects. They seem to be Conduit, and BeesQ. I've tried the simple things such as running CC Cleaner, UnInstalling, and running Malware, but I think I have a bigger problems on my hands with Roots/Trojans. Any help you can give me would be really appreciated!
 

Attachments

Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN62753224376711629&UM=2&ctid=CT3309758
IE - HKCU\..\SearchScopes\{96FC3743-190E-4316-9EBD-42573AD134BC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q=
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN26994649939650276&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN26994649939650276&UM=2&q="
FF - prefs.js..browser.search.defaultenginename: "TrustWorthy Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "TrustWorthy Customized Web Search"
[2013/08/16 09:36:06 | 000,000,999 | ---- | M] () -- C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\searchplugins\conduit.xml
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN35977758353241520&ctid=CT3309758&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN35977758353241520&UM=2
CHR - homepage: http://search.conduit.com/?ctid=CT3309758&SearchSource=48&CUI=UN35977758353241520&UM=2
[2013/07/28 22:59:01 | 000,000,000 | ---D | C] -- C:\Users\Melbee\AppData\Local\Conduit
[2013/07/28 22:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

:Commands
[EMPTYTEMP]
Click to expand...

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Next, Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply
 
Thanks for helping me with this! Here are the results:
# AdwCleaner v2.306 - Logfile created 08/16/2013 at 17:18:57
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Melbee - MR_FANTASTIC
# Boot Mode : Normal
# Running from : C:\Users\Melbee\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\searchplugins\delta.xml
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Melbee\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Melbee\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\jetpack
Folder Deleted : C:\Users\Melbee\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309758
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\prefs.js

C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\user.js ... Deleted !

Deleted : user_pref("CT3303001_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309758&octid=CT330975[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309758");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "4ced4cef00000000000090e6baca2627");
Deleted : user_pref("extensions.delta.instlDay", "15831");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1613:39:29");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Deleted : user_pref("smartbar.machineId", "2MR2QY9FHDUQPBIJU9KCKYQCAZ4MX+BCPSGBIYVY0GLEDBIYQIHLHW5+J2QDVLHYGGT[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Melbee\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.72] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.75] : keyword = "search.conduit.com",
Deleted [l.79] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN35[...]
Deleted [l.80] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]
Deleted [l.2718] : homepage = "hxxp://search.conduit.com/?ctid=CT3309758&SearchSource=48&CUI=UN35977758353241520&UM[...]
Deleted [l.3535] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3309758&SearchSource=48&CUI[...]

*************************

AdwCleaner[R1].txt - [33221 octets] - [09/10/2012 13:15:36]
AdwCleaner[R2].txt - [36131 octets] - [27/01/2013 19:46:26]
AdwCleaner[R3].txt - [2276 octets] - [23/07/2013 14:52:38]
AdwCleaner[S1].txt - [36723 octets] - [27/01/2013 19:46:52]
AdwCleaner[S2].txt - [2312 octets] - [23/07/2013 14:53:08]
AdwCleaner[S3].txt - [6048 octets] - [16/08/2013 17:18:57]

########## EOF - C:\AdwCleaner[S3].txt - [6108 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Melbee on Fri 08/16/2013 at 18:32:03.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\startnow toolbar"
Successfully deleted: [Folder] "C:\Users\Melbee\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{101758F4-6A4A-4BF7-9578-B96338C5E1B0}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{10A785D3-EE9E-4E74-AD22-55545D2AF7CA}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{249A60BB-7B16-4C66-BD8D-56DB1C2E4328}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{2B33B948-EFD7-4663-AAD6-8802F75A3CCD}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{4DB02853-589C-4D5C-A501-4E1C99EB24AE}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{5B1F3A71-56CD-4880-B5BF-356B1D726CEB}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{68938339-31DE-4B98-AF11-B3553C953A0D}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{964BA085-A1BC-443B-BBD6-44D077315C7D}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{A72FD78E-3DAF-400B-9466-48E592BEF236}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{AA79BF5D-9E17-40DE-AC10-AEDC61A7AB9F}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{B0C616F7-C4C9-49AB-85D2-D2C2192EF695}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{D0A32925-52A1-4F9A-A01E-D60EA17F6C3A}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{DCF06D7F-2B39-4C6D-A3A4-92DF6831C25F}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{EE075814-4890-4414-89FA-E798DBDD9F5A}
Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{FC158D91-7A8F-4D61-B373-DDB5B6B85BB6}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\extensions\kfxtbfbvkt@kfxtbfbvkt.org.xpi [Tracur]
Successfully deleted: [File] C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\invalidprefs.js
Successfully deleted the following from C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\prefs.js

user_pref("extensions.crossrider.bic", "13810fd64f8a2f5ee563b179c7eac559");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}
Emptied folder: C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\minidumps [22 files]



~~~ Chrome

Dumping contents of C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default\aadededcdgdidbdedggfgbdadegbdade
C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default\aadededcdgdidbdedggfgbdadegbdade\manifest.json

Successfully deleted: [Folder] C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/16/2013 at 18:37:07.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96FC3743-190E-4316-9EBD-42573AD134BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96FC3743-190E-4316-9EBD-42573AD134BC}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN26994649939650276&UM=2&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN26994649939650276&UM=2&q=" removed from keyword.URL
Prefs.js: "TrustWorthy Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "TrustWorthy Customized Web Search" removed from browser.search.defaultthis.engineName
File C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\search​plugins\conduit.xml not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
C:\Users\Melbee\AppData\Local\Conduit folder moved successfully.
C:\Program Files (x86)\Conduit\CT3309758\plugins folder moved successfully.
C:\Program Files (x86)\Conduit\CT3309758 folder moved successfully.
C:\Program Files (x86)\Conduit\CT3303001\plugins folder moved successfully.
C:\Program Files (x86)\Conduit\CT3303001 folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Melbee
->Temp folder emptied: 91704093 bytes
->Temporary Internet Files folder emptied: 5651045 bytes
->Java cache emptied: 2991697 bytes
->FireFox cache emptied: 87484720 bytes
->Google Chrome cache emptied: 334777466 bytes
->Flash cache emptied: 6671 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83410027 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328155 bytes
RecycleBin emptied: 43281387088 bytes

Total Files Cleaned = 41,895.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08162013_170647

Files\Folders moved on Reboot...
C:\Users\Melbee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000000112F2CFDDB58DDB31 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Any more redirect?

Please download Malwarebytes' Anti-Malware from here to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

You may also like...