========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully. Prefs.js: "http://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuyBtD0FtAzyyDtAyDyBzytAtA0E0FyByD0FtN0D0TzutBtDtCtCtDzztCyE&cr=455734634" removed from browser.startup.homepage Folder move failed. C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\xulrunner@yoono.com scheduled to be moved on reboot. Folder move failed. C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome scheduled to be moved on reboot. Folder move failed. C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A882320-BDD0-4ff4-BE3A-D8BAF82668E9}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. 64bit-Registry value HKEY_USERS\S-1-5-21-1115849333-2882087070-3583721905-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-21-1115849333-2882087070-3583721905-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ not found. ========== FILES ========== [color=#A23BEC]< ipconfig /flushdns /c >[/color] Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Zinja\Desktop\cmd.bat deleted successfully. C:\Users\Zinja\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Default ->Flash cache emptied: 56468 bytes User: McAfeeMVSUser User: Public User: Zinja ->Flash cache emptied: 1412719 bytes Total Flash Files Cleaned = 1.00 mb Error creating restore point. OTL by OldTimer - Version 3.2.26.5 log created on 08172011_170822 Files\Folders moved on Reboot... Folder move failed. C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\xulrunner@yoono.com scheduled to be moved on reboot. Folder move failed. C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome scheduled to be moved on reboot. Folder move failed. C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome scheduled to be moved on reboot. Folder move failed. C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} scheduled to be moved on reboot. Registry entries deleted on Reboot...