All processes killed
========== FILES ==========
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\n2ee12q3co7aih moved successfully.
C:\Documents and Settings\All Users\Application Data\n2ee12q3co7aih moved successfully.
C:\WINDOWS\Pyozoyusiku.bin moved successfully.
C:\WINDOWS\Qbeyu.dat moved successfully.
C:\WINDOWS\System32\hohumaho moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files\Zynga\prxtbZyn0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files\Zynga\prxtbZyn0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}\ not found.
File C:\Program Files\Zynga\prxtbZyn0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 11724 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 73163 bytes
->FireFox cache emptied: 25629623 bytes
->Flash cache emptied: 1217 bytes
User: HP_Owner
->Temp folder emptied: 4590158 bytes
->Temporary Internet Files folder emptied: 832323 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 248401719 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 6926 bytes
User: Jeff(2)
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 42543 bytes
->Flash cache emptied: 29952 bytes
User: Owner
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 114688 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162041 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 267.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Guest
->Java cache emptied: 0 bytes
User: HP_Owner
->Java cache emptied: 0 bytes
User: Jeff(2)
User: LocalService
User: NetworkService
->Java cache emptied: 0 bytes
User: Owner
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Guest
->Flash cache emptied: 0 bytes
User: HP_Owner
->Flash cache emptied: 0 bytes
User: Jeff(2)
User: LocalService
User: NetworkService
->Flash cache emptied: 0 bytes
User: Owner
Total Flash Files Cleaned = 0.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01012012_135905
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Owner\Local Settings\Temp\Perflib_Perfdata_d64.dat not found!
Registry entries deleted on Reboot...[/color]
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f73311e21d83444a8565bff3919d8f53
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-01 11:58:17
# local_time=2012-01-01 05:58:17 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=115734
# found=2
# cleaned=0
# scan_time=10932
C:\Documents and Settings\HP_Owner\Application Data\AVG\Rescue\PC Tuneup 2011\111229015510250.rsc Java/Exploit.Agent.NAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\HP_Owner\My Documents\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.
Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.
...
...
...
...
Failed to open \\?\c:\\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\localhost\DOCUME~1: Access is denied.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.
...
...
...
...
...
...
...
...
...
...
...
...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
...
...
...
...
...
...
...
...
...
...
...
.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Aladdin Systems\InternetCleanup: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Aladdin Systems\StuffIt: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\FaxCtr\FAXLOG32.CDX: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\FaxCtr\FAXLOG32.DBF: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\FaxCtr\FAXLOG32.FPT: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\ICAClient\APPSRV.INI: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\ICAClient\Cache: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\ICAClient\UISTATE.INI: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\ICAClient\wfcwin32.log: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\InterMute\SpySubtract: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Leadertech\PowerRegister: Access is denied.
.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Address Book\HP_Owner.wab: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4274570368-3287487078-2089279940-1009\6d9f885ff3fdfa045240d2f597187bce_b8ed6499-9c73-46fc-bae3-52f81158fb65: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\HTML Help\hh.dat: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Office\Recent\bc on us.f1f.yahoofs.com.url: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Office\Recent\index.dat: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-4274570368-3287487078-2089279940-1009\b4fdeee7-149b-4777-966d-cce295ca906f: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-4274570368-3287487078-2089279940-1009\Preferred: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\Motive\Acme: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\MSNInstaller\cProductInfo.xml: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Application Data\MSNInstaller\msninstallerlog.xml: Access is denied.
.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\HP\Digital Imaging: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IsolatedStorage\0hnh3l35.myv: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Movie Maker\MEDIATAB.DAT: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012005052520050526(2)\index.dat: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012005052520050526(4)\index.dat: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\My Documents\Jeff\Bike+Miles.xls: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\My Documents\Jeff\BMONEY.xls: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\My Documents\Jeff\BUDGET.xls: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\My Documents\Jeff\LPayroll.xls: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\My Documents\Jeff\RETIRE.xls: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\My Documents\Jeff\TAX2004.xls: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\UserData\4XEJGH2V: Access is denied.
Failed to open \\?\c:\\WINDOWS\system32\config\systemprofile\UserData\index.dat: Access is denied.
...
...