All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\find\command\\""|hex(2):"%SystemRoot%\Explorer.exe" /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\stationshell.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rave32.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\manageruser.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\kbdirwow.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\driverlocal.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\divxdec_040732.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\clsidclient.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\kbddvwow.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\support@predictad.com deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\\ffxtlbr@recfree.com not found. ========== FILES ========== C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} moved successfully. C:\WINDOWS\3809538126 moved successfully. C:\WINDOWS\System32\crash moved successfully. C:\Program Files\mozilla firefox\components\SiteVacuumXPCOM.dll moved successfully. C:\Program Files\mozilla firefox\components\SuperSearchXPCOM.dll moved successfully. C:\Program Files\mozilla firefox\searchplugins\SiteVacuum.xml moved successfully. C:\Program Files\mozilla firefox\searchplugins\SiteVacuum1.xml moved successfully. C:\Program Files\mozilla firefox\searchplugins\bingober35951218.xml moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\4vlat66x.default\searchplugins\Ask.xml moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\4vlat66x.default\searchplugins\mywebsearch.xml moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\EasySearch\BHO\FFExt\chrome\content folder moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\EasySearch\BHO\FFExt\chrome folder moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\EasySearch\BHO\FFExt folder moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\EasySearch\BHO folder moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\EasySearch folder moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\download folder moved successfully. C:\Documents and Settings\Kosturkiewicz Marcin\Dane aplikacji\drivers folder moved successfully. ========== OTL ========== Service ndisrd stopped successfully! Service ndisrd deleted successfully! File C:\WINDOWS\system32\drivers\ndisrd.sys not found. Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm012YYPL&ptb=YQylcJhP4IgFn6ytu3pAaQ&psa=&ind=2010062413&ptnrS=ZKxdm012YYPL&si=142522&st=kwd&n=77cf1e4d&searchfor=" removed from keyword.URL Prefs.js: supersearch@supersearch.com:3.5 removed from extensions.enabledItems HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully! HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully! HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully! HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully! HKU\S-1-5-21-854245398-1957994488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\download deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-21-854245398-1957994488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-854245398-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully. Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. Registry value HKEY_USERS\S-1-5-21-854245398-1957994488-682003330-1004_Classes\exefile\shell\open\command\\'' updated successfully. Registry key HKEY_USERS\S-1-5-21-854245398-1957994488-682003330-1004_Classes\.exe\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-854245398-1957994488-682003330-1004_Classes\exefile\ deleted successfully. HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default User User: Kosturkiewicz Marcin ->Flash cache emptied: 159469 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Kosturkiewicz Marcin ->Temp folder emptied: 114345 bytes ->Temporary Internet Files folder emptied: 20607410 bytes ->Java cache emptied: 9999611 bytes ->FireFox cache emptied: 328809491 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 712704 bytes %systemroot%\System32 .tmp files removed: 3913088 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 404929 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 348,00 mb OTL by OldTimer - Version 3.2.29.1 log created on 09222011_210337 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\Perflib_Perfdata_5dc.dat not found! File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...