All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2291903390-1110412475-1538417202-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-21-2291903390-1110412475-1538417202-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\google\google~1\goec62~1.dll deleted successfully. Prefs.js: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 removed from extensions.enabledItems Prefs.js: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 removed from extensions.enabledItems Prefs.js: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6 removed from extensions.enabledItems C:\Program Files\Mozilla Firefox\searchplugins\RealDesktop.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\RealDesktop.xml.bak moved successfully. C:\Program Files\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404} folder moved successfully. C:\Documents and Settings\All Users\Application Data\ZwankySearch folder moved successfully. C:\WINDOWS\system32\drivers\str(2).sys moved successfully. ADS C:\WINDOWS\Temp:temp deleted successfully. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Local Page"|"C:\\Windows\\system32\\blank.htm" /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E : value set successfully! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully. HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E : value set successfully! Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully. HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E : value set successfully! Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 67584568 bytes ->Temporary Internet Files folder emptied: 265207 bytes ->Flash cache emptied: 480 bytes User: All Users User: Default User ->Temp folder emptied: 60950976 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 396 bytes User: Downloads User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 2936317 bytes User: Mariola ->Temp folder emptied: 755287192 bytes ->Temporary Internet Files folder emptied: 8701108 bytes ->Java cache emptied: 63546910 bytes ->FireFox cache emptied: 265786107 bytes ->Flash cache emptied: 3799644 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1774384 bytes User: Obcy ->Temp folder emptied: 62234396 bytes ->Temporary Internet Files folder emptied: 22273585 bytes ->FireFox cache emptied: 98725663 bytes ->Flash cache emptied: 5771 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 10223633 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 27651136 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198264767 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1 574,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11282011_214232 Files\Folders moved on Reboot... Registry entries deleted on Reboot...