All processes killed ========== OTL ========== Prefs.js: "Yahoo" removed from browser.search.defaultenginename Prefs.js: "Yahoo" removed from browser.search.defaulturl Prefs.js: "Yahoo" removed from browser.search.order.1 Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: "http://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=PL&install_date=20110930&user_guid=3EA6E2D53DD24D22A764F659A2B95741&machine_id=dfe4347e8d07937be1388b65e48979e9&browser=FF&os=win&os_version=6.1-x64-SP0" removed from browser.startup.homepage Prefs.js: "http://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=PL&install_date=20110930&user_guid=3EA6E2D53DD24D22A764F659A2B95741&machine_id=dfe4347e8d07937be1388b65e48979e9&browser=FF&os=win&os_version=6.1-x64-SP0&q=" removed from keyword.URL File C:\Users\Madzia\AppData\Roaming\Mozilla\Firefox\Profiles\bds41t4u.default\searchplugins\search.xml not found. File C:\Users\Madzia\AppData\Roaming\Mozilla\Firefox\Profiles\bds41t4u.default\searchplugins\yahoo-zugo.xml not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D81AF43-DE53-48D0-A199-42C2A226B24C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D81AF43-DE53-48D0-A199-42C2A226B24C}\ not found. ========== FILES ========== [color=#A23BEC]< rd /s /q C:\FRST /C >[/color] C:\Users\Madzia\Desktop\cmd.bat deleted successfully. C:\Users\Madzia\Desktop\cmd.txt deleted successfully. [color=#A23BEC]< rd /s /q C:\Windows\ERDNT /C >[/color] C:\Users\Madzia\Desktop\cmd.bat deleted successfully. C:\Users\Madzia\Desktop\cmd.txt deleted successfully. [color=#A23BEC]< del /q C:\Windows\SetACL.exe /C >[/color] C:\Users\Madzia\Desktop\cmd.bat deleted successfully. C:\Users\Madzia\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Madzia ->Temp folder emptied: 12432 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01182012_142828 Files\Folders moved on Reboot... C:\Users\Madzia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot...