All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Firewall deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\userinit deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsUpdate deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WinUpdate deleted successfully. C:\Documents and Settings\Admin\Dane aplikacji\WinUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\WinUpdaterstd deleted successfully. C:\WINDOWS\WinUpdaterstd\svchost.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A36B739-1B6D-4045-A75A-3D7C052933B4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A36B739-1B6D-4045-A75A-3D7C052933B4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9072AC87-57D3-44AB-B6F4-A691016E6498}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9072AC87-57D3-44AB-B6F4-A691016E6498}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A99E08DD-7A2F-4705-B98F-4B9227163510}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A99E08DD-7A2F-4705-B98F-4B9227163510}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ not found. Prefs.js: "Web Search" removed from browser.search.defaultengine Prefs.js: "Web Search" removed from browser.search.defaultenginename Prefs.js: "IMVU Inc Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "Web Search" removed from browser.search.order.1 Prefs.js: "http://startsear.ch/?aff=2&cf=e41015be-04c3-11e1-89b7-001d7db8d6de" removed from browser.startup.homepage Prefs.js: DTToolbar@toolbarnet.com:1.1.7.0190 removed from extensions.enabledItems Prefs.js: {707db484-2428-402d-afb5-d85b387544c7}:3.3.3.2 removed from extensions.enabledItems Prefs.js: radiobar@toolbar:1.0.0 removed from extensions.enabledItems Prefs.js: {30488549-5379-4FBE-9492-1CFA0593F1CD}:1.0 removed from extensions.enabledItems Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2 removed from extensions.enabledItems Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: "http://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=" removed from keyword.URL Prefs.js: "Web Search..." removed from sweetim.toolbar.previous.browser.search.defaultenginename Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}" removed from sweetim.toolbar.previous.browser.search.defaulturl Prefs.js: "http://www.searchqu.com/406" removed from browser.startup.homepage ========== FILES ========== C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\searchplugin folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\modules folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\META-INF folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\defaults folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\chrome folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\searchplugin folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\modules folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\META-INF folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\defaults folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\chrome folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} folder moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\ask.xml moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\conduit.xml moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\daemon-search.xml moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\SearchResults.xml moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\startsear.xml moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\sweetim.xml moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\web-search.xml moved successfully. C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8xeiksq8.default\searchplugins\winamp-search.xml moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 1203508 bytes ->Temporary Internet Files folder emptied: 6439629 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6046288 bytes ->Google Chrome cache emptied: 11037364 bytes ->Flash cache emptied: 796 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 132648 bytes Total Files Cleaned = 24,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07162012_212509 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...