All processes killed ========== FILES ========== C:\Program Files\My applications folder moved successfully. C:\Users\Piotrek\AppData\Local\Tempau2172.html moved successfully. C:\Users\Piotrek\AppData\Local\TempAZU812.html moved successfully. C:\Users\Piotrek\AppData\Local\TempBC3392.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempbkv540.html moved successfully. C:\Users\Piotrek\AppData\Local\TempCC2208.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempdj1792.html moved successfully. C:\Users\Piotrek\AppData\Local\TempdJ3432.html moved successfully. C:\Users\Piotrek\AppData\Local\TempDk2208.html moved successfully. C:\Users\Piotrek\AppData\Local\TempeF5320.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempfr3564.html moved successfully. C:\Users\Piotrek\AppData\Local\TempGNK812.html moved successfully. C:\Users\Piotrek\AppData\Local\TempHn2368.html moved successfully. C:\Users\Piotrek\AppData\Local\TempIc4012.html moved successfully. C:\Users\Piotrek\AppData\Local\TempioC852.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempiy1348.html moved successfully. C:\Users\Piotrek\AppData\Local\TempIy5080.html moved successfully. C:\Users\Piotrek\AppData\Local\TempJq2268.html moved successfully. C:\Users\Piotrek\AppData\Local\TempKg3432.html moved successfully. C:\Users\Piotrek\AppData\Local\TemplD1932.html moved successfully. C:\Users\Piotrek\AppData\Local\TemplO3252.html moved successfully. C:\Users\Piotrek\AppData\Local\TempLo5320.html moved successfully. C:\Users\Piotrek\AppData\Local\TempMc3192.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempmg3564.html moved successfully. C:\Users\Piotrek\AppData\Local\TempMS5744.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempnf3748.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempnm5240.html moved successfully. C:\Users\Piotrek\AppData\Local\TempNO2268.html moved successfully. C:\Users\Piotrek\AppData\Local\TempOM1608.html moved successfully. C:\Users\Piotrek\AppData\Local\TempoT4012.html moved successfully. C:\Users\Piotrek\AppData\Local\TempPa1932.html moved successfully. C:\Users\Piotrek\AppData\Local\TempPL5744.html moved successfully. C:\Users\Piotrek\AppData\Local\TempPP3392.html moved successfully. C:\Users\Piotrek\AppData\Local\TempQe1348.html moved successfully. C:\Users\Piotrek\AppData\Local\TempqgM540.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempri3868.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempsr1608.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempsx5952.html moved successfully. C:\Users\Piotrek\AppData\Local\TempuA3748.html moved successfully. C:\Users\Piotrek\AppData\Local\TempuS5080.html moved successfully. C:\Users\Piotrek\AppData\Local\TempVO2172.html moved successfully. C:\Users\Piotrek\AppData\Local\Tempvu3252.html moved successfully. C:\Users\Piotrek\AppData\Local\TempwR5240.html moved successfully. C:\Users\Piotrek\AppData\Local\TempXH5952.html moved successfully. C:\Users\Piotrek\AppData\Local\TempYN3192.html moved successfully. C:\Users\Piotrek\AppData\Local\TempYz1792.html moved successfully. C:\Users\Piotrek\AppData\Local\TempZf3868.html moved successfully. C:\Users\Piotrek\AppData\Local\TempZuR852.html moved successfully. ========== OTL ========== Service vista stopped successfully! Service vista deleted successfully! File C:\Program Files\My applications\vista.sys not found. Service o1394bul stopped successfully! Service o1394bul deleted successfully! File C:\Users\Piotrek\AppData\Local\Temp\o1394bul.sys not found. Service EverestDriver stopped successfully! Service EverestDriver deleted successfully! File G:\JLU\NRC_TEST\Everest_Ultimate_5.00.1673b_Portable\kerneld.wnt not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\ComboFix\catchme.sys not found. Service btwaudio stopped successfully! Service btwaudio deleted successfully! File C:\Windows\System32\drivers\btwaudio.sys not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys not found. Prefs.js: "Winamp Search" removed from browser.search.defaultenginename Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\f2rtbrwe.default\searchplugins\winamp-search.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-3266407316-3741902626-688742045-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-C39E-35F1D2A32EC8} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}\ not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Maciek ->Flash cache emptied: 2842 bytes User: Piotrek ->Flash cache emptied: 1954106 bytes User: Public Total Flash Files Cleaned = 2,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Maciek ->Temp folder emptied: 36722874 bytes ->Temporary Internet Files folder emptied: 2055800 bytes ->Java cache emptied: 12118713 bytes ->FireFox cache emptied: 84173382 bytes ->Flash cache emptied: 0 bytes User: Piotrek ->Temp folder emptied: 72374950 bytes ->Temporary Internet Files folder emptied: 23825820 bytes ->Java cache emptied: 50226779 bytes ->FireFox cache emptied: 44206500 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8814054 bytes RecycleBin emptied: 414446 bytes Total Files Cleaned = 319,00 mb OTL by OldTimer - Version 3.2.20.1 log created on 01042011_162108 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...