All processes killed ========== SERVICES/DRIVERS ========== Service fezerlvfwslirm stopped successfully! Service fezerlvfwslirm deleted successfully! ========== FILES ========== C:\Windows\System32\ommarmcc.exe moved successfully. C:\Windows\System32\mssic-ocd.dll moved successfully. C:\Windows\System32\mssAn-ern.dll moved successfully. C:\Windows\System32\mswin-oce.dll moved successfully. C:\Users\kasia\AppData\Local\Tempab2176.html moved successfully. C:\Users\kasia\AppData\Local\Tempbg1972.html moved successfully. C:\Users\kasia\AppData\Local\Tempbq4000.html moved successfully. C:\Users\kasia\AppData\Local\Tempdi4000.html moved successfully. C:\Users\kasia\AppData\Local\TempeA5164.html moved successfully. C:\Users\kasia\AppData\Local\TempES5168.html moved successfully. C:\Users\kasia\AppData\Local\TempFo3552.html moved successfully. C:\Users\kasia\AppData\Local\TempGn3612.html moved successfully. C:\Users\kasia\AppData\Local\TempHy2260.html moved successfully. C:\Users\kasia\AppData\Local\TempJV1320.html moved successfully. C:\Users\kasia\AppData\Local\TempkP1988.html moved successfully. C:\Users\kasia\AppData\Local\TempKR4032.html moved successfully. C:\Users\kasia\AppData\Local\TempLe1972.html moved successfully. C:\Users\kasia\AppData\Local\TempLr2660.html moved successfully. C:\Users\kasia\AppData\Local\TempMq5372.html moved successfully. C:\Users\kasia\AppData\Local\Tempnb5168.html moved successfully. C:\Users\kasia\AppData\Local\TempnN5372.html moved successfully. C:\Users\kasia\AppData\Local\Tempnx2860.html moved successfully. C:\Users\kasia\AppData\Local\TempPI4032.html moved successfully. C:\Users\kasia\AppData\Local\TempqM2852.html moved successfully. C:\Users\kasia\AppData\Local\TempQW2260.html moved successfully. C:\Users\kasia\AppData\Local\TemprE3624.html moved successfully. C:\Users\kasia\AppData\Local\TempRy5164.html moved successfully. C:\Users\kasia\AppData\Local\TempsE1700.html moved successfully. C:\Users\kasia\AppData\Local\TempTF2852.html moved successfully. C:\Users\kasia\AppData\Local\TempTj2660.html moved successfully. C:\Users\kasia\AppData\Local\TempUl1320.html moved successfully. C:\Users\kasia\AppData\Local\Tempvv1700.html moved successfully. C:\Users\kasia\AppData\Local\Tempwq2284.html moved successfully. C:\Users\kasia\AppData\Local\TempXJ2284.html moved successfully. C:\Users\kasia\AppData\Local\TempXQ2160.html moved successfully. C:\Users\kasia\AppData\Local\TempyH3552.html moved successfully. C:\Users\kasia\AppData\Local\TempYU1988.html moved successfully. C:\Users\kasia\AppData\Local\Tempzx2860.html moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml moved successfully. C:\Users\kasia\AppData\Roaming\Mozilla\Firefox\Profiles\xoyskti5.default\searchplugins\askcom.xml moved successfully. C:\Users\kasia\AppData\Roaming\Mozilla\Firefox\Profiles\xoyskti5.default\searchplugins\BearShareWebSearch.xml moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. ========== OTL ========== Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: true removed from browser.search.useDBForOrder Registry value HKEY_USERS\S-1-5-21-518432049-2676681056-226125985-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CF418B05-72F5-4CCA-96D5-D39EA22BE927} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF418B05-72F5-4CCA-96D5-D39EA22BE927}\ not found. Registry value HKEY_USERS\S-1-5-21-518432049-2676681056-226125985-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: kasia ->Flash cache emptied: 43479 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: kasia ->Temp folder emptied: 20018615 bytes ->Temporary Internet Files folder emptied: 20001766 bytes ->Java cache emptied: 78235875 bytes ->FireFox cache emptied: 36598495 bytes ->Google Chrome cache emptied: 7041600 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 431626 bytes RecycleBin emptied: 990096 bytes Total Files Cleaned = 156,00 mb OTL by OldTimer - Version 3.2.20.1 log created on 01142011_214130 Files\Folders moved on Reboot... C:\Users\kasia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D1T9XSZZ\2643-infekcja-pendrva-zablokowane-centrum-zabezpieczen[1].htm moved successfully. C:\Users\kasia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully. C:\Users\kasia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...