All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\AutorunsDisabled\\Policies deleted successfully. Registry value HKEY_USERS\S-1-5-21-3988037778-3744486593-1573704443-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. Registry value HKEY_USERS\S-1-5-21-3988037778-3744486593-1573704443-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\AutorunsDisabled\\Policies deleted successfully. C:\Documents and Settings\Grzesiek\Dane aplikacji\spynet folder moved successfully. C:\Documents and Settings\Jasiek.OPTIMUS-E8F663A\Dane aplikacji\PriceGong\Data folder moved successfully. C:\Documents and Settings\Jasiek.OPTIMUS-E8F663A\Dane aplikacji\PriceGong folder moved successfully. C:\Documents and Settings\Jasiek.OPTIMUS-E8F663A\Dane aplikacji\spynet folder moved successfully. C:\Documents and Settings\Jasiek.OPTIMUS-E8F663A\Dane aplikacji\Toolbar4 folder moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\PriceGong\Data folder moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\PriceGong folder moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\Toolbar4 folder moved successfully. Folder C:\Documents and Settings\PiotrŚwiderski\Dane aplikacji\spynet\ not found. C:\Documents and Settings\Ula\Dane aplikacji\PriceGong\Data folder moved successfully. C:\Documents and Settings\Ula\Dane aplikacji\PriceGong folder moved successfully. C:\Documents and Settings\Ula\Dane aplikacji\spynet folder moved successfully. C:\Documents and Settings\Ula\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully. C:\Documents and Settings\Ula\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully. C:\Documents and Settings\Ula\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully. C:\Documents and Settings\Ula\Dane aplikacji\Toolbar4 folder moved successfully. C:\Documents and Settings\Jasiek.OPTIMUS-E8F663A\Dane aplikacji\logs.dat moved successfully. C:\Documents and Settings\Jasiek.OPTIMUS-E8F663A\Dane aplikacji\Mozilla\Firefox\Profiles\kg6izoq0.default\searchplugins\daemon-search.xml moved successfully. C:\Documents and Settings\Jasiek.OPTIMUS-E8F663A\Dane aplikacji\Mozilla\Firefox\Profiles\kg6izoq0.default\searchplugins\winamp-search.xml moved successfully. C:\WINDOWS\system32\drivers\dadswuj.sys moved successfully. C:\WINDOWS\yttupax.dll moved successfully. Prefs.js: "Winamp Search" removed from browser.search.defaultenginename Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Registry value HKEY_USERS\S-1-5-21-3988037778-3744486593-1573704443-1019\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found. Registry value HKEY_USERS\S-1-5-21-3988037778-3744486593-1573704443-1019\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. File oft XML Parser for Java "file:///C:/WINDOWS/Java/classes/xmldso.cab" not found. Starting removal of ActiveX control Microsoft XML Parser for Java " Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java "\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java "\ not found. Service ThreatFire stopped successfully! Service ThreatFire deleted successfully! Service ServiceLayer stopped successfully! Service ServiceLayer deleted successfully! ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default User ->Flash cache emptied: 56504 bytes User: Grzesiek ->Flash cache emptied: 184402 bytes User: Jasiek ->Flash cache emptied: 21575 bytes User: Jasiek.OPTIMUS-E8F663A ->Flash cache emptied: 437388 bytes User: Jasiek1 ->Flash cache emptied: 382 bytes User: JASIEK~1~OPT User: LocalService User: NetworkService User: Piotr ->Flash cache emptied: 4447 bytes User: Ula ->Flash cache emptied: 6196 bytes Total Flash Files Cleaned = 1,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Grzesiek ->Temp folder emptied: 783005972 bytes ->Temporary Internet Files folder emptied: 71859461 bytes ->Java cache emptied: 1782486 bytes ->FireFox cache emptied: 148041346 bytes ->Google Chrome cache emptied: 195109511 bytes ->Flash cache emptied: 0 bytes User: Jasiek ->Temp folder emptied: 213276771 bytes ->Temporary Internet Files folder emptied: 35461601 bytes ->Java cache emptied: 200219 bytes ->FireFox cache emptied: 90700329 bytes ->Google Chrome cache emptied: 13407510 bytes ->Flash cache emptied: 0 bytes User: Jasiek.OPTIMUS-E8F663A ->Temp folder emptied: 15814139280 bytes ->Temporary Internet Files folder emptied: 75470006 bytes ->Java cache emptied: 27164507 bytes ->FireFox cache emptied: 109545317 bytes ->Google Chrome cache emptied: 59521653 bytes ->Apple Safari cache emptied: 200704 bytes ->Flash cache emptied: 0 bytes User: Jasiek1 ->Temp folder emptied: 408354801 bytes ->Temporary Internet Files folder emptied: 358633 bytes ->FireFox cache emptied: 2954489 bytes ->Flash cache emptied: 0 bytes User: JASIEK~1~OPT User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 5130770 bytes User: NetworkService ->Temp folder emptied: 37092 bytes ->Temporary Internet Files folder emptied: 930829 bytes User: Piotr ->Temp folder emptied: 87034412 bytes ->Temporary Internet Files folder emptied: 227788797 bytes ->Java cache emptied: 3328344 bytes ->FireFox cache emptied: 3663941 bytes ->Google Chrome cache emptied: 232197815 bytes ->Apple Safari cache emptied: 85514240 bytes ->Flash cache emptied: 0 bytes User: Ula ->Temp folder emptied: 16756804 bytes ->Temporary Internet Files folder emptied: 19815603 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 88209199 bytes ->Google Chrome cache emptied: 218888455 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 63781672 bytes %systemroot%\System32 .tmp files removed: 637427932 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 225025598 bytes RecycleBin emptied: 3926503787 bytes Total Files Cleaned = 22 786,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02152011_164342 Files\Folders moved on Reboot... Registry entries deleted on Reboot...