All processes killed ========== OTL ========== HKU\S-1-5-21-72814418-561482441-332074820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "qooqlle" removed from browser.search.selectedEngine Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Readar_sl deleted successfully. C:\Users\Ewelina\AppData\Roaming\Readar_sl.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TunesHelper deleted successfully. C:\ProgramData\TunesHelper.exe moved successfully. C:\Users\Ewelina\AppData\Roaming\Mozilla\Firefox\Profiles\38bpqtse.default\searchplugins\search.xml moved successfully. C:\ProgramData\SMYRQXPAV folder moved successfully. C:\ProgramData\8ecdee7\SMAVSys folder moved successfully. C:\ProgramData\8ecdee7\Quarantine Items folder moved successfully. C:\ProgramData\8ecdee7\BackUp folder moved successfully. C:\ProgramData\8ecdee7 folder moved successfully. ========== FILES ========== C:\Users\Ewelina\AppData\Local\Tempdqt444.html moved successfully. C:\Users\Ewelina\AppData\Local\TempEC1552.html moved successfully. C:\Users\Ewelina\AppData\Local\TempIw1552.html moved successfully. C:\Users\Ewelina\AppData\Local\TempmT3436.html moved successfully. C:\Users\Ewelina\AppData\Local\Tempmy5676.html moved successfully. C:\Users\Ewelina\AppData\Local\TempNL4220.html moved successfully. C:\Users\Ewelina\AppData\Local\TempNXK936.html moved successfully. C:\Users\Ewelina\AppData\Local\Tempol4072.html moved successfully. C:\Users\Ewelina\AppData\Local\TempQz4072.html moved successfully. C:\Users\Ewelina\AppData\Local\Temprd3436.html moved successfully. C:\Users\Ewelina\AppData\Local\TemprG4568.html moved successfully. C:\Users\Ewelina\AppData\Local\TempRKl444.html moved successfully. C:\Users\Ewelina\AppData\Local\TemptO5676.html moved successfully. C:\Users\Ewelina\AppData\Local\TempvP2324.html moved successfully. C:\Users\Ewelina\AppData\Local\TempWU4704.html moved successfully. C:\Users\Ewelina\AppData\Local\TempYC4704.html moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4FB8FD40-7C36-43B6-B695-B40137398244}C:\programdata\8ecdee7\sm8ecd_231.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5FF38A71-8D66-4E81-AA63-A11103352AE5}C:\programdata\8ecdee7\sm8ecd_231.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{783873DD-7A95-4533-AADE-7FF26D2955E6}C:\program files\sopcast\adv\sopadver.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BA23BEBC-5321-453C-B1E6-38480131C616}C:\program files\sopcast\adv\sopadver.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1590CFF0-385E-48F1-92B1-7D9B7C1251F2}C:\program files\sopcast\adv\sopadver.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{97F181DD-87FC-4484-AEB6-A86681BE33B9}C:\programdata\8ecdee7\sm8ecd_231.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9DD6D3AF-B45A-4EDE-8EE9-D6486CFA6E84}C:\program files\sopcast\adv\sopadver.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B285B38C-AD2C-4D39-84EF-F724BD6ADF33}C:\programdata\8ecdee7\sm8ecd_231.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Ewelina ->Flash cache emptied: 29034 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ewelina ->Temp folder emptied: 2917502 bytes ->Temporary Internet Files folder emptied: 830004 bytes ->Java cache emptied: 7803 bytes ->FireFox cache emptied: 99145281 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22382 bytes RecycleBin emptied: 101887 bytes Total Files Cleaned = 98,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02272011_133710 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...