All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-4182308462-1003076708-3753380735-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. C:\Program Files\Search Settings\kb127\SearchSettings.dll moved successfully. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. File C:\Program Files\Search Settings\kb127\SearchSettings.dll not found. Registry value HKEY_USERS\S-1-5-21-4182308462-1003076708-3753380735-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Program Files\Search Settings\SearchSettings.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Nokia FastStart deleted successfully. Registry value HKEY_USERS\S-1-5-21-4182308462-1003076708-3753380735-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet deleted successfully. Registry value HKEY_USERS\S-1-5-21-4182308462-1003076708-3753380735-1003\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully. Registry value HKEY_USERS\S-1-5-21-4182308462-1003076708-3753380735-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Software Informer deleted successfully. Registry value HKEY_USERS\S-1-5-21-4182308462-1003076708-3753380735-1003\Software\Microsoft\Windows\CurrentVersion\Run\\VoipBuster deleted successfully. Registry value HKEY_USERS\S-1-5-21-4182308462-1003076708-3753380735-1003\Software\Microsoft\Windows\CurrentVersion\Run\\VoipCheapCom deleted successfully. C:\Users\Jagoda i Michał\AppData\Roaming\Mozilla\Firefox\Profiles\mvdcob2s.default\searchplugins\askcom.xml moved successfully. C:\Users\Jagoda i Michał\AppData\Roaming\lotybf.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BFD574D-E806-4F86-923B-8AFCCCB75E15} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BFD574D-E806-4F86-923B-8AFCCCB75E15}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CCA2905-0A09-4068-8DDC-89A9E30BEA62} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CCA2905-0A09-4068-8DDC-89A9E30BEA62}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AE6F3C4A-34E6-43DB-BEFB-2C4E2C00835B}C:\program files\relevantknowledge\rlvknlg.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4714B5EA-8670-4F37-A9D7-33DF59043CE9}C:\program files\relevantknowledge\rlvknlg.exe deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Jagoda i Michał ->Flash cache emptied: 108856 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User: Default User User: Jagoda i Michał ->Temporary Internet Files folder emptied: 142689 bytes ->FireFox cache emptied: 47312595 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2416200 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 204750485 bytes RecycleBin emptied: 41 bytes Total Files Cleaned = 243,00 mb OTL by OldTimer - Version 3.2.22.2 log created on 03072011_111943 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...