All processes killed ========== OTL ========== Service srvsysdriver32 stopped successfully! Service srvsysdriver32 deleted successfully! C:\Windows\sysdriver32.exe moved successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF not found. File HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found. Registry value HKEY_USERS\S-1-5-21-4292775695-2403161838-718631559-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\egui deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\1500021.exe deleted successfully. C:\Windows\Temp\1500021.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\1860829.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\38741017-loader2.exe deleted successfully. C:\Windows\Temp\38741017-loader2.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5698650.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8372125.exe deleted successfully. C:\Windows\Temp\8372125.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9945.exe deleted successfully. C:\Windows\Temp\9945.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully. C:\Windows\l1rezerv.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully. File C:\Windows\sysdriver32.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully. C:\Windows\sysdriver32_.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully. C:\Windows\systemup.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully. C:\Windows\update.tray-8-0\svchost.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully. C:\Windows\update.tray-7-0\svchost.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully. C:\Windows\update.tray-2-0\svchost.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully. C:\Windows\update.tray-13-0\svchost.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\w_distrib.exe deleted successfully. C:\Windows\update.3\svchost.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully. C:\Windows\services32.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-4292775695-2403161838-718631559-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully. C:\Users\Kaczor\navx.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-4292775695-2403161838-718631559-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Oqjajo deleted successfully. C:\Users\Kaczor\AppData\Roaming\Oqjajo.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-4292775695-2403161838-718631559-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully. Registry value HKEY_USERS\S-1-5-21-4292775695-2403161838-718631559-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully. ========== FILES ========== ADS C:\Windows\Temp:temp deleted successfully. C:\Windows\update.1 folder moved successfully. C:\Windows\update.2 folder moved successfully. C:\Windows\update.3 folder moved successfully. C:\Windows\update.5.0 folder moved successfully. C:\Windows\update.tray-13-0 folder moved successfully. C:\Windows\update.tray-13-0-lnk folder moved successfully. C:\Windows\update.tray-2-0 folder moved successfully. C:\Windows\update.tray-2-0-lnk folder moved successfully. C:\Windows\update.tray-7-0 folder moved successfully. C:\Windows\update.tray-7-0-lnk folder moved successfully. C:\Windows\update.tray-8-0 folder moved successfully. C:\Windows\update.tray-8-0-lnk folder moved successfully. C:\Windows\geoiplist.rar moved successfully. C:\Windows\phoenix.rar moved successfully. C:\Windows\rpcminer.rar moved successfully. C:\Windows\ufa.rar moved successfully. C:\Windows\av_ico folder moved successfully. Folder move failed. C:\Windows\ufa scheduled to be moved on reboot. C:\Windows\rpcminer folder moved successfully. C:\Windows\phoenix\kernels\poclbm folder moved successfully. C:\Windows\phoenix\kernels\phatk folder moved successfully. C:\Windows\phoenix\kernels folder moved successfully. C:\Windows\phoenix folder moved successfully. C:\Windows\geoiplist moved successfully. C:\Windows\unrar.exe moved successfully. C:\Windows\info1 moved successfully. C:\Windows\loader2.exe_ok moved successfully. C:\Windows\SysNative\drivers\etc\hîsts moved successfully. C:\Windows\SysWow64\secupdat.dat moved successfully. C:\Users\Kaczor\secupdat.dat moved successfully. C:\Users\Kaczor\AppData\Local\Update.17.Bron.Tok.bin moved successfully. C:\Users\Kaczor\AppData\Local\Bron.tok.A17.em.bin moved successfully. C:\Users\Kaczor\AppData\Local\JunkAtx.bin moved successfully. C:\Users\Kaczor\AppData\Roaming\Ufasoft\bitcoin-miner\.cache folder moved successfully. C:\Users\Kaczor\AppData\Roaming\Ufasoft\bitcoin-miner folder moved successfully. C:\Users\Kaczor\AppData\Roaming\Ufasoft folder moved successfully. C:\Users\Kaczor\AppData\Roaming\204D.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\229.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\291.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\2BC7.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\2E63.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\30E1.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\3321.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\347B.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\471E.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\95F8.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\9C02.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\B26D.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\B5A7.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\BEFB.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\C81E.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\CB5A.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\CBC7.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\CDE8.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\CE55.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\D22D.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\D2A9.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\D3A.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\D4EB.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\D596.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\D72C.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\D78.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\DB22.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\DB70.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\DE8C.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\DF09.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\E4F2.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\E89A.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\F8FF.exe moved successfully. C:\Users\Kaczor\AppData\Roaming\mozilla\Firefox\Profiles\zplpzi5u.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Users\Kaczor\AppData\Roaming\mozilla\Firefox\Profiles\zplpzi5u.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Users\Kaczor\AppData\Roaming\mozilla\Firefox\Profiles\zplpzi5u.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Users\Kaczor\AppData\Roaming\mozilla\Firefox\Profiles\zplpzi5u.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Users\Kaczor\AppData\Roaming\mozilla\Firefox\Profiles\zplpzi5u.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Users\Kaczor\AppData\Roaming\mozilla\Firefox\Profiles\zplpzi5u.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Users\Kaczor\AppData\Roaming\mozilla\Firefox\Profiles\zplpzi5u.default\extensions\toolbar@ask.com folder moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Kaczor ->Flash cache emptied: 1432 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kaczor ->Temp folder emptied: 2887873621 bytes ->Temporary Internet Files folder emptied: 67964209 bytes ->Java cache emptied: 18006838 bytes ->FireFox cache emptied: 130974187 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 312378097 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53302 bytes RecycleBin emptied: 269940361 bytes Total Files Cleaned = 3,516.00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07262011_124755 Files\Folders moved on Reboot... C:\Windows\ufa folder moved successfully. C:\Users\Kaczor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Kaczor\AppData\Local\Temp\~DF02A091D018606964.TMP not found! File\Folder C:\Users\Kaczor\AppData\Local\Temp\~DF0672B14AB3E3B49D.TMP not found! File\Folder C:\Users\Kaczor\AppData\Local\Temp\~DF0C4B35675E58DF90.TMP not found! File\Folder C:\Users\Kaczor\AppData\Local\Temp\~DF7013723E0DA3955C.TMP not found! File\Folder C:\Users\Kaczor\AppData\Local\Temp\~DFDB1A9FE023DEEB31.TMP not found! File\Folder C:\Users\Kaczor\AppData\Local\Temp\~DFE7D72DDB4932F510.TMP not found! C:\Users\Kaczor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8JCPO21\google_pl[1].htm moved successfully. C:\Users\Kaczor\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...