All processes killed ========== OTL ========== Service NMIndexingService stopped successfully! Service NMIndexingService deleted successfully! Service MyWebSearchService stopped successfully! Service MyWebSearchService deleted successfully! Registry value HKEY_USERS\S-1-5-21-515967899-1284227242-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-C39E-35F1D2A32EC8} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Readar_sl deleted successfully. C:\Documents and Settings\User\Dane aplikacji\Readar_sl.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TunesHelper deleted successfully. C:\Documents and Settings\All Users\TunesHelper.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-515967899-1284227242-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate deleted successfully. Registry value HKEY_USERS\S-1-5-21-515967899-1284227242-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully. Registry value HKEY_USERS\S-1-5-21-515967899-1284227242-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Devices Manager deleted successfully. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. ========== FILES ========== File\Folder C:\Documents and Settings\User\Dane aplikacji\Readar_sl.exe not found. C:\Documents and Settings\User\Dane aplikacji\Dealio\temp folder moved successfully. C:\Documents and Settings\User\Dane aplikacji\Dealio\res folder moved successfully. C:\Documents and Settings\User\Dane aplikacji\Dealio folder moved successfully. C:\Documents and Settings\User\Dane aplikacji\OpenCandy\OpenCandy_0E7EE776B37C4F2C9FC3C133B908A394 folder moved successfully. C:\Documents and Settings\User\Dane aplikacji\OpenCandy folder moved successfully. C:\Documents and Settings\User\Dane aplikacji\PriceGong\Data folder moved successfully. C:\Documents and Settings\User\Dane aplikacji\PriceGong folder moved successfully. C:\Documents and Settings\ANETKA\Dane aplikacji\Dealio\temp folder moved successfully. C:\Documents and Settings\ANETKA\Dane aplikacji\Dealio\res folder moved successfully. C:\Documents and Settings\ANETKA\Dane aplikacji\Dealio folder moved successfully. C:\Documents and Settings\ANETKA\Dane aplikacji\PriceGong\Data folder moved successfully. C:\Documents and Settings\ANETKA\Dane aplikacji\PriceGong folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Wru\Cache folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Wru folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}\META-INF folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419} folder moved successfully. C:\WINDOWS\System32\6528F8E465.sys moved successfully. [color=#A23BEC]< netsh winsock reset /C >[/color] Pomy˜lnie zresetowano Winsock Catalog. Musisz ponownie uruchomi† komputer, aby ukoäczy† resetowanie. C:\Documents and Settings\User\Moje dokumenty\Downloads\cmd.bat deleted successfully. C:\Documents and Settings\User\Moje dokumenty\Downloads\cmd.txt deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\User\Moje dokumenty\Downloads\Facebook-Picture187290.JPG (1).exe deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.com/" /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: ANETKA ->Flash cache emptied: 93651 bytes User: Default User User: LocalService User: NetworkService User: User ->Flash cache emptied: 2055237 bytes Total Flash Files Cleaned = 2,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: ANETKA ->Temp folder emptied: 288630677 bytes ->Temporary Internet Files folder emptied: 55924939 bytes ->Java cache emptied: 6971963 bytes ->FireFox cache emptied: 135799546 bytes ->Opera cache emptied: 16584077 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 13165158 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1719060 bytes User: User ->Temp folder emptied: 1654186 bytes ->Temporary Internet Files folder emptied: 5924430 bytes ->Java cache emptied: 41472991 bytes ->FireFox cache emptied: 16258047 bytes ->Google Chrome cache emptied: 32738957 bytes ->Opera cache emptied: 206632 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2708374 bytes %systemroot%\System32 .tmp files removed: 1621716 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 96512 bytes Windows Temp folder emptied: 1435915 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 594,00 mb OTL by OldTimer - Version 3.2.26.7 log created on 08312011_020411 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...