All processes killed ========== FILES ========== [color=#A23BEC]< attrib -r -s -h C:\Windows\System32\drivers\etc\hosts /C >[/color] C:\Users\karolek\Desktop\ddd\cmd.bat deleted successfully. C:\Users\karolek\Desktop\ddd\cmd.txt deleted successfully. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-2788582013-2975435611-3338148792-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun deleted successfully. HKU\S-1-5-21-2788582013-2975435611-3338148792-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! C:\Users\karolek\AppData\Local\TempVrU912.html moved successfully. C:\Users\karolek\AppData\Local\TempGWc912.html moved successfully. C:\Users\karolek\AppData\Roaming\Babylon folder moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{400B2759-9894-4CE4-B226-077ED3E795AD}C:\programdata\8fdf55\sm8fd_2121.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BAB98ED2-3E38-4ADE-9FE6-52E320EDF886}C:\programdata\8fdf55\sm8fd_2121.exe deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: karolek ->Temp folder emptied: 201790168 bytes ->Temporary Internet Files folder emptied: 736718912 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 48053536 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1322 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 18432 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 161011 bytes RecycleBin emptied: 511374 bytes Total Files Cleaned = 942,00 mb OTL by OldTimer - Version 3.2.36.3 log created on 03142012_153500 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...