All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01D1BE86-3CA6-49D5-97AF-98FB202ABD1D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01D1BE86-3CA6-49D5-97AF-98FB202ABD1D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "v9" removed from browser.search.defaultenginename Prefs.js: "v9" removed from browser.search.order.1 Prefs.js: "http://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20121009&user_guid=BE3E407C33044D2E9E82A83F93252E39&machine_id=bcafeeff8091375591e26f94b2b52a2f&browser=FF&os=win&os_version=6.1-x86-SP0&q=" removed from keyword.URL C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults\preferences folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\Firefox\Profiles\uqrks3tt.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} folder moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\firefox\profiles\uqrks3tt.default\searchplugins\askcom.xml moved successfully. C:\Users\Helus\AppData\Roaming\mozilla\firefox\profiles\uqrks3tt.default\searchplugins\yahoo-zugo.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully. C:\Users\Helus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully. C:\ProgramData\lsass.exe moved successfully. C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Helus ->Temp folder emptied: 202362647 bytes ->Temporary Internet Files folder emptied: 34872252 bytes ->Java cache emptied: 659160 bytes ->FireFox cache emptied: 127474502 bytes ->Flash cache emptied: 6574 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 88688560 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 433,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11122012_161439 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...