All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 55414 removed from network.proxy.http_port C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com\searchplugin folder moved successfully. C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com\META-INF folder moved successfully. C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com\lib folder moved successfully. C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com\DualPackage folder moved successfully. C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com\defaults folder moved successfully. C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com\components folder moved successfully. C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com\chrome folder moved successfully. C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\extensions\engine@conduit.com folder moved successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. C:\Users\Kristen\AppData\Local\{B5775D39-EEAC-4CAB-810F-6F7B8FB47466} folder moved successfully. C:\Users\Kristen\AppData\Local\{F0BD2BCC-8D13-4AF8-862C-F501978F30C7} folder moved successfully. C:\Users\Kristen\AppData\Local\{D94FB190-7E7D-46ED-A401-D9058918D1EA} folder moved successfully. C:\Users\Kristen\AppData\Local\{0F44CE73-E2AA-49AB-B8B1-C4420B4B821B} folder moved successfully. C:\Program Files\GridinSoft Trojan Killer\updates folder moved successfully. C:\Program Files\GridinSoft Trojan Killer\logs folder moved successfully. C:\Program Files\GridinSoft Trojan Killer folder moved successfully. C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully. C:\Users\Kristen\AppData\Local\{86ACD97C-E277-4868-99A7-D32F9047DAA6} folder moved successfully. C:\Users\Kristen\AppData\Local\{FF1E239F-D0AD-4070-8F0B-F0BFDBED9E54} folder moved successfully. C:\Users\Kristen\AppData\Local\{A038802B-138A-4533-B157-4F2D8A084C88} folder moved successfully. C:\Users\Kristen\AppData\Local\{FE2232FD-2ADA-4181-B27C-660D3B02CA4A} folder moved successfully. C:\Users\Kristen\AppData\Local\{78361B1E-E27A-487B-AA6F-2D836FA43C7A} folder moved successfully. C:\Users\Kristen\AppData\Local\{5DE978FE-66FC-4180-98AA-40FA00D2DF79} folder moved successfully. C:\Users\Kristen\AppData\Local\{2089FAE0-C99D-41DB-8833-E9CBD7C9432C} folder moved successfully. C:\Users\Kristen\AppData\Local\{7E316640-8D06-4C9C-AB5E-A5593153A852} folder moved successfully. C:\Users\Kristen\AppData\Local\{DEDBFE91-1547-4E61-BA88-2F5E0E8F2D1F} folder moved successfully. C:\Users\Kristen\AppData\Local\{2CB06E14-DB91-415B-BBFC-B62D20D42FEC} folder moved successfully. C:\Users\Kristen\AppData\Local\{D1D61518-7945-4BBE-A2BA-0F9D6D97EE13} folder moved successfully. C:\Users\Kristen\AppData\Local\{1F741E9D-BCCC-4419-9AB6-5FAFF04DDAD0} folder moved successfully. C:\Users\Kristen\AppData\Local\{88AF8CBF-B588-4B68-83D1-6A2B2F1C1EFB} folder moved successfully. C:\Users\Kristen\AppData\Local\{AC30813B-B8F9-4A6E-9E1D-F11639DE238A} folder moved successfully. C:\Users\Kristen\AppData\Local\{FC9D5D99-4C07-4BCA-89D9-E46F13CE4019} folder moved successfully. C:\Users\Kristen\AppData\Local\{6A09E996-D07D-42FD-A76A-F7D018A8517C} folder moved successfully. C:\Users\Kristen\AppData\Local\{12552A31-AA60-41D7-931A-F57424D87B4C} folder moved successfully. C:\Users\Kristen\AppData\Local\{1E10E506-9314-40E4-BF0B-B2F6E38F40B3} folder moved successfully. C:\Users\Kristen\AppData\Local\{5ACB0938-1DED-4793-978A-D55E07F23637} folder moved successfully. C:\Users\Kristen\AppData\Local\{146760D9-0E0B-49AF-8230-64AB89252756} folder moved successfully. C:\Users\Kristen\AppData\Local\{FE7C8B5F-DCD3-4EB9-B804-2FEAE86F598B} folder moved successfully. C:\Users\Kristen\AppData\Local\{6E14C585-CAFE-4963-AED3-DD4FD3EF0A91} folder moved successfully. C:\ProgramData\~36626184 moved successfully. C:\ProgramData\~36626184r moved successfully. C:\ProgramData\36626184 moved successfully. C:\Users\Kristen\AppData\Roaming\9668.C4D moved successfully. C:\Users\Kristen\AppData\Local\Mvaseqacola.dat moved successfully. C:\Users\Kristen\AppData\Local\Oreni.bin moved successfully. C:\Windows\pó_ moved successfully. ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kristen ->Temp folder emptied: 900161 bytes ->Temporary Internet Files folder emptied: 231615546 bytes ->Java cache emptied: 53212 bytes ->FireFox cache emptied: 123322986 bytes ->Flash cache emptied: 81798 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1144405 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 341.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04212011_143149 Files\Folders moved on Reboot... File\Folder C:\windows\temp\TMP000000019D882FCDB65B1187 not found! Registry entries deleted on Reboot...