All processes killed ========== OTL ========== Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "http://search.babylo...search&AF=15627" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "http://search.babylo...rtrp&AF=15627=" removed from keyword.URL C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\searchplugin folder moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\modules folder moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\META-INF folder moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\defaults folder moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\components folder moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\chrome folder moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} folder moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\searchplugins\askcom.xml moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\jf59azqd.default\searchplugins\daemon-search.xml moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\components folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome\skin folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome\content folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl folder moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully. Registry value HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully. Registry value HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully. Registry value HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Windows\CurrentVersion\Run\\Rubin deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Sophos\Sophos Anti-Rootkit folder moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Sophos folder moved successfully. C:\Program Files\Sophos\Sophos Anti-Rootkit folder moved successfully. C:\Program Files\Sophos folder moved successfully. ========== SERVICES/DRIVERS ========== Service RichVideo stopped successfully! Service RichVideo deleted successfully! Service nSvcIp stopped successfully! Service nSvcIp deleted successfully! Service IDriverT stopped successfully! Service IDriverT deleted successfully! Service ForceWare Intelligent Application Manager (IAM) stopped successfully! Service ForceWare Intelligent Application Manager (IAM) deleted successfully! Service CTAudSvcService stopped successfully! Service CTAudSvcService deleted successfully! Service Creative Service for CDROM Access stopped successfully! Service Creative Service for CDROM Access deleted successfully! Service Creative Media Toolbox 6 Licensing Service stopped successfully! Service Creative Media Toolbox 6 Licensing Service deleted successfully! Service Creative Audio Engine Licensing Service stopped successfully! Service Creative Audio Engine Licensing Service deleted successfully! Service AVTasks2 stopped successfully! Service AVTasks2 deleted successfully! Service Sunkfiltp stopped successfully! Service Sunkfiltp deleted successfully! Service SunkFilt62 stopped successfully! Service SunkFilt62 deleted successfully! Service SunkFilt6 stopped successfully! Service SunkFilt6 deleted successfully! Service sptd stopped successfully! Service sptd deleted successfully! Service NVTCP stopped successfully! Service NVTCP deleted successfully! Service npkcrypt stopped successfully! Service npkcrypt deleted successfully! Service MEMSWEEP2 stopped successfully! Service MEMSWEEP2 deleted successfully! Service MagicTune stopped successfully! Service MagicTune deleted successfully! Error: No service named fwnciaob was found to stop! Service\Driver key fwnciaob not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! Service DVC stopped successfully! Service DVC deleted successfully! Service cpuz132 stopped successfully! Service cpuz132 deleted successfully! ========== REGISTRY ========== Registry key HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found. Registry key HKEY_USERS\S-1-5-21-1275210071-839522115-698054696-500\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 19019967 bytes ->Temporary Internet Files folder emptied: 386779237 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 38170319 bytes ->Google Chrome cache emptied: 6222864 bytes ->Flash cache emptied: 1422 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 7575295 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134153 bytes %systemroot%\System32 .tmp files removed: 10273540 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 147451 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 449,00 mb OTL by OldTimer - Version 3.2.46.0 log created on 06072012_120623 Files\Folders moved on Reboot... C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\VLRSUDG7\fastbutton[1].htm moved successfully. C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HJE3V7EL\8732-infekcja-sirefef[1].htm moved successfully. File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...