All processes killed ========== OTL ========== Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 60667 removed from network.proxy.http_port HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-92EA-EC65A294AE31} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-92EA-EC65A294AE31}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\11A.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\crrss not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hdgsnibnkejgbmx deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\hdgsnibn.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hdgsnibnkejgbmx deleted successfully. File C:\Documents and Settings\All Users\Dane aplikacji\hdgsnibn.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\crrss.exe deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\sgyaxmksfzgnlrx folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\uwclumdjrnssxbl moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\npagtbsm.exe moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\evejscgr.exe moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ddpalcbk.exe moved successfully. File C:\WINDOWS\System32\crt.dat not found. C:\WINDOWS\system32\shimg.dll moved successfully. File C:\Documents and Settings\Mariusz\uidsave.dat not found. C:\Documents and Settings\Mariusz\.zs moved successfully. C:\sh4ldr folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Downloads folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Defs folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully. C:\Program Files\Enigma Software Group folder moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk moved successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Service Nero BackItUp Scheduler 4.0 stopped successfully! Service Nero BackItUp Scheduler 4.0 deleted successfully! File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe not found. Service WDC_SAM stopped successfully! Service WDC_SAM deleted successfully! File system32\DRIVERS\wdcsam.sys not found. Service SenFiltService stopped successfully! Service SenFiltService deleted successfully! File system32\drivers\Senfilt.sys not found. Service PCAMPR5 stopped successfully! Service PCAMPR5 deleted successfully! File C:\WINDOWS\system32\PCAMPR5.SYS not found. Service AEAudio stopped successfully! Service AEAudio deleted successfully! File system32\drivers\AEAudio.sys not found. Service ADIHdAudAddService stopped successfully! Service ADIHdAudAddService deleted successfully! File system32\drivers\ADIHdAud.sys not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1383200 bytes ->Temporary Internet Files folder emptied: 7072297 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 81794 bytes ->Flash cache emptied: 41 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Mariusz ->Temp folder emptied: 6557861929 bytes ->Temporary Internet Files folder emptied: 18538262 bytes ->Java cache emptied: 3231450 bytes ->FireFox cache emptied: 93494118 bytes ->Google Chrome cache emptied: 358569710 bytes ->Flash cache emptied: 1067363 bytes User: NetworkService ->Temp folder emptied: 589824 bytes ->Temporary Internet Files folder emptied: 3974396 bytes User: RATIONAL %systemdrive% .tmp files removed: 903235 bytes %systemroot% .tmp files removed: 3615438 bytes %systemroot%\System32 .tmp files removed: 9309220 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18080710481 bytes RecycleBin emptied: 4239398047 bytes Total Files Cleaned = 28 019,00 mb OTL by OldTimer - Version 3.2.53.0 log created on 06272012_213755 Files\Folders moved on Reboot... C:\Documents and Settings\Mariusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JAS9FW4W\fastbutton[1].htm moved successfully. C:\Documents and Settings\Mariusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8ANRIG83\9141-trojana-weelsof-kodu-ukash-blokada-komputera[1].htm moved successfully. PendingFileRenameOperations files... File C:\Documents and Settings\Mariusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JAS9FW4W\fastbutton[1].htm not found! File C:\Documents and Settings\Mariusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8ANRIG83\9141-trojana-weelsof-kodu-ukash-blokada-komputera[1].htm not found! Registry entries deleted on Reboot...