All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fjkuewhlpusmqcf deleted successfully. C:\ProgramData\fjkuewhl.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fjkuewhlpusmqcf deleted successfully. File C:\ProgramData\fjkuewhl.exe not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\????3??\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\????3??????\ deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6CF82D0E-88AD-6205-BC69-EBB0A35C4A0C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CF82D0E-88AD-6205-BC69-EBB0A35C4A0C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9D8F7E6-6B6C-47EF-886D-9E4563D11F7F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9D8F7E6-6B6C-47EF-886D-9E4563D11F7F}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "http://home.speedbit.com/search.aspx?aff=206&q=" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Softonic)" removed from browser.search.selectedEngine Prefs.js: "http://search.babylon.com/?affID=113678&tt=060612_7_&babsrc=HP_ss&mntrId=38481d0b000000000000001e68a3eea2" removed from browser.startup.homepage Prefs.js: "http://search.softonic.com/MON00085/tb_v1?SearchSource=2&cc=&q=" removed from keyword.URL Service FirebirdServer stopped successfully! Service FirebirdServer deleted successfully! File C:\Program Files\Firebird\bin\fbserver not found. Service EagleXNt stopped successfully! Service EagleXNt deleted successfully! File C:\Windows\system32\drivers\EagleXNt.sys not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\Users\Maciek\AppData\Local\Temp\catchme.sys not found. ========== FILES ========== C:\ProgramData\awecmnptppllbya folder moved successfully. C:\ProgramData\doatfsrylgumwzi moved successfully. C:\Users\Maciek\0.4433192347106607.exe moved successfully. C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully. C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml moved successfully. C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml moved successfully. C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\bnpus8ml.default\searchplugins\ask.uk.xml moved successfully. C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\bnpus8ml.default\searchplugins\askcom.xml moved successfully. C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\bnpus8ml.default\searchplugins\softonic.xml moved successfully. C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\bnpus8ml.default\searchplugins\speedbit.xml moved successfully. C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\bnpus8ml.default\searchplugins\winamp-search.xml moved successfully. C:\user.js moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\searchpredict@speedbit.com deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Maciek ->Temp folder emptied: 366714981 bytes ->Temporary Internet Files folder emptied: 1079276967 bytes ->Java cache emptied: 2645543 bytes ->FireFox cache emptied: 253983789 bytes ->Google Chrome cache emptied: 108946910 bytes ->Opera cache emptied: 58591196 bytes ->Flash cache emptied: 146935 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 308299492 bytes RecycleBin emptied: 57436892 bytes Total Files Cleaned = 2 132,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07132012_203422 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...