All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rasmxs deleted successfully. C:\Documents and Settings\Szef\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1699\rasmxs.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\shellstyle deleted successfully. C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1583\shellstyle.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Corel File Shell Monitor deleted successfully. Registry value HKEY_USERS\S-1-5-21-1801674531-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}\ deleted successfully. Prefs.js: "Ask" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask" removed from browser.search.order.1 Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=" removed from keyword.URL Service Nero BackItUp Scheduler 4.0 stopped successfully! Service Nero BackItUp Scheduler 4.0 deleted successfully! File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe not found. Service AVPsys stopped successfully! Service AVPsys deleted successfully! File C:\WINDOWS\System32\drivers\cdaudio.sys not found. ========== FILES ========== C:\Documents and Settings\Szef\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1699 folder moved successfully. C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1583 folder moved successfully. C:\Documents and Settings\Szef\Dane aplikacji\hellomoto folder moved successfully. C:\Documents and Settings\Patryk\Dane aplikacji\hellomoto folder moved successfully. C:\Documents and Settings\Patryk\Dane aplikacji\PriceGong\Data folder moved successfully. C:\Documents and Settings\Patryk\Dane aplikacji\PriceGong folder moved successfully. C:\Documents and Settings\Szef\Dane aplikacji\Mozilla\Firefox\Profiles\zy4w6gaa.default\searchplugins\ask.xml moved successfully. C:\Documents and Settings\Szef\Dane aplikacji\Mozilla\Firefox\Profiles\zy4w6gaa.default\searchplugins\conduit.xml moved successfully. C:\Documents and Settings\Szef\Dane aplikacji\Mozilla\Firefox\Profiles\zy4w6gaa.default\searchplugins\daemon-search.xml moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 34257 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Patryk ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Szef ->Temp folder emptied: 719 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 63701767 bytes ->Flash cache emptied: 492 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18909 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 61,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07162012_192008 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...