All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\izvenshhodydgbc deleted successfully. C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\izvenshh.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\izvenshhodydgbc deleted successfully. File C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\izvenshh.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp deleted successfully. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS1\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS1\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully. Prefs.js: "Web Search..." removed from browser.search.defaultenginename Prefs.js: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0 removed from extensions.enabledItems Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems Service nxezjkvxxtxjezf stopped successfully! Service nxezjkvxxtxjezf deleted successfully! File C:\DOCUME~1\janek\USTAWI~1\Temp\DAT2E.tmp.exe not found. Service viakwtbl stopped successfully! Service viakwtbl deleted successfully! C:\WINDOWS1\system32\drivers\uebsa.sys moved successfully. C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\hmpmvfppoyrcrxb folder moved successfully. C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\keldoknugpwdmuj moved successfully. C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\~xNK67KheixD moved successfully. C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\~xNK67KheixDr moved successfully. C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\xNK67KheixD moved successfully. C:\WINDOWS1\system32\shimg.dll moved successfully. C:\WINDOWS1\system32\unrar.exe moved successfully. C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D} folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302} folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users.WINDOWS1 User: janek ->Temp folder emptied: 93229 bytes ->Temporary Internet Files folder emptied: 7149108 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 82129563 bytes ->Flash cache emptied: 1805 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: maciek-stare User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 85,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07172012_200617 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...