All processes killed ========== OTL ========== Service srserviceUPSPolicyAgentSpoolerSwPrv stopped successfully! Service srserviceUPSPolicyAgentSpoolerSwPrv deleted successfully! File C:\WINDOWS\system32\1025fa.exe srv not found. Service srserviceUPSPolicyAgentSpooler stopped successfully! Service srserviceUPSPolicyAgentSpooler deleted successfully! File C:\WINDOWS\system32\12520437quj.exe srv not found. Service srserviceUPSPolicyAgent stopped successfully! Service srserviceUPSPolicyAgent deleted successfully! File C:\WINDOWS\system32\aaaamonu.exe srv not found. Service srserviceUPS stopped successfully! Service srserviceUPS deleted successfully! File C:\WINDOWS\system32\acleditw.exe srv not found. Service srserviceERSvcSENSSamSsVSSwscsvcupnphost stopped successfully! Service srserviceERSvcSENSSamSsVSSwscsvcupnphost deleted successfully! File C:\WINDOWS\system32\12520437c.exe srv not found. Service srserviceERSvcSENSSamSs stopped successfully! Service srserviceERSvcSENSSamSs deleted successfully! File C:\WINDOWS\system32\12520437qujp.exe srv not found. Service srserviceERSvcSENS stopped successfully! Service srserviceERSvcSENS deleted successfully! File C:\WINDOWS\system32\1042s.exe srv not found. Service srserviceERSvcERSvc stopped successfully! Service srserviceERSvcERSvc deleted successfully! File C:\WINDOWS\system32\aaaamonzd.exe srv not found. Service srserviceERSvc stopped successfully! Service srserviceERSvc deleted successfully! File C:\WINDOWS\system32\amstreamx.exe srv not found. Service ALGdmadmin stopped successfully! Service ALGdmadmin deleted successfully! C:\WINDOWS\system32\12520437qujy.exe moved successfully. Service ws2_32sik stopped successfully! Service ws2_32sik deleted successfully! File C:\WINDOWS\system32\drivers\ws2_32sik.sys not found. Service systemntmi stopped successfully! Service systemntmi deleted successfully! File C:\WINDOWS\system32\drivers\systemntmi.sys not found. Service securentm stopped successfully! Service securentm deleted successfully! File C:\WINDOWS\system32\drivers\securentm.sys not found. Service port135sik stopped successfully! Service port135sik deleted successfully! File C:\WINDOWS\system32\drivers\port135sik.sys not found. Service nicsk32 stopped successfully! Service nicsk32 deleted successfully! File C:\WINDOWS\system32\drivers\nicsk32.sys not found. Service netsik stopped successfully! Service netsik deleted successfully! File C:\WINDOWS\system32\drivers\netsik.sys not found. Service ksi32sk stopped successfully! Service ksi32sk deleted successfully! File C:\WINDOWS\system32\drivers\ksi32sk.sys not found. Service i386si stopped successfully! Service i386si deleted successfully! File C:\WINDOWS\system32\drivers\i386si.sys not found. Service fips32cup stopped successfully! Service fips32cup deleted successfully! File C:\WINDOWS\system32\drivers\fips32cup.sys not found. Service ati64si stopped successfully! Service ati64si deleted successfully! File C:\WINDOWS\system32\drivers\ati64si.sys not found. Service amd64si stopped successfully! Service amd64si deleted successfully! File C:\WINDOWS\system32\drivers\amd64si.sys not found. Service acpi32 stopped successfully! Service acpi32 deleted successfully! File C:\WINDOWS\system32\drivers\acpi32.sys not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\All Users\Dane aplikacji\mrkyqrii deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\mrkyqrii.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully. File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.15.1.0 removed from extensions.enabledAddons Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 removed from extensions.enabledItems Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=" removed from keyword.URL ========== FILES ========== C:\Documents and Settings\Kasprzak\Ustawienia lokalne\Dane aplikacji\mrkyqrii.exe moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\mrkyqrii.exe moved successfully. C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\mrkyqrii.exe moved successfully. File\Folder C:\Documents and Settings\Administrator\Dane aplikacji\mrkyqrii.exe not found. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\Plugins folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully. C:\Documents and Settings\Kasprzak\Dane aplikacji\Mozilla\Firefox\Profiles\lni07gql.default\searchplugins\conduit.xml moved successfully. [color=#A23BEC]< netsh firewall reset /C >[/color] Ok. C:\Documents and Settings\Kasprzak\Pulpit\cmd.bat deleted successfully. C:\Documents and Settings\Kasprzak\Pulpit\cmd.txt deleted successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Kasprzak ->Temp folder emptied: 26470771 bytes ->Temporary Internet Files folder emptied: 85745260 bytes ->Java cache emptied: 54104285 bytes ->FireFox cache emptied: 538465163 bytes ->Flash cache emptied: 11612 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 13169400 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 114698594 bytes RecycleBin emptied: 5330923599 bytes Total Files Cleaned = 5 880,00 mb OTL by OldTimer - Version 3.2.61.3 log created on 09102012_194521 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...