All processes killed ========== FILES ========== Folder move failed. C:\Program Files\htwfsdcl scheduled to be moved on reboot. C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully. C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully. C:\WINDOWS\tasks\fedtng.job moved successfully. C:\WINDOWS\System32\rcimlbys.dll moved successfully. C:\Documents and Settings\Biuro\Dane aplikacji\Mozilla\Firefox\Profiles\4zavwtrp.default\extensions\{5c99e1f0-a422-47be-8be3-a38148ed1615}\searchplugin folder moved successfully. C:\Documents and Settings\Biuro\Dane aplikacji\Mozilla\Firefox\Profiles\4zavwtrp.default\extensions\{5c99e1f0-a422-47be-8be3-a38148ed1615}\META-INF folder moved successfully. C:\Documents and Settings\Biuro\Dane aplikacji\Mozilla\Firefox\Profiles\4zavwtrp.default\extensions\{5c99e1f0-a422-47be-8be3-a38148ed1615}\lib folder moved successfully. C:\Documents and Settings\Biuro\Dane aplikacji\Mozilla\Firefox\Profiles\4zavwtrp.default\extensions\{5c99e1f0-a422-47be-8be3-a38148ed1615}\defaults folder moved successfully. C:\Documents and Settings\Biuro\Dane aplikacji\Mozilla\Firefox\Profiles\4zavwtrp.default\extensions\{5c99e1f0-a422-47be-8be3-a38148ed1615}\components folder moved successfully. C:\Documents and Settings\Biuro\Dane aplikacji\Mozilla\Firefox\Profiles\4zavwtrp.default\extensions\{5c99e1f0-a422-47be-8be3-a38148ed1615}\chrome folder moved successfully. C:\Documents and Settings\Biuro\Dane aplikacji\Mozilla\Firefox\Profiles\4zavwtrp.default\extensions\{5c99e1f0-a422-47be-8be3-a38148ed1615} folder moved successfully. [color=#A23BEC]< RD /S /Q C:\quarantine /C >[/color] E:\Programy\cmd.bat deleted successfully. E:\Programy\cmd.txt deleted successfully. [color=#A23BEC]< RD /S /Q C:\FRST /C >[/color] E:\Programy\cmd.bat deleted successfully. E:\Programy\cmd.txt deleted successfully. [color=#A23BEC]< RD /S /Q "C:\Kaspersky Rescue Disk 10.0" /C >[/color] E:\Programy\cmd.bat deleted successfully. E:\Programy\cmd.txt deleted successfully. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\htwfsdcl\pwordglc.exe deleted successfully. File move failed. C:\Program Files\htwfsdcl\pwordglc.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found. Starting removal of ActiveX control {68282C51-9459-467B-95BF-3C0E89627E55} C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found. Prefs.js: {5c99e1f0-a422-47be-8be3-a38148ed1615}:2.7.2.0 removed from extensions.enabledItems ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\\"Start"|dword:00000002 /E : value set successfully! ========== COMMANDS ========== Restore points cleared and new OTL Restore Point set! [EMPTYFLASH] User: All Users User: Biuro ->Flash cache emptied: 3953 bytes User: Default User ->Flash cache emptied: 41 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Biuro ->Temp folder emptied: 222390106 bytes ->Temporary Internet Files folder emptied: 197361 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 51527225 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33237 bytes %systemdrive% .tmp files removed: 36129079 bytes %systemroot% .tmp files removed: 2194977 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 415727 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 299,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07282011_093124 Files\Folders moved on Reboot... C:\Program Files\htwfsdcl folder moved successfully. File\Folder C:\Program Files\htwfsdcl\pwordglc.exe not found! Registry entries deleted on Reboot...