All processes killed ========== PROCESSES ========== ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\ not found. ========== FILES ========== C:\Windows\System32\consrv.dll folder moved successfully. [color=#A23BEC]< mkdir \Windows\System32\consrv.dll /c >[/color] C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully. [color=#A23BEC]< dir /a /s \windows\assembly\temp /c >[/color] Volume in drive C has no label. Volume Serial Number is DBC5-B700 Directory of C:\windows\assembly\temp 18/10/2011 22:45 . 18/10/2011 22:45 .. 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 2 Dir(s) 103,535,017,984 bytes free C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully. [color=#A23BEC]< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /s /c >[/color] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems Debug REG_SZ Kmode REG_SZ C:\WINDOWS\system32\win32k.sys Optional REG_MULTI_SZ Posix Posix REG_SZ C:\WINDOWS\system32\psxss.exe Required REG_MULTI_SZ Debug\0Windows Windows REG_SZ C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS CsrSrvSharedSectionBase REG_DWORD 0x7efe0000 C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 2149308 bytes ->Temporary Internet Files folder emptied: 463650 bytes ->Java cache emptied: 210478 bytes ->Flash cache emptied: 57614 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 593204 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1315037 bytes %systemroot%\System32 .tmp files removed: 4265 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 90 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2840341 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 4575009 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 12.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11102011_180737 Files\Folders moved on Reboot... C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{9EB93FF8-A36B-4932-9955-C9ADCC1DC505}.tmp moved successfully. Registry entries deleted on Reboot...