All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\elmq5 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\emails5 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\ep185 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\epp1305 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\etef5 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\five922 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\mixswd deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\mp735 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-343818398-1972579041-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\uzfive172 deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Taskman deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\ShellNoRoam\MUICache\\@C:\Documents and Settings\Administrator\Dane aplikacji\Tyqiqb.exe not found. ========== FILES ========== C:\RECYCLER\S-1-5-21-343818398-1972579041-725345543-500 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056 folder moved successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016 folder moved successfully. C:\RECYCLER folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 11899300489 bytes ->Temporary Internet Files folder emptied: 2098004 bytes ->Java cache emptied: 20765 bytes ->FireFox cache emptied: 288570889 bytes ->Opera cache emptied: 18448547 bytes ->Flash cache emptied: 21800 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2114584 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 28406 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 11 645,00 mb OTL by OldTimer - Version 3.2.39.1 log created on 03202012_071634 Files\Folders moved on Reboot... Registry entries deleted on Reboot...