All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus-2520 deleted successfully. C:\Users\Marcin\AppData\Local\br6063on.exe moved successfully. C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56A2323A-3725-4249-A0C6-DD29ACC9CB29}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56A2323A-3725-4249-A0C6-DD29ACC9CB29}\ not found. ========== FILES ========== File\Folder C:\windows\SysWow64\cmd-brontok.exe not found. C:\Users\Marcin\AppData\Local\csrss.exe moved successfully. C:\Users\Marcin\AppData\Local\inetinfo.exe moved successfully. C:\Users\Marcin\AppData\Local\lsass.exe moved successfully. C:\Users\Marcin\AppData\Local\services.exe moved successfully. C:\Users\Marcin\AppData\Local\smss.exe moved successfully. C:\Users\Marcin\AppData\Local\svchost.exe moved successfully. C:\Users\Marcin\AppData\Local\winlogon.exe moved successfully. C:\Users\Marcin\AppData\Local\Bron.tok-17-8 folder moved successfully. C:\Users\Marcin\AppData\Local\Bron.tok.A17.em.bin moved successfully. C:\Users\Marcin\AppData\Local\JunkAtx.bin moved successfully. C:\Users\Marcin\Documents\Documents.exe moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\"AlternateShell"|"cmd.exe" /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{29AC6B7D-CBDC-48AC-94C5-165F183ABB67}" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{29AC6B7D-CBDC-48AC-94C5-165F183ABB67}" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Marcin ->Temp folder emptied: 1492399 bytes ->Temporary Internet Files folder emptied: 66340 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 13136237 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13024 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 14,00 mb OTL by OldTimer - Version 3.2.61.2 log created on 09082012_173224 Files\Folders moved on Reboot... C:\Users\Marcin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...