All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-2654622723-2822970650-629815199-1002\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\ProgramData\tmdubitk.exe not found. Registry key HKEY_USERS\S-1-5-21-2654622723-2822970650-629815199-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings not found. Prefs.js: "Yahoo" removed from browser.search.defaultenginename Prefs.js: "Yahoo" removed from browser.search.order.1 Prefs.js: "megaup" removed from browser.search.param.yahoo-fr Prefs.js: "megaup" removed from browser.search.param.yahoo-fr-cjkt Registry key HKEY_USERS\S-1-5-21-2654622723-2822970650-629815199-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\55938 not found. Unable to delete ADS C:\Users\Synek\HPIM5350 [].JPG:VsoSummaryInformation . Unable to delete ADS C:\Users\Synek\HPIM5350 [] - Kopia.JPG:VsoSummaryInformation . Unable to delete ADS C:\Users\Synek\HPIM5325 [].JPG:VsoSummaryInformation . Unable to delete ADS C:\Users\Synek\HPIM5325 [] - Kopia.JPG:VsoSummaryInformation . Unable to delete ADS C:\Users\Synek\HPIM5314 [1024x768].JPG:VsoSummaryInformation . Unable to delete ADS C:\Users\Synek\HPIM5314 [1024x768] - Kopia.JPG:VsoSummaryInformation . Unable to delete ADS C:\Users\Synek\Desktop\Synek 1996r.mp4:TOC.WMV . Unable to delete ADS C:\Users\Synek\Desktop\MVI_5594_MP4_.mp4:TOC.WMV . Unable to delete ADS C:\ProgramData\TEMP:DD4DD9B9 . Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 . Unable to delete ADS C:\ProgramData\TEMP:430C6D84 . Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 . ========== FILES ========== File\Folder C:\Windows\bthservsdp.dat not found. File\Folder C:\ProgramData\tmdubitk.exe not found. File\Folder C:\ProgramData\rftvsihtkhkffgj not found. File\Folder C:\Users\Synek\0.354406289400336.exe not found. File\Folder C:\ProgramData\ras_0oed.pad not found. File\Folder C:\Users\oem\AppData\Roaming\hellomoto not found. File\Folder [size=4]C:\Users\Bartek\AppData\Roaming\hellomoto not found. Invalid Switch: size] Invalid Switch: size] Invalid Switch: size] ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Bartek ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gość ->Temp folder emptied: 0 bytes User: oem ->Temp folder emptied: 1105236 bytes ->Temporary Internet Files folder emptied: 244069 bytes ->FireFox cache emptied: 5068829 bytes ->Flash cache emptied: 678 bytes User: Public ->Temp folder emptied: 0 bytes User: Synek ->Temp folder emptied: 392605 bytes ->Temporary Internet Files folder emptied: 4526 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 469293679 bytes ->Flash cache emptied: 25127 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 179526 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1567233993 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1 949,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01042013_152909 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...