All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3334460322-3490530766-3254769838-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gejuzqehykle deleted successfully. C:\Users\Lukas\gejuzqehykle.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3334460322-3490530766-3254769838-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pcdfsvc deleted successfully. Registry value HKEY_USERS\S-1-5-21-3334460322-3490530766-3254769838-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RMFon deleted successfully. Registry value HKEY_USERS\S-1-5-21-3334460322-3490530766-3254769838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\RMFFM deleted successfully. C:\Users\Lukas\AppData\Roaming\9BD2A8\9BD2A8.exe moved successfully. Registry key HKEY_USERS\S-1-5-21-3334460322-3490530766-3254769838-1000_Classes\.exe\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-3334460322-3490530766-3254769838-1000_Classes\4g\ not found. HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! ========== FILES ========== File\Folder C:\ProgramData\pcdfdata not found. C:\ProgramData\xdwphaegxlklzzi moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Defender Plus folder moved successfully. C:\Users\Lukas\AppData\Roaming\9BD2A8 folder moved successfully. C:\Users\Public\Desktop\PC Defender Plus.lnk moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}\ not found. Registry key HKEY_USERS\S-1-5-21-3334460322-3490530766-3254769838-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gość ->Temp folder emptied: 39200607 bytes ->Temporary Internet Files folder emptied: 569067488 bytes ->Java cache emptied: 228879 bytes ->FireFox cache emptied: 590749512 bytes ->Flash cache emptied: 5974 bytes User: Lukas ->Temp folder emptied: 455209991 bytes ->Temporary Internet Files folder emptied: 1132895530 bytes ->Java cache emptied: 2594919 bytes ->FireFox cache emptied: 547114356 bytes ->Flash cache emptied: 15532309 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3183664 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10190686 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1186794 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes RecycleBin emptied: 372384514 bytes Total Files Cleaned = 3 566,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11272012_155703 Files\Folders moved on Reboot... C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG1MOQA2\CT2786678[1].htm moved successfully. C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QIIK5SQ\14484-pc-defender-plus[1].htm moved successfully. C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QIIK5SQ\fastbutton[1].htm moved successfully. C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QIIK5SQ\maincomp[1].htm moved successfully. C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QIIK5SQ\services_apps_conduit_com[1].htm moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...