All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-292413197-2053731004-298573252-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found. C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\Windows\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\js28hd2v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully. C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\js28hd2v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully. C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\js28hd2v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully. C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\js28hd2v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully. C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\js28hd2v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully. C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\js28hd2v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully. C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\js28hd2v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully. C:\Windows\System32\drivers\umrhjsm.sys moved successfully. C:\Windows\System32\drivers\rvwqlili.sys moved successfully. C:\Users\Mario\DoctorWeb folder moved successfully. C:\Users\Mario\AppData\Roaming\PC Tools\Spyware Doctor\quarantine folder moved successfully. C:\Users\Mario\AppData\Roaming\PC Tools\Spyware Doctor folder moved successfully. C:\Users\Mario\AppData\Roaming\PC Tools folder moved successfully. C:\ProgramData\PC Tools\ThreatFire\TFQArea folder moved successfully. C:\ProgramData\PC Tools\ThreatFire folder moved successfully. C:\ProgramData\PC Tools\Temp folder moved successfully. C:\ProgramData\PC Tools folder moved successfully. C:\Program Files\Common Files\PC Tools\TDI folder moved successfully. C:\Program Files\Common Files\PC Tools\NDIS folder moved successfully. C:\Program Files\Common Files\PC Tools\KDS folder moved successfully. C:\Program Files\Common Files\PC Tools\GenTDI folder moved successfully. C:\Program Files\Common Files\PC Tools folder moved successfully. C:\sh4ldr folder moved successfully. C:\Windows\Tasks\Norton Security Scan for Mario.job moved successfully. Service 23tn379t stopped successfully! Service 23tn379t deleted successfully! C:\Windows\System32\drivers\23tn379t.sys moved successfully. Service Nero BackItUp Scheduler 4.0 stopped successfully! Service Nero BackItUp Scheduler 4.0 deleted successfully! ========== REGISTRY ========== HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\MSSE\\""|"{0365FE2C-F183-4091-AC82-BFC39FB75C49}" /E : value set successfully! HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\MSSE\\""|"{0365FE2C-F183-4091-AC82-BFC39FB75C49}" /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Gość ->Flash cache emptied: 0 bytes User: Mario ->Flash cache emptied: 787 bytes User: Martinka ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gość ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mario ->Temp folder emptied: 12009914 bytes ->Temporary Internet Files folder emptied: 25236062 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 78012430 bytes ->Google Chrome cache emptied: 6397444 bytes ->Flash cache emptied: 0 bytes User: Martinka ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 33282955 bytes RecycleBin emptied: 256289 bytes Total Files Cleaned = 148,00 mb OTL by OldTimer - Version 3.2.20.2 log created on 01172011_171804 Files\Folders moved on Reboot... File\Folder C:\Users\Mario\AppData\Local\Temp\~DF38A8.tmp not found! File\Folder C:\Users\Mario\AppData\Local\Temp\~DF38B3.tmp not found! File\Folder C:\Users\Mario\AppData\Local\Temp\~DF3900.tmp not found! File\Folder C:\Users\Mario\AppData\Local\Temp\~DF390B.tmp not found! File\Folder C:\Users\Mario\AppData\Local\Temp\~DF3942.tmp not found! File\Folder C:\Users\Mario\AppData\Local\Temp\~DF394D.tmp not found! File\Folder C:\Users\Mario\AppData\Local\Temp\~DF3983.tmp not found! File\Folder C:\Users\Mario\AppData\Local\Temp\~DF398E.tmp not found! C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully. C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZKUCUKH\page__st__40[1].htm moved successfully. Registry entries deleted on Reboot...