All processes killed ========== OTL ========== Service MEMSWEEP2 stopped successfully! Service MEMSWEEP2 deleted successfully! File C:\WINDOWS\system32\SophosMEMSWEEP.SYS not found. Registry value HKEY_USERS\S-1-5-21-2000478354-507921405-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. Registry value HKEY_USERS\S-1-5-21-2000478354-507921405-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ deleted successfully. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {3334504D-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\mp43dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3334504D-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {5334504D-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\mpg4sdmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5334504D-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5334504D-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5334504D-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5334504D-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control Microsoft XML Parser for Java Reg Error: Value error. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java Reg Error: Value error.\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java Reg Error: Value error.\ not found. C:\WINDOWS\SWREG.exe moved successfully. C:\WINDOWS\SWSC.exe moved successfully. C:\WINDOWS\SWXCACLS.exe moved successfully. C:\WINDOWS\NIRCMD.exe moved successfully. C:\Qoobox\TestC folder moved successfully. C:\Qoobox\Test folder moved successfully. C:\Qoobox\Quarantine\Registry_backups folder moved successfully. C:\Qoobox\Quarantine\C folder moved successfully. C:\Qoobox\Quarantine folder moved successfully. C:\Qoobox\LastRun folder moved successfully. C:\Qoobox\BackEnv folder moved successfully. C:\Qoobox folder moved successfully. C:\WINDOWS\PEV.exe moved successfully. C:\WINDOWS\MBR.exe moved successfully. C:\WINDOWS\sed.exe moved successfully. C:\WINDOWS\grep.exe moved successfully. C:\WINDOWS\zip.exe moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web\Setup folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web\Logs folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web folder moved successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7E95B6FD deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84 deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: xxx ->Temp folder emptied: 42697 bytes ->Temporary Internet Files folder emptied: 69037 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 21122347 bytes ->Flash cache emptied: 733 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes RecycleBin emptied: 1505010 bytes Total Files Cleaned = 22,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11082013_074433 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\mikołajki - niebieskie migdały 2010 027.jpg not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\mikołajki - niebieskie migdały 2010 027.jpg not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...