All processes killed ========== OTL ========== Service SenFiltService stopped successfully! Service SenFiltService deleted successfully! File system32\drivers\Senfilt.sys not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\ComboFix\catchme.sys not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\system32\drivers\blbdrive.sys not found. Error: No service named ay5g9s5p was found to stop! Service\Driver key ay5g9s5p not found. Error: No service named aeaab7a5 was found to stop! Service\Driver key aeaab7a5 not found. Registry key HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{170DA7C8-FBBC-41E2-BBB4-95D23EEBC727}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{170DA7C8-FBBC-41E2-BBB4-95D23EEBC727}\ not found. Registry key HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F8346E0-A250-1FC1-B8A9-14E6F0D77EDB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F8346E0-A250-1FC1-B8A9-14E6F0D77EDB}\ not found. Registry key HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FEDF4BB8-BA82-46D2-92F9-82EF0872971B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEDF4BB8-BA82-46D2-92F9-82EF0872971B}\ not found. Registry key HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FF5B20FC-7E97-4320-B5E1-3FE23904F2E4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF5B20FC-7E97-4320-B5E1-3FE23904F2E4}\ not found. HKU\S-1-5-21-3314771282-3977894261-815355269-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ not found. HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "chr-greentree_ff&ilc=12&type=937811" removed from browser.search.param.yahoo-fr Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. ========== FILES ========== C:\Windows\msdownld.tmp folder moved successfully. C:\Users\uzivatel\Desktop\~WRL0005.tmp moved successfully. C:\san_test.tmp moved successfully. File\Folder C:\Users\uzivatel\AppData\Roaming\Autodesk not found. File\Folder C:\Users\uzivatel\AppData\Roaming\Hive Cluster not found. File\Folder C:\Users\uzivatel\AppData\Roaming\ICQ not found. File\Folder C:\Users\uzivatel\AppData\Roaming\ICQ Search not found. File\Folder C:\Users\uzivatel\AppData\Roaming\LolClient not found. File\Folder C:\Users\uzivatel\AppData\Roaming\LucasArts not found. File\Folder C:\Users\uzivatel\AppData\Roaming\MAXON not found. File\Folder C:\Users\uzivatel\AppData\Roaming\QipGuard not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Guard.Mail.ru\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QipGuard\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\qip.ru\QipGuard\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mail.Ru\Guard\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Guard.Mail.ru\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Guard.Mail.ru\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Guard.Mail.ru\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Guard.Mail.ru\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Guard.Mail.ru\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Guard.Mail.ru\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\Guard.Mail.ru\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Guard.Mail.ru\ not found. Registry key HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\qip.ru\QipGuard\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: uzivatel ->Temp folder emptied: 916 bytes ->Temporary Internet Files folder emptied: 1556547 bytes ->Java cache emptied: 2193384 bytes ->FireFox cache emptied: 50504870 bytes ->Google Chrome cache emptied: 7311379 bytes ->Flash cache emptied: 7210 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 2657 bytes Total Files Cleaned = 59,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: UpdatusUser User: uzivatel ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: UpdatusUser User: uzivatel ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 02262013_221514 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...