Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014 Ran by LOSSM Gorzów Wlkp at 2014-12-02 12:49:55 Run:1 Running from C:\Users\LOSSM Gorzów Wlkp\Downloads Loaded Profile: LOSSM Gorzów Wlkp (Available profiles: LOSSM Gorzów Wlkp) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys [48832 2014-11-12] (StdLib) R2 MaintainerSvc4.07.4104264; C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe [123680 2014-12-02] () R1 MpKsl9cda3682; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20FBBCDA-4F88-44AE-9A5A-CAA83DD443B9}\MpKsl9cda3682.sys [X] HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Task: {1D6CE0BA-C6F6-4CED-8CE3-1BFC86CCE691} - \WPD\SqmUpload_S-1-5-21-357607493-2966654472-2249740010-1001 No Task File <==== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-357607493-2966654472-2249740010-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na HKU\S-1-5-21-357607493-2966654472-2249740010-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0&q={searchTerms} SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-228&apn_uid=9142054734214392&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0&q={searchTerms} SearchScopes: HKLM-x32 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-228&apn_uid=9142054734214392&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-357607493-2966654472-2249740010-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1402423066&from=cor&uid=ST500DM002-1BD142_Z3T8VQJ0XXXXZ3T8VQJ0&q={searchTerms} SearchScopes: HKU\S-1-5-21-357607493-2966654472-2249740010-1004 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-228&apn_uid=9142054734214392&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com?affID=na" C:\Program Files (x86)\Movies Toolbar C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be C:\ProgramData\SafetyNut C:\Users\LOSSM Gorzów Wlkp\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\LOSSM Gorzów Wlkp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\LOSSM Gorzów Wlkp\AppData\Local\Packages C:\Users\LOSSM Gorzów Wlkp\AppData\Local\WebPlayer C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming\sweet-page C:\Users\LOSSM Gorzów Wlkp\Downloads\*(*)-dp*.exe C:\Users\Public\*.tmp C:\Windows\system32\%LOCALAPPDATA% C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Yahoo! Search" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "FLV Player" /f CMD: sc config "Multimedia mobilNET. RunOuc" start= disabled CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData CMD: dir /a "C:\Users\LOSSM Gorzów Wlkp\AppData\Local" CMD: dir /a "C:\Users\LOSSM Gorzów Wlkp\AppData\LocalLow" CMD: dir /a "C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming" EmptyTemp: ***************** Processes closed successfully. {a3f28269-ad17-41a8-b032-3e0313ef8979}w64 => Unable to stop service {a3f28269-ad17-41a8-b032-3e0313ef8979}w64 => Service deleted successfully. MaintainerSvc4.07.4104264 => Service deleted successfully. MpKsl9cda3682 => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D6CE0BA-C6F6-4CED-8CE3-1BFC86CCE691}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D6CE0BA-C6F6-4CED-8CE3-1BFC86CCE691}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-357607493-2966654472-2249740010-1001" => Key deleted successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-357607493-2966654472-2249740010-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-357607493-2966654472-2249740010-1004\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key deleted successfully. "HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key not found. "HKU\S-1-5-21-357607493-2966654472-2249740010-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKU\S-1-5-21-357607493-2966654472-2249740010-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key deleted successfully. "HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully. "C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml" => not found. Chrome StartupUrls deleted successfully. C:\Program Files (x86)\Movies Toolbar => Moved successfully. C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be => Moved successfully. "C:\ProgramData\SafetyNut" => File/Directory not found. C:\Users\LOSSM Gorzów Wlkp\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\LOSSM Gorzów Wlkp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\LOSSM Gorzów Wlkp\AppData\Local\Packages => Moved successfully. C:\Users\LOSSM Gorzów Wlkp\AppData\Local\WebPlayer => Moved successfully. "C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker" => File/Directory not found. C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} => Moved successfully. C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming\sweet-page => Moved successfully. C:\Users\LOSSM Gorzów Wlkp\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\Public\*.tmp => Moved successfully. C:\Windows\system32\%LOCALAPPDATA% => Moved successfully. C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys => Moved successfully. ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Yahoo! Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "FLV Player" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= sc config "Multimedia mobilNET. RunOuc" start= disabled ========= [SC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= ========= dir /a "C:\Program Files" ========= Volume in drive C is System Volume Serial Number is 6E1D-5367 Directory of C:\Program Files 2014-11-21 11:07 . 2014-11-21 11:07 .. 2014-11-21 11:07 Common Files 2013-08-22 16:35 174 desktop.ini 2014-09-24 17:37 Embedded Lockdown Manager 2013-10-07 22:14 HP 2012-12-08 07:05 Intel 2014-11-21 10:45 Internet Explorer 2013-06-25 16:47 Microsoft Office 2014-08-28 08:42 Microsoft Silverlight 2014-11-21 10:32 MSBuild 2014-06-25 20:19 PDF Reader for Windows 8 2014-11-21 10:54 Realtek 2014-11-21 10:32 Reference Assemblies 2012-07-26 08:22 Uninstall Information 2014-11-21 10:47 Windows Defender 2014-09-24 17:37 Windows Journal 2014-09-24 15:35 Windows Mail 2014-11-21 11:07 Windows Media Player 2014-09-24 17:36 Windows Multimedia Platform 2014-11-21 11:24 Windows NT 2014-09-24 15:35 Windows Photo Viewer 2014-09-24 17:36 Windows Portable Devices 2014-11-21 11:07 Windows Sidebar 2014-12-02 09:13 WindowsApps 2013-08-22 16:36 WindowsPowerShell 2013-11-05 12:32 WinRAR 1 File(s) 174 bytes 26 Dir(s) 73ÿ281ÿ732ÿ608 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is System Volume Serial Number is 6E1D-5367 Directory of C:\Program Files (x86) 2014-12-02 12:50 . 2014-12-02 12:50 .. 2014-11-21 11:07 Common Files 2014-02-03 21:45 Corel 2013-08-22 16:34 174 desktop.ini 2013-06-25 18:11 Google 2013-10-07 22:14 HP 2012-12-08 07:16 InstallShield Installation Information 2014-11-21 11:07 Intel 2014-11-21 10:45 Internet Explorer 2012-12-08 07:33 Microsoft 2013-06-25 16:47 Microsoft Analysis Services 2013-06-25 17:00 Microsoft Office 2014-08-28 08:42 Microsoft Silverlight 2012-12-08 07:34 Microsoft SQL Server Compact Edition 2014-11-21 11:07 Microsoft.NET 2013-11-15 16:50 Mobogenie 2014-11-12 12:54 Mozilla Firefox 2014-11-14 08:11 Mozilla Maintenance Service 2014-11-21 10:32 MSBuild 2014-04-01 13:12 Multimedia mobilNET 2012-12-08 07:16 Realtek 2014-11-21 10:32 Reference Assemblies 2013-11-05 14:48 Sony 2014-05-14 14:27 TaxMachine PITy 2012-12-08 07:17 Temp 2013-11-05 12:45 Vstplugins 2014-11-21 10:47 Windows Defender 2012-12-08 07:34 Windows Live 2012-12-08 07:33 Windows Live SkyDrive 2014-09-24 15:35 Windows Mail 2014-11-21 11:07 Windows Media Player 2014-09-24 17:36 Windows Multimedia Platform 2013-08-22 16:36 Windows NT 2014-09-24 15:35 Windows Photo Viewer 2014-09-24 17:36 Windows Portable Devices 2014-11-21 11:07 Windows Sidebar 2013-08-22 16:36 WindowsPowerShell 1 File(s) 174 bytes 37 Dir(s) 73ÿ281ÿ728ÿ512 bytes free ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is System Volume Serial Number is 6E1D-5367 Directory of C:\ProgramData 2014-12-02 12:50 . 2014-12-02 12:50 .. 2013-10-07 22:14 57 Ament.ini 2013-08-22 15:45 Application Data [C:\ProgramData] 2014-11-26 11:14 Ashampoo 2013-12-10 10:09 AVAST Software 2014-01-15 13:22 BitGuard 2014-01-15 13:22 Browser Manager 2014-01-15 13:22 BrowserProtect 2014-06-17 09:26 Corel 2012-12-08 06:28 Dane aplikacji [C:\ProgramData] 2014-04-01 13:13 DatacardService 2013-08-22 15:45 Desktop [C:\Users\Public\Desktop] 2013-08-22 15:45 Documents [C:\Users\Public\Documents] 2012-12-08 06:28 Dokumenty [C:\Users\Public\Documents] 2014-11-21 11:07 HP 2013-11-21 20:28 InstallShield 2012-12-08 07:05 Intel 2012-12-08 06:28 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-11-25 20:18 Microsoft 2014-11-20 09:11 Microsoft Help 2013-07-23 16:06 Mozilla 2014-04-01 13:12 Multimedia mobilNET 2014-11-23 12:10 266 ntuser.pol 2014-05-14 13:40 PITy 2014-11-21 11:07 PRICache 2013-11-15 17:16 Protexis 2013-11-15 17:17 Protexis64 2012-12-08 06:28 Pulpit [C:\Users\Public\Desktop] 2014-09-24 15:51 regid.1991-06.com.microsoft 2013-11-05 14:48 Sony 2013-08-22 15:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2012-12-08 06:28 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2013-08-22 15:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-06-24 20:10 Wincert 2 File(s) 323 bytes 33 Dir(s) 73ÿ281ÿ724ÿ416 bytes free ========= End of CMD: ========= ========= dir /a "C:\Users\LOSSM Gorzów Wlkp\AppData\Local" ========= Volume in drive C is System Volume Serial Number is 6E1D-5367 Directory of C:\Users\LOSSM Gorz¢w Wlkp\AppData\Local 2014-12-02 12:51 . 2014-12-02 12:51 .. 2014-06-25 20:05 Adobe 2013-09-30 20:22 ashampoo 2014-10-13 17:46 Ashampoo Red Ex 2013-11-15 16:49 cache 2013-11-15 17:15 Corel PaintShop Pro 2014-11-21 09:53 CrashDumps 2014-11-21 11:03 Dane aplikacji [C:\Users\LOSSM Gorz¢w Wlkp\AppData\Local] 2014-12-02 11:20 Diagnostics 2014-06-23 09:31 ElevatedDiagnostics 2014-11-23 11:46 EmieBrowserModeList 2014-11-23 11:46 EmieSiteList 2014-11-23 11:46 EmieUserList 2013-06-25 18:14 Google 2014-11-21 11:03 Historia [C:\Users\LOSSM Gorz¢w Wlkp\AppData\Local\Microsoft\Windows\History] 2013-10-16 09:12 HP 2014-12-01 20:31 21ÿ970 IconCache.db 2014-04-11 12:10 Lollipop 2013-07-23 16:08 Macromedia 2014-11-25 20:18 Microsoft 2013-08-12 20:11 Microsoft Help 2013-11-15 16:50 Mobogenie 2013-10-01 14:08 Mozilla 2014-10-28 08:35 Pay-By-Ads 2013-09-30 20:22 Programs 2013-11-21 20:24 Protexis 2013-11-05 14:48 Sony 2014-12-02 12:51 Temp 2014-11-21 11:03 Temporary Internet Files [C:\Users\LOSSM Gorz¢w Wlkp\AppData\Local\Microsoft\Windows\INetCache] 2014-02-06 10:21 VirtualStore 1 File(s) 21ÿ970 bytes 30 Dir(s) 73ÿ281ÿ724ÿ416 bytes free ========= End of CMD: ========= ========= dir /a "C:\Users\LOSSM Gorzów Wlkp\AppData\LocalLow" ========= Volume in drive C is System Volume Serial Number is 6E1D-5367 Directory of C:\Users\LOSSM Gorz¢w Wlkp\AppData\LocalLow 2014-12-02 12:42 . 2014-12-02 12:42 .. 2014-05-13 13:57 DataMngr 2014-11-23 11:46 EmieBrowserModeList 2014-11-23 11:46 EmieSiteList 2014-11-23 11:46 EmieUserList 2013-09-11 13:31 Microsoft 0 File(s) 0 bytes 7 Dir(s) 73ÿ281ÿ724ÿ416 bytes free ========= End of CMD: ========= ========= dir /a "C:\Users\LOSSM Gorzów Wlkp\AppData\Roaming" ========= Volume in drive C is System Volume Serial Number is 6E1D-5367 Directory of C:\Users\LOSSM Gorz¢w Wlkp\AppData\Roaming 2014-12-02 12:51 . 2014-12-02 12:51 .. 2013-03-04 11:13 Adobe 2013-11-05 20:06 Airytec 2013-09-30 20:23 Ashampoo 2013-12-11 11:43 AVAST Software 2014-02-03 22:06 Corel 2014-06-25 20:09 Downloaded Installations 2014-10-05 20:27 HpUpdate 2014-11-25 10:19 Identities 2013-06-25 16:42 Macromedia 2014-11-21 11:21 Microsoft 2014-07-06 10:54 Movies Toolbar 2013-07-23 16:07 Mozilla 2013-11-05 13:35 Publish Providers 2013-11-05 15:54 Sony 2013-11-05 15:10 Sony Creative Software Inc 2013-11-15 17:16 Ulead Systems 2013-11-05 12:32 WinRAR 0 File(s) 0 bytes 19 Dir(s) 73ÿ281ÿ720ÿ320 bytes free ========= End of CMD: ========= EmptyTemp: => Removed 759.3 MB temporary data. The system needed a reboot. ==== End of Fixlog ====