Fix result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016 Ran by Pati (02-10-2016 11:52:09) Run:1 Running from D:\zz NAPRAWA Loaded Profiles: Pati (Available Profiles: Pati) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: S2 WindowsDefender; C:\Windows\winrshost.exe [177152 2016-03-21] () [File not signed] HKLM\...\Providers\1nfd18e5: C:\ProgramData\FastPrinter\local64spl.dll [141824 2016-08-22] () HKLM\...\Providers\omvik5rc: C:\Program Files (x86)\\local64spl.dll [141824 2016-08-22] () HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\...\Run: [Ovics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Pati\AppData\Local\IRsoft\sqnxogrw.dll HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\...\StartupApproved\Run: => "IRsoft" Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] BootExecute: autocheck autochk * sdnclean64.exe Task: {0D763D79-3CDE-41A2-993D-7CBA748B3ED2} - System32\Tasks\{C05415B8-B11A-485B-9375-CEDF83AF929D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zathdom\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Zathdom\uninstall.dat" -a uninstallme ED2D987A-9283-494C-ACD9-03C7A093A4CC DeviceId=f970916d-284d-235d-1251-46cc4fa05103 BarcodeId=51107003 ChannelId=3 DistributerName=APSFClickMeIn Task: {B87454B3-B62A-46D7-8464-3BA681215950} - System32\Tasks\Coerwcult Center => C:\Program Files (x86)\Crecult\Coerwcultcntdnk.exe Tcpip\..\Interfaces\{3CEC4DD1-E22F-4E53-834D-D81B87C9D26E}: [NameServer] 188.120.239.115,8.8.8.8 Tcpip\..\Interfaces\{EA4E11C0-8779-4BB5-92BE-763E2D2A5C51}: [NameServer] 188.120.239.115,8.8.8.8 GroupPolicy: Restriction - Windows Degender <======= ATTENTION WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc SearchScopes: HKLM -> IELNKSRCH URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmorjNXrcNqlRkJQAPAeRWWrGrvcIGgASlAvdju6NGxd46zYN8hurJAu-o32-9yJpoOsFUmFTl9FOk4hcVsOXKuA-zceluDURbgHBaMXAs4IiDWVyiRvwVBZuasOTl1fgxk7AT_SLmmIEjRLjN-OIbIw_vD-5W&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx DeleteKey: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware DeleteKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins AlternateDataStreams: C:\Users\Pati\Cookies:eLzXAceo1JHpJ06dclVDZj7KM [2324] C:\Program Files (x86)\local64spl.dll C:\Program Files (x86)\local64spl.dll.ini C:\ProgramData\FastPrinter C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk C:\Users\Pati\AppData\Local\zaupT9tpAAXks C:\Users\Pati\AppData\Roaming\agent.dat C:\Users\Pati\AppData\Roaming\Installer.dat C:\Users\Pati\AppData\Roaming\Main.dat C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk C:\Windows\winrshost.exe CMD: ipconfig /flushdns CMD: netsh advfirewall reset CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Pati\AppData\Local CMD: dir /a C:\Users\Pati\AppData\LocalLow CMD: dir /a C:\Users\Pati\AppData\Roaming Hosts: EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. WindowsDefender => service removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\1nfd18e5" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order 1nfd18e5 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\omvik5rc" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order omvik5rc => removed successfully HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ovics => value removed successfully HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\IRsoft => value removed successfully HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IRsoft => value not found. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D763D79-3CDE-41A2-993D-7CBA748B3ED2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D763D79-3CDE-41A2-993D-7CBA748B3ED2}" => key removed successfully C:\Windows\System32\Tasks\{C05415B8-B11A-485B-9375-CEDF83AF929D} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C05415B8-B11A-485B-9375-CEDF83AF929D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B87454B3-B62A-46D7-8464-3BA681215950}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B87454B3-B62A-46D7-8464-3BA681215950}" => key removed successfully C:\Windows\System32\Tasks\Coerwcult Center => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Coerwcult Center" => key removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3CEC4DD1-E22F-4E53-834D-D81B87C9D26E}\\NameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA4E11C0-8779-4BB5-92BE-763E2D2A5C51}\\NameServer => value removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully C:\Users\Pati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully. C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully. C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\IELNKSRCH" => key removed successfully HKCR\CLSID\IELNKSRCH => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully HKLM\SOFTWARE\Microsoft\Microsoft Antimalware => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Microsoft\Microsoft Antimalware => key removed successfully HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths => key removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions => key removed successfully HKLM\SOFTWARE\Mozilla => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Mozilla => key removed successfully HKLM\SOFTWARE\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\MozillaPlugins => key removed successfully HKLM\SOFTWARE\Wow6432Node\Mozilla => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\Mozilla => key removed successfully HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => key removed successfully "C:\Users\Pati\Cookies" => ":eLzXAceo1JHpJ06dclVDZj7KM" ADS not found. C:\Program Files (x86)\local64spl.dll => moved successfully C:\Program Files (x86)\local64spl.dll.ini => moved successfully C:\ProgramData\FastPrinter => moved successfully "C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" => not found. C:\Users\Pati\AppData\Local\zaupT9tpAAXks => moved successfully C:\Users\Pati\AppData\Roaming\agent.dat => moved successfully C:\Users\Pati\AppData\Roaming\Installer.dat => moved successfully C:\Users\Pati\AppData\Roaming\Main.dat => moved successfully C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => moved successfully C:\Windows\winrshost.exe => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= dir /a "C:\Program Files" ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\Program Files 2016-09-17 22:47 . 2016-09-17 22:47 .. 2015-04-23 19:32 7-Zip 2015-04-23 20:18 Adobe 2016-08-22 21:41 AVAST Software 2016-08-20 14:36 CCleaner 2016-05-30 15:08 CEWE 2015-04-13 20:19 Classic Shell 2016-08-22 21:38 Common Files 2013-08-22 17:35 174 desktop.ini 2015-04-13 20:45 Elantech 2015-08-29 20:36 GIMP 2 2016-09-21 02:04 Internet Explorer 2016-03-21 21:18 KMSpico 2015-04-13 22:22 Microsoft Office 2015-04-13 20:50 MSBuild 2015-04-13 21:04 NVIDIA Corporation 2015-04-13 21:52 PowerISO 2015-04-13 20:50 Reference Assemblies 2015-10-08 19:47 Tablet 2015-10-08 19:47 TabletPlugins 2013-08-22 16:47 Uninstall Information 2015-08-19 01:03 Windows Defender 2015-06-16 17:51 Windows Mail 2015-06-16 17:51 Windows Media Player 2015-06-16 17:51 Windows Multimedia Platform 2013-08-22 17:36 Windows NT 2015-06-16 17:51 Windows Photo Viewer 2015-06-16 17:51 Windows Portable Devices 2013-08-22 17:36 Windows Sidebar 2016-09-17 14:07 WindowsApps 2015-06-16 17:50 WindowsPowerShell 1 File(s) 174 bytes 31 Dir(s) 136˙881˙041˙408 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\Program Files (x86) 2016-10-02 11:52 . 2016-10-02 11:52 .. 2016-10-02 11:30 Adobe 2015-04-13 21:04 AGEIA Technologies 2016-08-22 21:55 Bvafivagh 2016-10-02 11:39 Common Files 2016-08-22 21:55 Crecult 2016-08-22 21:55 Crecult_ 2013-08-22 17:34 174 desktop.ini 2016-08-20 19:32 Google 2015-04-23 17:43 Hewlett-Packard 2015-04-23 17:52 Hp 2016-09-21 02:04 Internet Explorer 2015-04-23 19:21 K-Lite Codec Pack 2016-08-22 21:29 Malwarebytes Anti-Malware 2016-10-02 11:32 Microsoft 2015-04-13 22:24 Microsoft Office 2015-04-13 22:24 Microsoft Visual Studio 2015-04-13 22:22 Microsoft Visual Studio 8 2015-04-13 22:24 Microsoft Works 2015-04-13 22:23 Microsoft.NET 2015-04-13 22:24 MSBuild 2015-04-23 20:04 My Company Name 2016-02-04 18:30 MyHeritage 2015-04-13 21:04 NVIDIA Corporation 2015-04-23 17:24 PhotoScape 2015-04-13 20:51 Reference Assemblies 2016-10-02 11:40 Spybot - Search & Destroy 2 2015-10-08 19:47 TabletPlugins 2015-08-19 01:03 Windows Defender 2015-06-16 17:50 Windows Mail 2015-06-16 17:50 Windows Media Player 2015-06-16 17:50 Windows Multimedia Platform 2013-08-22 17:36 Windows NT 2015-06-16 17:50 Windows Photo Viewer 2015-06-16 17:50 Windows Portable Devices 2013-08-22 17:36 Windows Sidebar 2013-08-22 17:36 WindowsPowerShell 2016-08-20 14:20 ynl265E 2016-08-20 14:54 {516D9F5A-D8E3-485A-838A-AE688ED07E5C} 1 File(s) 174 bytes 39 Dir(s) 136˙881˙041˙408 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\Program Files\Common Files 2016-08-22 21:38 . 2016-08-22 21:38 .. 2015-04-23 20:22 Adobe 2016-08-22 23:39 AV 2015-04-23 22:22 microsoft shared 2013-08-22 17:36 Services 2015-06-16 17:51 System 0 File(s) 0 bytes 7 Dir(s) 136˙881˙045˙504 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\Program Files (x86)\Common Files 2016-10-02 11:39 . 2016-10-02 11:39 .. 2016-06-17 17:33 Adobe 2016-08-22 21:38 AV 2015-07-02 21:57 Blizzard Entertainment 2015-04-13 22:24 DESIGNER 2015-04-23 17:50 Hewlett-Packard 2015-04-23 17:50 HP 2015-04-23 22:22 Microsoft Shared 2015-04-23 20:04 PX Storage Engine 2013-08-22 17:36 Services 2015-04-23 20:04 Sonic Shared 2015-06-16 17:50 System 0 File(s) 0 bytes 13 Dir(s) 136˙881˙041˙408 bytes free ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\ProgramData 2016-10-02 11:52 . 2016-10-02 11:52 .. 2016-01-14 00:01 Adobe 2015-04-23 20:17 ALM 2013-08-22 16:45 Application Data [C:\ProgramData] 2016-08-22 21:41 AVAST Software 2016-04-07 18:27 Battle.net 2015-07-02 21:51 Blizzard Entertainment 2015-04-13 20:20 ClassicShell 2013-08-22 16:45 Desktop [C:\Users\Public\Desktop] 2013-08-22 16:45 Documents [C:\Users\Public\Documents] 2015-04-23 17:55 HP 2015-04-23 17:51 HP Product Assistant 2016-05-30 15:11 hps 2016-10-02 11:34 1˙908 hpzinstall.log 2016-01-29 21:06 M-Photo 2016-08-22 21:29 Malwarebytes 2016-10-02 11:40 Microsoft 2015-04-13 22:27 Microsoft Help 2016-02-04 18:37 MyHeritage 2016-03-21 20:41 652 ntuser.pol 2015-04-13 21:04 NVIDIA 2015-04-13 21:07 NVIDIA Corporation 2015-04-13 20:57 Oracle 2015-09-24 12:40 PACE Anti-Piracy 2016-01-04 15:16 regid.1986-12.com.adobe 2015-06-16 17:50 regid.1991-06.com.microsoft 2016-10-02 11:40 Spybot - Search & Destroy 2013-08-22 16:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2015-04-13 20:58 Sun 2013-08-22 16:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2016-05-31 22:40 tmp 2015-04-23 17:55 WEBREG 2 File(s) 2˙560 bytes 31 Dir(s) 136˙881˙041˙408 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\Pati\AppData\Local ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\Users\Pati\AppData\Local 2016-10-02 11:52 . 2016-10-02 11:52 .. 2016-10-02 11:29 Adobe 2016-01-07 19:49 1˙456 Adobe Save for Web 13.0 Prefs 2015-09-24 12:40 aJDnMEZEGRf4Xn 2015-04-13 19:47 Application Data [C:\Users\Pati\AppData\Local] 2015-08-29 20:33 Apps 2016-04-07 18:48 Battle.net 2015-07-02 22:21 Blizzard 2015-07-02 21:52 Blizzard Entertainment 2016-03-10 15:58 CEF 2016-02-01 22:11 Chronoplex_Software 2016-10-02 11:50 ClassicShell 2015-08-29 20:34 Deployment 2016-09-20 23:38 Diagnostics 2016-10-02 11:47 ElevatedDiagnostics 2015-08-29 20:38 fontconfig 2016-08-20 14:21 fwoshdrauspliition 2016-03-21 16:51 141˙792 GDIPFONTCACHEV1.DAT 2015-08-29 20:38 gegl-0.2 2015-09-19 19:22 Google 2016-05-07 23:17 gtk-2.0 2015-07-10 16:18 GWX 2015-04-13 19:47 History [C:\Users\Pati\AppData\Local\Microsoft\Windows\History] 2015-04-23 17:55 HP 2016-10-02 11:42 263˙686 IconCache.db 2016-08-22 22:00 IRsoft 2016-01-29 21:24 M-Photo_Ltd 2015-08-29 20:35 Microsoft 2016-06-23 11:01 Microsoft Help 2016-02-02 00:08 My Family Tree 2015-08-24 20:23 NVIDIA 2015-08-24 20:23 NVIDIA Corporation 2015-09-24 12:40 PACE Anti-Piracy 2016-02-09 18:23 Packages 2015-04-23 19:20 Programs 2016-05-07 23:17 1˙016 recently-used.xbel 2016-10-02 11:52 Temp 2015-04-13 19:47 Temporary Internet Files [C:\Users\Pati\AppData\Local\Microsoft\Windows\INetCache] 2016-08-20 14:43 tumilyfutakcurerk 2015-09-24 12:40 TyDJsmUFtOiZIvu 2016-08-22 22:00 Udmedia 2015-04-13 19:48 VirtualStore 2016-01-04 01:10 webkit 4 File(s) 407˙950 bytes 40 Dir(s) 136˙881˙041˙408 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\Pati\AppData\LocalLow ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\Users\Pati\AppData\LocalLow 2016-03-21 20:50 . 2016-03-21 20:50 .. 2016-01-14 00:00 Adobe 2015-04-13 20:07 Microsoft 2015-04-13 20:57 Sun 0 File(s) 0 bytes 5 Dir(s) 136˙881˙045˙504 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\Pati\AppData\Roaming ========= Volume in drive C is System Reserved Volume Serial Number is C0A4-B124 Directory of C:\Users\Pati\AppData\Roaming 2016-10-02 11:52 . 2016-10-02 11:52 .. 2016-02-28 14:02 Adobe 2016-06-23 18:58 132 Adobe PNG Format CS6 Prefs 2016-08-22 22:05 AVAST Software 2016-04-07 18:28 Battle.net 2015-04-23 19:18 BESTplayer 2015-04-23 17:57 HP 2015-07-17 12:05 HpUpdate 2015-06-17 19:56 Identities 2015-04-13 20:26 Macromedia 2016-03-09 13:00 Microsoft 2016-08-20 14:31 Mozilla 2016-02-04 18:41 MyHeritage 2015-04-23 20:27 NVIDIA 2015-09-24 12:40 PACE Anti-Piracy 2016-03-30 21:00 PDAppFlex 2016-09-17 19:52 PhotoScape 2015-04-13 21:53 PowerISO 2016-01-06 15:19 StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2016-02-04 18:31 The Complete Genealogy Reporter - FTB 2015-10-10 11:35 WTablet 1 File(s) 132 bytes 21 Dir(s) 136˙881˙041˙408 bytes free ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68076011 B Java, Flash, Steam htmlcache => 3328 B Windows/system/drivers => 17190188 B Edge => 0 B Chrome => 40874896 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 76400322 B systemprofile32 => 1 B LocalService => 28420 B NetworkService => 0 B Pati => 1238209704 B UpdatusUser => 0 B RecycleBin => 26656 B EmptyTemp: => 1.3 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:53:33 ====