Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015
Ran by rose at 2015-02-15 11:11:11
Running from C:\Users\rose\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in theScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by rose (administrator) on ROSE-PC on 15-02-2015 11:10:09
Running from C:\Users\rose\Downloads
Loaded Profiles: rose (Available profiles: rose)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Turkish (Turkey)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe
(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe
(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [241664 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
AppInit_DLLs: RemoveFocusRect.dll => C:\Windows\system32\RemoveFocusRect.dll [3584 2014-12-10] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.google.com
HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/tr-tr/?ocid=iehp
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=620&src=ds&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.mystartsearch.com/web/?u...32&ts=1423954185&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.mystartsearch.com/web/?u...32&ts=1423954185&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
http://www.mystartsearch.com/web/?u...32&ts=1423954185&type=default&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default
FF DefaultSearchEngine: Yandex
FF SearchEngineOrder.1: default-search.net
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: pokki.com/PokkiDownloadHelper -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\yandex.com-185400.xml
FF Extension: CinemaP-1.4cV14.02 - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\
OIBMBKA115048682@HYKFIU97176590.com [2015-02-15]
FF Extension: WOT - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-10]
FF Extension: Classic Theme Restorer - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\
ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-12-10]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\
fbp@fbpurity.com.xpi [2014-12-10]
FF Extension: Facebook Secret Emoticons - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\
jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi [2014-12-24]
FF Extension: AdBlock for Firefox - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\
jid1-NIfFY2CA8fy1tg@jetpack.xpi [2014-12-16]
FF Extension: Show fixed Go - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\
showgo-updated@supernova00.xpi [2014-12-10]
FF Extension: Zoom Page - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\
zoompage@DW-dev.xpi [2014-12-10]
FF Extension: Stylish - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-12-10]
FF Extension: Adblock Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-10]
FF Extension: Tab Mix Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-10]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://
www.mystartsearch.com/?type=hp&ts=1423954064&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932"
CHR Profile: C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Blank New Tab) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\beafekehjfhnkpnnjegadfdncaipnljp [2014-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (WOT) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-09]
CHR Extension: (Advanced Font Settings) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2014-12-11]
CHR Extension: (Adblock Plus) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (Highlight Color) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllbflhpdeinobodaaibnojmgejkkjii [2014-12-14]
CHR Extension: (Stylish) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-11]
CHR Extension: (AdBlock) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-09]
CHR Extension: (Get F.B. Purity for Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpbhmjbfiogpipemadffnijpbcdfkmp [2014-12-12]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-12-12]
CHR Extension: (Downloads) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (My Chrome Theme) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-12-11]
CHR Extension: (Yellow Highlighter) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmhfokkdecggjegnnkoeaneakkfnnal [2014-12-14]
Opera:
=======
OPR StartupUrls: "hxxp://
www.yandex.com/?win=163&clid=2083123"
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-12-13] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 globalUpdate1d048a899b6ed61; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem1d048a89e326bb4; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg [38288 2015-02-03] (Aztec Media Inc)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 qtgwefvs; \??\C:\Windows\system32\drivers\qtgwefvs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 11:10 - 2015-02-15 11:10 - 00013647 _____ () C:\Users\rose\Downloads\FRST.txt
2015-02-15 11:10 - 2015-02-15 11:10 - 00013275 _____ () C:\Users\rose\Desktop\FRST.exe - Shortcut.lnk
2015-02-15 11:09 - 2015-02-15 11:10 - 00000000 ____D () C:\FRST
2015-02-15 11:09 - 2015-02-15 11:09 - 01125888 _____ (Farbar) C:\Users\rose\Downloads\FRST.exe
2015-02-15 01:01 - 2015-02-15 01:01 - 02112512 _____ () C:\Users\rose\Downloads\adwcleaner_4.110.exe
2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job
2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00004474 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00003454 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00003118 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\HF.job
2015-02-15 00:51 - 2015-02-15 00:51 - 01541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe
2015-02-15 00:51 - 2015-02-15 00:51 - 00000000 ____D () C:\Users\rose\AppData\Roaming\30464E43-1423961507-5246-3644-C80AA951DD5B
2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job
2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job
2015-02-15 00:50 - 2015-02-15 11:04 - 00002092 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job
2015-02-15 00:50 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\FWMEH.job
2015-02-15 00:50 - 2015-02-15 00:52 - 00000000 ____D () C:\Program Files\CinemaP-1.4cV14.02
2015-02-15 00:50 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\0c69d037-33d9-415e-a04b-9f59ca8d7258
2015-02-15 00:50 - 2015-02-15 00:50 - 02030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe
2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\IO.SYS
2015-02-15 00:46 - 2015-02-15 00:46 - 00458168 _____ () C:\Users\rose\Downloads\setup.exe
2015-02-14 19:03 - 2015-02-14 19:03 - 00000000 ____D () C:\Program Files\predm
2015-02-14 19:02 - 2015-02-15 11:04 - 00001334 _____ () C:\Windows\Tasks\FQFZVK.job
2015-02-14 19:02 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\6eb9ec85-9fe2-46fa-944a-0eaac642994c
2015-02-14 19:01 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PLXWI.job
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\Program Files\Crossbrowse
2015-02-14 18:53 - 2015-02-14 19:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Yandex
2015-02-14 18:53 - 2015-02-14 18:53 - 00000000 ____D () C:\Users\rose\AppData\Local\Chromium
2015-02-14 18:52 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\JT.job
2015-02-14 18:51 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PJBFN.job
2015-02-14 18:51 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\283e15b4-7cfc-470e-a903-b6cc04c2a22c
2015-02-14 18:51 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\AppData\Local\Doctor_PC
2015-02-14 18:50 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\doctorpclab.com
2015-02-14 18:50 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\Documents\DoctorPC
2015-02-14 18:46 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\8bee3baf-9c4a-45d9-b397-000416d1a7d6
2015-02-14 18:45 - 2015-02-14 18:59 - 00000000 ____D () C:\Program Files\MiniGet
2015-02-14 18:45 - 2015-02-14 18:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\MiniGet
2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Users\rose\AppData\Roaming\tricomfi
2015-02-14 18:39 - 2015-02-15 11:04 - 00001680 _____ () C:\Windows\Tasks\KASHZPJ.job
2015-02-14 18:39 - 2015-02-15 11:04 - 00001330 _____ () C:\Windows\Tasks\IXWW.job
2015-02-14 18:39 - 2015-02-15 01:12 - 00000000 ____D () C:\Program Files\globalUpdate
2015-02-14 18:39 - 2015-02-14 18:39 - 00000000 ____D () C:\Users\rose\AppData\Local\globalUpdate
2015-02-14 16:30 - 2015-02-14 16:30 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller (2).exe
2015-02-14 16:29 - 2015-02-14 16:29 - 00796936 _____ (Pokki) C:\Users\rose\Downloads\Pokki_PixstaSetup.exe
2015-02-13 19:14 - 2015-02-13 19:14 - 00704847 _____ () C:\Users\rose\Downloads\Mika.zip
2015-02-11 21:45 - 2015-02-11 21:45 - 00000000 ____D () C:\Program Files\Assets Manager
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\JT
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\IXWW
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\HF
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH
2015-01-21 17:59 - 2015-01-21 17:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-19 18:06 - 2015-02-15 00:38 - 00000000 ____D () C:\Users\rose\AppData\Local\Pokki
2015-01-19 18:06 - 2015-01-19 18:06 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller.exe
2015-01-19 18:06 - 2015-01-19 18:06 - 00796496 _____ (Pokki) C:\Users\rose\Downloads\Pokki_InstagrilleSetup.exe
2015-01-18 10:41 - 2015-02-11 23:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 10:41 - 2015-01-18 10:41 - 00000000 ____D () C:\ProgramData\Mozilla
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 11:08 - 2014-12-09 20:09 - 02052631 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 11:04 - 2014-12-09 21:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 11:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 11:04 - 2009-07-14 06:39 - 00032162 _____ () C:\Windows\setupact.log
2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 09:47 - 2010-11-20 23:48 - 00707136 _____ () C:\Windows\PFRO.log
2015-02-15 01:22 - 2014-12-10 01:34 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 01:22 - 2014-12-10 01:34 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 01:22 - 2014-12-09 21:24 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-15 01:22 - 2014-12-09 20:12 - 00001417 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 01:20 - 2014-12-09 21:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 01:13 - 2014-12-09 21:23 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 01:04 - 2015-01-06 20:45 - 00000000 ____D () C:\AdwCleaner
2015-02-15 00:09 - 2014-12-20 14:42 - 00000000 ____D () C:\Users\rose\AppData\Local\My Family Tree
2015-02-14 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2015-02-14 19:44 - 2014-12-20 13:15 - 00000000 ____D () C:\Program Files\AbiWord
2015-02-14 19:23 - 2014-12-12 13:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 19:06 - 2014-12-12 08:49 - 00000170 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2015-02-14 18:50 - 2014-12-20 20:52 - 00000000 ____D () C:\Program Files\Adobe
2015-02-11 21:13 - 2014-12-09 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-11 21:13 - 2014-12-09 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-21 17:59 - 2014-12-10 15:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 17:58 - 2014-12-10 15:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-21 17:58 - 2014-12-10 15:44 - 00000000 ____D () C:\Program Files\Java
2015-01-19 12:45 - 2009-07-14 06:53 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH
2015-02-15 00:50 - 2015-02-15 00:50 - 2030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\HF
2015-02-15 00:51 - 2015-02-15 00:51 - 1541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\IXWW
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\JT
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI
2014-12-12 08:50 - 2014-12-12 08:50 - 0613057 _____ (CMI Limited) C:\Users\rose\AppData\Local\nsq5458.tmp
2014-12-10 15:09 - 2014-12-10 15:09 - 0007618 _____ () C:\Users\rose\AppData\Local\resmon.resmoncfg
Some content of TEMP:
====================
C:\Users\rose\AppData\Local\Temp\23837CE5-8069-8A01-FEE3-46DBD4D31AB8.exe
C:\Users\rose\AppData\Local\Temp\2535.exe
C:\Users\rose\AppData\Local\Temp\5mmk4kth.dll
C:\Users\rose\AppData\Local\Temp\BackupSetup.exe
C:\Users\rose\AppData\Local\Temp\bitool.dll
C:\Users\rose\AppData\Local\Temp\default-search.DLL
C:\Users\rose\AppData\Local\Temp\F97BE3D2-EB56-9BAC-A160-536E60C5081F.dll
C:\Users\rose\AppData\Local\Temp\firefox 4 progress bar__10924_i1467821397_il1177868.exe
C:\Users\rose\AppData\Local\Temp\flv.exe
C:\Users\rose\AppData\Local\Temp\fqsh.exe
C:\Users\rose\AppData\Local\Temp\HitmanPro.exe
C:\Users\rose\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\rose\AppData\Local\Temp\octC274.tmp.exe
C:\Users\rose\AppData\Local\Temp\ptvv.exe
C:\Users\rose\AppData\Local\Temp\Quarantine.exe
C:\Users\rose\AppData\Local\Temp\Runner4.exe
C:\Users\rose\AppData\Local\Temp\sdfC4A5.exe
C:\Users\rose\AppData\Local\Temp\setup.exe
C:\Users\rose\AppData\Local\Temp\SimBundD.exe
C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6[1].exe
C:\Users\rose\AppData\Local\Temp\sprz.exe
C:\Users\rose\AppData\Local\Temp\sqlite3.dll
C:\Users\rose\AppData\Local\Temp\Uninstall.exe
C:\Users\rose\AppData\Local\Temp\vcredist_x86.exe
C:\Users\rose\AppData\Local\Temp\wintnty.exe
C:\Users\rose\AppData\Local\Temp\ywzCORL21I.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 13:44
==================== End Of Log ============================ fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aros Magic Checkers (HKLM\...\Aros Magic Checkers) (Version: - )
Assets Manager (HKLM\...\Assets Manager) (Version: 5.0.0.15586 - Aztec Media Inc) <==== ATTENTION
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{75BF5A99-74C9-FF8E-77B0-1DBA17A109BA}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Backgammon (HKLM\...\230-com.novelgames.flashgames.backgammon) (Version: 1.0.0 - Novel Games Limited)
Backgammon (Version: 1.0.0 - Novel Games Limited) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2009.0804.2223.38385 - Şirketinizin Adı) Hidden
CinemaP-1.4cV14.02 (HKLM\...\CinemaP-1.4cV14.02) (Version: 1.36.01.22 - Cinema PlusV14.02) <==== ATTENTION
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
My Family Tree (HKLM\...\My Family Tree 4.0.4.0) (Version: 4.0.4.0 - Chronoplex Software)
My Family Tree (Version: 4.0.4.0 - Chronoplex Software) Hidden
Pokki Download Helper (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
Theme Resource Changer X86 v1.0 (HKLM\...\Theme Resource Changer X86 v1.0) (Version: - Bad Ass Apps)
tricomfi (HKLM\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin) <==== ATTENTION!
Unity Web Player (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
UNO© Freeware (HKLM\...\UNO© Freeware) (Version: - )
Windows 7 Logon Background Changer (HKLM\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> No File
CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\rose\AppData\Roaming\tricomfi\colers.dll () <==== ATTENTION
==================== Restore Points =========================
31-12-2014 13:24:41 Scheduled Checkpoint
06-01-2015 21:17:49 Checkpoint by HitmanPro
11-01-2015 20:45:36 Windows Update
19-01-2015 19:38:40 Scheduled Checkpoint
11-02-2015 20:45:07 Scheduled Checkpoint
11-02-2015 21:59:44 Windows Defender Checkpoint
13-02-2015 18:23:30 Windows Update
15-02-2015 00:33:08 Checkpoint by HitmanPro
15-02-2015 00:33:33 Checkpoint by HitmanPro
15-02-2015 00:47:10 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {2E3EF724-F0C5-4196-85E1-429823751F45} - System32\Tasks\{3CD0B5C3-9264-4954-AB78-982274299F47} => pcalua.exe -a C:\Users\rose\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
Task: {32C5B448-B163-4C4A-A074-7806B4A82131} - System32\Tasks\IXWW => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION
Task: {3A1BE3FF-4313-44EA-87BF-F51C6F6E2597} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {43142461-5412-40B9-B3AF-6872DAE541ED} - System32\Tasks\{38CFCF15-DD48-4500-96BA-88CF43DFA16B} => pcalua.exe -a C:\Users\rose\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION
Task: {445E9C26-1BF9-4647-9964-D40EF3433323} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {456D2B94-F232-4838-AB55-EA806B8E733F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {529E7680-1210-41A4-BA12-DFC71AE3F189} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {536CA708-47F4-48F2-9AF2-76237E812EB2} - System32\Tasks\{D6019485-E684-46AF-ABC3-595AD1E5363E} => pcalua.exe -a C:\Users\rose\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=sfpsnew1
Task: {563DE1C8-52B0-4ABB-81A5-3684ACE3C15B} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {61FFD97F-4CDE-4442-8DEF-F91D0AF1EF8A} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {770ADDED-980A-42AC-9132-311022609143} - System32\Tasks\JT => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION
Task: {7C72BD57-CC9D-4B34-B2B3-C7825A857B10} - System32\Tasks\FQFZVK => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION
Task: {808584F7-4067-498E-99F9-59C88B0E1961} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {84150A70-FD60-4693-A6FD-E77FB58EA75E} - System32\Tasks\DoctorPC_Start => C:\Program Files\Doctor PC\DoctorPC.exe
Task: {8890A168-D607-4CD2-B864-DEB0C9BF9C64} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {8E18AF3F-D616-472B-A5F3-DF8A48D648A0} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {9DA7763F-B53C-4AEC-A1D9-5473888D68E7} - System32\Tasks\PJBFN => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION
Task: {A101197D-AF6B-411F-973B-D88E8EEC040E} - System32\Tasks\HF => C:\Users\rose\AppData\Roaming\HF.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {A309A77C-B741-48BB-A32B-71702413D59A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AF00B3A2-64A1-4974-993F-30228CF843EE} - System32\Tasks\DoctorPC_Popup => C:\Program Files\Doctor PC\Splash.exe
Task: {B40060AD-BA8D-4A59-9474-6F6B824B12AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C13DC2FE-1BCE-428B-B330-87703555C924} - System32\Tasks\PLXWI => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION
Task: {C23C3958-D027-47B8-B784-4D15DC2079E7} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C513AE5B-89F4-4A5B-8E09-CC0E385DBC35} - System32\Tasks\KASHZPJ => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION
Task: {CB686B6C-9F36-4360-9B8F-572EED0EAA7E} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {D21BA1FD-894A-4C4E-B87E-28ED4AC71334} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {ED2B9503-BF54-474F-946F-414E5AEDB910} - System32\Tasks\FWMEH => C:\Users\rose\AppData\Roaming\FWMEH.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {FB8710E5-4788-48F8-AFEB-CD2EF591AA75} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FQFZVK.job => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FWMEH.job => C:\Users\rose\AppData\Roaming\FWMEH.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HF.job => C:\Users\rose\AppData\Roaming\HF.exe <==== ATTENTION
Task: C:\Windows\Tasks\IXWW.job => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION
Task: C:\Windows\Tasks\JT.job => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION
Task: C:\Windows\Tasks\KASHZPJ.job => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\PJBFN.job => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION
Task: C:\Windows\Tasks\PLXWI.job => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\system32\RemoveFocusRect.dll
2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\System32\RemoveFocusRect.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-12-09 20:29 - 2014-12-09 20:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-19 14:26 - 2014-12-19 14:26 - 01858560 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7556c97cec3a808c48adc3b0f90628d3\Kies.UI.ni.dll
2014-12-19 14:26 - 2014-12-19 14:26 - 00078848 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\f71c1285b72d798e315ea2f78a9f80ca\Kies.MVVM.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00188416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7d19f4747599332020621c9e335ee23e\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-12-19 14:28 - 2014-12-19 14:28 - 00352256 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\3c502291f0a96aa6f850b6ad8d348540\DevicePhoto.ni.dll
2014-12-19 14:28 - 2014-12-19 14:28 - 00306176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\73501d25058ecf1ad28349f281c2d83a\DummyStorePlugin.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00574464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b9b08aacde53207e056532e8a93aacd6\Kies.Common.DeviceServiceLib.FileService.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\41eed1856bd169f3f1bc4e39542360b5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00986624 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\0318edba753b95de3e2c780deadb02b4\DeviceCommonLib.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00231424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\ab6025c00c09ef604cfe7f62ba6361bc\ASF_cSharpAPI.ni.dll
2015-02-11 21:30 - 2015-02-11 21:30 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-09 15:26 - 2014-12-09 15:26 - 00133120 _____ () C:\Users\rose\AppData\Roaming\tricomfi\colers.dll
2015-02-11 21:13 - 2015-02-11 21:13 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1272460669-3081688189-3994748253-500 - Administrator - Disabled)
Guest (S-1-5-21-1272460669-3081688189-3994748253-501 - Limited - Disabled)
rose (S-1-5-21-1272460669-3081688189-3994748253-1000 - Administrator - Enabled) => C:\Users\rose
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000005
Fault offset: 0x0002a1e2
Faulting process id: 0x888
Faulting application start time: 0xc7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0
Faulting application path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe1
Faulting module path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe2
Report Id: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe3
Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x11b4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (02/15/2015 11:07:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:
%%2
Error: (02/15/2015 11:04:40 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (02/15/2015 09:49:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:
%%2
Error: (02/15/2015 09:47:10 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (02/15/2015 01:14:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:
%%2
Error: (02/15/2015 01:12:29 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (02/15/2015 00:49:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHProtect Service service failed to start due to the following error:
%%3
Error: (02/15/2015 00:49:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHProtect Service service failed to start due to the following error:
%%3
Error: (02/14/2015 11:39:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHProtect Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/14/2015 08:18:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0.0.0.000000000ntdll.dll6.1.7601.175144ce7b96ec00000050002a1e288801d0487a1a17147fC:\Program Files\PlusHD Cinema 2.1cV14.02\c7cbf753-ea8e-43b6-9875-ff501674bced-10.exeC:\Windows\SYSTEM32\ntdll.dll82da8deb-b49d-11e4-9f6c-c80aa951dd5b
Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\$Recycle.Bin\S-1-5-21-1272460669-3081688189-3994748253-1000\$RAQ009F.exe
Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\rose\Downloads\HitmanPro_x64.exe
Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142511b401d0488ffd5f4610C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll80a2b704-b49b-11e4-9f6c-c80aa951dd5b
Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
==================== Memory info ===========================
Processor: AMD Sempron(tm) M120
Percentage of memory in use: 54%
Total physical RAM: 1788.2 MB
Available physical RAM: 812.01 MB
Total Pagefile: 3576.4 MB
Available Pagefile: 2306.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:220.03 GB) (Free:194.27 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:77.4 GB) (Free:62.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.56 GB) (Free:0.55 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AE57E7AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=77.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=573 MB) - (Type=0C)
==================== End Of Log ============================