Solved CinemaP-1.4c

Rose1 · Feb 14, 2015

When I click on the program under control panel uninstall to uninstall a window comes up "uninstall and install doctorpc.

argus · Feb 15, 2015

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Rose1 · Feb 15, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015
Ran by rose at 2015-02-15 11:11:11
Running from C:\Users\rose\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in theScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by rose (administrator) on ROSE-PC on 15-02-2015 11:10:09
Running from C:\Users\rose\Downloads
Loaded Profiles: rose (Available profiles: rose)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Turkish (Turkey)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe
(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe
(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [241664 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
AppInit_DLLs: RemoveFocusRect.dll => C:\Windows\system32\RemoveFocusRect.dll [3584 2014-12-10] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/tr-tr/?ocid=iehp
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=620&src=ds&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?u...32&ts=1423954185&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?u...32&ts=1423954185&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.mystartsearch.com/web/?u...32&ts=1423954185&type=default&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default
FF DefaultSearchEngine: Yandex
FF SearchEngineOrder.1: default-search.net
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: pokki.com/PokkiDownloadHelper -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\yandex.com-185400.xml
FF Extension: CinemaP-1.4cV14.02 - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\OIBMBKA115048682@HYKFIU97176590.com [2015-02-15]
FF Extension: WOT - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-10]
FF Extension: Classic Theme Restorer - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-12-10]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\fbp@fbpurity.com.xpi [2014-12-10]
FF Extension: Facebook Secret Emoticons - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi [2014-12-24]
FF Extension: AdBlock for Firefox - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2014-12-16]
FF Extension: Show fixed Go - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\showgo-updated@supernova00.xpi [2014-12-10]
FF Extension: Zoom Page - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\zoompage@DW-dev.xpi [2014-12-10]
FF Extension: Stylish - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-12-10]
FF Extension: Adblock Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-10]
FF Extension: Tab Mix Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-10]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1423954064&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932"
CHR Profile: C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Blank New Tab) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\beafekehjfhnkpnnjegadfdncaipnljp [2014-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (WOT) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-09]
CHR Extension: (Advanced Font Settings) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2014-12-11]
CHR Extension: (Adblock Plus) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (Highlight Color) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllbflhpdeinobodaaibnojmgejkkjii [2014-12-14]
CHR Extension: (Stylish) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-11]
CHR Extension: (AdBlock) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-09]
CHR Extension: (Get F.B. Purity for Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpbhmjbfiogpipemadffnijpbcdfkmp [2014-12-12]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-12-12]
CHR Extension: (Downloads) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (My Chrome Theme) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-12-11]
CHR Extension: (Yellow Highlighter) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmhfokkdecggjegnnkoeaneakkfnnal [2014-12-14]

Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.com/?win=163&clid=2083123"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-12-13] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 globalUpdate1d048a899b6ed61; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem1d048a89e326bb4; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg [38288 2015-02-03] (Aztec Media Inc)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 qtgwefvs; \??\C:\Windows\system32\drivers\qtgwefvs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 11:10 - 2015-02-15 11:10 - 00013647 _____ () C:\Users\rose\Downloads\FRST.txt
2015-02-15 11:10 - 2015-02-15 11:10 - 00013275 _____ () C:\Users\rose\Desktop\FRST.exe - Shortcut.lnk
2015-02-15 11:09 - 2015-02-15 11:10 - 00000000 ____D () C:\FRST
2015-02-15 11:09 - 2015-02-15 11:09 - 01125888 _____ (Farbar) C:\Users\rose\Downloads\FRST.exe
2015-02-15 01:01 - 2015-02-15 01:01 - 02112512 _____ () C:\Users\rose\Downloads\adwcleaner_4.110.exe
2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job
2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00004474 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00003454 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00003118 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job
2015-02-15 00:51 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\HF.job
2015-02-15 00:51 - 2015-02-15 00:51 - 01541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe
2015-02-15 00:51 - 2015-02-15 00:51 - 00000000 ____D () C:\Users\rose\AppData\Roaming\30464E43-1423961507-5246-3644-C80AA951DD5B
2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job
2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job
2015-02-15 00:50 - 2015-02-15 11:04 - 00002092 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job
2015-02-15 00:50 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\FWMEH.job
2015-02-15 00:50 - 2015-02-15 00:52 - 00000000 ____D () C:\Program Files\CinemaP-1.4cV14.02
2015-02-15 00:50 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\0c69d037-33d9-415e-a04b-9f59ca8d7258
2015-02-15 00:50 - 2015-02-15 00:50 - 02030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe
2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\IO.SYS
2015-02-15 00:46 - 2015-02-15 00:46 - 00458168 _____ () C:\Users\rose\Downloads\setup.exe
2015-02-14 19:03 - 2015-02-14 19:03 - 00000000 ____D () C:\Program Files\predm
2015-02-14 19:02 - 2015-02-15 11:04 - 00001334 _____ () C:\Windows\Tasks\FQFZVK.job
2015-02-14 19:02 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\6eb9ec85-9fe2-46fa-944a-0eaac642994c
2015-02-14 19:01 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PLXWI.job
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\Program Files\Crossbrowse
2015-02-14 18:53 - 2015-02-14 19:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Yandex
2015-02-14 18:53 - 2015-02-14 18:53 - 00000000 ____D () C:\Users\rose\AppData\Local\Chromium
2015-02-14 18:52 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\JT.job
2015-02-14 18:51 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PJBFN.job
2015-02-14 18:51 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\283e15b4-7cfc-470e-a903-b6cc04c2a22c
2015-02-14 18:51 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\AppData\Local\Doctor_PC
2015-02-14 18:50 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\doctorpclab.com
2015-02-14 18:50 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\Documents\DoctorPC
2015-02-14 18:46 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\8bee3baf-9c4a-45d9-b397-000416d1a7d6
2015-02-14 18:45 - 2015-02-14 18:59 - 00000000 ____D () C:\Program Files\MiniGet
2015-02-14 18:45 - 2015-02-14 18:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\MiniGet
2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Users\rose\AppData\Roaming\tricomfi
2015-02-14 18:39 - 2015-02-15 11:04 - 00001680 _____ () C:\Windows\Tasks\KASHZPJ.job
2015-02-14 18:39 - 2015-02-15 11:04 - 00001330 _____ () C:\Windows\Tasks\IXWW.job
2015-02-14 18:39 - 2015-02-15 01:12 - 00000000 ____D () C:\Program Files\globalUpdate
2015-02-14 18:39 - 2015-02-14 18:39 - 00000000 ____D () C:\Users\rose\AppData\Local\globalUpdate
2015-02-14 16:30 - 2015-02-14 16:30 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller (2).exe
2015-02-14 16:29 - 2015-02-14 16:29 - 00796936 _____ (Pokki) C:\Users\rose\Downloads\Pokki_PixstaSetup.exe
2015-02-13 19:14 - 2015-02-13 19:14 - 00704847 _____ () C:\Users\rose\Downloads\Mika.zip
2015-02-11 21:45 - 2015-02-11 21:45 - 00000000 ____D () C:\Program Files\Assets Manager
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\JT
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\IXWW
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\HF
2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH
2015-01-21 17:59 - 2015-01-21 17:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-19 18:06 - 2015-02-15 00:38 - 00000000 ____D () C:\Users\rose\AppData\Local\Pokki
2015-01-19 18:06 - 2015-01-19 18:06 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller.exe
2015-01-19 18:06 - 2015-01-19 18:06 - 00796496 _____ (Pokki) C:\Users\rose\Downloads\Pokki_InstagrilleSetup.exe
2015-01-18 10:41 - 2015-02-11 23:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 10:41 - 2015-01-18 10:41 - 00000000 ____D () C:\ProgramData\Mozilla

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 11:08 - 2014-12-09 20:09 - 02052631 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 11:04 - 2014-12-09 21:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 11:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 11:04 - 2009-07-14 06:39 - 00032162 _____ () C:\Windows\setupact.log
2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 09:47 - 2010-11-20 23:48 - 00707136 _____ () C:\Windows\PFRO.log
2015-02-15 01:22 - 2014-12-10 01:34 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 01:22 - 2014-12-10 01:34 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 01:22 - 2014-12-09 21:24 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-15 01:22 - 2014-12-09 20:12 - 00001417 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 01:20 - 2014-12-09 21:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 01:13 - 2014-12-09 21:23 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 01:04 - 2015-01-06 20:45 - 00000000 ____D () C:\AdwCleaner
2015-02-15 00:09 - 2014-12-20 14:42 - 00000000 ____D () C:\Users\rose\AppData\Local\My Family Tree
2015-02-14 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2015-02-14 19:44 - 2014-12-20 13:15 - 00000000 ____D () C:\Program Files\AbiWord
2015-02-14 19:23 - 2014-12-12 13:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 19:06 - 2014-12-12 08:49 - 00000170 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2015-02-14 18:50 - 2014-12-20 20:52 - 00000000 ____D () C:\Program Files\Adobe
2015-02-11 21:13 - 2014-12-09 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-11 21:13 - 2014-12-09 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-21 17:59 - 2014-12-10 15:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 17:58 - 2014-12-10 15:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-21 17:58 - 2014-12-10 15:44 - 00000000 ____D () C:\Program Files\Java
2015-01-19 12:45 - 2009-07-14 06:53 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH
2015-02-15 00:50 - 2015-02-15 00:50 - 2030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\HF
2015-02-15 00:51 - 2015-02-15 00:51 - 1541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\IXWW
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\JT
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI
2014-12-12 08:50 - 2014-12-12 08:50 - 0613057 _____ (CMI Limited) C:\Users\rose\AppData\Local\nsq5458.tmp
2014-12-10 15:09 - 2014-12-10 15:09 - 0007618 _____ () C:\Users\rose\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\rose\AppData\Local\Temp\23837CE5-8069-8A01-FEE3-46DBD4D31AB8.exe
C:\Users\rose\AppData\Local\Temp\2535.exe
C:\Users\rose\AppData\Local\Temp\5mmk4kth.dll
C:\Users\rose\AppData\Local\Temp\BackupSetup.exe
C:\Users\rose\AppData\Local\Temp\bitool.dll
C:\Users\rose\AppData\Local\Temp\default-search.DLL
C:\Users\rose\AppData\Local\Temp\F97BE3D2-EB56-9BAC-A160-536E60C5081F.dll
C:\Users\rose\AppData\Local\Temp\firefox 4 progress bar__10924_i1467821397_il1177868.exe
C:\Users\rose\AppData\Local\Temp\flv.exe
C:\Users\rose\AppData\Local\Temp\fqsh.exe
C:\Users\rose\AppData\Local\Temp\HitmanPro.exe
C:\Users\rose\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\rose\AppData\Local\Temp\octC274.tmp.exe
C:\Users\rose\AppData\Local\Temp\ptvv.exe
C:\Users\rose\AppData\Local\Temp\Quarantine.exe
C:\Users\rose\AppData\Local\Temp\Runner4.exe
C:\Users\rose\AppData\Local\Temp\sdfC4A5.exe
C:\Users\rose\AppData\Local\Temp\setup.exe
C:\Users\rose\AppData\Local\Temp\SimBundD.exe
C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6[1].exe
C:\Users\rose\AppData\Local\Temp\sprz.exe
C:\Users\rose\AppData\Local\Temp\sqlite3.dll
C:\Users\rose\AppData\Local\Temp\Uninstall.exe
C:\Users\rose\AppData\Local\Temp\vcredist_x86.exe
C:\Users\rose\AppData\Local\Temp\wintnty.exe
C:\Users\rose\AppData\Local\Temp\ywzCORL21I.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 13:44

==================== End Of Log ============================ fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aros Magic Checkers (HKLM\...\Aros Magic Checkers) (Version: - )
Assets Manager (HKLM\...\Assets Manager) (Version: 5.0.0.15586 - Aztec Media Inc) <==== ATTENTION
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{75BF5A99-74C9-FF8E-77B0-1DBA17A109BA}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Backgammon (HKLM\...\230-com.novelgames.flashgames.backgammon) (Version: 1.0.0 - Novel Games Limited)
Backgammon (Version: 1.0.0 - Novel Games Limited) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2009.0804.2223.38385 - Şirketinizin Adı) Hidden
CinemaP-1.4cV14.02 (HKLM\...\CinemaP-1.4cV14.02) (Version: 1.36.01.22 - Cinema PlusV14.02) <==== ATTENTION
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
My Family Tree (HKLM\...\My Family Tree 4.0.4.0) (Version: 4.0.4.0 - Chronoplex Software)
My Family Tree (Version: 4.0.4.0 - Chronoplex Software) Hidden
Pokki Download Helper (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
Theme Resource Changer X86 v1.0 (HKLM\...\Theme Resource Changer X86 v1.0) (Version: - Bad Ass Apps)
tricomfi (HKLM\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin) <==== ATTENTION!
Unity Web Player (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
UNO© Freeware (HKLM\...\UNO© Freeware) (Version: - )
Windows 7 Logon Background Changer (HKLM\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> No File
CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\rose\AppData\Roaming\tricomfi\colers.dll () <==== ATTENTION

==================== Restore Points =========================

31-12-2014 13:24:41 Scheduled Checkpoint
06-01-2015 21:17:49 Checkpoint by HitmanPro
11-01-2015 20:45:36 Windows Update
19-01-2015 19:38:40 Scheduled Checkpoint
11-02-2015 20:45:07 Scheduled Checkpoint
11-02-2015 21:59:44 Windows Defender Checkpoint
13-02-2015 18:23:30 Windows Update
15-02-2015 00:33:08 Checkpoint by HitmanPro
15-02-2015 00:33:33 Checkpoint by HitmanPro
15-02-2015 00:47:10 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {2E3EF724-F0C5-4196-85E1-429823751F45} - System32\Tasks\{3CD0B5C3-9264-4954-AB78-982274299F47} => pcalua.exe -a C:\Users\rose\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
Task: {32C5B448-B163-4C4A-A074-7806B4A82131} - System32\Tasks\IXWW => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION
Task: {3A1BE3FF-4313-44EA-87BF-F51C6F6E2597} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {43142461-5412-40B9-B3AF-6872DAE541ED} - System32\Tasks\{38CFCF15-DD48-4500-96BA-88CF43DFA16B} => pcalua.exe -a C:\Users\rose\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION
Task: {445E9C26-1BF9-4647-9964-D40EF3433323} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {456D2B94-F232-4838-AB55-EA806B8E733F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {529E7680-1210-41A4-BA12-DFC71AE3F189} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {536CA708-47F4-48F2-9AF2-76237E812EB2} - System32\Tasks\{D6019485-E684-46AF-ABC3-595AD1E5363E} => pcalua.exe -a C:\Users\rose\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=sfpsnew1
Task: {563DE1C8-52B0-4ABB-81A5-3684ACE3C15B} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {61FFD97F-4CDE-4442-8DEF-F91D0AF1EF8A} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {770ADDED-980A-42AC-9132-311022609143} - System32\Tasks\JT => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION
Task: {7C72BD57-CC9D-4B34-B2B3-C7825A857B10} - System32\Tasks\FQFZVK => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION
Task: {808584F7-4067-498E-99F9-59C88B0E1961} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {84150A70-FD60-4693-A6FD-E77FB58EA75E} - System32\Tasks\DoctorPC_Start => C:\Program Files\Doctor PC\DoctorPC.exe
Task: {8890A168-D607-4CD2-B864-DEB0C9BF9C64} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {8E18AF3F-D616-472B-A5F3-DF8A48D648A0} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {9DA7763F-B53C-4AEC-A1D9-5473888D68E7} - System32\Tasks\PJBFN => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION
Task: {A101197D-AF6B-411F-973B-D88E8EEC040E} - System32\Tasks\HF => C:\Users\rose\AppData\Roaming\HF.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {A309A77C-B741-48BB-A32B-71702413D59A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AF00B3A2-64A1-4974-993F-30228CF843EE} - System32\Tasks\DoctorPC_Popup => C:\Program Files\Doctor PC\Splash.exe
Task: {B40060AD-BA8D-4A59-9474-6F6B824B12AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C13DC2FE-1BCE-428B-B330-87703555C924} - System32\Tasks\PLXWI => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION
Task: {C23C3958-D027-47B8-B784-4D15DC2079E7} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C513AE5B-89F4-4A5B-8E09-CC0E385DBC35} - System32\Tasks\KASHZPJ => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION
Task: {CB686B6C-9F36-4360-9B8F-572EED0EAA7E} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {D21BA1FD-894A-4C4E-B87E-28ED4AC71334} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {ED2B9503-BF54-474F-946F-414E5AEDB910} - System32\Tasks\FWMEH => C:\Users\rose\AppData\Roaming\FWMEH.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION
Task: {FB8710E5-4788-48F8-AFEB-CD2EF591AA75} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FQFZVK.job => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FWMEH.job => C:\Users\rose\AppData\Roaming\FWMEH.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HF.job => C:\Users\rose\AppData\Roaming\HF.exe <==== ATTENTION
Task: C:\Windows\Tasks\IXWW.job => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION
Task: C:\Windows\Tasks\JT.job => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION
Task: C:\Windows\Tasks\KASHZPJ.job => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\PJBFN.job => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION
Task: C:\Windows\Tasks\PLXWI.job => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\system32\RemoveFocusRect.dll
2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\System32\RemoveFocusRect.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-12-09 20:29 - 2014-12-09 20:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-19 14:26 - 2014-12-19 14:26 - 01858560 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7556c97cec3a808c48adc3b0f90628d3\Kies.UI.ni.dll
2014-12-19 14:26 - 2014-12-19 14:26 - 00078848 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\f71c1285b72d798e315ea2f78a9f80ca\Kies.MVVM.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00188416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7d19f4747599332020621c9e335ee23e\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-12-19 14:28 - 2014-12-19 14:28 - 00352256 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\3c502291f0a96aa6f850b6ad8d348540\DevicePhoto.ni.dll
2014-12-19 14:28 - 2014-12-19 14:28 - 00306176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\73501d25058ecf1ad28349f281c2d83a\DummyStorePlugin.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00574464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b9b08aacde53207e056532e8a93aacd6\Kies.Common.DeviceServiceLib.FileService.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\41eed1856bd169f3f1bc4e39542360b5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00986624 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\0318edba753b95de3e2c780deadb02b4\DeviceCommonLib.ni.dll
2014-12-19 14:27 - 2014-12-19 14:27 - 00231424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\ab6025c00c09ef604cfe7f62ba6361bc\ASF_cSharpAPI.ni.dll
2015-02-11 21:30 - 2015-02-11 21:30 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-09 15:26 - 2014-12-09 15:26 - 00133120 _____ () C:\Users\rose\AppData\Roaming\tricomfi\colers.dll
2015-02-11 21:13 - 2015-02-11 21:13 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1272460669-3081688189-3994748253-500 - Administrator - Disabled)
Guest (S-1-5-21-1272460669-3081688189-3994748253-501 - Limited - Disabled)
rose (S-1-5-21-1272460669-3081688189-3994748253-1000 - Administrator - Enabled) => C:\Users\rose

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000005
Fault offset: 0x0002a1e2
Faulting process id: 0x888
Faulting application start time: 0xc7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0
Faulting application path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe1
Faulting module path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe2
Report Id: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe3

Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.

Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x11b4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (02/15/2015 11:07:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:
%%2

Error: (02/15/2015 11:04:40 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/15/2015 09:49:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:
%%2

Error: (02/15/2015 09:47:10 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/15/2015 01:14:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:
%%2

Error: (02/15/2015 01:12:29 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/15/2015 00:49:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHProtect Service service failed to start due to the following error:
%%3

Error: (02/15/2015 00:49:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHProtect Service service failed to start due to the following error:
%%3

Error: (02/14/2015 11:39:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHProtect Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/14/2015 08:18:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0.0.0.000000000ntdll.dll6.1.7601.175144ce7b96ec00000050002a1e288801d0487a1a17147fC:\Program Files\PlusHD Cinema 2.1cV14.02\c7cbf753-ea8e-43b6-9875-ff501674bced-10.exeC:\Windows\SYSTEM32\ntdll.dll82da8deb-b49d-11e4-9f6c-c80aa951dd5b

Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\$Recycle.Bin\S-1-5-21-1272460669-3081688189-3994748253-1000\$RAQ009F.exe

Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\rose\Downloads\HitmanPro_x64.exe

Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142511b401d0488ffd5f4610C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll80a2b704-b49b-11e4-9f6c-c80aa951dd5b

Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

==================== Memory info ===========================

Processor: AMD Sempron(tm) M120
Percentage of memory in use: 54%
Total physical RAM: 1788.2 MB
Available physical RAM: 812.01 MB
Total Pagefile: 3576.4 MB
Available Pagefile: 2306.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.03 GB) (Free:194.27 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:77.4 GB) (Free:62.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.56 GB) (Free:0.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AE57E7AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=77.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=573 MB) - (Type=0C)

==================== End Of Log ============================

argus · Feb 15, 2015

Download Revo Uninstaller http://www.revouninstaller.com/start_freeware_download.html

Uninstall

Assets Manager
CinemaP-1.4cV14.02
tricomfi

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Rose1 · Feb 15, 2015

When I click on CinemaP-1.4cV14.02 a window comes up uninstall get doctors pc free.

argus · Feb 15, 2015

Continue uninstall to finish. Doctors pc is crap program, maybe are related.

Rose1 · Feb 15, 2015

When I try to uninstall the doctors pc installs it though.

argus · Feb 15, 2015

Ok, continue Farbar fix.

Rose1 · Feb 15, 2015

Ok I uninstal it I belive both of them are gone. Thank you for your help. Appreciated.

argus · Feb 15, 2015

argus said:
Ok, continue Farbar fix.

Necessarily.

Search

Solved CinemaP-1.4c

Rose1

New Member

argus

Former MalwareTips Staff

Rose1

New Member

argus

Former MalwareTips Staff

Attachments

Rose1

New Member

argus

Former MalwareTips Staff

Rose1

New Member

argus

Former MalwareTips Staff

Rose1

New Member

argus

Former MalwareTips Staff

Similar threads