Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
CinemaP-1.4c
Message
<blockquote data-quote="Rose1" data-source="post: 349650" data-attributes="member: 34184"><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015</p><p>Ran by rose at 2015-02-15 11:11:11</p><p>Running from C:\Users\rose\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in theScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015</p><p>Ran by rose (administrator) on ROSE-PC on 15-02-2015 11:10:09</p><p>Running from C:\Users\rose\Downloads</p><p>Loaded Profiles: rose (Available profiles: rose)</p><p>Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Turkish (Turkey)</p><p>Internet Explorer Version 8 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe</p><p>(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe</p><p>(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe</p><p>(Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe</p><p>(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe</p><p>(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(Samsung) C:\Program Files\Samsung\Kies\Kies.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe</p><p>(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe</p><p>(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [241664 2009-08-04] (Advanced Micro Devices, Inc.)</p><p>HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)</p><p>HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)</p><p>HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)</p><p>AppInit_DLLs: RemoveFocusRect.dll => C:\Windows\system32\RemoveFocusRect.dll [3584 2014-12-10] ()</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File</p><p>AlternateShell:</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/tr-tr/?ocid=iehp" target="_blank">http://www.msn.com/tr-tr/?ocid=iehp</a></p><p>SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = <a href="http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=620&src=ds&p={searchTerms}" target="_blank">http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=620&src=ds&p={searchTerms}</a></p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}" target="_blank">http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}" target="_blank">http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = <a href="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}" target="_blank">http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}</a></p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)</p><p>Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>StartMenuInternet: IEXPLORE.EXE - iexplore.exe</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default</p><p>FF DefaultSearchEngine: Yandex</p><p>FF SearchEngineOrder.1: default-search.net</p><p>FF NetworkProxy: "type", 4</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</p><p>FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: pokki.com/PokkiDownloadHelper -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)</p><p>FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\bing-avast.xml</p><p>FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\google-default.xml</p><p>FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\yandex.com-185400.xml</p><p>FF Extension: CinemaP-1.4cV14.02 - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\<a href="mailto:OIBMBKA115048682@HYKFIU97176590.com">OIBMBKA115048682@HYKFIU97176590.com</a> [2015-02-15]</p><p>FF Extension: WOT - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-10]</p><p>FF Extension: Classic Theme Restorer - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\<a href="mailto:ClassicThemeRestorer@ArisT2Noia4dev.xpi">ClassicThemeRestorer@ArisT2Noia4dev.xpi</a> [2014-12-10]</p><p>FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\<a href="mailto:fbp@fbpurity.com.xpi">fbp@fbpurity.com.xpi</a> [2014-12-10]</p><p>FF Extension: Facebook Secret Emoticons - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\<a href="mailto:jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi">jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi</a> [2014-12-24]</p><p>FF Extension: AdBlock for Firefox - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\<a href="mailto:jid1-NIfFY2CA8fy1tg@jetpack.xpi">jid1-NIfFY2CA8fy1tg@jetpack.xpi</a> [2014-12-16]</p><p>FF Extension: Show fixed Go - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\<a href="mailto:showgo-updated@supernova00.xpi">showgo-updated@supernova00.xpi</a> [2014-12-10]</p><p>FF Extension: Zoom Page - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\<a href="mailto:zoompage@DW-dev.xpi">zoompage@DW-dev.xpi</a> [2014-12-10]</p><p>FF Extension: Stylish - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-12-10]</p><p>FF Extension: Adblock Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-10]</p><p>FF Extension: Tab Mix Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-10]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR StartupUrls: Default -> "hxxp://<a href="http://www.mystartsearch.com/?type=hp&ts=1423954064&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932" target="_blank">www.mystartsearch.com/?type=hp&ts=1423954064&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932</a>"</p><p>CHR Profile: C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Blank New Tab) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\beafekehjfhnkpnnjegadfdncaipnljp [2014-12-10]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]</p><p>CHR Extension: (WOT) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-09]</p><p>CHR Extension: (Advanced Font Settings) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2014-12-11]</p><p>CHR Extension: (Adblock Plus) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]</p><p>CHR Extension: (Highlight Color) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllbflhpdeinobodaaibnojmgejkkjii [2014-12-14]</p><p>CHR Extension: (Stylish) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-11]</p><p>CHR Extension: (AdBlock) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-09]</p><p>CHR Extension: (Get F.B. Purity for Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpbhmjbfiogpipemadffnijpbcdfkmp [2014-12-12]</p><p>CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-12-12]</p><p>CHR Extension: (Downloads) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2014-12-09]</p><p>CHR Extension: (Google Wallet) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]</p><p>CHR Extension: (My Chrome Theme) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-12-11]</p><p>CHR Extension: (Yellow Highlighter) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmhfokkdecggjegnnkoeaneakkfnnal [2014-12-14]</p><p></p><p>Opera:</p><p>=======</p><p>OPR StartupUrls: "hxxp://<a href="http://www.yandex.com/?win=163&clid=2083123" target="_blank">www.yandex.com/?win=163&clid=2083123</a>"</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)</p><p>R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-12-13] (Microsoft Corporation) [File not signed]</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)</p><p>S2 globalUpdate1d048a899b6ed61; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]</p><p>S3 globalUpdatem1d048a89e326bb4; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg [38288 2015-02-03] (Aztec Media Inc)</p><p>S3 dgderdrv; System32\drivers\dgderdrv.sys [X]</p><p>S1 qtgwefvs; \??\C:\Windows\system32\drivers\qtgwefvs.sys [X]</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-02-15 11:10 - 2015-02-15 11:10 - 00013647 _____ () C:\Users\rose\Downloads\FRST.txt</p><p>2015-02-15 11:10 - 2015-02-15 11:10 - 00013275 _____ () C:\Users\rose\Desktop\FRST.exe - Shortcut.lnk</p><p>2015-02-15 11:09 - 2015-02-15 11:10 - 00000000 ____D () C:\FRST</p><p>2015-02-15 11:09 - 2015-02-15 11:09 - 01125888 _____ (Farbar) C:\Users\rose\Downloads\FRST.exe</p><p>2015-02-15 01:01 - 2015-02-15 01:01 - 02112512 _____ () C:\Users\rose\Downloads\adwcleaner_4.110.exe</p><p>2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job</p><p>2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job</p><p>2015-02-15 00:51 - 2015-02-15 11:04 - 00004474 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job</p><p>2015-02-15 00:51 - 2015-02-15 11:04 - 00003454 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job</p><p>2015-02-15 00:51 - 2015-02-15 11:04 - 00003118 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job</p><p>2015-02-15 00:51 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\HF.job</p><p>2015-02-15 00:51 - 2015-02-15 00:51 - 01541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe</p><p>2015-02-15 00:51 - 2015-02-15 00:51 - 00000000 ____D () C:\Users\rose\AppData\Roaming\30464E43-1423961507-5246-3644-C80AA951DD5B</p><p>2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job</p><p>2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job</p><p>2015-02-15 00:50 - 2015-02-15 11:04 - 00002092 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job</p><p>2015-02-15 00:50 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\FWMEH.job</p><p>2015-02-15 00:50 - 2015-02-15 00:52 - 00000000 ____D () C:\Program Files\CinemaP-1.4cV14.02</p><p>2015-02-15 00:50 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\0c69d037-33d9-415e-a04b-9f59ca8d7258</p><p>2015-02-15 00:50 - 2015-02-15 00:50 - 02030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe</p><p>2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\MSDOS.SYS</p><p>2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\IO.SYS</p><p>2015-02-15 00:46 - 2015-02-15 00:46 - 00458168 _____ () C:\Users\rose\Downloads\setup.exe</p><p>2015-02-14 19:03 - 2015-02-14 19:03 - 00000000 ____D () C:\Program Files\predm</p><p>2015-02-14 19:02 - 2015-02-15 11:04 - 00001334 _____ () C:\Windows\Tasks\FQFZVK.job</p><p>2015-02-14 19:02 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\6eb9ec85-9fe2-46fa-944a-0eaac642994c</p><p>2015-02-14 19:01 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PLXWI.job</p><p>2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\Program Files\Crossbrowse</p><p>2015-02-14 18:53 - 2015-02-14 19:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Yandex</p><p>2015-02-14 18:53 - 2015-02-14 18:53 - 00000000 ____D () C:\Users\rose\AppData\Local\Chromium</p><p>2015-02-14 18:52 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\JT.job</p><p>2015-02-14 18:51 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PJBFN.job</p><p>2015-02-14 18:51 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\283e15b4-7cfc-470e-a903-b6cc04c2a22c</p><p>2015-02-14 18:51 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\AppData\Local\Doctor_PC</p><p>2015-02-14 18:50 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\doctorpclab.com</p><p>2015-02-14 18:50 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\Documents\DoctorPC</p><p>2015-02-14 18:46 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\8bee3baf-9c4a-45d9-b397-000416d1a7d6</p><p>2015-02-14 18:45 - 2015-02-14 18:59 - 00000000 ____D () C:\Program Files\MiniGet</p><p>2015-02-14 18:45 - 2015-02-14 18:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\MiniGet</p><p>2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Users\rose\AppData\Roaming\tricomfi</p><p>2015-02-14 18:39 - 2015-02-15 11:04 - 00001680 _____ () C:\Windows\Tasks\KASHZPJ.job</p><p>2015-02-14 18:39 - 2015-02-15 11:04 - 00001330 _____ () C:\Windows\Tasks\IXWW.job</p><p>2015-02-14 18:39 - 2015-02-15 01:12 - 00000000 ____D () C:\Program Files\globalUpdate</p><p>2015-02-14 18:39 - 2015-02-14 18:39 - 00000000 ____D () C:\Users\rose\AppData\Local\globalUpdate</p><p>2015-02-14 16:30 - 2015-02-14 16:30 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller (2).exe</p><p>2015-02-14 16:29 - 2015-02-14 16:29 - 00796936 _____ (Pokki) C:\Users\rose\Downloads\Pokki_PixstaSetup.exe</p><p>2015-02-13 19:14 - 2015-02-13 19:14 - 00704847 _____ () C:\Users\rose\Downloads\Mika.zip</p><p>2015-02-11 21:45 - 2015-02-11 21:45 - 00000000 ____D () C:\Program Files\Assets Manager</p><p>2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\JT</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\IXWW</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\HF</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH</p><p>2015-01-21 17:59 - 2015-01-21 17:59 - 00000000 ____D () C:\Program Files\Common Files\Java</p><p>2015-01-19 18:06 - 2015-02-15 00:38 - 00000000 ____D () C:\Users\rose\AppData\Local\Pokki</p><p>2015-01-19 18:06 - 2015-01-19 18:06 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller.exe</p><p>2015-01-19 18:06 - 2015-01-19 18:06 - 00796496 _____ (Pokki) C:\Users\rose\Downloads\Pokki_InstagrilleSetup.exe</p><p>2015-01-18 10:41 - 2015-02-11 23:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service</p><p>2015-01-18 10:41 - 2015-01-18 10:41 - 00000000 ____D () C:\ProgramData\Mozilla</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-02-15 11:08 - 2014-12-09 20:09 - 02052631 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-02-15 11:04 - 2014-12-09 21:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-02-15 11:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-02-15 11:04 - 2009-07-14 06:39 - 00032162 _____ () C:\Windows\setupact.log</p><p>2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-02-15 09:47 - 2010-11-20 23:48 - 00707136 _____ () C:\Windows\PFRO.log</p><p>2015-02-15 01:22 - 2014-12-10 01:34 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2015-02-15 01:22 - 2014-12-10 01:34 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2015-02-15 01:22 - 2014-12-09 21:24 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-02-15 01:22 - 2014-12-09 20:12 - 00001417 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2015-02-15 01:20 - 2014-12-09 21:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-02-15 01:13 - 2014-12-09 21:23 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-02-15 01:04 - 2015-01-06 20:45 - 00000000 ____D () C:\AdwCleaner</p><p>2015-02-15 00:09 - 2014-12-20 14:42 - 00000000 ____D () C:\Users\rose\AppData\Local\My Family Tree</p><p>2015-02-14 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization</p><p>2015-02-14 19:44 - 2014-12-20 13:15 - 00000000 ____D () C:\Program Files\AbiWord</p><p>2015-02-14 19:23 - 2014-12-12 13:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-02-14 19:06 - 2014-12-12 08:49 - 00000170 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url</p><p>2015-02-14 18:50 - 2014-12-20 20:52 - 00000000 ____D () C:\Program Files\Adobe</p><p>2015-02-11 21:13 - 2014-12-09 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe</p><p>2015-02-11 21:13 - 2014-12-09 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl</p><p>2015-01-21 17:59 - 2014-12-10 15:44 - 00000000 ____D () C:\ProgramData\Oracle</p><p>2015-01-21 17:58 - 2014-12-10 15:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll</p><p>2015-01-21 17:58 - 2014-12-10 15:44 - 00000000 ____D () C:\Program Files\Java</p><p>2015-01-19 12:45 - 2009-07-14 06:53 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH</p><p>2015-02-15 00:50 - 2015-02-15 00:50 - 2030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\HF</p><p>2015-02-15 00:51 - 2015-02-15 00:51 - 1541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\IXWW</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\JT</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN</p><p>2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI</p><p>2014-12-12 08:50 - 2014-12-12 08:50 - 0613057 _____ (CMI Limited) C:\Users\rose\AppData\Local\nsq5458.tmp</p><p>2014-12-10 15:09 - 2014-12-10 15:09 - 0007618 _____ () C:\Users\rose\AppData\Local\resmon.resmoncfg</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\rose\AppData\Local\Temp\23837CE5-8069-8A01-FEE3-46DBD4D31AB8.exe</p><p>C:\Users\rose\AppData\Local\Temp\2535.exe</p><p>C:\Users\rose\AppData\Local\Temp\5mmk4kth.dll</p><p>C:\Users\rose\AppData\Local\Temp\BackupSetup.exe</p><p>C:\Users\rose\AppData\Local\Temp\bitool.dll</p><p>C:\Users\rose\AppData\Local\Temp\default-search.DLL</p><p>C:\Users\rose\AppData\Local\Temp\F97BE3D2-EB56-9BAC-A160-536E60C5081F.dll</p><p>C:\Users\rose\AppData\Local\Temp\firefox 4 progress bar__10924_i1467821397_il1177868.exe</p><p>C:\Users\rose\AppData\Local\Temp\flv.exe</p><p>C:\Users\rose\AppData\Local\Temp\fqsh.exe</p><p>C:\Users\rose\AppData\Local\Temp\HitmanPro.exe</p><p>C:\Users\rose\AppData\Local\Temp\jre-8u31-windows-au.exe</p><p>C:\Users\rose\AppData\Local\Temp\octC274.tmp.exe</p><p>C:\Users\rose\AppData\Local\Temp\ptvv.exe</p><p>C:\Users\rose\AppData\Local\Temp\Quarantine.exe</p><p>C:\Users\rose\AppData\Local\Temp\Runner4.exe</p><p>C:\Users\rose\AppData\Local\Temp\sdfC4A5.exe</p><p>C:\Users\rose\AppData\Local\Temp\setup.exe</p><p>C:\Users\rose\AppData\Local\Temp\SimBundD.exe</p><p>C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe</p><p>C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6[1].exe</p><p>C:\Users\rose\AppData\Local\Temp\sprz.exe</p><p>C:\Users\rose\AppData\Local\Temp\sqlite3.dll</p><p>C:\Users\rose\AppData\Local\Temp\Uninstall.exe</p><p>C:\Users\rose\AppData\Local\Temp\vcredist_x86.exe</p><p>C:\Users\rose\AppData\Local\Temp\wintnty.exe</p><p>C:\Users\rose\AppData\Local\Temp\ywzCORL21I.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-02-13 13:44</p><p></p><p>==================== End Of Log ============================ fixlist, it will be removed.)</p><p></p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)</p><p>Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)</p><p>Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Aros Magic Checkers (HKLM\...\Aros Magic Checkers) (Version: - )</p><p>Assets Manager (HKLM\...\Assets Manager) (Version: 5.0.0.15586 - Aztec Media Inc) <==== ATTENTION</p><p>Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)</p><p>ATI Catalyst Install Manager (HKLM\...\{75BF5A99-74C9-FF8E-77B0-1DBA17A109BA}) (Version: 3.0.732.0 - ATI Technologies, Inc.)</p><p>Backgammon (HKLM\...\230-com.novelgames.flashgames.backgammon) (Version: 1.0.0 - Novel Games Limited)</p><p>Backgammon (Version: 1.0.0 - Novel Games Limited) Hidden</p><p>Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)</p><p>ccc-core-static (Version: 2009.0804.2223.38385 - Şirketinizin Adı) Hidden</p><p>CinemaP-1.4cV14.02 (HKLM\...\CinemaP-1.4cV14.02) (Version: 1.36.01.22 - Cinema PlusV14.02) <==== ATTENTION</p><p>Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)</p><p>Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)</p><p>Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)</p><p>Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)</p><p>Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden</p><p>HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)</p><p>Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)</p><p>Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)</p><p>Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)</p><p>Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)</p><p>My Family Tree (HKLM\...\My Family Tree 4.0.4.0) (Version: 4.0.4.0 - Chronoplex Software)</p><p>My Family Tree (Version: 4.0.4.0 - Chronoplex Software) Hidden</p><p>Pokki Download Helper (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)</p><p>Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)</p><p>Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden</p><p>SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)</p><p>Theme Resource Changer X86 v1.0 (HKLM\...\Theme Resource Changer X86 v1.0) (Version: - Bad Ass Apps)</p><p>tricomfi (HKLM\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin) <==== ATTENTION!</p><p>Unity Web Player (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)</p><p>UNO© Freeware (HKLM\...\UNO© Freeware) (Version: - )</p><p>Windows 7 Logon Background Changer (HKLM\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)</p><p>WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)</p><p>CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> No File</p><p>CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)</p><p>CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\rose\AppData\Roaming\tricomfi\colers.dll () <==== ATTENTION</p><p></p><p>==================== Restore Points =========================</p><p></p><p>31-12-2014 13:24:41 Scheduled Checkpoint</p><p>06-01-2015 21:17:49 Checkpoint by HitmanPro</p><p>11-01-2015 20:45:36 Windows Update</p><p>19-01-2015 19:38:40 Scheduled Checkpoint</p><p>11-02-2015 20:45:07 Scheduled Checkpoint</p><p>11-02-2015 21:59:44 Windows Defender Checkpoint</p><p>13-02-2015 18:23:30 Windows Update</p><p>15-02-2015 00:33:08 Checkpoint by HitmanPro</p><p>15-02-2015 00:33:33 Checkpoint by HitmanPro</p><p>15-02-2015 00:47:10 Uniblue SpeedUpMyPC installation</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION</p><p>Task: {2E3EF724-F0C5-4196-85E1-429823751F45} - System32\Tasks\{3CD0B5C3-9264-4954-AB78-982274299F47} => pcalua.exe -a C:\Users\rose\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION</p><p>Task: {32C5B448-B163-4C4A-A074-7806B4A82131} - System32\Tasks\IXWW => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION</p><p>Task: {3A1BE3FF-4313-44EA-87BF-F51C6F6E2597} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {43142461-5412-40B9-B3AF-6872DAE541ED} - System32\Tasks\{38CFCF15-DD48-4500-96BA-88CF43DFA16B} => pcalua.exe -a C:\Users\rose\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION</p><p>Task: {445E9C26-1BF9-4647-9964-D40EF3433323} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {456D2B94-F232-4838-AB55-EA806B8E733F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)</p><p>Task: {529E7680-1210-41A4-BA12-DFC71AE3F189} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {536CA708-47F4-48F2-9AF2-76237E812EB2} - System32\Tasks\{D6019485-E684-46AF-ABC3-595AD1E5363E} => pcalua.exe -a C:\Users\rose\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=sfpsnew1</p><p>Task: {563DE1C8-52B0-4ABB-81A5-3684ACE3C15B} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {61FFD97F-4CDE-4442-8DEF-F91D0AF1EF8A} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {770ADDED-980A-42AC-9132-311022609143} - System32\Tasks\JT => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION</p><p>Task: {7C72BD57-CC9D-4B34-B2B3-C7825A857B10} - System32\Tasks\FQFZVK => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION</p><p>Task: {808584F7-4067-498E-99F9-59C88B0E1961} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)</p><p>Task: {84150A70-FD60-4693-A6FD-E77FB58EA75E} - System32\Tasks\DoctorPC_Start => C:\Program Files\Doctor PC\DoctorPC.exe</p><p>Task: {8890A168-D607-4CD2-B864-DEB0C9BF9C64} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION</p><p>Task: {8E18AF3F-D616-472B-A5F3-DF8A48D648A0} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {9DA7763F-B53C-4AEC-A1D9-5473888D68E7} - System32\Tasks\PJBFN => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION</p><p>Task: {A101197D-AF6B-411F-973B-D88E8EEC040E} - System32\Tasks\HF => C:\Users\rose\AppData\Roaming\HF.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {A309A77C-B741-48BB-A32B-71702413D59A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)</p><p>Task: {AF00B3A2-64A1-4974-993F-30228CF843EE} - System32\Tasks\DoctorPC_Popup => C:\Program Files\Doctor PC\Splash.exe</p><p>Task: {B40060AD-BA8D-4A59-9474-6F6B824B12AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {C13DC2FE-1BCE-428B-B330-87703555C924} - System32\Tasks\PLXWI => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION</p><p>Task: {C23C3958-D027-47B8-B784-4D15DC2079E7} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION</p><p>Task: {C513AE5B-89F4-4A5B-8E09-CC0E385DBC35} - System32\Tasks\KASHZPJ => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION</p><p>Task: {CB686B6C-9F36-4360-9B8F-572EED0EAA7E} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {D21BA1FD-894A-4C4E-B87E-28ED4AC71334} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)</p><p>Task: {ED2B9503-BF54-474F-946F-414E5AEDB910} - System32\Tasks\FWMEH => C:\Users\rose\AppData\Roaming\FWMEH.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p>Task: {FB8710E5-4788-48F8-AFEB-CD2EF591AA75} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\FQFZVK.job => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\FWMEH.job => C:\Users\rose\AppData\Roaming\FWMEH.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\HF.job => C:\Users\rose\AppData\Roaming\HF.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\IXWW.job => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\JT.job => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\KASHZPJ.job => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\PJBFN.job => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION</p><p>Task: C:\Windows\Tasks\PLXWI.job => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION</p><p></p><p>==================== Loaded Modules (whitelisted) ==============</p><p></p><p>2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\system32\RemoveFocusRect.dll</p><p>2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\System32\RemoveFocusRect.dll</p><p>2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll</p><p>2014-12-09 20:29 - 2014-12-09 20:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll</p><p>2014-12-19 14:26 - 2014-12-19 14:26 - 01858560 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7556c97cec3a808c48adc3b0f90628d3\Kies.UI.ni.dll</p><p>2014-12-19 14:26 - 2014-12-19 14:26 - 00078848 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\f71c1285b72d798e315ea2f78a9f80ca\Kies.MVVM.ni.dll</p><p>2014-12-19 14:27 - 2014-12-19 14:27 - 00188416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7d19f4747599332020621c9e335ee23e\Kies.Common.DeviceServiceLib.Interface.ni.dll</p><p>2014-12-19 14:28 - 2014-12-19 14:28 - 00352256 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\3c502291f0a96aa6f850b6ad8d348540\DevicePhoto.ni.dll</p><p>2014-12-19 14:28 - 2014-12-19 14:28 - 00306176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\73501d25058ecf1ad28349f281c2d83a\DummyStorePlugin.ni.dll</p><p>2014-12-19 14:27 - 2014-12-19 14:27 - 00574464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b9b08aacde53207e056532e8a93aacd6\Kies.Common.DeviceServiceLib.FileService.ni.dll</p><p>2014-12-19 14:27 - 2014-12-19 14:27 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\41eed1856bd169f3f1bc4e39542360b5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll</p><p>2014-12-19 14:27 - 2014-12-19 14:27 - 00986624 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\0318edba753b95de3e2c780deadb02b4\DeviceCommonLib.ni.dll</p><p>2014-12-19 14:27 - 2014-12-19 14:27 - 00231424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\ab6025c00c09ef604cfe7f62ba6361bc\ASF_cSharpAPI.ni.dll</p><p>2015-02-11 21:30 - 2015-02-11 21:30 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll</p><p>2014-12-09 15:26 - 2014-12-09 15:26 - 00133120 _____ () C:\Users\rose\AppData\Roaming\tricomfi\colers.dll</p><p>2015-02-11 21:13 - 2015-02-11 21:13 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""</p><p></p><p>==================== EXE Association (whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>DNS Servers: 192.168.1.1</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-1272460669-3081688189-3994748253-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-1272460669-3081688189-3994748253-501 - Limited - Disabled)</p><p>rose (S-1-5-21-1272460669-3081688189-3994748253-1000 - Administrator - Enabled) => C:\Users\rose</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Teredo Tunneling Pseudo-Interface</p><p>Description: Microsoft Teredo Tunneling Adapter</p><p>Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}</p><p>Manufacturer: Microsoft</p><p>Service: tunnel</p><p>Problem: : This device cannot start. (Code10)</p><p>Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.</p><p>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe, version: 0.0.0.0, time stamp: 0x00000000</p><p>Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x0002a1e2</p><p>Faulting process id: 0x888</p><p>Faulting application start time: 0xc7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0</p><p>Faulting application path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe1</p><p>Faulting module path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe2</p><p>Report Id: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe3</p><p></p><p>Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".</p><p>Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".</p><p>Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC)</p><p>Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.</p><p></p><p>Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3</p><p>Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224</p><p>Exception code: 0x80000003</p><p>Fault offset: 0x00001425</p><p>Faulting process id: 0x11b4</p><p>Faulting application start time: 0xplugin-container.exe0</p><p>Faulting application path: plugin-container.exe1</p><p>Faulting module path: plugin-container.exe2</p><p>Report Id: plugin-container.exe3</p><p></p><p>Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )</p><p>Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.</p><p></p><p></p><p>Details:</p><p>AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed</p><p></p><p>System Error:</p><p>The system cannot find the file specified.</p><p>.</p><p></p><p>Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )</p><p>Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.</p><p></p><p></p><p>Details:</p><p>AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed</p><p></p><p>System Error:</p><p>The system cannot find the file specified.</p><p>.</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (02/15/2015 11:07:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:</p><p>%%2</p><p></p><p>Error: (02/15/2015 11:04:40 AM) (Source: atikmdag) (EventID: 19468) (User: )</p><p>Description: CPLIB :: General - Invalid Parameter</p><p></p><p>Error: (02/15/2015 09:49:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:</p><p>%%2</p><p></p><p>Error: (02/15/2015 09:47:10 AM) (Source: atikmdag) (EventID: 19468) (User: )</p><p>Description: CPLIB :: General - Invalid Parameter</p><p></p><p>Error: (02/15/2015 01:14:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error:</p><p>%%2</p><p></p><p>Error: (02/15/2015 01:12:29 AM) (Source: atikmdag) (EventID: 19468) (User: )</p><p>Description: CPLIB :: General - Invalid Parameter</p><p></p><p>Error: (02/15/2015 00:49:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The IHProtect Service service failed to start due to the following error:</p><p>%%3</p><p></p><p>Error: (02/15/2015 00:49:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The IHProtect Service service failed to start due to the following error:</p><p>%%3</p><p></p><p>Error: (02/14/2015 11:39:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The IHProtect Service service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (02/14/2015 08:18:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0.0.0.000000000ntdll.dll6.1.7601.175144ce7b96ec00000050002a1e288801d0487a1a17147fC:\Program Files\PlusHD Cinema 2.1cV14.02\c7cbf753-ea8e-43b6-9875-ff501674bced-10.exeC:\Windows\SYSTEM32\ntdll.dll82da8deb-b49d-11e4-9f6c-c80aa951dd5b</p><p></p><p>Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\$Recycle.Bin\S-1-5-21-1272460669-3081688189-3994748253-1000\$RAQ009F.exe</p><p></p><p>Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\rose\Downloads\HitmanPro_x64.exe</p><p></p><p>Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC)</p><p>Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)</p><p></p><p>Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142511b401d0488ffd5f4610C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll80a2b704-b49b-11e4-9f6c-c80aa951dd5b</p><p></p><p>Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )</p><p>Description:</p><p>Details:</p><p>AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed</p><p></p><p>System Error:</p><p>The system cannot find the file specified.</p><p></p><p>Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )</p><p>Description:</p><p>Details:</p><p>AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed</p><p></p><p>System Error:</p><p>The system cannot find the file specified.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: AMD Sempron(tm) M120</p><p>Percentage of memory in use: 54%</p><p>Total physical RAM: 1788.2 MB</p><p>Available physical RAM: 812.01 MB</p><p>Total Pagefile: 3576.4 MB</p><p>Available Pagefile: 2306.12 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1893.82 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:220.03 GB) (Free:194.27 GB) NTFS</p><p>Drive d: (RECOVERY) (Fixed) (Total:77.4 GB) (Free:62.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive e: (HP_TOOLS) (Fixed) (Total:0.56 GB) (Free:0.55 GB) FAT32</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AE57E7AE)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=77.4 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=573 MB) - (Type=0C)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Rose1, post: 349650, member: 34184"] Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015 Ran by rose at 2015-02-15 11:11:11 Running from C:\Users\rose\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in theScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015 Ran by rose (administrator) on ROSE-PC on 15-02-2015 11:10:09 Running from C:\Users\rose\Downloads Loaded Profiles: rose (Available profiles: rose) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Turkish (Turkey) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe (Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe (Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe (Cinema PlusV14.02) C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [241664 2009-08-04] (Advanced Micro Devices, Inc.) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard) HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung) AppInit_DLLs: RemoveFocusRect.dll => C:\Windows\system32\RemoveFocusRect.dll [3584 2014-12-10] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://www.google.com"]www.google.com[/URL] HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [URL]http://www.msn.com/tr-tr/?ocid=iehp[/URL] SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = [URL]http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=620&src=ds&p={searchTerms}[/URL] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = [URL]http://www.mystartsearch.com/web/?utm_source=b&utm_medium=sfpsnew1&utm_campaign=install_ie&utm_content=ds&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932&ts=1423954185&type=default&q={searchTerms}[/URL] BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default FF DefaultSearchEngine: Yandex FF SearchEngineOrder.1: default-search.net FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1272460669-3081688189-3994748253-1000: pokki.com/PokkiDownloadHelper -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki) FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\bing-avast.xml FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\google-default.xml FF SearchPlugin: C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\searchplugins\yandex.com-185400.xml FF Extension: CinemaP-1.4cV14.02 - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\[email]OIBMBKA115048682@HYKFIU97176590.com[/email] [2015-02-15] FF Extension: WOT - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-10] FF Extension: Classic Theme Restorer - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\[email]ClassicThemeRestorer@ArisT2Noia4dev.xpi[/email] [2014-12-10] FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\[email]fbp@fbpurity.com.xpi[/email] [2014-12-10] FF Extension: Facebook Secret Emoticons - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\[email]jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi[/email] [2014-12-24] FF Extension: AdBlock for Firefox - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\[email]jid1-NIfFY2CA8fy1tg@jetpack.xpi[/email] [2014-12-16] FF Extension: Show fixed Go - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\[email]showgo-updated@supernova00.xpi[/email] [2014-12-10] FF Extension: Zoom Page - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\[email]zoompage@DW-dev.xpi[/email] [2014-12-10] FF Extension: Stylish - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-12-10] FF Extension: Adblock Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-10] FF Extension: Tab Mix Plus - C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\nmogs250.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-10] Chrome: ======= CHR StartupUrls: Default -> "hxxp://[URL="http://www.mystartsearch.com/?type=hp&ts=1423954064&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932"]www.mystartsearch.com/?type=hp&ts=1423954064&from=sfpsnew1&uid=ST320LM001XHN-M320MBB_S2R6J9DD104932[/URL]" CHR Profile: C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Blank New Tab) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\beafekehjfhnkpnnjegadfdncaipnljp [2014-12-10] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09] CHR Extension: (WOT) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-09] CHR Extension: (Advanced Font Settings) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2014-12-11] CHR Extension: (Adblock Plus) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09] CHR Extension: (Highlight Color) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllbflhpdeinobodaaibnojmgejkkjii [2014-12-14] CHR Extension: (Stylish) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-11] CHR Extension: (AdBlock) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-09] CHR Extension: (Get F.B. Purity for Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpbhmjbfiogpipemadffnijpbcdfkmp [2014-12-12] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-12-12] CHR Extension: (Downloads) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2014-12-09] CHR Extension: (Google Wallet) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09] CHR Extension: (My Chrome Theme) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-12-11] CHR Extension: (Yellow Highlighter) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmhfokkdecggjegnnkoeaneakkfnnal [2014-12-14] Opera: ======= OPR StartupUrls: "hxxp://[URL="http://www.yandex.com/?win=163&clid=2083123"]www.yandex.com/?win=163&clid=2083123[/URL]" ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-12-13] (Microsoft Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S2 globalUpdate1d048a899b6ed61; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X] S3 globalUpdatem1d048a89e326bb4; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg [38288 2015-02-03] (Aztec Media Inc) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S1 qtgwefvs; \??\C:\Windows\system32\drivers\qtgwefvs.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-15 11:10 - 2015-02-15 11:10 - 00013647 _____ () C:\Users\rose\Downloads\FRST.txt 2015-02-15 11:10 - 2015-02-15 11:10 - 00013275 _____ () C:\Users\rose\Desktop\FRST.exe - Shortcut.lnk 2015-02-15 11:09 - 2015-02-15 11:10 - 00000000 ____D () C:\FRST 2015-02-15 11:09 - 2015-02-15 11:09 - 01125888 _____ (Farbar) C:\Users\rose\Downloads\FRST.exe 2015-02-15 01:01 - 2015-02-15 01:01 - 02112512 _____ () C:\Users\rose\Downloads\adwcleaner_4.110.exe 2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job 2015-02-15 00:52 - 2015-02-15 11:04 - 00002426 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job 2015-02-15 00:51 - 2015-02-15 11:04 - 00004474 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job 2015-02-15 00:51 - 2015-02-15 11:04 - 00003454 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job 2015-02-15 00:51 - 2015-02-15 11:04 - 00003118 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job 2015-02-15 00:51 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\HF.job 2015-02-15 00:51 - 2015-02-15 00:51 - 01541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe 2015-02-15 00:51 - 2015-02-15 00:51 - 00000000 ____D () C:\Users\rose\AppData\Roaming\30464E43-1423961507-5246-3644-C80AA951DD5B 2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job 2015-02-15 00:50 - 2015-02-15 11:04 - 00005498 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job 2015-02-15 00:50 - 2015-02-15 11:04 - 00002092 _____ () C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job 2015-02-15 00:50 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\FWMEH.job 2015-02-15 00:50 - 2015-02-15 00:52 - 00000000 ____D () C:\Program Files\CinemaP-1.4cV14.02 2015-02-15 00:50 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\0c69d037-33d9-415e-a04b-9f59ca8d7258 2015-02-15 00:50 - 2015-02-15 00:50 - 02030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe 2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\MSDOS.SYS 2015-02-15 00:49 - 2015-02-15 00:49 - 00000000 __RSH () C:\IO.SYS 2015-02-15 00:46 - 2015-02-15 00:46 - 00458168 _____ () C:\Users\rose\Downloads\setup.exe 2015-02-14 19:03 - 2015-02-14 19:03 - 00000000 ____D () C:\Program Files\predm 2015-02-14 19:02 - 2015-02-15 11:04 - 00001334 _____ () C:\Windows\Tasks\FQFZVK.job 2015-02-14 19:02 - 2015-02-15 00:51 - 00000000 ____D () C:\Program Files\6eb9ec85-9fe2-46fa-944a-0eaac642994c 2015-02-14 19:01 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PLXWI.job 2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\Program Files\Crossbrowse 2015-02-14 18:53 - 2015-02-14 19:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Yandex 2015-02-14 18:53 - 2015-02-14 18:53 - 00000000 ____D () C:\Users\rose\AppData\Local\Chromium 2015-02-14 18:52 - 2015-02-15 11:04 - 00001326 _____ () C:\Windows\Tasks\JT.job 2015-02-14 18:51 - 2015-02-15 11:04 - 00001332 _____ () C:\Windows\Tasks\PJBFN.job 2015-02-14 18:51 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\283e15b4-7cfc-470e-a903-b6cc04c2a22c 2015-02-14 18:51 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\AppData\Local\Doctor_PC 2015-02-14 18:50 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\doctorpclab.com 2015-02-14 18:50 - 2015-02-14 18:51 - 00000000 ____D () C:\Users\rose\Documents\DoctorPC 2015-02-14 18:46 - 2015-02-14 19:44 - 00000000 ____D () C:\Program Files\8bee3baf-9c4a-45d9-b397-000416d1a7d6 2015-02-14 18:45 - 2015-02-14 18:59 - 00000000 ____D () C:\Program Files\MiniGet 2015-02-14 18:45 - 2015-02-14 18:45 - 00000000 ____D () C:\Users\rose\AppData\Roaming\MiniGet 2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Users\rose\AppData\Roaming\tricomfi 2015-02-14 18:39 - 2015-02-15 11:04 - 00001680 _____ () C:\Windows\Tasks\KASHZPJ.job 2015-02-14 18:39 - 2015-02-15 11:04 - 00001330 _____ () C:\Windows\Tasks\IXWW.job 2015-02-14 18:39 - 2015-02-15 01:12 - 00000000 ____D () C:\Program Files\globalUpdate 2015-02-14 18:39 - 2015-02-14 18:39 - 00000000 ____D () C:\Users\rose\AppData\Local\globalUpdate 2015-02-14 16:30 - 2015-02-14 16:30 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller (2).exe 2015-02-14 16:29 - 2015-02-14 16:29 - 00796936 _____ (Pokki) C:\Users\rose\Downloads\Pokki_PixstaSetup.exe 2015-02-13 19:14 - 2015-02-13 19:14 - 00704847 _____ () C:\Users\rose\Downloads\Mika.zip 2015-02-11 21:45 - 2015-02-11 21:45 - 00000000 ____D () C:\Program Files\Assets Manager 2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\JT 2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\IXWW 2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\HF 2015-01-25 18:12 - 2015-01-25 18:12 - 00002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK 2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI 2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN 2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ 2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH 2015-01-21 17:59 - 2015-01-21 17:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-01-19 18:06 - 2015-02-15 00:38 - 00000000 ____D () C:\Users\rose\AppData\Local\Pokki 2015-01-19 18:06 - 2015-01-19 18:06 - 02756424 _____ (Pokki) C:\Users\rose\Downloads\PokkiInstaller.exe 2015-01-19 18:06 - 2015-01-19 18:06 - 00796496 _____ (Pokki) C:\Users\rose\Downloads\Pokki_InstagrilleSetup.exe 2015-01-18 10:41 - 2015-02-11 23:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-18 10:41 - 2015-01-18 10:41 - 00000000 ____D () C:\ProgramData\Mozilla ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-15 11:08 - 2014-12-09 20:09 - 02052631 _____ () C:\Windows\WindowsUpdate.log 2015-02-15 11:04 - 2014-12-09 21:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-15 11:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-15 11:04 - 2009-07-14 06:39 - 00032162 _____ () C:\Windows\setupact.log 2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-15 09:54 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-15 09:47 - 2010-11-20 23:48 - 00707136 _____ () C:\Windows\PFRO.log 2015-02-15 01:22 - 2014-12-10 01:34 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-15 01:22 - 2014-12-10 01:34 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-15 01:22 - 2014-12-09 21:24 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-15 01:22 - 2014-12-09 20:12 - 00001417 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-15 01:20 - 2014-12-09 21:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-15 01:13 - 2014-12-09 21:23 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-15 01:04 - 2015-01-06 20:45 - 00000000 ____D () C:\AdwCleaner 2015-02-15 00:09 - 2014-12-20 14:42 - 00000000 ____D () C:\Users\rose\AppData\Local\My Family Tree 2015-02-14 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization 2015-02-14 19:44 - 2014-12-20 13:15 - 00000000 ____D () C:\Program Files\AbiWord 2015-02-14 19:23 - 2014-12-12 13:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-14 19:06 - 2014-12-12 08:49 - 00000170 _____ () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2015-02-14 18:50 - 2014-12-20 20:52 - 00000000 ____D () C:\Program Files\Adobe 2015-02-11 21:13 - 2014-12-09 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-11 21:13 - 2014-12-09 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-21 17:59 - 2014-12-10 15:44 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-21 17:58 - 2014-12-10 15:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-01-21 17:58 - 2014-12-10 15:44 - 00000000 ____D () C:\Program Files\Java 2015-01-19 12:45 - 2009-07-14 06:53 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\FQFZVK 2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\FWMEH 2015-02-15 00:50 - 2015-02-15 00:50 - 2030552 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\FWMEH.exe 2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\HF 2015-02-15 00:51 - 2015-02-15 00:51 - 1541080 _____ (Cinema PlusV14.02) C:\Users\rose\AppData\Roaming\HF.exe 2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\IXWW 2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\rose\AppData\Roaming\JT 2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\KASHZPJ 2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PJBFN 2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\rose\AppData\Roaming\PLXWI 2014-12-12 08:50 - 2014-12-12 08:50 - 0613057 _____ (CMI Limited) C:\Users\rose\AppData\Local\nsq5458.tmp 2014-12-10 15:09 - 2014-12-10 15:09 - 0007618 _____ () C:\Users\rose\AppData\Local\resmon.resmoncfg Some content of TEMP: ==================== C:\Users\rose\AppData\Local\Temp\23837CE5-8069-8A01-FEE3-46DBD4D31AB8.exe C:\Users\rose\AppData\Local\Temp\2535.exe C:\Users\rose\AppData\Local\Temp\5mmk4kth.dll C:\Users\rose\AppData\Local\Temp\BackupSetup.exe C:\Users\rose\AppData\Local\Temp\bitool.dll C:\Users\rose\AppData\Local\Temp\default-search.DLL C:\Users\rose\AppData\Local\Temp\F97BE3D2-EB56-9BAC-A160-536E60C5081F.dll C:\Users\rose\AppData\Local\Temp\firefox 4 progress bar__10924_i1467821397_il1177868.exe C:\Users\rose\AppData\Local\Temp\flv.exe C:\Users\rose\AppData\Local\Temp\fqsh.exe C:\Users\rose\AppData\Local\Temp\HitmanPro.exe C:\Users\rose\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\rose\AppData\Local\Temp\octC274.tmp.exe C:\Users\rose\AppData\Local\Temp\ptvv.exe C:\Users\rose\AppData\Local\Temp\Quarantine.exe C:\Users\rose\AppData\Local\Temp\Runner4.exe C:\Users\rose\AppData\Local\Temp\sdfC4A5.exe C:\Users\rose\AppData\Local\Temp\setup.exe C:\Users\rose\AppData\Local\Temp\SimBundD.exe C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe C:\Users\rose\AppData\Local\Temp\SoftonicAssistant_v0-1-6[1].exe C:\Users\rose\AppData\Local\Temp\sprz.exe C:\Users\rose\AppData\Local\Temp\sqlite3.dll C:\Users\rose\AppData\Local\Temp\Uninstall.exe C:\Users\rose\AppData\Local\Temp\vcredist_x86.exe C:\Users\rose\AppData\Local\Temp\wintnty.exe C:\Users\rose\AppData\Local\Temp\ywzCORL21I.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 13:44 ==================== End Of Log ============================ fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Aros Magic Checkers (HKLM\...\Aros Magic Checkers) (Version: - ) Assets Manager (HKLM\...\Assets Manager) (Version: 5.0.0.15586 - Aztec Media Inc) <==== ATTENTION Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros) ATI Catalyst Install Manager (HKLM\...\{75BF5A99-74C9-FF8E-77B0-1DBA17A109BA}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Backgammon (HKLM\...\230-com.novelgames.flashgames.backgammon) (Version: 1.0.0 - Novel Games Limited) Backgammon (Version: 1.0.0 - Novel Games Limited) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) ccc-core-static (Version: 2009.0804.2223.38385 - Şirketinizin Adı) Hidden CinemaP-1.4cV14.02 (HKLM\...\CinemaP-1.4cV14.02) (Version: 1.36.01.22 - Cinema PlusV14.02) <==== ATTENTION Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) My Family Tree (HKLM\...\My Family Tree 4.0.4.0) (Version: 4.0.4.0 - Chronoplex Software) My Family Tree (Version: 4.0.4.0 - Chronoplex Software) Hidden Pokki Download Helper (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated) Theme Resource Changer X86 v1.0 (HKLM\...\Theme Resource Changer X86 v1.0) (Version: - Bad Ass Apps) tricomfi (HKLM\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin) <==== ATTENTION! Unity Web Player (HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) UNO© Freeware (HKLM\...\UNO© Freeware) (Version: - ) Windows 7 Logon Background Changer (HKLM\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI) WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\rose\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki) CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> No File CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\rose\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-1272460669-3081688189-3994748253-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\rose\AppData\Roaming\tricomfi\colers.dll () <==== ATTENTION ==================== Restore Points ========================= 31-12-2014 13:24:41 Scheduled Checkpoint 06-01-2015 21:17:49 Checkpoint by HitmanPro 11-01-2015 20:45:36 Windows Update 19-01-2015 19:38:40 Scheduled Checkpoint 11-02-2015 20:45:07 Scheduled Checkpoint 11-02-2015 21:59:44 Windows Defender Checkpoint 13-02-2015 18:23:30 Windows Update 15-02-2015 00:33:08 Checkpoint by HitmanPro 15-02-2015 00:33:33 Checkpoint by HitmanPro 15-02-2015 00:47:10 Uniblue SpeedUpMyPC installation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION Task: {2E3EF724-F0C5-4196-85E1-429823751F45} - System32\Tasks\{3CD0B5C3-9264-4954-AB78-982274299F47} => pcalua.exe -a C:\Users\rose\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION Task: {32C5B448-B163-4C4A-A074-7806B4A82131} - System32\Tasks\IXWW => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION Task: {3A1BE3FF-4313-44EA-87BF-F51C6F6E2597} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {43142461-5412-40B9-B3AF-6872DAE541ED} - System32\Tasks\{38CFCF15-DD48-4500-96BA-88CF43DFA16B} => pcalua.exe -a C:\Users\rose\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION Task: {445E9C26-1BF9-4647-9964-D40EF3433323} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {456D2B94-F232-4838-AB55-EA806B8E733F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated) Task: {529E7680-1210-41A4-BA12-DFC71AE3F189} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {536CA708-47F4-48F2-9AF2-76237E812EB2} - System32\Tasks\{D6019485-E684-46AF-ABC3-595AD1E5363E} => pcalua.exe -a C:\Users\rose\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=sfpsnew1 Task: {563DE1C8-52B0-4ABB-81A5-3684ACE3C15B} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {61FFD97F-4CDE-4442-8DEF-F91D0AF1EF8A} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {770ADDED-980A-42AC-9132-311022609143} - System32\Tasks\JT => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION Task: {7C72BD57-CC9D-4B34-B2B3-C7825A857B10} - System32\Tasks\FQFZVK => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION Task: {808584F7-4067-498E-99F9-59C88B0E1961} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.) Task: {84150A70-FD60-4693-A6FD-E77FB58EA75E} - System32\Tasks\DoctorPC_Start => C:\Program Files\Doctor PC\DoctorPC.exe Task: {8890A168-D607-4CD2-B864-DEB0C9BF9C64} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: {8E18AF3F-D616-472B-A5F3-DF8A48D648A0} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {9DA7763F-B53C-4AEC-A1D9-5473888D68E7} - System32\Tasks\PJBFN => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION Task: {A101197D-AF6B-411F-973B-D88E8EEC040E} - System32\Tasks\HF => C:\Users\rose\AppData\Roaming\HF.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {A309A77C-B741-48BB-A32B-71702413D59A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {AF00B3A2-64A1-4974-993F-30228CF843EE} - System32\Tasks\DoctorPC_Popup => C:\Program Files\Doctor PC\Splash.exe Task: {B40060AD-BA8D-4A59-9474-6F6B824B12AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {C13DC2FE-1BCE-428B-B330-87703555C924} - System32\Tasks\PLXWI => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION Task: {C23C3958-D027-47B8-B784-4D15DC2079E7} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {C513AE5B-89F4-4A5B-8E09-CC0E385DBC35} - System32\Tasks\KASHZPJ => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION Task: {CB686B6C-9F36-4360-9B8F-572EED0EAA7E} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {D21BA1FD-894A-4C4E-B87E-28ED4AC71334} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.) Task: {ED2B9503-BF54-474F-946F-414E5AEDB910} - System32\Tasks\FWMEH => C:\Users\rose\AppData\Roaming\FWMEH.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION Task: {FB8710E5-4788-48F8-AFEB-CD2EF591AA75} - System32\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7 => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe [2015-02-15] (Cinema PlusV14.02) <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-6.exe <==== ATTENTION Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-1-7.exe <==== ATTENTION Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-10.exe <==== ATTENTION Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-4.exe <==== ATTENTION Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5_user.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-5.exe <==== ATTENTION Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-6.exe <==== ATTENTION Task: C:\Windows\Tasks\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.job => C:\Program Files\CinemaP-1.4cV14.02\39efae3f-4bf5-4d4a-8a81-2feadfa0ffd8-7.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FQFZVK.job => C:\Users\rose\AppData\Roaming\FQFZVK.exe <==== ATTENTION Task: C:\Windows\Tasks\FWMEH.job => C:\Users\rose\AppData\Roaming\FWMEH.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HF.job => C:\Users\rose\AppData\Roaming\HF.exe <==== ATTENTION Task: C:\Windows\Tasks\IXWW.job => C:\Users\rose\AppData\Roaming\IXWW.exe <==== ATTENTION Task: C:\Windows\Tasks\JT.job => C:\Users\rose\AppData\Roaming\JT.exe <==== ATTENTION Task: C:\Windows\Tasks\KASHZPJ.job => C:\Users\rose\AppData\Roaming\KASHZPJ.exe <==== ATTENTION Task: C:\Windows\Tasks\PJBFN.job => C:\Users\rose\AppData\Roaming\PJBFN.exe <==== ATTENTION Task: C:\Windows\Tasks\PLXWI.job => C:\Users\rose\AppData\Roaming\PLXWI.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\system32\RemoveFocusRect.dll 2014-12-10 14:05 - 2014-12-10 14:05 - 00003584 _____ () C:\Windows\System32\RemoveFocusRect.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-12-09 20:29 - 2014-12-09 20:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-12-19 14:26 - 2014-12-19 14:26 - 01858560 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7556c97cec3a808c48adc3b0f90628d3\Kies.UI.ni.dll 2014-12-19 14:26 - 2014-12-19 14:26 - 00078848 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\f71c1285b72d798e315ea2f78a9f80ca\Kies.MVVM.ni.dll 2014-12-19 14:27 - 2014-12-19 14:27 - 00188416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7d19f4747599332020621c9e335ee23e\Kies.Common.DeviceServiceLib.Interface.ni.dll 2014-12-19 14:28 - 2014-12-19 14:28 - 00352256 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\3c502291f0a96aa6f850b6ad8d348540\DevicePhoto.ni.dll 2014-12-19 14:28 - 2014-12-19 14:28 - 00306176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\73501d25058ecf1ad28349f281c2d83a\DummyStorePlugin.ni.dll 2014-12-19 14:27 - 2014-12-19 14:27 - 00574464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b9b08aacde53207e056532e8a93aacd6\Kies.Common.DeviceServiceLib.FileService.ni.dll 2014-12-19 14:27 - 2014-12-19 14:27 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\41eed1856bd169f3f1bc4e39542360b5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll 2014-12-19 14:27 - 2014-12-19 14:27 - 00986624 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\0318edba753b95de3e2c780deadb02b4\DeviceCommonLib.ni.dll 2014-12-19 14:27 - 2014-12-19 14:27 - 00231424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\ab6025c00c09ef604cfe7f62ba6361bc\ASF_cSharpAPI.ni.dll 2015-02-11 21:30 - 2015-02-11 21:30 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-12-09 15:26 - 2014-12-09 15:26 - 00133120 _____ () C:\Users\rose\AppData\Roaming\tricomfi\colers.dll 2015-02-11 21:13 - 2015-02-11 21:13 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1272460669-3081688189-3994748253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1272460669-3081688189-3994748253-500 - Administrator - Disabled) Guest (S-1-5-21-1272460669-3081688189-3994748253-501 - Limited - Disabled) rose (S-1-5-21-1272460669-3081688189-3994748253-1000 - Administrator - Enabled) => C:\Users\rose ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x0002a1e2 Faulting process id: 0x888 Faulting application start time: 0xc7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0 Faulting application path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe1 Faulting module path: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe2 Report Id: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe3 Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3 Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224 Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x11b4 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . System errors: ============= Error: (02/15/2015 11:07:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error: %%2 Error: (02/15/2015 11:04:40 AM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (02/15/2015 09:49:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error: %%2 Error: (02/15/2015 09:47:10 AM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (02/15/2015 01:14:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The globalUpdate Update Service (globalUpdate1d048a899b6ed61) service failed to start due to the following error: %%2 Error: (02/15/2015 01:12:29 AM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (02/15/2015 00:49:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IHProtect Service service failed to start due to the following error: %%3 Error: (02/15/2015 00:49:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IHProtect Service service failed to start due to the following error: %%3 Error: (02/14/2015 11:39:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The IHProtect Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/14/2015 08:18:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (02/15/2015 11:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/15/2015 09:48:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/15/2015 01:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/15/2015 01:02:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: c7cbf753-ea8e-43b6-9875-ff501674bced-10.exe0.0.0.000000000ntdll.dll6.1.7601.175144ce7b96ec00000050002a1e288801d0487a1a17147fC:\Program Files\PlusHD Cinema 2.1cV14.02\c7cbf753-ea8e-43b6-9875-ff501674bced-10.exeC:\Windows\SYSTEM32\ntdll.dll82da8deb-b49d-11e4-9f6c-c80aa951dd5b Error: (02/15/2015 01:00:29 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\$Recycle.Bin\S-1-5-21-1272460669-3081688189-3994748253-1000\$RAQ009F.exe Error: (02/15/2015 00:57:46 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\rose\Downloads\HitmanPro_x64.exe Error: (02/15/2015 00:51:34 AM) (Source: MsiInstaller) (EventID: 11309) (User: ROSE-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/15/2015 00:47:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142511b401d0488ffd5f4610C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll80a2b704-b49b-11e4-9f6c-c80aa951dd5b Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service Word Proser 1.10.0.6 Client Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. Error: (02/15/2015 00:47:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. ==================== Memory info =========================== Processor: AMD Sempron(tm) M120 Percentage of memory in use: 54% Total physical RAM: 1788.2 MB Available physical RAM: 812.01 MB Total Pagefile: 3576.4 MB Available Pagefile: 2306.12 MB Total Virtual: 2047.88 MB Available Virtual: 1893.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:220.03 GB) (Free:194.27 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:77.4 GB) (Free:62.41 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.56 GB) (Free:0.55 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AE57E7AE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=77.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=573 MB) - (Type=0C) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top