I think something is wrong with my computer. Only today Firefox keeps crashing whenever I try to save anything. If I try to save an image it says not responding and then closes itself. Also Photoshop which was fine yesterday now takes forever to open an image and the browser window no longer loads the image as a thumbnail and if I try to save an edit I have done, the program crashes and closes itself as well. Also mediaplayer won't load and just crashes so I can't play any video files either. Pretty much if I try to do anything the program will crash but my computer itself doesn't crash.
I've tried doing a system restore and it runs through the procedure but after restarting it tells me that it was unsuccessful. I've tried several restore points and it's still the same.
I've tried uninstalling programs from the control panel and it runs through the procedure and says uninstall successful but after restarting the programs are still there as if I haven't uninstalled them at all.
Computer was fine when I used it this morning but when I turned it on again this afternoon, all these problems happened.
Hoping someone can help.
Here are the logs:
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-10 00:26:37
-----------------------------
00:26:37.119 OS Version: Windows x64 6.1.7601 Service Pack 1
00:26:37.119 Number of processors: 8 586 0x1A05
00:26:37.119 ComputerName: KIEU-PC UserName: KIEU
00:26:42.969 Initialize success
00:26:48.943 VM: initialized successfully
00:26:48.943 VM: Intel CPU BiosDisabled
00:30:12.344 AVAST engine defs: 15010900
00:30:41.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:30:41.360 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
00:30:41.469 Disk 0 MBR read successfully
00:30:41.469 Disk 0 MBR scan
00:30:41.500 Disk 0 Windows 7 default MBR code
00:30:41.516 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2504 MB offset 2048
00:30:41.516 Disk 0 default boot code
00:30:41.547 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 588764 MB offset 7680960
00:30:41.578 Disk 0 Partition - 00 0F Extended LBA 838283 MB offset 1213470720
00:30:41.594 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 383263 MB offset 1213470783
00:30:41.609 Disk 0 Partition - 00 05 Extended 154817 MB offset 1998410393
00:30:41.625 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 154817 MB offset 1998410456
00:30:41.641 Disk 0 Partition - 00 05 Extended 199999 MB offset 3100815962
00:30:41.672 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 199999 MB offset 2315876352
00:30:41.687 Disk 0 Partition - 00 05 Extended 59999 MB offset 3827881858
00:30:41.703 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 59999 MB offset 2725476352
00:30:41.734 Disk 0 Partition - 00 05 Extended 39999 MB offset 4360361858
00:30:41.750 Disk 0 Partition 7 00 07 HPFS/NTFS NTFS 39999 MB offset 2848356352
00:30:41.843 Disk 0 scanning C:\Windows\system32\drivers
00:30:55.790 Service scanning
00:31:22.435 Modules scanning
00:31:22.435 Disk 0 trace - called modules:
00:31:22.450 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:31:22.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b39d790]
00:31:22.466 3 CLASSPNP.SYS[fffff880018d143f] -> nt!IofCallDriver -> [0xfffffa800b16c520]
00:31:22.466 5 ACPI.sys[fffff88000ef37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800b160060]
00:31:25.757 AVAST engine scan C:\Windows
00:31:28.675 AVAST engine scan C:\Windows\system32
00:35:55.295 AVAST engine scan C:\Windows\system32\drivers
00:36:11.612 AVAST engine scan C:\Users\KIEU
00:52:03.355 AVAST engine scan C:\ProgramData
00:55:09.620 Disk 0 statistics 3743502/0/0 @ 2.12 MB/s
00:55:09.635 Scan finished successfully
00:55:45.016 Disk 0 MBR has been saved successfully to "C:\Users\KIEU\Desktop\MBR.dat"
00:55:45.047 The log file has been saved successfully to "C:\Users\KIEU\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by KIEU (administrator) on KIEU-PC on 10-01-2015 00:59:21
Running from C:\Users\KIEU\Desktop
Loaded Profile: KIEU (Available profiles: KIEU)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAsrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAui.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(FS2YOU) C:\Program Files (x86)\GridService\peer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAhlp.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\OAui.exe [7558464 2013-10-16] (Emsisoft GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Grid Service] => C:\Program Files (x86)\GridService\peer.exe [4993024 2008-12-31] (FS2YOU)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll (SmartSoft Ltd.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-511611439-945934297-1488321886-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-511611439-945934297-1488321886-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-511611439-945934297-1488321886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-511611439-945934297-1488321886-1001 -> URL http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-511611439-945934297-1488321886-1001 -> {36BBC5EA-56CD-46C2-B93C-1A26BF380F71} URL = http://au.search.yah...p={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FDMIECookiesBHO Class -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
FireFox:
========
FF ProfilePath: C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default
FF Homepage: google.com
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120207-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: FoxyProxy Standard - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\foxyproxy@eric.h.jung [2014-12-28]
FF Extension: WOT - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: AutoProxy - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\autoproxy@autoproxy.org.xpi [2013-07-04]
FF Extension: MEGA - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\firefox@mega.co.nz.xpi [2013-03-22]
FF Extension: NoScript - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-27]
FF Extension: Download YouTube Videos as MP4 - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-01-08]
FF Extension: Adblock Plus - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-27]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Firefox\Extensions: [{5820539B-D2F8-11E1-8270-B8AC6F996F26}] - C:\Users\KIEU\AppData\Local\{5820539B-D2F8-11E1-8270-B8AC6F996F26}
Chrome:
=======
CHR HomePage: Default -> https://au.search.ya...54&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://au.search.ya...4&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://au.search.ya...p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.ya...d={searchTerms}
CHR Profile: C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (Google Search) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (Gmail) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-07-26] (NOS Microsystems Ltd.)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-16] (Emsisoft GmbH)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-16] (Emsisoft GmbH)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-16] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-16] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-16] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2013-10-16] (Emsisoft)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-08] (Windows ® Server 2003 DDK provider)
S3 sssdbus; C:\Windows\System32\DRIVERS\sssdbus.sys [129352 2010-04-27] (MCCI Corporation)
S3 sssdmdfl; C:\Windows\System32\DRIVERS\sssdmdfl.sys [20808 2010-04-27] (MCCI Corporation)
S3 sssdmdm; C:\Windows\System32\DRIVERS\sssdmdm.sys [163144 2010-04-27] (MCCI Corporation)
S3 sssdmgmt; C:\Windows\System32\DRIVERS\sssdmgmt.sys [142664 2010-04-27] (MCCI Corporation)
S3 sssdobex; C:\Windows\System32\DRIVERS\sssdobex.sys [138056 2010-04-27] (MCCI Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]
U3 aswMBR; \??\C:\Users\KIEU\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\KIEU\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 00:59 - 2015-01-10 00:59 - 00019650 _____ () C:\Users\KIEU\Desktop\FRST.txt
2015-01-10 00:58 - 2015-01-10 00:59 - 00000000 ____D () C:\FRST
2015-01-10 00:57 - 2015-01-10 00:57 - 02124288 _____ (Farbar) C:\Users\KIEU\Desktop\FRST64.exe
2015-01-10 00:55 - 2015-01-10 00:55 - 00003110 _____ () C:\Users\KIEU\Desktop\aswMBR.txt
2015-01-10 00:21 - 2015-01-10 00:21 - 05198336 _____ (AVAST Software) C:\Users\KIEU\Desktop\aswMBR.exe
2015-01-09 23:46 - 2015-01-09 23:46 - 00001806 _____ () C:\Users\KIEU\Documents\cc_20150109_234654.reg
2015-01-09 23:13 - 2015-01-09 23:13 - 00002048 _____ () C:\Users\KIEU\Documents\cc_20150109_231314.reg
2015-01-09 22:47 - 2015-01-09 22:47 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
2015-01-09 21:12 - 2015-01-09 21:12 - 00000608 _____ () C:\Users\KIEU\Documents\cc_20150109_211211.reg
2014-12-18 19:47 - 2014-12-13 16:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 19:47 - 2014-12-13 14:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 19:28 - 2014-12-11 19:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 01:29 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 01:29 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 00:55 - 2013-09-22 17:02 - 00000512 _____ () C:\Users\KIEU\Desktop\MBR.dat
2015-01-10 00:49 - 2011-08-28 18:01 - 00000000 ____D () C:\Program Files (x86)\Giraffic
2015-01-10 00:17 - 2010-08-14 18:01 - 01609525 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 00:07 - 2014-07-05 17:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 00:03 - 2014-08-24 18:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 23:54 - 2009-07-14 15:45 - 00022272 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 23:54 - 2009-07-14 15:45 - 00022272 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 23:53 - 2009-07-14 16:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 23:50 - 2011-08-28 18:01 - 00000000 ____D () C:\ProgramData\Giraffic
2015-01-09 23:50 - 2010-08-14 21:12 - 00000000 ____D () C:\Users\KIEU\AppData\Roaming\Adobe
2015-01-09 23:50 - 2010-03-10 09:14 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-09 23:49 - 2014-09-13 23:06 - 00009184 _____ () C:\Windows\setupact.log
2015-01-09 23:49 - 2014-08-24 18:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 23:49 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 22:51 - 2014-09-15 21:38 - 00010084 _____ () C:\Windows\PFRO.log
2015-01-09 21:36 - 2014-07-05 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-09 21:13 - 2014-07-05 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 21:13 - 2012-01-26 16:58 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-08 01:56 - 2010-08-15 19:28 - 00000000 ____D () C:\Users\KIEU\AppData\Roaming\Azureus
2014-12-31 22:14 - 2010-03-24 14:55 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 15:04 - 2009-07-14 16:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-16 00:54 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-13 16:35 - 2010-08-15 16:46 - 00000000 ____D () C:\Users\KIEU\AppData\Local\Adobe
2014-12-13 16:31 - 2012-09-30 17:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 16:31 - 2011-08-19 22:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:06 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 20:05 - 2014-08-24 18:48 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:28 - 2014-05-07 02:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 19:28 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 19:27 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 01:35 - 2013-07-13 03:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 01:31 - 2010-08-18 19:46 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
ZeroAccess:
C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 17:54
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by KIEU at 2015-01-10 00:59:47
Running from C:\Users\KIEU\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.87 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader 9.4.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.1 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz DVD 2 (HKLM-x32\...\{996F79F5-2ABF-4B9D-A0C0-ACD046AA8008}) (Version: 2.2.2.118 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.1026.2246.39002 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: - NCH Software)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
EASEUS Partition Master 9.1.0 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.8.509 - Australian Taxation Office)
FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time)
Free Download Manager 3.0 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free M4a to MP3 Converter 6.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 14.7.31.0 (HKLM\...\PROSetDX) (Version: 14.7.31.0 - Intel)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
K-Lite Codec Pack (64-bit) v4.0.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.0.0 - )
K-Lite Codec Pack 6.6.1 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.1 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maxtor Manager (HKLM-x32\...\InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}) (Version: 4.01.0303 - Seagate Technology)
Maxtor Manager (x32 Version: 4.01.0303 - Seagate Technology) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MKV Cutter 1.0 (HKLM-x32\...\MKV Cutter_is1) (Version: - spgsoft.com)
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MPEG Cutter 1.0 (HKLM-x32\...\MPEG Cutter_is1) (Version: - spgsoft.com)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
Nero 9 Essentials (HKLM-x32\...\{59f85eda-819e-446d-8ed8-e010be07ba65}) (Version: - Nero AG)
Online Armor 5.5 (HKLM-x32\...\OnlineArmor_is1) (Version: 5.5 - Emsi Software GmbH)
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
RaySource 2.1.10.8366 (HKLM-x32\...\RaySource) (Version: 2.1.10.8366 - RaySource Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.450.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.0.0.809 - Memeo Inc.)
SmartFTP (HKLM-x32\...\{11C762F9-95EA-486A-A8E7-683A50C231C1}) (Version: 1.0.980 - SmartFTP)
SmartFTP Client (HKLM\...\{A976F922-9E72-4537-9FDF-DB8498525059}) (Version: 6.0.2054.0 - SmartSoft Ltd.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.18 - Tweaking.com)
Ulead VideoStudio 11 (HKLM-x32\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)
USB TV Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Veoh Giraffic Video Accelerator (HKLM-x32\...\Giraffic) (Version: 0.86.412.230 - Giraffic)
Veoh Web Player (HKLM-x32\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VideoStudio (x32 Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VOB Cutter 1.0 (HKLM-x32\...\VOB Cutter_is1) (Version: - spgsoft.com)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-511611439-945934297-1488321886-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-511611439-945934297-1488321886-1001_Classes\CLSID\{771CF1A6-FC96-45cf-B011-6469F0E56F64}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
26-12-2014 20:48:21 Windows Update
30-12-2014 21:05:31 Windows Update
02-01-2015 21:10:41 Windows Update
06-01-2015 21:37:12 Windows Update
09-01-2015 22:45:22 Installed Adobe Photoshop
09-01-2015 22:55:24 Removed Adobe Photoshop
09-01-2015 22:58:23 Removed Adobe Photoshop
09-01-2015 23:00:44 Removed Adobe Photoshop
09-01-2015 23:14:47 Removed Adobe Photoshop
09-01-2015 23:23:06 Restore Operation
09-01-2015 23:44:49 Removed Adobe Photoshop
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 13:34 - 2013-09-26 19:28 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0759CEE5-DB02-4EBC-886C-0E6BD5DC22A3} - System32\Tasks\{8EF0EFBA-0B25-45AC-8827-FA0D144CD70D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe" -d "C:\Program Files (x86)\Common Files\Ahead\Nero Web" -c -ScParameter=8 MODE="update"
Task: {27D93087-1A61-4B04-9407-48793C89BC29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {377E6AE5-6965-40A3-8E9C-C610C61CD8BB} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2011-08-25] (Veoh Networks)
Task: {4EA9CC50-45BA-4018-9D04-7AD1F2836516} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {5712E4CD-523C-481F-BC45-91BD5FA43D0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {7F1FF788-4866-49D6-A395-A117B0D37775} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D97E034B-F9E7-4B98-A11C-50BA84F8ADA3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-08-15 00:02 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-10-26 22:45 - 2010-10-26 22:45 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 20:52 - 2014-12-09 20:52 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: AvgUninstallURL => cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.872
MSCONFIG\startupreg: Grid Service => "C:\Program Files (x86)\GridService\peer.exe" -n Grid
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: mxomssmenu => "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UVS11 Preload => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-511611439-945934297-1488321886-500 - Administrator - Disabled)
Guest (S-1-5-21-511611439-945934297-1488321886-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-511611439-945934297-1488321886-1002 - Limited - Enabled)
KIEU (S-1-5-21-511611439-945934297-1488321886-1001 - Administrator - Enabled) => C:\Users\KIEU
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\WindowsCodecs.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program avast! Antirootkit because of this error.
Program: avast! Antirootkit
File: C:\Windows\SysWOW64\WindowsCodecs.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: WindowsCodecs.dll, version: 6.2.9200.17170, time stamp: 0x545aec6a
Exception code: 0xc0000006
Fault offset: 0x00038fb7
Faulting process id: 0x930
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Error: (01/10/2015 00:13:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13d8
Start Time: 01d02c0e05e8ab2b
Termination Time: 47
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 5cf30708-9801-11e4-946d-001fbc092376
Error: (01/10/2015 00:10:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 9cc
Start Time: 01d02c0cf738ad6e
Termination Time: 38
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: e8d3375c-9800-11e4-946d-001fbc092376
Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\WindowsCodecs.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.
Program: Malwarebytes Anti-Malware
File: C:\Windows\SysWOW64\WindowsCodecs.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: WindowsCodecs.dll, version: 6.2.9200.17170, time stamp: 0x545aec6a
Exception code: 0xc0000006
Fault offset: 0x00038fb7
Faulting process id: 0x33c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Error: (01/10/2015 00:05:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1078
Start Time: 01d02c0ca02feedb
Termination Time: 30
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 2f1abef3-9800-11e4-946d-001fbc092376
Error: (01/10/2015 00:03:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1464
Start Time: 01d02c0ae4cd03f6
Termination Time: 33
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: cca9b54f-97ff-11e4-946d-001fbc092376
Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\WindowsCodecs.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Adobe Photoshop CS Middle East Version because of this error.
Program: Adobe Photoshop CS Middle East Version
File: C:\Windows\SysWOW64\WindowsCodecs.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 8.0.0.0, time stamp: 0x40312596
Faulting module name: WindowsCodecs.dll, version: 6.2.9200.17170, time stamp: 0x545aec6a
Exception code: 0xc0000006
Fault offset: 0x0005a280
Faulting process id: 0x15ac
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
System errors:
=============
Error: (01/10/2015 00:57:23 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:57:20 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:57:05 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:57:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:56:59 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:56:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:55:44 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:55:35 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:55:32 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (01/10/2015 00:53:48 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Microsoft Office Sessions:
=========================
Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\WindowsCodecs.dllavast! AntirootkitC000009C3
Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.22525465ba64WindowsCodecs.dll6.2.9200.17170545aec6ac000000600038fb793001d02c0fe4e2c4e5C:\Users\KIEU\Desktop\aswMBR.exeC:\Windows\system32\WindowsCodecs.dll3f326cc4-9807-11e4-946d-001fbc092376
Error: (01/10/2015 00:13:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.544313d801d02c0e05e8ab2b47C:\Program Files (x86)\Mozilla Firefox\firefox.exe5cf30708-9801-11e4-946d-001fbc092376
Error: (01/10/2015 00:10:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.54439cc01d02c0cf738ad6e38C:\Program Files (x86)\Mozilla Firefox\firefox.exee8d3375c-9800-11e4-946d-001fbc092376
Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\WindowsCodecs.dllMalwarebytes Anti-MalwareC000009C3
Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecWindowsCodecs.dll6.2.9200.17170545aec6ac000000600038fb733c01d02c0d2da44ff5C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\system32\WindowsCodecs.dll7d88028e-9800-11e4-946d-001fbc092376
Error: (01/10/2015 00:05:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443107801d02c0ca02feedb30C:\Program Files (x86)\Mozilla Firefox\firefox.exe2f1abef3-9800-11e4-946d-001fbc092376
Error: (01/10/2015 00:03:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443146401d02c0ae4cd03f633C:\Program Files (x86)\Mozilla Firefox\firefox.execca9b54f-97ff-11e4-946d-001fbc092376
Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\WindowsCodecs.dllAdobe Photoshop CS Middle East VersionC000009C3
Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Photoshop.exe8.0.0.040312596WindowsCodecs.dll6.2.9200.17170545aec6ac00000060005a28015ac01d02c0abfd35c94C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exeC:\Windows\system32\WindowsCodecs.dll53123247-97ff-11e4-946d-001fbc092376
CodeIntegrity Errors:
===================================
Date: 2012-09-25 22:14:00.240
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-25 22:14:00.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-25 22:14:00.115
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-25 22:14:00.053
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-24 00:20:32.692
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-24 00:20:32.629
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-24 00:20:32.567
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-24 00:20:32.504
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-23 16:32:37.582
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-23 16:32:37.519
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 12279.18 MB
Available physical RAM: 8948.11 MB
Total Pagefile: 24556.54 MB
Available Pagefile: 21017.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:574.97 GB) (Free:245.29 GB) NTFS
Drive l: (DBSK) (Fixed) (Total:374.28 GB) (Free:62.19 GB) NTFS
Drive m: (MP3) (Fixed) (Total:151.19 GB) (Free:20.84 GB) NTFS
Drive n: (VIDEOS) (Fixed) (Total:195.31 GB) (Free:29.2 GB) NTFS
Drive o: (ANIME) (Fixed) (Total:58.59 GB) (Free:1.04 GB) NTFS
Drive p: (DOWNLOADS) (Fixed) (Total:39.06 GB) (Free:2.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 23615803)
Partition 1: (Active) - (Size=2.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=575 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=818.6 GB) - (Type=OF Extended)
==================== End Of Log ============================