Trojan In Registry Files

rockwh

rockwh

New Member
Thread author
Sep 9, 2018
10
Hello, I've been using my pc reguarly but after some time i noticed that there's a problem with my mouse not clicking probably, and after a short a while i noticed that my (usually smoth) games are stuck for some reason, i download malwarebyts to check and found out some Trojan files in my Registry files and some bitcoin mining stuff.. I ran malwarebyts scan and ran Farbar scan.. malwarebyts says that there's no threats but i still think that i'm having some problems with my games cuz they kinda stuck every now and then... here's the first mb scan i did with the FRST and Addition files...

Kind regards
 

Attachments

  • Addition.txt
    66.4 KB · Views: 3
  • FRST.txt
    49.8 KB · Views: 2
  • Mb Report.txt
    4.8 KB · Views: 2
  • Like
Reactions: upnorth
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    245 bytes · Views: 3
  • Like
Reactions: upnorth
rockwh

rockwh

New Member
Thread author
Sep 9, 2018
10
I ran the fixlist file i didn't take 3 secs and my pc didn't restart.
is it becuz the problem is kinda fixed or....?:) here's the fixlog.. thank you in advance.
 

Attachments

  • Fixlog.txt
    3.1 KB · Views: 3
  • Like
Reactions: upnorth
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
There is something wrong with your hard drive or file system:

Error: (05/29/2019 06:28:02 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Check Disk
  • Press the
    WindowsKey.png
    on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • Code: 
    chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
 
rockwh

rockwh

New Member
Thread author
Sep 9, 2018
10
Hello, sorry for taking forever to reply...
i found two logs i'll cope the 2nd one in another reply
here are the copied details :
------------------------------------------------------------------------------------
Code: 
Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/30/2019 2:31:50 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-21P0TBK
Description:


Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x42bac for possibly 0x120 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x33689 is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0x33689
has allocated length of 0x35d10000 instead of 0x1b802000.
Deleted corrupt attribute list entry
with type code 128 in file 210569.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xe000000029bd2.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x29BD2.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xb0000000320fe.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x320FE.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x7000000033677.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x33677.
Deleted corrupt attribute list entry
with type code 128 in file 210571.
Unable to find child frs 0x534c with sequence number 0x53.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x7aea5f for possibly 0x10 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x3368b is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0x3368b
has allocated length of 0x3840000 instead of 0xcd0000.
Deleted corrupt attribute list entry
with type code 128 in file 210571.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1d00000002dc59.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x2DC59.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6000000033659.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x33659.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xc000000033697.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x33697.
  477952 file records processed.                                                       

File verification completed.
Deleting orphan file record segment 170962.
Deleting orphan file record segment 187481.
Deleting orphan file record segment 205054.
Deleting orphan file record segment 210521.
Deleting orphan file record segment 210551.
  5399 large file records processed.                                  

  0 bad file records processed.                                    


Stage 2: Examining file name linkage ...
The file reference 0x680000000157ba of index entry d356105fac5527ef.customDestinations-ms of index $I30
with parent 0x2cd is not the same as 0x670000000157ba.
Deleting index entry d356105fac5527ef.customDestinations-ms in index $I30 of file 717.
The index bitmap $I30 in file 0x110fb is incorrect.
Correcting error in index $I30 for file 69883.
  574382 index entries processed.                                                      

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file user-not-present-trace-2019-05-23-01-32-31.etl (11840) into directory file 163935.
Recovering orphaned file Sha38E6.tmp (21324) into directory file 277332.
Recovering orphaned file d356105fac5527ef.customDestinations-ms (87994) into directory file 717.
Recovering orphaned file S-1-5-18-05302019015654091-ntuser.dat (102594) into directory file 69883.
Recovering orphaned file Sha9DF.tmp (210569) into directory file 277332.
  6 unindexed files scanned.                                       

Recovering orphaned file Sha9E0.tmp (210571) into directory file 277332.
  6 unindexed files recovered to original directory.
  0 unindexed files recovered to lost and found.                   


Stage 3: Examining security descriptors ...
Cleaning up 87 unused index entries from index $SII of file 0x9.
Cleaning up 87 unused index entries from index $SDH of file 0x9.
Cleaning up 87 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 210569.
Inserting data attribute into file 210571.
  48218 data files processed.                                          

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Read failure with status 0xc000009c at offset 0xb9f4b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xb9f52000 for 0x1000 bytes.
Replacing bad clusters in logfile.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

224767999 KB total disk space.
155717192 KB in 247298 files.
    184972 KB in 48217 indexes.
        20 KB in bad sectors.
    554863 KB in use by the system.
     65536 KB occupied by the log file.
  68310952 KB available on disk.

      4096 bytes in each allocation unit.
  56191999 total allocation units on disk.
  17077738 allocation units available on disk.

Internal Info:
00 4b 07 00 e5 81 04 00 74 55 08 00 00 00 00 00  .K......tU......
c6 05 00 00 01 01 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2019-05-30T00:31:50.838073700Z" />
    <EventRecordID>45479</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-21P0TBK</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x42bac for possibly 0x120 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x33689 is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0x33689
has allocated length of 0x35d10000 instead of 0x1b802000.
Deleted corrupt attribute list entry
with type code 128 in file 210569.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xe000000029bd2.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x29BD2.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xb0000000320fe.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x320FE.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x7000000033677.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x33677.
Deleted corrupt attribute list entry
with type code 128 in file 210571.
Unable to find child frs 0x534c with sequence number 0x53.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x7aea5f for possibly 0x10 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x3368b is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0x3368b
has allocated length of 0x3840000 instead of 0xcd0000.
Deleted corrupt attribute list entry
with type code 128 in file 210571.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1d00000002dc59.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x2DC59.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6000000033659.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x33659.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xc000000033697.  The expected attribute type is 0x80.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x33697.
  477952 file records processed.                                                       

File verification completed.
Deleting orphan file record segment 170962.
Deleting orphan file record segment 187481.
Deleting orphan file record segment 205054.
Deleting orphan file record segment 210521.
Deleting orphan file record segment 210551.
  5399 large file records processed.                                  

  0 bad file records processed.                                    


Stage 2: Examining file name linkage ...
The file reference 0x680000000157ba of index entry d356105fac5527ef.customDestinations-ms of index $I30
with parent 0x2cd is not the same as 0x670000000157ba.
Deleting index entry d356105fac5527ef.customDestinations-ms in index $I30 of file 717.
The index bitmap $I30 in file 0x110fb is incorrect.
Correcting error in index $I30 for file 69883.
  574382 index entries processed.                                                      

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file user-not-present-trace-2019-05-23-01-32-31.etl (11840) into directory file 163935.
Recovering orphaned file Sha38E6.tmp (21324) into directory file 277332.
Recovering orphaned file d356105fac5527ef.customDestinations-ms (87994) into directory file 717.
Recovering orphaned file S-1-5-18-05302019015654091-ntuser.dat (102594) into directory file 69883.
Recovering orphaned file Sha9DF.tmp (210569) into directory file 277332.
  6 unindexed files scanned.                                       

Recovering orphaned file Sha9E0.tmp (210571) into directory file 277332.
  6 unindexed files recovered to original directory.
  0 unindexed files recovered to lost and found.                   


Stage 3: Examining security descriptors ...
Cleaning up 87 unused index entries from index $SII of file 0x9.
Cleaning up 87 unused index entries from index $SDH of file 0x9.
Cleaning up 87 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 210569.
Inserting data attribute into file 210571.
  48218 data files processed.                                          

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Read failure with status 0xc000009c at offset 0xb9f4b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xb9f52000 for 0x1000 bytes.
Replacing bad clusters in logfile.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

224767999 KB total disk space.
155717192 KB in 247298 files.
    184972 KB in 48217 indexes.
        20 KB in bad sectors.
    554863 KB in use by the system.
     65536 KB occupied by the log file.
  68310952 KB available on disk.

      4096 bytes in each allocation unit.
  56191999 total allocation units on disk.
  17077738 allocation units available on disk.

Internal Info:
00 4b 07 00 e5 81 04 00 74 55 08 00 00 00 00 00  .K......tU......
c6 05 00 00 01 01 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
 
Last edited by a moderator:
rockwh

rockwh

New Member
Thread author
Sep 9, 2018
10
Code: 
Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/25/2019 2:54:16 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-21P0TBK
Description:


Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x7a3.
The multi-sector header signature in file 0x194 is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
Deleting corrupt file record segment 404.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x272.
The multi-sector header signature in file 0x195 is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
Deleting corrupt file record segment 405.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x42542c for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x2da2d is already in use.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x2DA2D.
  477952 file records processed.                                                       

File verification completed.
  5523 large file records processed.                                  

  0 bad file records processed.                                    


Stage 2: Examining file name linkage ...
Index entry data_1 of index $I30 in file 0x17c points to unused file 0x194.
Deleting index entry data_1 in index $I30 of file 380.
The file reference 0x8000000000196 of index entry CREATE~1 of index $I30
with parent 0x1517 is not the same as 0xa000000000196.
Deleting index entry CREATE~1 in index $I30 of file 5399.
Index entry 3410847be5d97ea8_0 of index $I30 in file 0x20f6e points to unused file 0x195.
Deleting index entry 3410847be5d97ea8_0 in index $I30 of file 135022.
Index entry 341084~1 of index $I30 in file 0x20f6e points to unused file 0x195.
Deleting index entry 341084~1 in index $I30 of file 135022.
  574426 index entries processed.                                                      

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file MPSIGSTUB.EXE-CA376461.pf (11607) into directory file 164270.
There is no DOS file name attribute in file 0x2d57.
Correcting minor file name errors in file 11607.
  3 unindexed files scanned.                                       

Recovering orphaned file MPAM-1~1.PF (78058) into directory file 164270.
Recovering orphaned file MPAM-1BBF53E9.EXE-591AC0FE.pf (78058) into directory file 164270.
  2 unindexed files recovered to original directory.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered to lost and found.                   

    Lost and found is located at \found.004


Stage 3: Examining security descriptors ...
Cleaning up 1195 unused index entries from index $SII of file 0x9.
Cleaning up 1195 unused index entries from index $SDH of file 0x9.
Cleaning up 1195 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 186925.
  48239 data files processed.                                          

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

224767999 KB total disk space.
186532488 KB in 245801 files.
    184812 KB in 48240 indexes.
        16 KB in bad sectors.
    554859 KB in use by the system.
     65536 KB occupied by the log file.
  37495824 KB available on disk.

      4096 bytes in each allocation unit.
  56191999 total allocation units on disk.
   9373956 allocation units available on disk.

Internal Info:
00 4b 07 00 27 7c 04 00 d3 72 08 00 00 00 00 00  .K..'|...r......
d5 05 00 00 fb 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2019-05-25T00:54:16.046971400Z" />
    <EventRecordID>44574</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-21P0TBK</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x7a3.
The multi-sector header signature in file 0x194 is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
Deleting corrupt file record segment 404.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x272.
The multi-sector header signature in file 0x195 is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
Deleting corrupt file record segment 405.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x42542c for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x2da2d is already in use.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x2DA2D.
  477952 file records processed.                                                       

File verification completed.
  5523 large file records processed.                                  

  0 bad file records processed.                                    


Stage 2: Examining file name linkage ...
Index entry data_1 of index $I30 in file 0x17c points to unused file 0x194.
Deleting index entry data_1 in index $I30 of file 380.
The file reference 0x8000000000196 of index entry CREATE~1 of index $I30
with parent 0x1517 is not the same as 0xa000000000196.
Deleting index entry CREATE~1 in index $I30 of file 5399.
Index entry 3410847be5d97ea8_0 of index $I30 in file 0x20f6e points to unused file 0x195.
Deleting index entry 3410847be5d97ea8_0 in index $I30 of file 135022.
Index entry 341084~1 of index $I30 in file 0x20f6e points to unused file 0x195.
Deleting index entry 341084~1 in index $I30 of file 135022.
  574426 index entries processed.                                                      

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file MPSIGSTUB.EXE-CA376461.pf (11607) into directory file 164270.
There is no DOS file name attribute in file 0x2d57.
Correcting minor file name errors in file 11607.
  3 unindexed files scanned.                                       

Recovering orphaned file MPAM-1~1.PF (78058) into directory file 164270.
Recovering orphaned file MPAM-1BBF53E9.EXE-591AC0FE.pf (78058) into directory file 164270.
  2 unindexed files recovered to original directory.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered to lost and found.                   

    Lost and found is located at \found.004


Stage 3: Examining security descriptors ...
Cleaning up 1195 unused index entries from index $SII of file 0x9.
Cleaning up 1195 unused index entries from index $SDH of file 0x9.
Cleaning up 1195 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 186925.
  48239 data files processed.                                          

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

224767999 KB total disk space.
186532488 KB in 245801 files.
    184812 KB in 48240 indexes.
        16 KB in bad sectors.
    554859 KB in use by the system.
     65536 KB occupied by the log file.
  37495824 KB available on disk.

      4096 bytes in each allocation unit.
  56191999 total allocation units on disk.
   9373956 allocation units available on disk.

Internal Info:
00 4b 07 00 27 7c 04 00 d3 72 08 00 00 00 00 00  .K..'|...r......
d5 05 00 00 fb 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
 
Last edited by a moderator:
rockwh

rockwh

New Member
Thread author
Sep 9, 2018
10
Sorry if i'm being out of subject but if i reinstalled Windows after extracting impotent data, will the problem be solved or...?

Kind regards.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I think your hard drive is malfunctioned and if that is the case the problem won't be solved, you'll have to replace your hard drive.

Code: 
Read failure with status 0xc000009c at offset 0xb9f4b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xb9f52000 for 0x1000 bytes.

Can you make one more FRST scan and attach both fresh reports?
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, I still see a hard drive related errors. You'll have to visit a repair shop and ask for your drive to be checked against bad sectors.
 
  • Thanks
Reactions: rockwh

Similar threads

P
  • Locked
Microsoft Edge infected w/"yahoo search redirect virus"
Replies
7
Views
535
Windows Malware Removal Help & Support
nasdaq
nasdaq
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
727
Windows Malware Removal Help & Support
Can't Decide
C
H
  • Locked
My window got hacked and files become craa
Replies
1
Views
562
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top