WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help - Think I have a virus [Solved]

Started by tahaminey , Jan 09 2015 08:24 AM

This topic is locked

11 replies to this topic

#1 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 09 January 2015 - 08:24 AM

I think something is wrong with my computer. Only today Firefox keeps crashing whenever I try to save anything. If I try to save an image it says not responding and then closes itself. Also Photoshop which was fine yesterday now takes forever to open an image and the browser window no longer loads the image as a thumbnail and if I try to save an edit I have done, the program crashes and closes itself as well. Also mediaplayer won't load and just crashes so I can't play any video files either. Pretty much if I try to do anything the program will crash but my computer itself doesn't crash.

I've tried doing a system restore and it runs through the procedure but after restarting it tells me that it was unsuccessful. I've tried several restore points and it's still the same.

I've tried uninstalling programs from the control panel and it runs through the procedure and says uninstall successful but after restarting the programs are still there as if I haven't uninstalled them at all.

Computer was fine when I used it this morning but when I turned it on again this afternoon, all these problems happened.

Hoping someone can help.

Here are the logs:

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-10 00:26:37
-----------------------------
00:26:37.119    OS Version: Windows x64 6.1.7601 Service Pack 1
00:26:37.119    Number of processors: 8 586 0x1A05
00:26:37.119    ComputerName: KIEU-PC UserName: KIEU
00:26:42.969    Initialize success
00:26:48.943    VM: initialized successfully
00:26:48.943    VM: Intel CPU BiosDisabled
00:30:12.344    AVAST engine defs: 15010900
00:30:41.360    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:30:41.360    Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
00:30:41.469    Disk 0 MBR read successfully
00:30:41.469    Disk 0 MBR scan
00:30:41.500    Disk 0 Windows 7 default MBR code
00:30:41.516    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         2504 MB offset 2048
00:30:41.516    Disk 0 default boot code
00:30:41.547    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       588764 MB offset 7680960
00:30:41.578    Disk 0 Partition - 00     0F Extended LBA            838283 MB offset 1213470720
00:30:41.594    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       383263 MB offset 1213470783
00:30:41.609    Disk 0 Partition - 00     05     Extended            154817 MB offset 1998410393
00:30:41.625    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       154817 MB offset 1998410456
00:30:41.641    Disk 0 Partition - 00     05     Extended            199999 MB offset 3100815962
00:30:41.672    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       199999 MB offset 2315876352
00:30:41.687    Disk 0 Partition - 00     05     Extended             59999 MB offset 3827881858
00:30:41.703    Disk 0 Partition 6 00     07    HPFS/NTFS NTFS        59999 MB offset 2725476352
00:30:41.734    Disk 0 Partition - 00     05     Extended             39999 MB offset 4360361858
00:30:41.750    Disk 0 Partition 7 00     07    HPFS/NTFS NTFS        39999 MB offset 2848356352
00:30:41.843    Disk 0 scanning C:\Windows\system32\drivers
00:30:55.790    Service scanning
00:31:22.435    Modules scanning
00:31:22.435    Disk 0 trace - called modules:
00:31:22.450    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:31:22.466    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b39d790]
00:31:22.466    3 CLASSPNP.SYS[fffff880018d143f] -> nt!IofCallDriver -> [0xfffffa800b16c520]
00:31:22.466    5 ACPI.sys[fffff88000ef37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800b160060]
00:31:25.757    AVAST engine scan C:\Windows
00:31:28.675    AVAST engine scan C:\Windows\system32
00:35:55.295    AVAST engine scan C:\Windows\system32\drivers
00:36:11.612    AVAST engine scan C:\Users\KIEU
00:52:03.355    AVAST engine scan C:\ProgramData
00:55:09.620    Disk 0 statistics 3743502/0/0 @ 2.12 MB/s
00:55:09.635    Scan finished successfully
00:55:45.016    Disk 0 MBR has been saved successfully to "C:\Users\KIEU\Desktop\MBR.dat"
00:55:45.047    The log file has been saved successfully to "C:\Users\KIEU\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by KIEU (administrator) on KIEU-PC on 10-01-2015 00:59:21
Running from C:\Users\KIEU\Desktop
Loaded Profile: KIEU (Available profiles: KIEU)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAsrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAui.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(FS2YOU) C:\Program Files (x86)\GridService\peer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAhlp.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\OAui.exe [7558464 2013-10-16] (Emsisoft GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Grid Service] => C:\Program Files (x86)\GridService\peer.exe [4993024 2008-12-31] (FS2YOU)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-511611439-945934297-1488321886-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-511611439-945934297-1488321886-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-511611439-945934297-1488321886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-511611439-945934297-1488321886-1001 -> URL http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-511611439-945934297-1488321886-1001 -> {36BBC5EA-56CD-46C2-B93C-1A26BF380F71} URL = http://au.search.yah...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FDMIECookiesBHO Class -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14

FireFox:
========
FF ProfilePath: C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default
FF Homepage: google.com
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120207-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: FoxyProxy Standard - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\foxyproxy@eric.h.jung [2014-12-28]
FF Extension: WOT - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: AutoProxy - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\autoproxy@autoproxy.org.xpi [2013-07-04]
FF Extension: MEGA - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\firefox@mega.co.nz.xpi [2013-03-22]
FF Extension: NoScript - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-27]
FF Extension: Download YouTube Videos as MP4 - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-01-08]
FF Extension: Adblock Plus - C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-27]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Firefox\Extensions: [{5820539B-D2F8-11E1-8270-B8AC6F996F26}] - C:\Users\KIEU\AppData\Local\{5820539B-D2F8-11E1-8270-B8AC6F996F26}

Chrome:
=======
CHR HomePage: Default -> https://au.search.ya...54&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://au.search.ya...4&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://au.search.ya...p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.ya...d={searchTerms}
CHR Profile: C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (Google Search) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (Gmail) - C:\Users\KIEU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-07-26] (NOS Microsystems Ltd.)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-16] (Emsisoft GmbH)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-16] (Emsisoft GmbH)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-16] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-16] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-16] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2013-10-16] (Emsisoft)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-08] (Windows ® Server 2003 DDK provider)
S3 sssdbus; C:\Windows\System32\DRIVERS\sssdbus.sys [129352 2010-04-27] (MCCI Corporation)
S3 sssdmdfl; C:\Windows\System32\DRIVERS\sssdmdfl.sys [20808 2010-04-27] (MCCI Corporation)
S3 sssdmdm; C:\Windows\System32\DRIVERS\sssdmdm.sys [163144 2010-04-27] (MCCI Corporation)
S3 sssdmgmt; C:\Windows\System32\DRIVERS\sssdmgmt.sys [142664 2010-04-27] (MCCI Corporation)
S3 sssdobex; C:\Windows\System32\DRIVERS\sssdobex.sys [138056 2010-04-27] (MCCI Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]
U3 aswMBR; \??\C:\Users\KIEU\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\KIEU\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 00:59 - 2015-01-10 00:59 - 00019650 _____ () C:\Users\KIEU\Desktop\FRST.txt
2015-01-10 00:58 - 2015-01-10 00:59 - 00000000 ____D () C:\FRST
2015-01-10 00:57 - 2015-01-10 00:57 - 02124288 _____ (Farbar) C:\Users\KIEU\Desktop\FRST64.exe
2015-01-10 00:55 - 2015-01-10 00:55 - 00003110 _____ () C:\Users\KIEU\Desktop\aswMBR.txt
2015-01-10 00:21 - 2015-01-10 00:21 - 05198336 _____ (AVAST Software) C:\Users\KIEU\Desktop\aswMBR.exe
2015-01-09 23:46 - 2015-01-09 23:46 - 00001806 _____ () C:\Users\KIEU\Documents\cc_20150109_234654.reg
2015-01-09 23:13 - 2015-01-09 23:13 - 00002048 _____ () C:\Users\KIEU\Documents\cc_20150109_231314.reg
2015-01-09 22:47 - 2015-01-09 22:47 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
2015-01-09 21:12 - 2015-01-09 21:12 - 00000608 _____ () C:\Users\KIEU\Documents\cc_20150109_211211.reg
2014-12-18 19:47 - 2014-12-13 16:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 19:47 - 2014-12-13 14:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 19:28 - 2014-12-11 19:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 01:29 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 01:29 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 00:55 - 2013-09-22 17:02 - 00000512 _____ () C:\Users\KIEU\Desktop\MBR.dat
2015-01-10 00:49 - 2011-08-28 18:01 - 00000000 ____D () C:\Program Files (x86)\Giraffic
2015-01-10 00:17 - 2010-08-14 18:01 - 01609525 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 00:07 - 2014-07-05 17:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 00:03 - 2014-08-24 18:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 23:54 - 2009-07-14 15:45 - 00022272 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 23:54 - 2009-07-14 15:45 - 00022272 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 23:53 - 2009-07-14 16:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 23:50 - 2011-08-28 18:01 - 00000000 ____D () C:\ProgramData\Giraffic
2015-01-09 23:50 - 2010-08-14 21:12 - 00000000 ____D () C:\Users\KIEU\AppData\Roaming\Adobe
2015-01-09 23:50 - 2010-03-10 09:14 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-09 23:49 - 2014-09-13 23:06 - 00009184 _____ () C:\Windows\setupact.log
2015-01-09 23:49 - 2014-08-24 18:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 23:49 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 22:51 - 2014-09-15 21:38 - 00010084 _____ () C:\Windows\PFRO.log
2015-01-09 21:36 - 2014-07-05 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-09 21:13 - 2014-07-05 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 21:13 - 2012-01-26 16:58 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-08 01:56 - 2010-08-15 19:28 - 00000000 ____D () C:\Users\KIEU\AppData\Roaming\Azureus
2014-12-31 22:14 - 2010-03-24 14:55 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 15:04 - 2009-07-14 16:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-16 00:54 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-13 16:35 - 2010-08-15 16:46 - 00000000 ____D () C:\Users\KIEU\AppData\Local\Adobe
2014-12-13 16:31 - 2012-09-30 17:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 16:31 - 2011-08-19 22:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:06 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 20:05 - 2014-08-24 18:48 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:28 - 2014-05-07 02:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 19:28 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 19:27 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 01:35 - 2013-07-13 03:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 01:31 - 2010-08-18 19:46 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

ZeroAccess:
C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 17:54

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by KIEU at 2015-01-10 00:59:47
Running from C:\Users\KIEU\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.87 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader 9.4.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.1 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz DVD 2 (HKLM-x32\...\{996F79F5-2ABF-4B9D-A0C0-ACD046AA8008}) (Version: 2.2.2.118 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.1026.2246.39002 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: - NCH Software)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
EASEUS Partition Master 9.1.0 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.8.509 - Australian Taxation Office)
FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time)
Free Download Manager 3.0 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free M4a to MP3 Converter 6.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 14.7.31.0 (HKLM\...\PROSetDX) (Version: 14.7.31.0 - Intel)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
K-Lite Codec Pack (64-bit) v4.0.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.0.0 - )
K-Lite Codec Pack 6.6.1 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.1 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maxtor Manager (HKLM-x32\...\InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}) (Version: 4.01.0303 - Seagate Technology)
Maxtor Manager (x32 Version: 4.01.0303 - Seagate Technology) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MKV Cutter 1.0 (HKLM-x32\...\MKV Cutter_is1) (Version: - spgsoft.com)
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MPEG Cutter 1.0 (HKLM-x32\...\MPEG Cutter_is1) (Version: - spgsoft.com)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
Nero 9 Essentials (HKLM-x32\...\{59f85eda-819e-446d-8ed8-e010be07ba65}) (Version: - Nero AG)
Online Armor 5.5 (HKLM-x32\...\OnlineArmor_is1) (Version: 5.5 - Emsi Software GmbH)
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
RaySource 2.1.10.8366 (HKLM-x32\...\RaySource) (Version: 2.1.10.8366 - RaySource Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.450.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.0.0.809 - Memeo Inc.)
SmartFTP (HKLM-x32\...\{11C762F9-95EA-486A-A8E7-683A50C231C1}) (Version: 1.0.980 - SmartFTP)
SmartFTP Client (HKLM\...\{A976F922-9E72-4537-9FDF-DB8498525059}) (Version: 6.0.2054.0 - SmartSoft Ltd.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.18 - Tweaking.com)
Ulead VideoStudio 11 (HKLM-x32\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)
USB TV Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Veoh Giraffic Video Accelerator (HKLM-x32\...\Giraffic) (Version: 0.86.412.230 - Giraffic)
Veoh Web Player (HKLM-x32\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VideoStudio (x32 Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VOB Cutter 1.0 (HKLM-x32\...\VOB Cutter_is1) (Version: - spgsoft.com)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-511611439-945934297-1488321886-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-511611439-945934297-1488321886-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-511611439-945934297-1488321886-1001_Classes\CLSID\{771CF1A6-FC96-45cf-B011-6469F0E56F64}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

26-12-2014 20:48:21 Windows Update
30-12-2014 21:05:31 Windows Update
02-01-2015 21:10:41 Windows Update
06-01-2015 21:37:12 Windows Update
09-01-2015 22:45:22 Installed Adobe Photoshop
09-01-2015 22:55:24 Removed Adobe Photoshop
09-01-2015 22:58:23 Removed Adobe Photoshop
09-01-2015 23:00:44 Removed Adobe Photoshop
09-01-2015 23:14:47 Removed Adobe Photoshop
09-01-2015 23:23:06 Restore Operation
09-01-2015 23:44:49 Removed Adobe Photoshop

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2013-09-26 19:28 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0759CEE5-DB02-4EBC-886C-0E6BD5DC22A3} - System32\Tasks\{8EF0EFBA-0B25-45AC-8827-FA0D144CD70D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe" -d "C:\Program Files (x86)\Common Files\Ahead\Nero Web" -c -ScParameter=8 MODE="update"
Task: {27D93087-1A61-4B04-9407-48793C89BC29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {377E6AE5-6965-40A3-8E9C-C610C61CD8BB} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2011-08-25] (Veoh Networks)
Task: {4EA9CC50-45BA-4018-9D04-7AD1F2836516} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {5712E4CD-523C-481F-BC45-91BD5FA43D0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {7F1FF788-4866-49D6-A395-A117B0D37775} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D97E034B-F9E7-4B98-A11C-50BA84F8ADA3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-15 00:02 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-10-26 22:45 - 2010-10-26 22:45 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 20:52 - 2014-12-09 20:52 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: AvgUninstallURL => cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.872
MSCONFIG\startupreg: Grid Service => "C:\Program Files (x86)\GridService\peer.exe" -n Grid
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: mxomssmenu => "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UVS11 Preload => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-511611439-945934297-1488321886-500 - Administrator - Disabled)
Guest (S-1-5-21-511611439-945934297-1488321886-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-511611439-945934297-1488321886-1002 - Limited - Enabled)
KIEU (S-1-5-21-511611439-945934297-1488321886-1001 - Administrator - Enabled) => C:\Users\KIEU

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\WindowsCodecs.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program avast! Antirootkit because of this error.

Program: avast! Antirootkit
File: C:\Windows\SysWOW64\WindowsCodecs.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: WindowsCodecs.dll, version: 6.2.9200.17170, time stamp: 0x545aec6a
Exception code: 0xc0000006
Fault offset: 0x00038fb7
Faulting process id: 0x930
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (01/10/2015 00:13:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13d8

Start Time: 01d02c0e05e8ab2b

Termination Time: 47

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 5cf30708-9801-11e4-946d-001fbc092376

Error: (01/10/2015 00:10:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9cc

Start Time: 01d02c0cf738ad6e

Termination Time: 38

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: e8d3375c-9800-11e4-946d-001fbc092376

Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\WindowsCodecs.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.

Program: Malwarebytes Anti-Malware
File: C:\Windows\SysWOW64\WindowsCodecs.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: WindowsCodecs.dll, version: 6.2.9200.17170, time stamp: 0x545aec6a
Exception code: 0xc0000006
Fault offset: 0x00038fb7
Faulting process id: 0x33c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/10/2015 00:05:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1078

Start Time: 01d02c0ca02feedb

Termination Time: 30

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 2f1abef3-9800-11e4-946d-001fbc092376

Error: (01/10/2015 00:03:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1464

Start Time: 01d02c0ae4cd03f6

Termination Time: 33

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: cca9b54f-97ff-11e4-946d-001fbc092376

Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\WindowsCodecs.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Adobe Photoshop CS Middle East Version because of this error.

Program: Adobe Photoshop CS Middle East Version
File: C:\Windows\SysWOW64\WindowsCodecs.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 8.0.0.0, time stamp: 0x40312596
Faulting module name: WindowsCodecs.dll, version: 6.2.9200.17170, time stamp: 0x545aec6a
Exception code: 0xc0000006
Fault offset: 0x0005a280
Faulting process id: 0x15ac
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3

System errors:
=============
Error: (01/10/2015 00:57:23 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:57:20 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:57:05 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:57:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:56:59 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:56:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:55:44 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:55:35 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:55:32 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:53:48 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\WindowsCodecs.dllavast! AntirootkitC000009C3

Error: (01/10/2015 00:56:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.22525465ba64WindowsCodecs.dll6.2.9200.17170545aec6ac000000600038fb793001d02c0fe4e2c4e5C:\Users\KIEU\Desktop\aswMBR.exeC:\Windows\system32\WindowsCodecs.dll3f326cc4-9807-11e4-946d-001fbc092376

Error: (01/10/2015 00:13:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.544313d801d02c0e05e8ab2b47C:\Program Files (x86)\Mozilla Firefox\firefox.exe5cf30708-9801-11e4-946d-001fbc092376

Error: (01/10/2015 00:10:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.54439cc01d02c0cf738ad6e38C:\Program Files (x86)\Mozilla Firefox\firefox.exee8d3375c-9800-11e4-946d-001fbc092376

Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\WindowsCodecs.dllMalwarebytes Anti-MalwareC000009C3

Error: (01/10/2015 00:07:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecWindowsCodecs.dll6.2.9200.17170545aec6ac000000600038fb733c01d02c0d2da44ff5C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\system32\WindowsCodecs.dll7d88028e-9800-11e4-946d-001fbc092376

Error: (01/10/2015 00:05:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443107801d02c0ca02feedb30C:\Program Files (x86)\Mozilla Firefox\firefox.exe2f1abef3-9800-11e4-946d-001fbc092376

Error: (01/10/2015 00:03:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443146401d02c0ae4cd03f633C:\Program Files (x86)\Mozilla Firefox\firefox.execca9b54f-97ff-11e4-946d-001fbc092376

Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\WindowsCodecs.dllAdobe Photoshop CS Middle East VersionC000009C3

Error: (01/09/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Photoshop.exe8.0.0.040312596WindowsCodecs.dll6.2.9200.17170545aec6ac00000060005a28015ac01d02c0abfd35c94C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exeC:\Windows\system32\WindowsCodecs.dll53123247-97ff-11e4-946d-001fbc092376

CodeIntegrity Errors:
===================================
Date: 2012-09-25 22:14:00.240
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-25 22:14:00.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-25 22:14:00.115
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-25 22:14:00.053
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-24 00:20:32.692
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-24 00:20:32.629
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-24 00:20:32.567
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-24 00:20:32.504
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-23 16:32:37.582
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-23 16:32:37.519
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 12279.18 MB
Available physical RAM: 8948.11 MB
Total Pagefile: 24556.54 MB
Available Pagefile: 21017.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:574.97 GB) (Free:245.29 GB) NTFS
Drive l: (DBSK) (Fixed) (Total:374.28 GB) (Free:62.19 GB) NTFS
Drive m: (MP3) (Fixed) (Total:151.19 GB) (Free:20.84 GB) NTFS
Drive n: (VIDEOS) (Fixed) (Total:195.31 GB) (Free:29.2 GB) NTFS
Drive o: (ANIME) (Fixed) (Total:58.59 GB) (Free:1.04 GB) NTFS
Drive p: (DOWNLOADS) (Fixed) (Total:39.06 GB) (Free:2.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 23615803)
Partition 1: (Active) - (Size=2.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=575 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=818.6 GB) - (Type=OF Extended)

==================== End Of Log ============================

Advertisements

Register to Remove

#2 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 09 January 2015 - 08:29 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

Your hard drive is damaged:

Error: (01/10/2015 00:57:23 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:57:20 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:57:05 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2015 00:57:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

These bad blocks are the main reason for your malfunctioning programs.

In addition, there are remainings of an older trojan horse.

Let´s have a look the hard drive:

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

Click the "Windows Orb" Start button, then click Computer.
Right-click on the drive that you wish to check > Properties > Tools tab
In the "Error checking" section, click on Check now.
Place a checkmark in both boxes > Start.
If the disk you have chosen is the Windows system disk:
A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
Click Schedule disk check > OK and close all windows.
Re-start the computer. The disk will be checked when the system boots.
This will take some time to run and at times may appear stalled but just let it run.
When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
The Event Viewer window will open.
In the left pane, expand "Windows Logs" and then click on Application.
In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
Click on that Wininit entry to select it.
On the top main menu, click Action > Copy > Copy Details as Text.
Paste the contents into your next reply.

Proud Member of UNITE & TB

#3 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 09 January 2015 - 08:44 AM

Hi Marius,

Thank you for your help.

I have a question. My hard drive is split into several partitions C, L, M, N, O and P. Do I do the Check Disk to all of them?

#4 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 09 January 2015 - 09:09 AM

Please check the system partition only

Proud Member of UNITE & TB

#5 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 09 January 2015 - 09:20 AM

Not sure if I'm doing something wrong but I selected Cdrive and then restarted computer. But after it restarted, the check disk didn't run automatically. Have I done something wrong?

#6 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 09 January 2015 - 09:34 AM

Please try again and have a look to the event logs afterwards

Proud Member of UNITE & TB

#7 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 09 January 2015 - 11:44 AM

I did it. Here is the log:

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          10/01/2015 4:23:38 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      KIEU-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0xf365.
Cleaning up instance tags for file 0x1fe60.
  328448 file records processed.                                         

File verification completed.
  3516 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  43 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  398158 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  328448 file SDs/SIDs processed.                                        

Cleaning up 1778 unused index entries from index $SII of file 0x9.
Cleaning up 1778 unused index entries from index $SDH of file 0x9.
Cleaning up 1778 unused security descriptors.
Security descriptor verification completed.
  34856 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35302448 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0xc6c11000 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0xc6c17000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c18000 for 0x5000 bytes.
Read failure with status 0xc000009c at offset 0xc6c18000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c19000 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xc6c19000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1a000 for 0x3000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1b000 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1b000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1c000 for 0x1000 bytes.
Windows replaced bad clusters in file 24308
of name \Windows\winsxs\AM3E95~1.163\NDISCA~1.DLL.
Read failure with status 0xc000009c at offset 0xc4b39000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc4b47000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc4b48000 for 0x7000 bytes.
Read failure with status 0xc000009c at offset 0xc4b48000 for 0x1000 bytes.
Windows replaced bad clusters in file 57779
of name \Users\KIEU\AppData\Local\Mozilla\Firefox\Profiles\4Z6F4A~1.DE~\cache2\entries\9A3749~1.
Read failure with status 0xc000009c at offset 0x208c59000 for 0xd000 bytes.
Read failure with status 0xc000009c at offset 0xc7422000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc7428000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc7429000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc7429000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742b000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742d000 for 0x1000 bytes.
Windows replaced bad clusters in file 97026
of name \Windows\System32\config\RegBack\DEFAULT.
Read failure with status 0xc000009c at offset 0x2d7ec000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ee000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ef000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7f0000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7f1000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7f1000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d2000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d6000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d7000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d7000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d8000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d8000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d9000 for 0x1000 bytes.
Windows replaced bad clusters in file 101917
of name \Users\KIEU\AppData\Roaming\MICROS~1\Windows\Recent\AUTOMA~1\29B318~1.AU~.
Read failure with status 0xc000009c at offset 0xdfc29000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xdfc2c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xdfc2d000 for 0xd000 bytes.
Read failure with status 0xc000009c at offset 0xdfc2d000 for 0x1000 bytes.
Windows replaced bad clusters in file 106769
of name \Users\KIEU\AppData\Roaming\Mozilla\Firefox\CRASHR~1\pending\DF246F~4.DMP.
Read failure with status 0xc000009c at offset 0x670ef000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2daff000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db06000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2db07000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db07000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2db08000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db09000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2db0a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db0a000 for 0x1000 bytes.
Windows replaced bad clusters in file 127640
of name \Windows\winsxs\X80236~1.18~\WINDOW~1.DLL.
Read failure with status 0xc000009c at offset 0x2dc3d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2dc49000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2dc4a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2dc4a000 for 0x1000 bytes.
Windows replaced bad clusters in file 130830
of name \Windows\System32\catroot\{F750E~1\PA7813~1.CAT.
Read failure with status 0xc000009c at offset 0xc7310000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc7318000 for 0x1000 bytes.
Windows replaced bad clusters in file 142924
of name \Windows\SERVIC~1\Packages\PA6A1B~1.CAT.
Read failure with status 0xc000009c at offset 0x22876c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228776000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x228777000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228777000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x228778000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228778000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x228779000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228779000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x22877a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x22877a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x22877b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x22877b000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x22877c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x22877c000 for 0x1000 bytes.
Windows replaced bad clusters in file 168361
of name \Windows\winsxs\X86BB6~1.16~\urlmon.dll.
Read failure with status 0xc000009c at offset 0xe0eec000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xe0eee000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xe0eef000 for 0x10000 bytes.
Windows replaced bad clusters in file 171838
of name \Download\-UNKNO~1\宠臣-海报.jpg.
Read failure with status 0xc000009c at offset 0xc6c1d000 for 0x3000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1d000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1e000 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1e000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1f000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1f000 for 0x1000 bytes.
Windows replaced bad clusters in file 181865
of name \Windows\System32\DRIVER~1\FILERE~1\SSAEUN~1.INF\ssaeunic.PNF.
Read failure with status 0xc000009c at offset 0x2d790000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d796000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d797000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d798000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7b9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7b9000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ba000 for 0xf000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ba000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bb000 for 0xe000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bb000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bc000 for 0xd000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bc000 for 0x1000 bytes.
Windows replaced bad clusters in file 184826
of name \Windows\System32\catroot\{F750E~1\PADCB5~1.CAT.
Read failure with status 0xc000009c at offset 0xc7304000 for 0xa000 bytes.
Read failure with status 0xc000009c at offset 0xc7304000 for 0x1000 bytes.
Windows replaced bad clusters in file 196270
of name \Windows\MICROS~1.NET\FRAMEW~2\V40~1.303\SY2D65~1.DLL.
  328432 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  64304818 free clusters processed.                                        

Free space verification is complete.
Adding 56 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 602894879 KB total disk space.
 345096676 KB in 180288 files.
    127316 KB in 34857 indexes.
       224 KB in bad sectors.
    451423 KB in use by the system.
     65536 KB occupied by the log file.
 257219240 KB available on disk.

      4096 bytes in each allocation unit.
 150723719 total allocation units on disk.
  64304810 allocation units available on disk.

Internal Info:
00 03 05 00 73 48 03 00 40 36 06 00 00 00 00 00  ....sH..@6......
e7 51 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  .Q..+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-09T17:23:38.000000000Z" />
    <EventRecordID>102363</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>KIEU-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0xf365.
Cleaning up instance tags for file 0x1fe60.
  328448 file records processed.                                         

File verification completed.
  3516 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  43 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  398158 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  328448 file SDs/SIDs processed.                                        

Cleaning up 1778 unused index entries from index $SII of file 0x9.
Cleaning up 1778 unused index entries from index $SDH of file 0x9.
Cleaning up 1778 unused security descriptors.
Security descriptor verification completed.
  34856 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35302448 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0xc6c11000 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0xc6c17000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c18000 for 0x5000 bytes.
Read failure with status 0xc000009c at offset 0xc6c18000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c19000 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xc6c19000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1a000 for 0x3000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1b000 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1b000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1c000 for 0x1000 bytes.
Windows replaced bad clusters in file 24308
of name \Windows\winsxs\AM3E95~1.163\NDISCA~1.DLL.
Read failure with status 0xc000009c at offset 0xc4b39000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc4b47000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc4b48000 for 0x7000 bytes.
Read failure with status 0xc000009c at offset 0xc4b48000 for 0x1000 bytes.
Windows replaced bad clusters in file 57779
of name \Users\KIEU\AppData\Local\Mozilla\Firefox\Profiles\4Z6F4A~1.DE~\cache2\entries\9A3749~1.
Read failure with status 0xc000009c at offset 0x208c59000 for 0xd000 bytes.
Read failure with status 0xc000009c at offset 0xc7422000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc7428000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc7429000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc7429000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742b000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc742d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc742d000 for 0x1000 bytes.
Windows replaced bad clusters in file 97026
of name \Windows\System32\config\RegBack\DEFAULT.
Read failure with status 0xc000009c at offset 0x2d7ec000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ee000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ef000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7f0000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7f1000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7f1000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d2000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d6000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d7000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d7000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d8000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d8000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d8d9000 for 0x1000 bytes.
Windows replaced bad clusters in file 101917
of name \Users\KIEU\AppData\Roaming\MICROS~1\Windows\Recent\AUTOMA~1\29B318~1.AU~.
Read failure with status 0xc000009c at offset 0xdfc29000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xdfc2c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xdfc2d000 for 0xd000 bytes.
Read failure with status 0xc000009c at offset 0xdfc2d000 for 0x1000 bytes.
Windows replaced bad clusters in file 106769
of name \Users\KIEU\AppData\Roaming\Mozilla\Firefox\CRASHR~1\pending\DF246F~4.DMP.
Read failure with status 0xc000009c at offset 0x670ef000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2daff000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db06000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2db07000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db07000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2db08000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db09000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2db0a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2db0a000 for 0x1000 bytes.
Windows replaced bad clusters in file 127640
of name \Windows\winsxs\X80236~1.18~\WINDOW~1.DLL.
Read failure with status 0xc000009c at offset 0x2dc3d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2dc49000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2dc4a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2dc4a000 for 0x1000 bytes.
Windows replaced bad clusters in file 130830
of name \Windows\System32\catroot\{F750E~1\PA7813~1.CAT.
Read failure with status 0xc000009c at offset 0xc7310000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xc7318000 for 0x1000 bytes.
Windows replaced bad clusters in file 142924
of name \Windows\SERVIC~1\Packages\PA6A1B~1.CAT.
Read failure with status 0xc000009c at offset 0x22876c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228776000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x228777000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228777000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x228778000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228778000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x228779000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x228779000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x22877a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x22877a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x22877b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x22877b000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x22877c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x22877c000 for 0x1000 bytes.
Windows replaced bad clusters in file 168361
of name \Windows\winsxs\X86BB6~1.16~\urlmon.dll.
Read failure with status 0xc000009c at offset 0xe0eec000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xe0eee000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xe0eef000 for 0x10000 bytes.
Windows replaced bad clusters in file 171838
of name \Download\-UNKNO~1\宠臣-海报.jpg.
Read failure with status 0xc000009c at offset 0xc6c1d000 for 0x3000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1d000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1e000 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1e000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1f000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xc6c1f000 for 0x1000 bytes.
Windows replaced bad clusters in file 181865
of name \Windows\System32\DRIVER~1\FILERE~1\SSAEUN~1.INF\ssaeunic.PNF.
Read failure with status 0xc000009c at offset 0x2d790000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d796000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d797000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d798000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7b9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2d7b9000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ba000 for 0xf000 bytes.
Read failure with status 0xc000009c at offset 0x2d7ba000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bb000 for 0xe000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bb000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bc000 for 0xd000 bytes.
Read failure with status 0xc000009c at offset 0x2d7bc000 for 0x1000 bytes.
Windows replaced bad clusters in file 184826
of name \Windows\System32\catroot\{F750E~1\PADCB5~1.CAT.
Read failure with status 0xc000009c at offset 0xc7304000 for 0xa000 bytes.
Read failure with status 0xc000009c at offset 0xc7304000 for 0x1000 bytes.
Windows replaced bad clusters in file 196270
of name \Windows\MICROS~1.NET\FRAMEW~2\V40~1.303\SY2D65~1.DLL.
  328432 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  64304818 free clusters processed.                                        

Free space verification is complete.
Adding 56 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 602894879 KB total disk space.
 345096676 KB in 180288 files.
    127316 KB in 34857 indexes.
       224 KB in bad sectors.
    451423 KB in use by the system.
     65536 KB occupied by the log file.
 257219240 KB available on disk.

      4096 bytes in each allocation unit.
 150723719 total allocation units on disk.
  64304810 allocation units available on disk.

Internal Info:
00 03 05 00 73 48 03 00 40 36 06 00 00 00 00 00  ....sH..@6......
e7 51 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  .Q..+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

#8 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 09 January 2015 - 11:48 AM

You need to replace your hard drive ASAP as it is seriously damaged.

Feel free to come back and finish the malware removal process, when done.

Proud Member of UNITE & TB

#9 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 09 January 2015 - 06:37 PM

Omg. I don't know how to do that. Will I lose everything? Is it basically dead now and I have to go buy a new computer?

#10 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 10 January 2015 - 07:07 AM

After panicking I eventually got my sister to help me with replacing a new hard drive. I got to as far as installing windows and now I'm stuck on partitioning the drive. I bought a 4TB hard drive and it only allows me to create partition for 2TB. The remaining 1.64TB is unallocated and I can't do anything with it. I am about to pull my hair out but I will seek help in the right forum since this is only for virus stuff.

#11 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 12 January 2015 - 03:44 AM

OK, good luck.

If you need this topic again, please send me a pm.

Proud Member of UNITE & TB

#12 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 12 January 2015 - 03:44 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Proud Member of UNITE & TB

Body Background

skin color theme