ChiefMango Skrevet 23. juli 2014 Del Skrevet 23. juli 2014 Hei folkens! Jeg trenger hjelp av dere da jeg ikke er så voldsomt flink med slikt. Problemet er som følger: Jeg har lagt merke til at viftene har jobbet ekstremt hardt i det siste og regnet vel egentlig med at det var pga varmen. Uansett, idag fikk jeg bluescreen og når jeg skulle starte pc'n igjen kom jeg til startup repair.. Jeg får melding om at den ikke klarer å reparere denne feilen, og dette skjer hver eneste gang jeg prøver å skru på pc'n. Jeg sjekket litt detaljer og fant denne "boot critical file c:\windows\system32\drivers\atapi.sys". Søkt litt rundt og det meste sier at jeg skal inn i cmd for å fikse... Det som er problemet er at cmd ikke godkjenner noen av commandsa jeg skriver + jeg må lete over hele tastaturet etter riktige symboler da de tydeligvis er byttet om inne i cmd....er det noen som vet hva jeg kan gjøre? Jeg vil såklart helst ikke formatere hele pc'n.. Jeg er som sagt også ikke så flink med dette, så jo lettere dere forklarer, jo bedre Takk! Lenke til kommentar
mobile999 Skrevet 24. juli 2014 Del Skrevet 24. juli 2014 (endret) Hvis du har en minnepenn så kan du forsøke dette (din pc er ikke nødvendigvis infisert): On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive. Note: You need to run the version compatible with your system. Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select your keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used. To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select your keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt Once in the Command Prompt:In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Endret 24. juli 2014 av mobile999 Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 Tusen takk! Skal prøve dette når jeg kommer hjem fra jobb! Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 Vil du jeg skal Copy - paste hele notepadloggen jeg fikk? Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 her er den uansett Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 Ran by SYSTEM on MININT-A6ELPP2 on 24-07-2014 18:52:32 Running from H:\ Platform: Windows 7 Ultimate (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-14] (Logitech Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575384 2014-07-08] () HKU\Baus\...\Run: [browser Infrastructure Helper] => C:\Users\Baus\AppData\Local\Smartbar\Application\SnapDo.exe startup HKU\Baus\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log HKU\Baus\...\Run: [spotify Web Helper] => C:\Users\Baus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-01] (Spotify Ltd) HKU\Baus\...\Run: [f.lux] => C:\Users\Baus\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\Baus\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-10] (NETGEAR Inc.) HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => No File ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-04-09] (EasyAntiCheat Ltd) S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] () S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.) S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-07-08] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () S0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] () S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-08] (AVG Technologies) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] () S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-06-18] () S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.) S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.) S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39080 2014-05-18] (Razer Inc) S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31400 2014-05-18] (Razer Inc) S3 WIMMount; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-13] () S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-24 18:52 - 2014-07-24 18:52 - 00000000 ____D () C:\FRST 2014-07-24 09:57 - 2014-07-24 09:57 - 00000000 ____D () C:\Windows\System32\config\mybackup 2014-07-21 07:14 - 2014-07-21 07:14 - 00000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2014-07-21 07:14 - 2014-07-21 07:14 - 00000000 ____D () C:\Users\Baus\AppData\Local\HearthstoneTracker 2014-07-21 07:13 - 2014-07-21 07:13 - 00001082 _____ () C:\Users\Baus\Desktop\HearthstoneTracker.lnk 2014-07-21 07:13 - 2014-07-21 07:13 - 00000000 ____D () C:\Program Files (x86)\HearthstoneTracker 2014-07-21 07:12 - 2014-07-21 07:13 - 10438399 _____ (HearthstoneTracker.com) C:\Users\Baus\Downloads\HearthstoneTracker-Setup.exe 2014-07-16 14:34 - 2014-07-16 14:34 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 09:20 - 2014-07-16 09:20 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\Mozilla 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Users\Baus\AppData\Local\Mozilla 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-16 09:19 - 2014-07-16 09:19 - 00284296 _____ (Mozilla) C:\Users\Baus\Downloads\Firefox Setup Stub 30.0.exe 2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1 2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\com.aspiro.wimp 2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\WiMP 2014-07-14 09:46 - 2014-07-14 09:46 - 00000881 _____ () C:\Users\Public\Desktop\WiMP.lnk 2014-07-14 09:46 - 2014-07-14 09:46 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\WiMP Music AS 2014-07-14 09:46 - 2014-07-14 09:46 - 00000000 ____D () C:\Program Files (x86)\WiMP 2014-07-14 09:25 - 2014-07-14 09:30 - 31115296 _____ (WiMP Music AS) C:\Users\Baus\Downloads\WiMP-3.1.0.1858-NO.exe 2014-07-09 11:15 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-07-09 11:15 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-07-09 11:15 - 2014-06-20 12:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-07-09 11:15 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 11:15 - 2014-06-18 17:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-07-09 11:15 - 2014-06-18 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-07-09 11:15 - 2014-06-18 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-07-09 11:15 - 2014-06-18 16:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-07-09 11:15 - 2014-06-18 16:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-07-09 11:15 - 2014-06-18 16:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-07-09 11:15 - 2014-06-18 16:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-07-09 11:15 - 2014-06-18 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-07-09 11:15 - 2014-06-18 16:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-07-09 11:15 - 2014-06-18 16:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-07-09 11:15 - 2014-06-18 16:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-07-09 11:15 - 2014-06-18 16:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-07-09 11:15 - 2014-06-18 16:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-07-09 11:15 - 2014-06-18 16:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-07-09 11:15 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 11:15 - 2014-06-18 16:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-07-09 11:15 - 2014-06-18 16:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-07-09 11:15 - 2014-06-18 15:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-07-09 11:15 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 11:15 - 2014-06-18 15:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-07-09 11:15 - 2014-06-18 15:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-07-09 11:15 - 2014-06-18 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-07-09 11:15 - 2014-06-18 15:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-07-09 11:15 - 2014-06-18 15:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-07-09 11:15 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 11:15 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 11:15 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 11:15 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 11:15 - 2014-06-18 15:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-07-09 11:15 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 11:15 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 11:15 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 11:15 - 2014-06-18 15:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-07-09 11:15 - 2014-06-18 15:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-07-09 11:15 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 11:15 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 11:15 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 11:15 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 11:15 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 11:15 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 11:15 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 11:15 - 2014-06-18 14:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-07-09 11:15 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 11:15 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 11:15 - 2014-06-18 14:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-07-09 11:15 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 11:15 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 11:15 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 11:15 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 11:15 - 2014-06-18 14:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-07-09 11:15 - 2014-06-18 14:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-07-09 11:15 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 11:15 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 11:15 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 11:15 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe 2014-07-09 11:15 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 11:15 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-07-09 11:15 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2014-07-09 11:15 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 11:15 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2014-07-09 11:15 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-07-09 11:15 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2014-07-09 11:15 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2014-07-09 11:15 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2014-07-09 11:15 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2014-07-09 11:15 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2014-07-09 11:15 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 11:15 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 11:15 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 11:15 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 11:15 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 11:15 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 11:15 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 11:15 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2014-07-09 11:14 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-07-09 11:14 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 11:14 - 2014-06-05 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-03 08:44 - 2014-07-08 10:05 - 00050464 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2014-07-03 08:44 - 2014-07-04 08:28 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar 2014-07-03 08:44 - 2014-07-03 12:44 - 00000000 ____D () C:\Users\Baus\AppData\Local\AVG Web TuneUp 2014-07-03 08:44 - 2014-07-03 08:44 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp 2014-07-03 08:44 - 2014-07-03 08:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-07-03 08:43 - 2014-07-08 10:05 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2014-07-02 08:46 - 2014-07-02 08:46 - 00000000 ____D () C:\Users\Baus\Documents\Dawngate 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ___HD () C:\$AVG 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\TuneUp Software 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\AVG2014 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\ProgramData\AVG2014 2014-07-01 11:45 - 2014-07-01 11:45 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-01 11:42 - 2014-07-23 07:36 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-01 11:42 - 2014-07-01 11:50 - 00000000 ____D () C:\Users\Baus\AppData\Local\Avg2014 2014-07-01 11:42 - 2014-07-01 11:42 - 00000000 ____D () C:\Users\Baus\AppData\Local\MFAData 2014-07-01 11:41 - 2014-07-01 11:42 - 04755192 _____ (AVG Technologies) C:\Users\Baus\Downloads\avg_free_stb_all_2014_4714_cnet.exe 2014-06-30 15:54 - 2014-07-02 08:48 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\DawngateData 2014-06-30 15:54 - 2014-06-30 15:54 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-06-30 15:53 - 2014-06-30 15:53 - 09269248 _____ () C:\Users\Baus\Downloads\Dawngate_en_us.msi 2014-06-27 11:14 - 2014-06-27 11:14 - 00000000 ____D () C:\Users\Baus\AppData\Local\MetaGeek,_LLC 2014-06-27 11:13 - 2014-06-27 11:13 - 04767744 _____ () C:\Users\Baus\Downloads\inSSIDer-installer.msi 2014-06-27 11:13 - 2014-06-27 11:13 - 04767744 _____ () C:\Users\Baus\Downloads\inSSIDer-installer (1).msi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-24 18:52 - 2014-07-24 18:52 - 00000000 ____D () C:\FRST 2014-07-24 09:57 - 2014-07-24 09:57 - 00000000 ____D () C:\Windows\System32\config\mybackup 2014-07-23 22:45 - 2009-07-13 15:23 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxproxy.dll 2014-07-23 22:44 - 2014-03-27 19:03 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL 2014-07-23 22:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE 2014-07-23 22:44 - 2009-07-13 16:14 - 00000000 _____ () C:\Windows\SysWOW64\wiatrace.dll 2014-07-23 22:44 - 2009-07-13 16:14 - 00000000 _____ () C:\Windows\SysWOW64\sti.dll 2014-07-23 22:44 - 2009-07-13 15:55 - 00000000 _____ () C:\Windows\SysWOW64\wshelper.dll 2014-07-23 22:44 - 2009-07-13 15:55 - 00000000 _____ () C:\Windows\SysWOW64\winsockhc.dll 2014-07-23 22:44 - 2009-07-13 15:55 - 00000000 _____ () C:\Windows\SysWOW64\uniplat.dll 2014-07-23 22:44 - 2009-07-13 15:54 - 00000000 _____ () C:\Windows\SysWOW64\ws2help.dll 2014-07-23 22:44 - 2009-07-13 15:54 - 00000000 _____ () C:\Windows\SysWOW64\traffic.dll 2014-07-23 22:44 - 2009-07-13 15:53 - 00000000 _____ () C:\Windows\SysWOW64\wshrm.dll 2014-07-23 22:44 - 2009-07-13 15:53 - 00000000 _____ () C:\Windows\SysWOW64\wshqos.dll 2014-07-23 22:44 - 2009-07-13 15:52 - 00000000 _____ () C:\Windows\SysWOW64\winipsec.dll 2014-07-23 22:44 - 2009-07-13 15:52 - 00000000 _____ () C:\Windows\SysWOW64\dhcpcmonitor.dll 2014-07-23 22:44 - 2009-07-13 15:36 - 00000000 _____ () C:\Windows\SysWOW64\WlS0WndH.dll 2014-07-23 22:44 - 2009-07-13 15:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2014-07-23 22:44 - 2009-07-13 15:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2014-07-23 22:44 - 2009-07-13 15:23 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll 2014-07-23 22:44 - 2009-07-13 15:23 - 00000000 _____ () C:\Windows\SysWOW64\vds_ps.dll 2014-07-23 22:44 - 2009-07-13 15:15 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll 2014-07-23 22:42 - 2014-03-26 05:59 - 00094592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys 2014-07-23 22:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\ras 2014-07-23 12:36 - 2014-03-28 19:07 - 00000000 ____D () C:\Users\Baus\AppData\Local\PMB Files 2014-07-23 12:24 - 2014-03-24 11:00 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\Skype 2014-07-23 12:17 - 2014-03-24 09:15 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-23 12:17 - 2014-03-24 09:15 - 00000984 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-23 12:17 - 2014-03-24 09:12 - 01168725 _____ () C:\Windows\WindowsUpdate.log 2014-07-23 09:13 - 2014-03-26 06:16 - 00000000 ____D () C:\Users\Baus\AppData\Local\Battle.net 2014-07-23 07:38 - 2009-07-13 20:45 - 00019904 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-23 07:38 - 2009-07-13 20:45 - 00019904 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-23 07:37 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-07-23 07:36 - 2014-07-01 11:42 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-23 07:31 - 2014-03-24 09:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-23 07:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-23 07:31 - 2009-07-13 20:51 - 00053095 _____ () C:\Windows\setupact.log 2014-07-22 10:13 - 2014-03-26 11:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-07-22 08:42 - 2009-07-13 21:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-21 15:11 - 2014-03-24 09:32 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-21 07:14 - 2014-07-21 07:14 - 00000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2014-07-21 07:14 - 2014-07-21 07:14 - 00000000 ____D () C:\Users\Baus\AppData\Local\HearthstoneTracker 2014-07-21 07:13 - 2014-07-21 07:13 - 00001082 _____ () C:\Users\Baus\Desktop\HearthstoneTracker.lnk 2014-07-21 07:13 - 2014-07-21 07:13 - 00000000 ____D () C:\Program Files (x86)\HearthstoneTracker 2014-07-21 07:13 - 2014-07-21 07:12 - 10438399 _____ (HearthstoneTracker.com) C:\Users\Baus\Downloads\HearthstoneTracker-Setup.exe 2014-07-18 07:26 - 2014-03-26 06:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-07-18 05:42 - 2014-03-24 09:16 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-16 14:34 - 2014-07-16 14:34 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 12:58 - 2014-04-03 05:09 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\Spotify 2014-07-16 12:51 - 2014-04-03 05:09 - 00000000 ____D () C:\Users\Baus\AppData\Local\Spotify 2014-07-16 09:20 - 2014-07-16 09:20 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\Mozilla 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Users\Baus\AppData\Local\Mozilla 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-16 09:20 - 2014-07-16 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-16 09:19 - 2014-07-16 09:19 - 00284296 _____ (Mozilla) C:\Users\Baus\Downloads\Firefox Setup Stub 30.0.exe 2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1 2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\com.aspiro.wimp 2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\WiMP 2014-07-14 09:46 - 2014-07-14 09:46 - 00000881 _____ () C:\Users\Public\Desktop\WiMP.lnk 2014-07-14 09:46 - 2014-07-14 09:46 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\WiMP Music AS 2014-07-14 09:46 - 2014-07-14 09:46 - 00000000 ____D () C:\Program Files (x86)\WiMP 2014-07-14 09:30 - 2014-07-14 09:25 - 31115296 _____ (WiMP Music AS) C:\Users\Baus\Downloads\WiMP-3.1.0.1858-NO.exe 2014-07-12 06:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-07-11 15:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-11 15:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism 2014-07-10 12:02 - 2014-06-09 12:10 - 00110072 _____ () C:\Windows\DPINST.LOG 2014-07-10 08:48 - 2014-05-06 08:10 - 00000000 ___SD () C:\Windows\System32\CompatTel 2014-07-10 08:48 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 08:48 - 2009-07-13 20:45 - 00296808 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-07-10 08:32 - 2014-03-29 08:00 - 00000000 ____D () C:\Windows\System32\MRT 2014-07-10 08:31 - 2014-03-29 08:00 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-07-10 08:28 - 2014-04-12 05:32 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-08 10:18 - 2014-04-12 05:31 - 00000000 ____D () C:\Users\Baus\AppData\Local\Adobe 2014-07-08 10:18 - 2014-03-28 06:21 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\Adobe 2014-07-08 10:05 - 2014-07-03 08:44 - 00050464 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2014-07-08 10:05 - 2014-07-03 08:43 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2014-07-05 16:53 - 2014-03-28 19:07 - 00000000 ____D () C:\ProgramData\PMB Files 2014-07-04 08:28 - 2014-07-03 08:44 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar 2014-07-03 12:44 - 2014-07-03 08:44 - 00000000 ____D () C:\Users\Baus\AppData\Local\AVG Web TuneUp 2014-07-03 08:44 - 2014-07-03 08:44 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp 2014-07-03 08:44 - 2014-07-03 08:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-07-02 08:48 - 2014-06-30 15:54 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\DawngateData 2014-07-02 08:46 - 2014-07-02 08:46 - 00000000 ____D () C:\Users\Baus\Documents\Dawngate 2014-07-01 12:00 - 2014-03-26 19:36 - 00000000 ____D () C:\Users\Baus\Desktop\Windows Loader 2014-07-01 11:50 - 2014-07-01 11:42 - 00000000 ____D () C:\Users\Baus\AppData\Local\Avg2014 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ___HD () C:\$AVG 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\TuneUp Software 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\Users\Baus\AppData\Roaming\AVG2014 2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\ProgramData\AVG2014 2014-07-01 11:45 - 2014-07-01 11:45 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-01 11:42 - 2014-07-01 11:42 - 00000000 ____D () C:\Users\Baus\AppData\Local\MFAData 2014-07-01 11:42 - 2014-07-01 11:41 - 04755192 _____ (AVG Technologies) C:\Users\Baus\Downloads\avg_free_stb_all_2014_4714_cnet.exe 2014-06-30 15:55 - 2014-05-11 11:04 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-06-30 15:54 - 2014-06-30 15:54 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-06-30 15:53 - 2014-06-30 15:53 - 09269248 _____ () C:\Users\Baus\Downloads\Dawngate_en_us.msi 2014-06-29 18:09 - 2014-07-09 11:15 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-06-29 18:04 - 2014-07-09 11:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-06-27 11:32 - 2014-03-27 18:42 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-06-27 11:31 - 2014-03-26 19:36 - 00000000 ____D () C:\Windows\System32\appmgmt 2014-06-27 11:14 - 2014-06-27 11:14 - 00000000 ____D () C:\Users\Baus\AppData\Local\MetaGeek,_LLC 2014-06-27 11:13 - 2014-06-27 11:13 - 04767744 _____ () C:\Users\Baus\Downloads\inSSIDer-installer.msi 2014-06-27 11:13 - 2014-06-27 11:13 - 04767744 _____ () C:\Users\Baus\Downloads\inSSIDer-installer (1).msi 2014-06-25 11:35 - 2014-03-24 09:15 - 00003984 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-25 11:35 - 2014-03-24 09:15 - 00003732 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Baus\AppData\Local\Temp\cabex.dll C:\Users\Baus\AppData\Local\Temp\Installer.exe C:\Users\Baus\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Baus\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Baus\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Baus\AppData\Local\Temp\nvStInst.exe C:\Users\Baus\AppData\Local\Temp\PCSpeedMaximizer.exe C:\Users\Baus\AppData\Local\Temp\sfamcc00001.dll C:\Users\Baus\AppData\Local\Temp\sfextra.dll C:\Users\Baus\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Baus\AppData\Local\Temp\Tsu719CF645.dll C:\Users\Baus\AppData\Local\Temp\tu17p84.exe C:\Users\Baus\AppData\Local\Temp\unelevate.exe C:\Users\Baus\AppData\Local\Temp\ytai_ytareg_setup.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe [2009-07-13 15:36] - [2009-07-13 17:14] - 0096256 ____A () 1FCA664B8418F7F83158A4462D42F30C C:\Windows\SysWOW64\wininit.exe No Company Name <===== ATTENTION! C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe [2009-07-13 15:19] - [2009-07-13 17:14] - 0020992 ____A () A1FCB2F4A2F108496B03BEE44274A5CF C:\Windows\SysWOW64\svchost.exe No Company Name <===== ATTENTION! C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8191.18 MB Available physical RAM: 7387.63 MB Total Pagefile: 8189.32 MB Available Pagefile: 7387.52 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:7.22 GB) NTFS Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: () (Fixed) (Total:244.04 GB) (Free:235.93 GB) NTFS Drive f: () (Fixed) (Total:221.62 GB) (Free:28.42 GB) NTFS Drive h: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 06199AEE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: C5F92B1C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 9BCFE659) Partition 1: (Active) - (Size=2 GB) - (Type=0C) LastRegBack: 2014-07-18 05:49 ==================== End Of Log ============================ Lenke til kommentar
mobile999 Skrevet 24. juli 2014 Del Skrevet 24. juli 2014 (endret) Ok. Jeg skal lese igjennom. Endret 24. juli 2014 av mobile999 Lenke til kommentar
mobile999 Skrevet 24. juli 2014 Del Skrevet 24. juli 2014 Skriv dette inn i søkeboksen til FRST og klikk "Search File(s)" (filnavnene er separert med semikolon): wininit.exe;svchost.exe;atapi.sys Post deretter innholdet av Search.txt. Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 Farbar Recovery Scan Tool (x64) Version: 24-07-2014 Ran by SYSTEM at 2014-07-24 21:12:37 Running from H:\ Boot Mode: Recovery ================== Search Files: "Wininit.exe;svhost.exe;atapi.sys" ============= C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009-07-13 15:36][2009-07-13 17:14] 0096256 ____A () 1FCA664B8418F7F83158A4462D42F30C C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys [2009-07-13 15:19][2009-07-13 17:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys [2009-07-13 15:19][2009-07-13 17:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2009-07-13 15:19][2009-07-13 17:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009-07-13 15:19][2009-07-13 17:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009-07-13 15:52][2009-07-13 17:39] 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA C:\Windows\SysWOW64\wininit.exe [2009-07-13 15:36][2009-07-13 17:14] 0096256 ____A () 1FCA664B8418F7F83158A4462D42F30C C:\Windows\System32\wininit.exe [2009-07-13 15:52][2009-07-13 17:39] 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-13 15:19][2009-07-13 17:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys [2009-07-13 15:19][2009-07-13 17:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C C:\Windows\System32\drivers\atapi.sys [2009-07-13 15:19][2009-07-13 17:52] 0024128 ____A () DBB7E3A3E7B31542F7C7DFF9642DD8A9 X:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009-07-13 19:01][2009-07-13 19:01] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C X:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009-07-13 15:52][2009-07-13 17:39] 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA X:\Windows\System32\wininit.exe [2009-07-13 15:52][2009-07-13 17:39] 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA X:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-13 19:01][2009-07-13 19:01] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C X:\Windows\System32\drivers\atapi.sys [2009-07-13 19:01][2009-07-13 19:01] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C ====== End Of Search ====== Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 søkte jeg riktig? Lenke til kommentar
mobile999 Skrevet 24. juli 2014 Del Skrevet 24. juli 2014 nei du søkte etter svhost.exe. Søk igjen denne gangen etter kun filen: svchost.exe post search.txt Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 Farbar Recovery Scan Tool (x64) Version: 24-07-2014 Ran by SYSTEM at 2014-07-24 21:44:50 Running from H:\ Boot Mode: Recovery ================== Search Files: "svchost.exe" ============= C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009-07-13 15:19][2009-07-13 17:14] 0020992 ____A () A1FCB2F4A2F108496B03BEE44274A5CF C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D C:\Windows\SysWOW64\svchost.exe [2009-07-13 15:19][2009-07-13 17:14] 0020992 ____A () A1FCB2F4A2F108496B03BEE44274A5CF C:\Windows\System32\svchost.exe [2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D X:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D X:\Windows\System32\svchost.exe [2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D ====== End Of Search ====== Lenke til kommentar
mobile999 Skrevet 24. juli 2014 Del Skrevet 24. juli 2014 fixlist.txt må lagres i samme mappe som FRST64.exe: Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt. Replace: C:\Windows\SysWOW64\wininit.exe C:\FRST\Quarantine\wininit.ex_ Replace: C:\Windows\SysWOW64\svchost.exe C:\FRST\Quarantine\svchost.ex_ Replace: C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys C:\Windows\System32\drivers\atapi.sys NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system Start FRST på den infiserte pc'en og trykk Fix knappen én gang. Post innholdet i Fixlog.txt. Forsøk å starte pc'en normalt. Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 Ran by SYSTEM at 2014-07-24 22:45:44 Run:1 Running from H:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Replace: C:\Windows\SysWOW64\wininit.exe C:\FRST\Quarantine\wininit.ex_ Replace: C:\Windows\SysWOW64\svchost.exe C:\FRST\Quarantine\svchost.ex_ Replace: C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys C:\Windows\System32\drivers\atapi.sys ***************** Could not find C:\FRST\Quarantine\wininit.ex_. C:\Windows\SysWOW64\wininit.exe copied successfully to C:\FRST\Quarantine\wininit.ex_ Could not find C:\FRST\Quarantine\svchost.ex_. C:\Windows\SysWOW64\svchost.exe copied successfully to C:\FRST\Quarantine\svchost.ex_ C:\Windows\System32\drivers\atapi.sys => Moved successfully. C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys copied successfully to C:\Windows\System32\drivers\atapi.sys ==== End of Fixlog ==== Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 Jeg fikk startet pc'n nå og logget inn! (TAKK, du er en gud!) fikk en del feilmelinger (bad image) elns, der hvor det stod "*the program* is either not designed to run on windows 7 or it contains an error. Try installing the program again using original installation media or contact system admin for support" skal jeg bare prøve å reinstallere de? noen tips om hvordan å forhindre dette som har skjedd? eller forhindre slikt generellt? Lenke til kommentar
mobile999 Skrevet 24. juli 2014 Del Skrevet 24. juli 2014 (endret) Eneste endringen som ble gjort var å bytte ut mistenkelig atapi.sys med en som er ok. Datamaskinen har fremdeles mistenkelige wininit.exe og svchost.exe som ikke har blitt endret på. For å finne ut nærmere hva dette er for noe så bør du hente opp nettsiden https://www.virustotal.com og laste opp de tre filene: C:\FRST\Quarantine\wininit.ex_ C:\FRST\Quarantine\svchost.ex_ C:\FRST\Quarantine\C\Windows\System32\drivers\atapi.sys (riktig sti?) La virustotal scanne ferdig filen og post linken fra adresselinja til nettleseren slik at jeg kan lese resultatet. Du må gjøre dette en gang for hver fil og poste 3 linker. Hvilke programmer er det snakk om å reinstallere? Endret 24. juli 2014 av mobile999 Lenke til kommentar
ChiefMango Skrevet 24. juli 2014 Forfatter Del Skrevet 24. juli 2014 https://www.virustotal.com/en/file/39ecbf66aa48e3f17d88200ab577b30b78835a5314514b6a6776494b95e642ed/analysis/1406240054/ https://www.virustotal.com/en/file/2c43bd5ce811b894b842b6608311374f97ead3b27754d4ebc8dfbbf90946aa91/analysis/1406240118/ https://www.virustotal.com/en/file/45a01b50bca8b7d16c690923173d56eaffb8282e286902d88cd271e65ca6ed35/analysis/1406240204/ Det var ikke så viktige programmer så jeg bare reinstallerer de uansett Lenke til kommentar
mobile999 Skrevet 24. juli 2014 Del Skrevet 24. juli 2014 Følg denne guiden bortsett fra Step 5 Hitmanpro: http://malwaretips.com/blogs/remove-snapdo-virus/ Lenke til kommentar
ChiefMango Skrevet 25. juli 2014 Forfatter Del Skrevet 25. juli 2014 Ja, fant Snap.do blant annet ++... skal formatere i tillegg nå som jeg kan lagre alt jeg trenger Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå