Inactive Need help for a similar problem to a previous post

SvenVS

Posts: 17   +0
Hi my name is Sven.
Yesterday my PC worked just fine, but today it started really slow, and everything works slow as well. I have no network service and what's able to run, runs really slowly or stops working or just doesn't react.
The similar problem I mention in the title is in the link below:

https://www.techspot.com/community/...and-repair-error-0x45d-possible-virus.190687/

I also used system repair and looked into the details, to find an 0x45d error. I downloaded the FRST64.exe file and followed the steps mentioned. These are the logs from the text document saved on the used flash drive:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by SYSTEM on MININT-ISA9584 on 19-08-2014 22:04:15
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-09-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-09-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Sven\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\Sven\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-02] ()
HKU\Sven\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\Sven\...\Run: [Google Update] => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-02] (Google Inc.)
HKU\Sven\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\Sven\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-09-05] (Perfect World Entertainment Inc)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [977184 2014-08-06] (Overwolf LTD)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-03] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-20] ()
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-08] (Disc Soft Ltd)
S3 GameKB; C:\Windows\System32\drivers\GameKB.sys [31232 2013-10-15] ( )
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-24] (Realtek Semiconductor Corporation )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2013-02-22] (Realtek Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 22:04 - 2014-08-19 22:04 - 00000000 ____D () C:\FRST
2014-08-19 20:37 - 2014-08-19 20:37 - 398257793 _____ () C:\Windows\MEMORY.DMP
2014-08-19 20:37 - 2014-08-19 20:37 - 00262192 _____ () C:\Windows\Minidump\081914-43664-01.dmp
2014-08-19 19:10 - 2014-08-19 19:10 - 00003288 ____N () C:\bootsqm.dat
2014-08-19 17:10 - 2014-08-19 17:10 - 00970946 _____ () C:\Users\Sven\Downloads\Software Patch Information.zip
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\ProgramData\RegInOut
2014-08-13 21:50 - 2014-08-13 21:51 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Sven\Downloads\FreeYouTubeToMP3Converter (2).exe
2014-08-09 06:44 - 2014-08-09 06:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-09 06:44 - 2014-07-25 11:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 06:44 - 2014-07-25 11:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 06:44 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 06:44 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 19:05 - 2014-08-08 19:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-08 19:04 - 2014-08-19 21:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-08 19:04 - 2014-08-19 21:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-08 19:04 - 2014-08-19 21:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 19:04 - 2014-08-19 21:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 20:23 - 2014-08-03 20:23 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (2).exe
2014-08-03 20:22 - 2014-08-03 20:22 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (1).exe
2014-08-03 20:22 - 2014-08-03 20:22 - 00003148 _____ () C:\Windows\System32\Tasks\{593F4212-50F3-42A4-AAB6-69364BE0F182}
2014-08-03 20:21 - 2014-08-19 21:16 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-03 20:12 - 2014-08-03 20:12 - 41945432 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller.exe
2014-08-03 16:54 - 2014-08-14 22:16 - 00000000 ___RD () C:\Users\Sven\Dropbox
2014-08-03 16:52 - 2014-08-19 21:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Dropbox
2014-08-03 16:52 - 2014-08-03 16:52 - 00323696 _____ (Dropbox, Inc.) C:\Users\Sven\Downloads\DropboxInstaller.exe
2014-08-03 09:18 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-03 09:16 - 2014-07-02 21:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-08-03 09:16 - 2014-07-02 21:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434052.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434052.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-08-03 09:16 - 2014-07-02 21:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-03 07:56 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-03 07:56 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-03 07:56 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 07:56 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-03 07:56 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-03 07:56 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-03 07:56 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 07:56 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-03 07:56 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-03 07:56 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 07:55 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-03 07:55 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 07:55 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-03 07:55 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 07:49 - 2014-08-19 21:20 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 22:04 - 2014-08-19 22:04 - 00000000 ____D () C:\FRST
2014-08-19 21:20 - 2014-08-08 19:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-19 21:20 - 2014-08-03 07:49 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-19 21:20 - 2014-05-19 17:11 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-19 21:20 - 2014-03-21 16:14 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-19 21:20 - 2014-01-14 13:06 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-08-19 21:20 - 2013-12-30 08:23 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\uTorrent
2014-08-19 21:20 - 2013-11-19 14:27 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-08-19 21:20 - 2013-09-25 17:30 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-08-19 21:20 - 2013-09-06 20:59 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\DVDVideoSoft
2014-08-19 21:20 - 2013-09-06 20:59 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-19 21:20 - 2013-09-02 18:04 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\TP-LINK
2014-08-19 21:20 - 2013-09-02 16:49 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\puush
2014-08-19 21:20 - 2013-09-02 16:42 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-19 21:20 - 2013-08-29 16:06 - 00000000 ____D () C:\ProgramData\InstallShield
2014-08-19 21:20 - 2013-08-29 15:35 - 00000000 ____D () C:\users\Sven
2014-08-19 21:20 - 2011-04-12 13:59 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\MUI
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 21:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-08-19 21:17 - 2014-08-03 16:52 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Dropbox
2014-08-19 21:17 - 2014-06-09 22:06 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Mozilla
2014-08-19 21:16 - 2014-08-08 19:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 21:16 - 2014-08-08 19:04 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 21:16 - 2014-08-08 19:04 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 21:16 - 2014-08-03 20:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-19 21:16 - 2014-06-22 09:37 - 00000000 ____D () C:\ProgramData\Steam
2014-08-19 21:16 - 2014-06-20 11:41 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-08-19 21:16 - 2014-06-13 14:56 - 00000000 ____D () C:\Program Files (x86)\MKJogo
2014-08-19 21:16 - 2014-06-11 20:48 - 00000000 ____D () C:\ProgramData\Logishrd
2014-08-19 21:16 - 2014-01-28 08:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-19 21:16 - 2013-09-25 17:29 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-19 20:55 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:55 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:54 - 2013-09-02 20:39 - 00000000 ____D () C:\Users\Sven\AppData\Local\LogMeIn Hamachi
2014-08-19 20:54 - 2013-09-02 16:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-19 20:54 - 2013-08-29 16:07 - 00000282 _____ () C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
2014-08-19 20:54 - 2013-08-29 15:52 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 20:52 - 2011-04-12 14:00 - 00749780 _____ () C:\Windows\System32\perfh013.dat
2014-08-19 20:52 - 2011-04-12 14:00 - 00155320 _____ () C:\Windows\System32\perfc013.dat
2014-08-19 20:52 - 2009-07-14 06:13 - 01682552 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-19 20:48 - 2013-08-29 16:45 - 00000000 ____D () C:\Users\Sven\Documents\temp
2014-08-19 20:44 - 2014-01-14 15:52 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 20:43 - 2013-09-02 16:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-19 20:42 - 2014-07-01 19:07 - 00012862 _____ () C:\Windows\setupact.log
2014-08-19 20:41 - 2013-08-29 15:52 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 20:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 20:37 - 2014-08-19 20:37 - 398257793 _____ () C:\Windows\MEMORY.DMP
2014-08-19 20:37 - 2014-08-19 20:37 - 00262192 _____ () C:\Windows\Minidump\081914-43664-01.dmp
2014-08-19 20:37 - 2013-09-20 13:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 20:37 - 2013-08-29 16:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-19 19:10 - 2014-08-19 19:10 - 00003288 ____N () C:\bootsqm.dat
2014-08-19 17:10 - 2014-08-19 17:10 - 00970946 _____ () C:\Users\Sven\Downloads\Software Patch Information.zip
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\ProgramData\RegInOut
2014-08-18 21:11 - 2013-09-06 13:36 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\TS3Client
2014-08-18 17:20 - 2013-09-02 16:42 - 00000000 ____D () C:\Users\Sven\AppData\Local\PMB Files
2014-08-14 22:22 - 2013-09-06 14:26 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-14 22:17 - 2014-06-30 18:58 - 01744945 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 22:16 - 2014-08-03 16:54 - 00000000 ___RD () C:\Users\Sven\Dropbox
2014-08-14 22:11 - 2013-09-02 19:31 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704588396-3393066830-3477269434-1000UA.job
2014-08-14 21:40 - 2013-09-19 19:40 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-08-14 18:11 - 2013-09-02 19:31 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704588396-3393066830-3477269434-1000Core.job
2014-08-14 11:29 - 2013-09-25 17:30 - 00000975 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-13 21:57 - 2013-09-06 21:00 - 00001243 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-08-13 21:51 - 2014-08-13 21:50 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Sven\Downloads\FreeYouTubeToMP3Converter (2).exe
2014-08-12 18:19 - 2014-06-20 11:47 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-12 18:19 - 2014-01-05 13:20 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-11 15:14 - 2013-09-02 16:04 - 00050976 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2014-08-09 06:44 - 2014-08-09 06:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-09 06:44 - 2013-10-20 19:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 19:05 - 2014-08-08 19:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-07 12:35 - 2014-01-05 13:20 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-06 18:40 - 2013-09-06 13:36 - 00000000 ____D () C:\Users\Sven\AppData\Local\TeamSpeak 3 Client
2014-08-06 15:54 - 2014-01-19 17:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\vlc
2014-08-03 20:25 - 2013-10-20 18:54 - 00000000 ____D () C:\Users\Sven\AppData\Local\Apple Computer
2014-08-03 20:23 - 2014-08-03 20:23 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (2).exe
2014-08-03 20:22 - 2014-08-03 20:22 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (1).exe
2014-08-03 20:22 - 2014-08-03 20:22 - 00003148 _____ () C:\Windows\System32\Tasks\{593F4212-50F3-42A4-AAB6-69364BE0F182}
2014-08-03 20:12 - 2014-08-03 20:12 - 41945432 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller.exe
2014-08-03 16:52 - 2014-08-03 16:52 - 00323696 _____ (Dropbox, Inc.) C:\Users\Sven\Downloads\DropboxInstaller.exe
2014-08-03 09:18 - 2013-08-29 16:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-03 08:03 - 2013-11-20 00:18 - 00000000 ____D () C:\Users\Sven\AppData\Local\NVIDIA Corporation
2014-07-25 14:50 - 2014-06-03 17:01 - 01715224 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2014-07-25 14:50 - 2014-06-03 17:01 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 14:50 - 2013-10-30 01:33 - 01283136 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2014-07-25 14:50 - 2013-10-30 01:33 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 11:55 - 2014-08-09 06:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 11:49 - 2014-08-09 06:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 11:49 - 2014-08-09 06:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 11:49 - 2014-08-09 06:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

Some content of TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpscgfvz.dll
C:\Users\Sven\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sven\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Sven\AppData\Local\Temp\nvStInst.exe
C:\Users\Sven\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-08-14 22:17:14

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8076.73 MB
Available physical RAM: 7249.06 MB
Total Pagefile: 8074.93 MB
Available Pagefile: 7242.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:567.29 GB) NTFS
Drive f: () (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT
Drive g: (LACIE) (Fixed) (Total:465.76 GB) (Free:376.92 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C84728B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 999.3 MB) (Disk ID: 00090A45)
Partition 1: (Active) - (Size=999 MB) - (Type=06)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 4A3E313F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)


LastRegBack: 2014-08-17 09:37

==================== End Of Log ============================

Can somebody help me from here? Because the next step in the solution was the moderator creating a specific file for that persons log and PC and said it wouldn't work for someone else.

Thanks in advance!
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

I don't actually see anything malicious there.
Let's see if going back will fix the issue.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    29 bytes · Views: 2
Thanks for the fast reply.
After the fix, the PC still restarted really slow, having a black screen for a few minutes between the windows logo screen and the welcome screen. Then the first thing that popped up was something about 'windows personal settings', a small window in the top left corner of the black screen. The rest seems to have stayed the same: slow loading desktop, no internet connection, task bar not responsive etc. Here is the fix log:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by SYSTEM at 2014-08-20 09:21:18 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-08-17 09:37
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
As I just notice, in the bottom right corner of the desktop is now says:
Windows 7
Build 7601
This version of Windows is not legit
(I try to translate these notifications as accurate as possible, but they might differ slightly from the ones you actually would get if the system was set in English)
 
What also might be something worth mentioning, even though it happened before I made this thread, is that after I did a clean start up, I got a blue screen that said something about memory dump error (I think it's this one: http://i0.wp.com/infocurse.com/wp-c.../Blue-Screen-Memory-Dump-Error-in-Windows.jpg ). I only appeared for like 4 seconds though, then the system automatically restarted, and I had to choose between normal start up or start up repair. When I chose normal start up it gave the same blue screen again and restarted the way it did before. It's then I chose to repair and watch the details, where I found the 0x45d error.

Another thing I find strange is the fact that almost every time I perform start up repair or system recovery after restarting the first time, I'm unable to do anything when it asks wether to repair or cancel, or when I have to choose the keyboard lay out. So here again when I tried to run system repair to run frst, it froze at the window asking for the keyboard layout; so I had to reset to restart.
In the past I had to reset the computer this way quite a few times, when it froze at the forming of the windows logo (the spinning 4 dots), ususally when windows updated recently.

edit: the link to the photo of the blue screen is just one I found on google images, it's not my system.
 
Last edited:
About 30 minutes have past and now I get the notification:

Activation of Windows
Windows needs to be reinstalled
There has been applied a non permitted change in Windows. You need to reinstall Windows to be able to activate this software. Insert the Windows installation dvd or cd to reinstall.

edit: this made the notification at the bottom right corner of the desktop saying the current version of windows isn't legit dissappear
 
As I stated in my previous reply I don't see anything malicious on your computer.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
You're very welcome
p22002759.gif
 
Back