TechSpot

Need help for a similar problem to a previous post

Inactive
By SvenVS
Aug 19, 2014
  1. Hi my name is Sven.
    Yesterday my PC worked just fine, but today it started really slow, and everything works slow as well. I have no network service and what's able to run, runs really slowly or stops working or just doesn't react.
    The similar problem I mention in the title is in the link below:

    http://www.techspot.com/community/t...and-repair-error-0x45d-possible-virus.190687/

    I also used system repair and looked into the details, to find an 0x45d error. I downloaded the FRST64.exe file and followed the steps mentioned. These are the logs from the text document saved on the used flash drive:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
    Ran by SYSTEM on MININT-ISA9584 on 19-08-2014 22:04:15
    Running from F:\
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
    Internet Explorer Version 11
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
    HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-11] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-09-16] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-09-16] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\Sven\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
    HKU\Sven\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-02] ()
    HKU\Sven\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
    HKU\Sven\...\Run: [Google Update] => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-02] (Google Inc.)
    HKU\Sven\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
    HKU\Sven\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
    Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-09-05] (Perfect World Entertainment Inc)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
    S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [977184 2014-08-06] (Overwolf LTD)
    S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-03] ()
    S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-20] ()
    S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
    S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
    S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-08] (Disc Soft Ltd)
    S3 GameKB; C:\Windows\System32\drivers\GameKB.sys [31232 2013-10-15] ( )
    S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
    S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
    S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
    S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-24] (Realtek Semiconductor Corporation )
    S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2013-02-22] (Realtek Corporation)
    S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-19 22:04 - 2014-08-19 22:04 - 00000000 ____D () C:\FRST
    2014-08-19 20:37 - 2014-08-19 20:37 - 398257793 _____ () C:\Windows\MEMORY.DMP
    2014-08-19 20:37 - 2014-08-19 20:37 - 00262192 _____ () C:\Windows\Minidump\081914-43664-01.dmp
    2014-08-19 19:10 - 2014-08-19 19:10 - 00003288 ____N () C:\bootsqm.dat
    2014-08-19 17:10 - 2014-08-19 17:10 - 00970946 _____ () C:\Users\Sven\Downloads\Software Patch Information.zip
    2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\ProgramData\RegInOut
    2014-08-13 21:50 - 2014-08-13 21:51 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Sven\Downloads\FreeYouTubeToMP3Converter (2).exe
    2014-08-09 06:44 - 2014-08-09 06:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-08-09 06:44 - 2014-07-25 11:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-09 06:44 - 2014-07-25 11:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-08-09 06:44 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-08-09 06:44 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-08-08 19:05 - 2014-08-08 19:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-08-08 19:04 - 2014-08-19 21:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-08-08 19:04 - 2014-08-19 21:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-08-08 19:04 - 2014-08-19 21:16 - 00000000 ____D () C:\Program Files\iTunes
    2014-08-08 19:04 - 2014-08-19 21:16 - 00000000 ____D () C:\Program Files\iPod
    2014-08-03 20:23 - 2014-08-03 20:23 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (2).exe
    2014-08-03 20:22 - 2014-08-03 20:22 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (1).exe
    2014-08-03 20:22 - 2014-08-03 20:22 - 00003148 _____ () C:\Windows\System32\Tasks\{593F4212-50F3-42A4-AAB6-69364BE0F182}
    2014-08-03 20:21 - 2014-08-19 21:16 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-08-03 20:12 - 2014-08-03 20:12 - 41945432 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller.exe
    2014-08-03 16:54 - 2014-08-14 22:16 - 00000000 ___RD () C:\Users\Sven\Dropbox
    2014-08-03 16:52 - 2014-08-19 21:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Dropbox
    2014-08-03 16:52 - 2014-08-03 16:52 - 00323696 _____ (Dropbox, Inc.) C:\Users\Sven\Downloads\DropboxInstaller.exe
    2014-08-03 09:18 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2014-08-03 09:16 - 2014-07-02 21:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2014-08-03 09:16 - 2014-07-02 21:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434052.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434052.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2014-08-03 09:16 - 2014-07-02 21:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2014-08-03 07:56 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2014-08-03 07:56 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2014-08-03 07:56 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-08-03 07:56 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2014-08-03 07:56 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2014-08-03 07:56 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
    2014-08-03 07:56 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-08-03 07:56 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2014-08-03 07:56 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2014-08-03 07:56 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-08-03 07:55 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2014-08-03 07:55 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-08-03 07:55 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2014-08-03 07:55 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-08-03 07:49 - 2014-08-19 21:20 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-19 22:04 - 2014-08-19 22:04 - 00000000 ____D () C:\FRST
    2014-08-19 21:20 - 2014-08-08 19:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-08-19 21:20 - 2014-08-03 07:49 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
    2014-08-19 21:20 - 2014-05-19 17:11 - 00000000 ___SD () C:\Windows\System32\CompatTel
    2014-08-19 21:20 - 2014-03-21 16:14 - 00000000 ____D () C:\ProgramData\AVG Secure Search
    2014-08-19 21:20 - 2014-01-14 13:06 - 00000000 ____D () C:\Program Files (x86)\Overwolf
    2014-08-19 21:20 - 2013-12-30 08:23 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\uTorrent
    2014-08-19 21:20 - 2013-11-19 14:27 - 00000000 ____D () C:\Program Files (x86)\osu!
    2014-08-19 21:20 - 2013-09-25 17:30 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
    2014-08-19 21:20 - 2013-09-06 20:59 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\DVDVideoSoft
    2014-08-19 21:20 - 2013-09-06 20:59 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
    2014-08-19 21:20 - 2013-09-02 18:04 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\TP-LINK
    2014-08-19 21:20 - 2013-09-02 16:49 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\puush
    2014-08-19 21:20 - 2013-09-02 16:42 - 00000000 ____D () C:\ProgramData\PMB Files
    2014-08-19 21:20 - 2013-08-29 16:06 - 00000000 ____D () C:\ProgramData\InstallShield
    2014-08-19 21:20 - 2013-08-29 15:35 - 00000000 ____D () C:\users\Sven
    2014-08-19 21:20 - 2011-04-12 13:59 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\MUI
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-08-19 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-08-19 21:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
    2014-08-19 21:17 - 2014-08-03 16:52 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Dropbox
    2014-08-19 21:17 - 2014-06-09 22:06 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Mozilla
    2014-08-19 21:16 - 2014-08-08 19:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-08-19 21:16 - 2014-08-08 19:04 - 00000000 ____D () C:\Program Files\iTunes
    2014-08-19 21:16 - 2014-08-08 19:04 - 00000000 ____D () C:\Program Files\iPod
    2014-08-19 21:16 - 2014-08-03 20:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-08-19 21:16 - 2014-06-22 09:37 - 00000000 ____D () C:\ProgramData\Steam
    2014-08-19 21:16 - 2014-06-20 11:41 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
    2014-08-19 21:16 - 2014-06-13 14:56 - 00000000 ____D () C:\Program Files (x86)\MKJogo
    2014-08-19 21:16 - 2014-06-11 20:48 - 00000000 ____D () C:\ProgramData\Logishrd
    2014-08-19 21:16 - 2014-01-28 08:47 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-19 21:16 - 2013-09-25 17:29 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-08-19 20:55 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-19 20:55 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-19 20:54 - 2013-09-02 20:39 - 00000000 ____D () C:\Users\Sven\AppData\Local\LogMeIn Hamachi
    2014-08-19 20:54 - 2013-09-02 16:01 - 00000000 ____D () C:\ProgramData\MFAData
    2014-08-19 20:54 - 2013-08-29 16:07 - 00000282 _____ () C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
    2014-08-19 20:54 - 2013-08-29 15:52 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-19 20:52 - 2011-04-12 14:00 - 00749780 _____ () C:\Windows\System32\perfh013.dat
    2014-08-19 20:52 - 2011-04-12 14:00 - 00155320 _____ () C:\Windows\System32\perfc013.dat
    2014-08-19 20:52 - 2009-07-14 06:13 - 01682552 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-08-19 20:48 - 2013-08-29 16:45 - 00000000 ____D () C:\Users\Sven\Documents\temp
    2014-08-19 20:44 - 2014-01-14 15:52 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-19 20:43 - 2013-09-02 16:56 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-08-19 20:42 - 2014-07-01 19:07 - 00012862 _____ () C:\Windows\setupact.log
    2014-08-19 20:41 - 2013-08-29 15:52 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-19 20:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-19 20:37 - 2014-08-19 20:37 - 398257793 _____ () C:\Windows\MEMORY.DMP
    2014-08-19 20:37 - 2014-08-19 20:37 - 00262192 _____ () C:\Windows\Minidump\081914-43664-01.dmp
    2014-08-19 20:37 - 2013-09-20 13:12 - 00000000 ____D () C:\Windows\Minidump
    2014-08-19 20:37 - 2013-08-29 16:12 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-08-19 19:10 - 2014-08-19 19:10 - 00003288 ____N () C:\bootsqm.dat
    2014-08-19 17:10 - 2014-08-19 17:10 - 00970946 _____ () C:\Users\Sven\Downloads\Software Patch Information.zip
    2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\ProgramData\RegInOut
    2014-08-18 21:11 - 2013-09-06 13:36 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\TS3Client
    2014-08-18 17:20 - 2013-09-02 16:42 - 00000000 ____D () C:\Users\Sven\AppData\Local\PMB Files
    2014-08-14 22:22 - 2013-09-06 14:26 - 00000000 ____D () C:\Windows\System32\MRT
    2014-08-14 22:17 - 2014-06-30 18:58 - 01744945 _____ () C:\Windows\WindowsUpdate.log
    2014-08-14 22:16 - 2014-08-03 16:54 - 00000000 ___RD () C:\Users\Sven\Dropbox
    2014-08-14 22:11 - 2013-09-02 19:31 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704588396-3393066830-3477269434-1000UA.job
    2014-08-14 21:40 - 2013-09-19 19:40 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job
    2014-08-14 18:11 - 2013-09-02 19:31 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704588396-3393066830-3477269434-1000Core.job
    2014-08-14 11:29 - 2013-09-25 17:30 - 00000975 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-13 21:57 - 2013-09-06 21:00 - 00001243 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2014-08-13 21:51 - 2014-08-13 21:50 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Sven\Downloads\FreeYouTubeToMP3Converter (2).exe
    2014-08-12 18:19 - 2014-06-20 11:47 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
    2014-08-12 18:19 - 2014-01-05 13:20 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
    2014-08-11 15:14 - 2013-09-02 16:04 - 00050976 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2014-08-09 06:44 - 2014-08-09 06:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-08-09 06:44 - 2013-10-20 19:07 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-08 19:05 - 2014-08-08 19:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-08-07 12:35 - 2014-01-05 13:20 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
    2014-08-06 18:40 - 2013-09-06 13:36 - 00000000 ____D () C:\Users\Sven\AppData\Local\TeamSpeak 3 Client
    2014-08-06 15:54 - 2014-01-19 17:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\vlc
    2014-08-03 20:25 - 2013-10-20 18:54 - 00000000 ____D () C:\Users\Sven\AppData\Local\Apple Computer
    2014-08-03 20:23 - 2014-08-03 20:23 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (2).exe
    2014-08-03 20:22 - 2014-08-03 20:22 - 39401336 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller (1).exe
    2014-08-03 20:22 - 2014-08-03 20:22 - 00003148 _____ () C:\Windows\System32\Tasks\{593F4212-50F3-42A4-AAB6-69364BE0F182}
    2014-08-03 20:12 - 2014-08-03 20:12 - 41945432 _____ (Apple Inc.) C:\Users\Sven\Downloads\QuickTimeInstaller.exe
    2014-08-03 16:52 - 2014-08-03 16:52 - 00323696 _____ (Dropbox, Inc.) C:\Users\Sven\Downloads\DropboxInstaller.exe
    2014-08-03 09:18 - 2013-08-29 16:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-08-03 08:03 - 2013-11-20 00:18 - 00000000 ____D () C:\Users\Sven\AppData\Local\NVIDIA Corporation
    2014-07-25 14:50 - 2014-06-03 17:01 - 01715224 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
    2014-07-25 14:50 - 2014-06-03 17:01 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2014-07-25 14:50 - 2013-10-30 01:33 - 01283136 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
    2014-07-25 14:50 - 2013-10-30 01:33 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2014-07-25 11:55 - 2014-08-09 06:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-25 11:49 - 2014-08-09 06:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-25 11:49 - 2014-08-09 06:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-25 11:49 - 2014-08-09 06:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

    Some content of TEMP:
    ====================
    C:\Users\Sven\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpscgfvz.dll
    C:\Users\Sven\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Sven\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Sven\AppData\Local\Temp\nvStInst.exe
    C:\Users\Sven\AppData\Local\Temp\vlc-2.1.5-win32.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================

    Restore point made on: 2014-08-14 22:17:14

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 8076.73 MB
    Available physical RAM: 7249.06 MB
    Total Pagefile: 8074.93 MB
    Available Pagefile: 7242.58 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:567.29 GB) NTFS
    Drive f: () (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT
    Drive g: (LACIE) (Fixed) (Total:465.76 GB) (Free:376.92 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C84728B4)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 999.3 MB) (Disk ID: 00090A45)
    Partition 1: (Active) - (Size=999 MB) - (Type=06)

    ========================================================
    Disk: 2 (Size: 465.8 GB) (Disk ID: 4A3E313F)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)


    LastRegBack: 2014-08-17 09:37

    ==================== End Of Log ============================

    Can somebody help me from here? Because the next step in the solution was the moderator creating a specific file for that persons log and PC and said it wouldn't work for someone else.

    Thanks in advance!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    I don't actually see anything malicious there.
    Let's see if going back will fix the issue.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  3. SvenVS

    SvenVS TS Rookie Topic Starter Posts: 17

    Thanks for the fast reply.
    After the fix, the PC still restarted really slow, having a black screen for a few minutes between the windows logo screen and the welcome screen. Then the first thing that popped up was something about 'windows personal settings', a small window in the top left corner of the black screen. The rest seems to have stayed the same: slow loading desktop, no internet connection, task bar not responsive etc. Here is the fix log:


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
    Ran by SYSTEM at 2014-08-20 09:21:18 Run:2
    Running from G:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    LastRegBack: 2014-08-17 09:37
    *****************

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  4. SvenVS

    SvenVS TS Rookie Topic Starter Posts: 17

    As I just notice, in the bottom right corner of the desktop is now says:
    Windows 7
    Build 7601
    This version of Windows is not legit
    (I try to translate these notifications as accurate as possible, but they might differ slightly from the ones you actually would get if the system was set in English)
     
  5. SvenVS

    SvenVS TS Rookie Topic Starter Posts: 17

    What also might be something worth mentioning, even though it happened before I made this thread, is that after I did a clean start up, I got a blue screen that said something about memory dump error (I think it's this one: http://i0.wp.com/infocurse.com/wp-c.../Blue-Screen-Memory-Dump-Error-in-Windows.jpg ). I only appeared for like 4 seconds though, then the system automatically restarted, and I had to choose between normal start up or start up repair. When I chose normal start up it gave the same blue screen again and restarted the way it did before. It's then I chose to repair and watch the details, where I found the 0x45d error.

    Another thing I find strange is the fact that almost every time I perform start up repair or system recovery after restarting the first time, I'm unable to do anything when it asks wether to repair or cancel, or when I have to choose the keyboard lay out. So here again when I tried to run system repair to run frst, it froze at the window asking for the keyboard layout; so I had to reset to restart.
    In the past I had to reset the computer this way quite a few times, when it froze at the forming of the windows logo (the spinning 4 dots), ususally when windows updated recently.

    edit: the link to the photo of the blue screen is just one I found on google images, it's not my system.
     
    Last edited: Aug 20, 2014
  6. SvenVS

    SvenVS TS Rookie Topic Starter Posts: 17

    About 30 minutes have past and now I get the notification:

    Activation of Windows
    Windows needs to be reinstalled
    There has been applied a non permitted change in Windows. You need to reinstall Windows to be able to activate this software. Insert the Windows installation dvd or cd to reinstall.

    edit: this made the notification at the bottom right corner of the desktop saying the current version of windows isn't legit dissappear
     
  7. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    As I stated in my previous reply I don't see anything malicious on your computer.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     
  8. SvenVS

    SvenVS TS Rookie Topic Starter Posts: 17

    Alright, thanks anyways for pointing out my computer is clean :)
     
  9. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.