Jump to content

Black screen with mouse cursor and windows script host dialouge box after removing malware


Recommended Posts

Hello, my screen shows black screen with mouse cursor and windows script dialouge box. The dialouge box has a question mark (?) and close options only. This happened right after malwarebytes scan and restart. I went through some post and tried all the instructions but to no avail. Please help. 

Thanks,

Vamn

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-HTHJCVS (19-03-2017 00:45:49)
Running from i:\
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet003
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-27] (Nico Mak Computing)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-01] (AVAST Software)
HKLM-x32\...\Run: [USB Antivirus] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Reliance 3G\UIExec.exe [153424 2011-08-09] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\Winlogon: [Userinit] wscript, <==== ATTENTION
HKLM-x32\...\Winlogon: [Userinit] wscript, <==== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\Users\Lomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-04-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-01] (AVAST Software s.r.o.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-03-01] (AVAST Software)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-19] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S2 UDisk Monitor; C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [402944 2008-08-25] ()
S2 UI Assistant Service; C:\Program Files (x86)\Reliance 3G\AssistantServices.exe [270672 2011-08-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-01] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-01] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-01] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-01] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-01] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-01] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-01] (AVAST Software)
S3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-02-24] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [461640 2017-03-01] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-01] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-01] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-01] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-01] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
S1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-14] (Sony Mobile Communications)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2017-03-17] (Malwarebytes)
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-06-04] (电脑管家)
S2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105160 2012-12-19] (WIBU-SYSTEMS AG)
S3 zteusbser; C:\Windows\System32\DRIVERS\ztemtusbser.sys [118784 2008-08-21] (ZTEMT Incorporated)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S2 MPCProtectService; no ImagePath
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-19 00:45 - 2017-03-19 00:45 - 00000000 ____D C:\FRST
2017-03-17 07:07 - 2017-03-17 07:07 - 00000000 ____H C:\ProgramData\cm-lock
2017-03-17 02:10 - 2017-03-17 02:10 - 00000198 ____H C:\Users\Lomi\Documents\Drawing1.dwl2
2017-03-17 02:10 - 2017-03-17 02:10 - 00000048 ____H C:\Users\Lomi\Documents\Drawing1.dwl
2017-03-17 01:45 - 2017-03-17 01:45 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-16 18:58 - 2017-03-16 18:58 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-03-16 18:44 - 2017-03-16 18:44 - 00015415 _____ C:\Windows\Forgotten Riddles - The Moonlight Sonatas Uninstall Log.txt
2017-03-16 10:58 - 2017-03-16 10:58 - 00001191 _____ C:\Users\Public\Desktop\BIMx for ArchiCAD 17.lnk
2017-03-16 10:58 - 2017-03-16 10:58 - 00001016 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2017-03-16 10:43 - 2017-03-16 10:44 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2017-03-16 10:43 - 2017-03-16 10:43 - 00000000 ____D C:\ProgramData\CodeMeter
2017-03-16 10:43 - 2017-03-16 10:43 - 00000000 ____D C:\Program Files\CodeMeter
2017-03-16 10:43 - 2012-12-19 21:10 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lcn
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files\WIBU-SYSTEMS
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files (x86)\WIBUKEY
2017-03-16 10:42 - 2012-12-20 10:03 - 00021376 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\Drivers\Wibukey2_64.sys
2017-03-16 10:42 - 2012-12-19 21:10 - 00599584 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\wibuKJni64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00459808 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\wibuKJni.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00432128 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkExt64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00344064 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkExt32.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00176640 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00156672 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00105160 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\Drivers\WibuKey64.sys
2017-03-16 10:42 - 2012-12-19 21:10 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lde
2017-03-16 10:42 - 2012-12-19 21:10 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lde
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lfr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.les
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lbr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lfr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.les
2017-03-16 10:42 - 2012-12-19 21:10 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lit
2017-03-16 10:42 - 2012-12-19 21:10 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lit
2017-03-16 10:42 - 2012-12-19 21:10 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.ljp
2017-03-16 10:42 - 2012-12-19 21:10 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.ljp
2017-03-16 10:42 - 2012-12-19 21:10 - 00020480 _____ C:\Windows\SysWOW64\WkWin32.lhu
2017-03-16 10:42 - 2012-12-19 21:10 - 00020480 _____ C:\Windows\System32\WkWin64.lhu
2017-03-16 10:42 - 2012-12-19 21:10 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lcn
2017-03-16 10:38 - 2017-03-17 07:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-16 06:49 - 2017-03-16 17:12 - 00000000 ____D C:\Program Files (x86)\39df6c92-3037-4784-894d-3b61bbc4eee31489675743
2017-03-16 06:47 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\4ZR16G2LF7
2017-03-16 06:44 - 2017-03-17 08:50 - 00000000 ____D C:\Program Files (x86)\Qejisyfank
2017-03-16 06:44 - 2017-03-16 08:16 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Putodom
2017-03-16 06:44 - 2017-03-16 06:48 - 00000000 ____D C:\Users\Lomi\AppData\Local\Prermerward
2017-03-16 06:44 - 2017-03-16 06:44 - 00006050 _____ C:\Windows\System32\Tasks\Codetcherpers Update
2017-03-16 06:44 - 2017-03-16 06:44 - 00000000 ____D C:\Program Files (x86)\Codetcherpers Update
2017-03-16 06:42 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\CAHSBVYC0M
2017-03-16 06:42 - 2017-03-16 17:13 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-03-16 06:41 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\58A0X417OW
2017-03-16 06:41 - 2017-03-16 18:44 - 00000000 ____D C:\Program Files (x86)\Jogotempo
2017-03-16 06:41 - 2017-03-16 18:31 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-03-16 06:41 - 2017-03-16 06:42 - 02405056 _____ (BitTorrent Inc.) C:\Users\Lomi\Downloads\archicad 17 serial key generator
2017-03-16 04:47 - 2017-03-16 04:47 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17 (1).zip
2017-03-16 04:45 - 2017-03-16 04:45 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17.zip
2017-03-15 09:55 - 2017-03-15 09:55 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter3
2017-03-15 09:21 - 2017-03-15 09:23 - 00000000 ___HD C:\ProgramData\347Q436Q80J306
2017-03-15 09:20 - 2017-03-17 10:16 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Prukatain
2017-03-15 09:20 - 2017-03-16 17:20 - 00000000 ____D C:\Program Files (x86)\Prerus
2017-03-15 09:20 - 2017-03-15 09:25 - 00000000 ____D C:\Users\Lomi\AppData\Local\Couqlegrefase
2017-03-15 09:20 - 2017-03-15 09:20 - 00006002 _____ C:\Windows\System32\Tasks\Cpiing Client
2017-03-15 08:50 - 2017-03-15 08:50 - 00000000 ____D C:\Program Files\EaseUS
2017-03-14 09:29 - 2017-03-14 09:29 - 00016728 _____ C:\Windows\System32\Tasks\8173P2314P6855k7507-dll
2017-03-14 05:47 - 2017-03-14 09:00 - 00000000 ____D C:\Windows\System32\Tasks\updates
2017-03-13 12:07 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files (x86)\Biposhbonle
2017-03-13 12:07 - 2017-03-16 17:25 - 00000000 ___HD C:\ProgramData\8173P2314P6855k7507
2017-03-13 12:07 - 2017-03-14 08:44 - 00000000 ____D C:\ProgramData\RegisterObject
2017-03-13 12:07 - 2017-03-13 12:07 - 00005090 _____ C:\Windows\System32\Tasks\Ghuwolyarnock
2017-03-13 12:07 - 2017-03-13 12:07 - 00000000 ____D C:\Users\Lomi\AppData\Local\Nuwotmolient
2017-03-13 12:00 - 2017-03-13 12:00 - 00000000 ___HD C:\$AV_ASW
2017-03-13 09:03 - 2017-03-17 01:21 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.dwg
2017-03-13 09:03 - 2017-03-17 01:21 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.bak
2017-03-12 04:33 - 2017-03-17 03:14 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\stickies
2017-03-12 04:32 - 2017-03-12 04:32 - 00000620 _____ C:\Windows\uninstallstickies.bat
2017-03-12 04:32 - 2017-03-12 04:32 - 00000000 ____D C:\Program Files (x86)\Stickies
2017-03-11 02:52 - 2017-03-15 23:45 - 00000000 ____D C:\Users\Lomi\AppData\LocalLow\uTorrent
2017-03-07 19:27 - 2011-01-26 22:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2017-03-07 19:26 - 2011-01-26 22:26 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2017-03-07 19:26 - 2011-01-26 21:40 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-07 19:26 - 2011-01-26 21:32 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2017-03-07 19:26 - 2011-01-26 19:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2017-03-07 19:26 - 2011-01-26 16:00 - 00419712 _____ C:\Windows\SysWOW64\locale.nls
2017-03-07 19:26 - 2011-01-26 15:56 - 00419712 _____ C:\Windows\System32\locale.nls
2017-03-07 19:24 - 2017-03-07 19:25 - 13437272 _____ C:\Users\Lomi\Downloads\Windows6.1-KB2496898-v3-x64.msu
2017-03-07 12:44 - 2017-03-07 12:44 - 00020484 _____ C:\Users\Lomi\Downloads\call-of-the-wolf_english-1498614.zip
2017-03-05 07:53 - 2017-03-07 12:45 - 00000000 ____D C:\Users\Lomi\Downloads\Call of the Wolf 2017.HDRip.XviD.AC3-EVO
2017-03-05 07:48 - 2017-03-05 07:48 - 00001882 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2017-03-05 07:44 - 2017-03-01 04:06 - 00398408 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2017-03-04 12:08 - 2017-03-04 12:08 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2017-03-04 12:08 - 2017-03-04 12:08 - 00000000 ____D C:\ProgramData\Logitech
2017-03-04 12:07 - 2017-03-04 12:07 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2017-03-04 12:05 - 2017-03-04 12:08 - 00000000 ____D C:\ProgramData\Logishrd
2017-03-04 12:04 - 2017-03-04 12:04 - 00000000 ____D C:\Program Files\Logitech
2017-03-04 11:40 - 2017-03-04 12:07 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-03-04 11:32 - 2017-03-04 12:08 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logitech
2017-03-04 11:32 - 2017-03-04 11:32 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logishrd
2017-03-04 11:31 - 2017-03-04 11:39 - 04147600 _____ ($Co_Name Inc.) C:\Users\Lomi\Downloads\unifying250.exe
2017-03-04 11:27 - 2017-03-04 11:31 - 03679544 _____ (Logitech Inc.) C:\Users\Lomi\Downloads\SetPoint6.67.83_smart.exe
2017-03-04 11:12 - 2017-03-04 11:12 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-04 11:12 - 2017-03-04 11:12 - 00000000 ____D C:\Intel
2017-03-03 04:33 - 2017-03-17 02:02 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-03 04:33 - 2017-03-03 04:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-03 04:33 - 2017-03-03 04:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-03 04:33 - 2016-03-10 00:39 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2017-03-03 04:33 - 2016-03-10 00:38 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-03-03 04:33 - 2016-03-10 00:38 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-03-03 01:22 - 2017-03-03 01:22 - 00001223 _____ C:\Users\Lomi\Documents\hosts.txt
2017-03-01 04:44 - 2017-03-01 04:44 - 00000000 ____H C:\Users\Lomi\Documents\Default.rdp
2017-02-28 23:49 - 2012-12-17 13:01 - 00574100 _____ C:\Windows\System32\hp1022n.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00245248 _____ () C:\Windows\System32\zshp1020s.dll
2017-02-28 23:49 - 2012-12-17 13:01 - 00206768 _____ C:\Windows\System32\hp1022.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00128820 _____ C:\Windows\System32\hp1020.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00010632 _____ C:\Windows\System32\ZSHP1020.CHM
2017-02-28 23:49 - 2012-09-18 01:57 - 00501760 _____ C:\Windows\System32\ZSHP1020.EXE
2017-02-28 23:49 - 2012-09-18 01:57 - 00192512 _____ C:\Windows\System32\ZLhp1020.DLL
2017-02-24 04:58 - 2017-02-24 04:58 - 00000000 ____D C:\Users\Lomi\Documents\GomPlayer
2017-02-24 04:46 - 2017-03-18 09:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-24 04:45 - 2017-03-01 04:04 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbloga.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsha.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbuniva.sys
2017-02-24 04:43 - 2017-02-24 04:43 - 00029432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetNd6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-18 10:59 - 2016-08-28 09:50 - 02416560 _____ C:\Windows\ntbtlog.txt
2017-03-18 10:55 - 2009-07-13 18:34 - 00000513 _____ C:\Windows\win.ini
2017-03-18 10:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-18 09:48 - 2009-07-13 20:45 - 00019728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-18 09:48 - 2009-07-13 20:45 - 00019728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-17 10:16 - 2012-07-15 22:51 - 00000000 ____D C:\Program Files (x86)\Reliance 3G
2017-03-17 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2017-03-17 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-17 03:14 - 2016-10-20 19:27 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\DMCache
2017-03-17 02:41 - 2016-08-28 10:36 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-03-17 02:31 - 2013-11-09 00:16 - 00000000 ____D C:\Users\Lomi\Desktop\New Folder
2017-03-17 02:19 - 2016-09-13 07:49 - 00000976 _____ C:\Windows\Tasks\Bing Powered Search coner.job
2017-03-17 01:56 - 2016-08-19 00:44 - 00000000 ____D C:\Users\Lomi\Desktop\New folder (2)
2017-03-17 01:54 - 2012-04-26 21:39 - 00000000 ____D C:\Users\Lomi\AppData\Local\Google
2017-03-17 01:21 - 2016-02-02 00:09 - 00000000 ____D C:\Users\Lomi\Graphisoft
2017-03-17 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2017-03-16 23:53 - 2016-02-08 01:35 - 00000321 _____ C:\Users\Lomi\Documents\BIMx_Export_Log.txt
2017-03-16 23:53 - 2016-02-08 01:35 - 00000000 ____D C:\Users\Lomi\Documents\BIMx
2017-03-16 23:43 - 2012-05-05 22:52 - 00000000 ____D C:\Users\Lomi\AppData\Local\ElevatedDiagnostics
2017-03-16 20:47 - 2012-04-20 23:10 - 00000000 ____D C:\users\Lomi
2017-03-16 19:41 - 2016-02-02 00:09 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Graphisoft
2017-03-16 18:58 - 2016-02-02 00:02 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-03-16 18:51 - 2016-05-10 19:48 - 00000000 ____D C:\Users\Lomi\AppData\Local\app
2017-03-16 17:44 - 2013-03-27 18:26 - 00000000 ____D C:\Users\Lomi\Downloads\PCPerformer-BitTorrent-a
2017-03-16 17:42 - 2016-10-20 19:27 - 00000000 ____D C:\Users\Lomi\Downloads\Compressed
2017-03-16 17:42 - 2015-06-14 03:22 - 00000000 ____D C:\Users\Lomi\Documents\Fax
2017-03-16 17:36 - 2016-07-18 18:49 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\excdir
2017-03-16 17:31 - 2016-06-04 08:14 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2017-03-16 11:02 - 2012-04-30 04:40 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\vlc
2017-03-16 10:37 - 2016-02-02 00:00 - 00008638 _____ C:\Windows\vpd.properties
2017-03-16 10:31 - 2016-02-01 23:55 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Install.GS
2017-03-16 08:30 - 2016-02-08 01:11 - 00000000 ____D C:\Program Files\GRAPHISOFT
2017-03-16 06:46 - 2016-12-25 08:32 - 00002311 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-16 03:36 - 2012-10-17 23:08 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\uTorrent
2017-03-15 12:01 - 2013-09-19 10:19 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720556517-2290334221-82917080-1000Core.job
2017-03-15 10:06 - 2016-07-29 11:03 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 10:06 - 2012-04-27 00:05 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 10:06 - 2012-04-27 00:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 10:05 - 2012-04-27 00:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-15 10:05 - 2012-04-27 00:05 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-14 08:35 - 2014-09-10 02:43 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2017-03-14 02:08 - 2016-09-06 02:01 - 00337592 _____ (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys
2017-03-13 08:42 - 2016-07-05 22:20 - 00000000 ____D C:\Users\Lomi\Desktop\moveeee
2017-03-13 08:42 - 2015-04-13 02:33 - 00000000 ____D C:\Users\Lomi\Desktop\movies and series
2017-03-12 06:55 - 2015-04-30 02:25 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
2017-03-12 01:36 - 2015-02-02 01:43 - 00000000 ____D C:\Windows\pss
2017-03-11 02:14 - 2016-10-20 19:49 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\IDM
2017-03-11 02:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2017-03-11 02:09 - 2016-09-06 02:02 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1473156157
2017-03-11 01:54 - 2016-09-06 02:01 - 00548928 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2017-03-09 23:39 - 2017-01-14 09:35 - 00003561 _____ C:\Users\Lomi\AppData\LocalLow\lpm.dat
2017-03-07 19:30 - 2009-07-13 20:45 - 00483512 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-03 05:12 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2017-03-03 02:10 - 2017-01-21 23:54 - 00000000 ____D C:\Users\Lomi\Desktop\akru
2017-03-03 01:30 - 2012-04-21 00:10 - 00000111 _____ C:\Users\Lomi\AppData\default.pls
2017-03-01 05:40 - 2014-06-19 07:54 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2017-03-01 04:06 - 2016-09-06 02:01 - 00162528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00126600 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00100640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00075704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00038296 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2017-03-01 04:05 - 2016-09-06 02:01 - 00993608 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2017-03-01 04:05 - 2016-09-06 02:01 - 00032088 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2017-03-01 04:04 - 2016-09-06 02:01 - 00461640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetSec.sys
2017-02-28 23:49 - 2016-10-08 21:03 - 00000000 ____D C:\Program Files\HP
2017-02-25 13:42 - 2016-09-06 01:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-24 20:58 - 2013-04-01 04:31 - 00000000 ____D C:\Temp
2017-02-24 04:44 - 2016-09-06 02:01 - 00337080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys.148794039645104
2017-02-21 10:40 - 2009-07-13 21:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Some files in TEMP:
====================
2017-03-17 02:23 - 2011-01-18 04:25 - 0180136 _____ (Autodesk, Inc.) C:\Users\Lomi\AppData\Local\Temp\AcDeltree.exe
2017-03-15 09:21 - 2017-03-15 09:21 - 0134144 _____ () C:\Users\Lomi\AppData\Local\Temp\dnschanger_1.exe
2017-03-17 02:23 - 2017-03-17 02:28 - 1976656 _____ (Flexera Software, Inc.) C:\Users\Lomi\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-03-16 06:41 - 2017-03-16 06:41 - 0396982 _____ () C:\Users\Lomi\AppData\Local\Temp\global_installer.exe
2017-03-16 06:42 - 2017-03-16 06:42 - 0425674 _____ () C:\Users\Lomi\AppData\Local\Temp\S3HO8V7.exe
2017-03-16 06:41 - 2017-03-16 06:41 - 1247620 _____ (VideoBox                                                    ) C:\Users\Lomi\AppData\Local\Temp\vbsetup.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2015-02-02 01:46] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2015-02-02 01:46] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 3002.93 MB
Available physical RAM: 2186.37 MB
Total Virtual: 3001.07 MB
Available Virtual: 2186.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:143.88 GB) (Free:31.76 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:69.34 GB) (Free:9.13 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:73.44 GB) (Free:12.08 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:11.24 GB) (Free:2.02 GB) NTFS
Drive i: () (Removable) (Total:7.45 GB) (Free:1.71 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F8838554)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=143.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-03-14 03:45

==================== End of FRST.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.