Jump to content

Black screen with mouse cursor and windows script host dialouge box after removing malware


Recommended Posts

Hello, my screen shows black screen with mouse cursor and windows script dialouge box. The dialouge box has a question mark (?) and close options only. This happened right after malwarebytes scan and restart. I went through some post and tried all the instructions but to no avail. Please help. 

Thanks,

Vamn

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-HTHJCVS (19-03-2017 00:45:49)
Running from i:\
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet003
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-27] (Nico Mak Computing)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-01] (AVAST Software)
HKLM-x32\...\Run: [USB Antivirus] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Reliance 3G\UIExec.exe [153424 2011-08-09] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\Winlogon: [Userinit] wscript, <==== ATTENTION
HKLM-x32\...\Winlogon: [Userinit] wscript, <==== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\Users\Lomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-04-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-01] (AVAST Software s.r.o.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-03-01] (AVAST Software)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-19] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S2 UDisk Monitor; C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [402944 2008-08-25] ()
S2 UI Assistant Service; C:\Program Files (x86)\Reliance 3G\AssistantServices.exe [270672 2011-08-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-01] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-01] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-01] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-01] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-01] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-01] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-01] (AVAST Software)
S3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-02-24] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [461640 2017-03-01] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-01] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-01] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-01] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-01] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
S1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-14] (Sony Mobile Communications)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2017-03-17] (Malwarebytes)
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-06-04] (电脑管家)
S2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105160 2012-12-19] (WIBU-SYSTEMS AG)
S3 zteusbser; C:\Windows\System32\DRIVERS\ztemtusbser.sys [118784 2008-08-21] (ZTEMT Incorporated)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S2 MPCProtectService; no ImagePath
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-19 00:45 - 2017-03-19 00:45 - 00000000 ____D C:\FRST
2017-03-17 07:07 - 2017-03-17 07:07 - 00000000 ____H C:\ProgramData\cm-lock
2017-03-17 02:10 - 2017-03-17 02:10 - 00000198 ____H C:\Users\Lomi\Documents\Drawing1.dwl2
2017-03-17 02:10 - 2017-03-17 02:10 - 00000048 ____H C:\Users\Lomi\Documents\Drawing1.dwl
2017-03-17 01:45 - 2017-03-17 01:45 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-16 18:58 - 2017-03-16 18:58 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-03-16 18:44 - 2017-03-16 18:44 - 00015415 _____ C:\Windows\Forgotten Riddles - The Moonlight Sonatas Uninstall Log.txt
2017-03-16 10:58 - 2017-03-16 10:58 - 00001191 _____ C:\Users\Public\Desktop\BIMx for ArchiCAD 17.lnk
2017-03-16 10:58 - 2017-03-16 10:58 - 00001016 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2017-03-16 10:43 - 2017-03-16 10:44 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2017-03-16 10:43 - 2017-03-16 10:43 - 00000000 ____D C:\ProgramData\CodeMeter
2017-03-16 10:43 - 2017-03-16 10:43 - 00000000 ____D C:\Program Files\CodeMeter
2017-03-16 10:43 - 2012-12-19 21:10 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lcn
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files\WIBU-SYSTEMS
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files (x86)\WIBUKEY
2017-03-16 10:42 - 2012-12-20 10:03 - 00021376 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\Drivers\Wibukey2_64.sys
2017-03-16 10:42 - 2012-12-19 21:10 - 00599584 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\wibuKJni64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00459808 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\wibuKJni.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00432128 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkExt64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00344064 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkExt32.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00176640 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00156672 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00105160 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\Drivers\WibuKey64.sys
2017-03-16 10:42 - 2012-12-19 21:10 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lde
2017-03-16 10:42 - 2012-12-19 21:10 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lde
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lfr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.les
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lbr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lfr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.les
2017-03-16 10:42 - 2012-12-19 21:10 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lit
2017-03-16 10:42 - 2012-12-19 21:10 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lit
2017-03-16 10:42 - 2012-12-19 21:10 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.ljp
2017-03-16 10:42 - 2012-12-19 21:10 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.ljp
2017-03-16 10:42 - 2012-12-19 21:10 - 00020480 _____ C:\Windows\SysWOW64\WkWin32.lhu
2017-03-16 10:42 - 2012-12-19 21:10 - 00020480 _____ C:\Windows\System32\WkWin64.lhu
2017-03-16 10:42 - 2012-12-19 21:10 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lcn
2017-03-16 10:38 - 2017-03-17 07:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-16 06:49 - 2017-03-16 17:12 - 00000000 ____D C:\Program Files (x86)\39df6c92-3037-4784-894d-3b61bbc4eee31489675743
2017-03-16 06:47 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\4ZR16G2LF7
2017-03-16 06:44 - 2017-03-17 08:50 - 00000000 ____D C:\Program Files (x86)\Qejisyfank
2017-03-16 06:44 - 2017-03-16 08:16 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Putodom
2017-03-16 06:44 - 2017-03-16 06:48 - 00000000 ____D C:\Users\Lomi\AppData\Local\Prermerward
2017-03-16 06:44 - 2017-03-16 06:44 - 00006050 _____ C:\Windows\System32\Tasks\Codetcherpers Update
2017-03-16 06:44 - 2017-03-16 06:44 - 00000000 ____D C:\Program Files (x86)\Codetcherpers Update
2017-03-16 06:42 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\CAHSBVYC0M
2017-03-16 06:42 - 2017-03-16 17:13 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-03-16 06:41 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\58A0X417OW
2017-03-16 06:41 - 2017-03-16 18:44 - 00000000 ____D C:\Program Files (x86)\Jogotempo
2017-03-16 06:41 - 2017-03-16 18:31 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-03-16 06:41 - 2017-03-16 06:42 - 02405056 _____ (BitTorrent Inc.) C:\Users\Lomi\Downloads\archicad 17 serial key generator
2017-03-16 04:47 - 2017-03-16 04:47 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17 (1).zip
2017-03-16 04:45 - 2017-03-16 04:45 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17.zip
2017-03-15 09:55 - 2017-03-15 09:55 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter3
2017-03-15 09:21 - 2017-03-15 09:23 - 00000000 ___HD C:\ProgramData\347Q436Q80J306
2017-03-15 09:20 - 2017-03-17 10:16 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Prukatain
2017-03-15 09:20 - 2017-03-16 17:20 - 00000000 ____D C:\Program Files (x86)\Prerus
2017-03-15 09:20 - 2017-03-15 09:25 - 00000000 ____D C:\Users\Lomi\AppData\Local\Couqlegrefase
2017-03-15 09:20 - 2017-03-15 09:20 - 00006002 _____ C:\Windows\System32\Tasks\Cpiing Client
2017-03-15 08:50 - 2017-03-15 08:50 - 00000000 ____D C:\Program Files\EaseUS
2017-03-14 09:29 - 2017-03-14 09:29 - 00016728 _____ C:\Windows\System32\Tasks\8173P2314P6855k7507-dll
2017-03-14 05:47 - 2017-03-14 09:00 - 00000000 ____D C:\Windows\System32\Tasks\updates
2017-03-13 12:07 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files (x86)\Biposhbonle
2017-03-13 12:07 - 2017-03-16 17:25 - 00000000 ___HD C:\ProgramData\8173P2314P6855k7507
2017-03-13 12:07 - 2017-03-14 08:44 - 00000000 ____D C:\ProgramData\RegisterObject
2017-03-13 12:07 - 2017-03-13 12:07 - 00005090 _____ C:\Windows\System32\Tasks\Ghuwolyarnock
2017-03-13 12:07 - 2017-03-13 12:07 - 00000000 ____D C:\Users\Lomi\AppData\Local\Nuwotmolient
2017-03-13 12:00 - 2017-03-13 12:00 - 00000000 ___HD C:\$AV_ASW
2017-03-13 09:03 - 2017-03-17 01:21 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.dwg
2017-03-13 09:03 - 2017-03-17 01:21 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.bak
2017-03-12 04:33 - 2017-03-17 03:14 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\stickies
2017-03-12 04:32 - 2017-03-12 04:32 - 00000620 _____ C:\Windows\uninstallstickies.bat
2017-03-12 04:32 - 2017-03-12 04:32 - 00000000 ____D C:\Program Files (x86)\Stickies
2017-03-11 02:52 - 2017-03-15 23:45 - 00000000 ____D C:\Users\Lomi\AppData\LocalLow\uTorrent
2017-03-07 19:27 - 2011-01-26 22:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2017-03-07 19:26 - 2011-01-26 22:26 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2017-03-07 19:26 - 2011-01-26 21:40 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-07 19:26 - 2011-01-26 21:32 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2017-03-07 19:26 - 2011-01-26 19:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2017-03-07 19:26 - 2011-01-26 16:00 - 00419712 _____ C:\Windows\SysWOW64\locale.nls
2017-03-07 19:26 - 2011-01-26 15:56 - 00419712 _____ C:\Windows\System32\locale.nls
2017-03-07 19:24 - 2017-03-07 19:25 - 13437272 _____ C:\Users\Lomi\Downloads\Windows6.1-KB2496898-v3-x64.msu
2017-03-07 12:44 - 2017-03-07 12:44 - 00020484 _____ C:\Users\Lomi\Downloads\call-of-the-wolf_english-1498614.zip
2017-03-05 07:53 - 2017-03-07 12:45 - 00000000 ____D C:\Users\Lomi\Downloads\Call of the Wolf 2017.HDRip.XviD.AC3-EVO
2017-03-05 07:48 - 2017-03-05 07:48 - 00001882 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2017-03-05 07:44 - 2017-03-01 04:06 - 00398408 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2017-03-04 12:08 - 2017-03-04 12:08 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2017-03-04 12:08 - 2017-03-04 12:08 - 00000000 ____D C:\ProgramData\Logitech
2017-03-04 12:07 - 2017-03-04 12:07 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2017-03-04 12:05 - 2017-03-04 12:08 - 00000000 ____D C:\ProgramData\Logishrd
2017-03-04 12:04 - 2017-03-04 12:04 - 00000000 ____D C:\Program Files\Logitech
2017-03-04 11:40 - 2017-03-04 12:07 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-03-04 11:32 - 2017-03-04 12:08 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logitech
2017-03-04 11:32 - 2017-03-04 11:32 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logishrd
2017-03-04 11:31 - 2017-03-04 11:39 - 04147600 _____ ($Co_Name Inc.) C:\Users\Lomi\Downloads\unifying250.exe
2017-03-04 11:27 - 2017-03-04 11:31 - 03679544 _____ (Logitech Inc.) C:\Users\Lomi\Downloads\SetPoint6.67.83_smart.exe
2017-03-04 11:12 - 2017-03-04 11:12 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-04 11:12 - 2017-03-04 11:12 - 00000000 ____D C:\Intel
2017-03-03 04:33 - 2017-03-17 02:02 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-03 04:33 - 2017-03-03 04:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-03 04:33 - 2017-03-03 04:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-03 04:33 - 2016-03-10 00:39 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2017-03-03 04:33 - 2016-03-10 00:38 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-03-03 04:33 - 2016-03-10 00:38 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-03-03 01:22 - 2017-03-03 01:22 - 00001223 _____ C:\Users\Lomi\Documents\hosts.txt
2017-03-01 04:44 - 2017-03-01 04:44 - 00000000 ____H C:\Users\Lomi\Documents\Default.rdp
2017-02-28 23:49 - 2012-12-17 13:01 - 00574100 _____ C:\Windows\System32\hp1022n.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00245248 _____ () C:\Windows\System32\zshp1020s.dll
2017-02-28 23:49 - 2012-12-17 13:01 - 00206768 _____ C:\Windows\System32\hp1022.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00128820 _____ C:\Windows\System32\hp1020.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00010632 _____ C:\Windows\System32\ZSHP1020.CHM
2017-02-28 23:49 - 2012-09-18 01:57 - 00501760 _____ C:\Windows\System32\ZSHP1020.EXE
2017-02-28 23:49 - 2012-09-18 01:57 - 00192512 _____ C:\Windows\System32\ZLhp1020.DLL
2017-02-24 04:58 - 2017-02-24 04:58 - 00000000 ____D C:\Users\Lomi\Documents\GomPlayer
2017-02-24 04:46 - 2017-03-18 09:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-24 04:45 - 2017-03-01 04:04 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbloga.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsha.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbuniva.sys
2017-02-24 04:43 - 2017-02-24 04:43 - 00029432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetNd6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-18 10:59 - 2016-08-28 09:50 - 02416560 _____ C:\Windows\ntbtlog.txt
2017-03-18 10:55 - 2009-07-13 18:34 - 00000513 _____ C:\Windows\win.ini
2017-03-18 10:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-18 09:48 - 2009-07-13 20:45 - 00019728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-18 09:48 - 2009-07-13 20:45 - 00019728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-17 10:16 - 2012-07-15 22:51 - 00000000 ____D C:\Program Files (x86)\Reliance 3G
2017-03-17 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2017-03-17 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-17 03:14 - 2016-10-20 19:27 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\DMCache
2017-03-17 02:41 - 2016-08-28 10:36 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-03-17 02:31 - 2013-11-09 00:16 - 00000000 ____D C:\Users\Lomi\Desktop\New Folder
2017-03-17 02:19 - 2016-09-13 07:49 - 00000976 _____ C:\Windows\Tasks\Bing Powered Search coner.job
2017-03-17 01:56 - 2016-08-19 00:44 - 00000000 ____D C:\Users\Lomi\Desktop\New folder (2)
2017-03-17 01:54 - 2012-04-26 21:39 - 00000000 ____D C:\Users\Lomi\AppData\Local\Google
2017-03-17 01:21 - 2016-02-02 00:09 - 00000000 ____D C:\Users\Lomi\Graphisoft
2017-03-17 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2017-03-16 23:53 - 2016-02-08 01:35 - 00000321 _____ C:\Users\Lomi\Documents\BIMx_Export_Log.txt
2017-03-16 23:53 - 2016-02-08 01:35 - 00000000 ____D C:\Users\Lomi\Documents\BIMx
2017-03-16 23:43 - 2012-05-05 22:52 - 00000000 ____D C:\Users\Lomi\AppData\Local\ElevatedDiagnostics
2017-03-16 20:47 - 2012-04-20 23:10 - 00000000 ____D C:\users\Lomi
2017-03-16 19:41 - 2016-02-02 00:09 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Graphisoft
2017-03-16 18:58 - 2016-02-02 00:02 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-03-16 18:51 - 2016-05-10 19:48 - 00000000 ____D C:\Users\Lomi\AppData\Local\app
2017-03-16 17:44 - 2013-03-27 18:26 - 00000000 ____D C:\Users\Lomi\Downloads\PCPerformer-BitTorrent-a
2017-03-16 17:42 - 2016-10-20 19:27 - 00000000 ____D C:\Users\Lomi\Downloads\Compressed
2017-03-16 17:42 - 2015-06-14 03:22 - 00000000 ____D C:\Users\Lomi\Documents\Fax
2017-03-16 17:36 - 2016-07-18 18:49 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\excdir
2017-03-16 17:31 - 2016-06-04 08:14 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2017-03-16 11:02 - 2012-04-30 04:40 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\vlc
2017-03-16 10:37 - 2016-02-02 00:00 - 00008638 _____ C:\Windows\vpd.properties
2017-03-16 10:31 - 2016-02-01 23:55 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Install.GS
2017-03-16 08:30 - 2016-02-08 01:11 - 00000000 ____D C:\Program Files\GRAPHISOFT
2017-03-16 06:46 - 2016-12-25 08:32 - 00002311 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-16 03:36 - 2012-10-17 23:08 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\uTorrent
2017-03-15 12:01 - 2013-09-19 10:19 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720556517-2290334221-82917080-1000Core.job
2017-03-15 10:06 - 2016-07-29 11:03 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 10:06 - 2012-04-27 00:05 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 10:06 - 2012-04-27 00:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 10:05 - 2012-04-27 00:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-15 10:05 - 2012-04-27 00:05 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-14 08:35 - 2014-09-10 02:43 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2017-03-14 02:08 - 2016-09-06 02:01 - 00337592 _____ (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys
2017-03-13 08:42 - 2016-07-05 22:20 - 00000000 ____D C:\Users\Lomi\Desktop\moveeee
2017-03-13 08:42 - 2015-04-13 02:33 - 00000000 ____D C:\Users\Lomi\Desktop\movies and series
2017-03-12 06:55 - 2015-04-30 02:25 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
2017-03-12 01:36 - 2015-02-02 01:43 - 00000000 ____D C:\Windows\pss
2017-03-11 02:14 - 2016-10-20 19:49 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\IDM
2017-03-11 02:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2017-03-11 02:09 - 2016-09-06 02:02 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1473156157
2017-03-11 01:54 - 2016-09-06 02:01 - 00548928 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2017-03-09 23:39 - 2017-01-14 09:35 - 00003561 _____ C:\Users\Lomi\AppData\LocalLow\lpm.dat
2017-03-07 19:30 - 2009-07-13 20:45 - 00483512 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-03 05:12 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2017-03-03 02:10 - 2017-01-21 23:54 - 00000000 ____D C:\Users\Lomi\Desktop\akru
2017-03-03 01:30 - 2012-04-21 00:10 - 00000111 _____ C:\Users\Lomi\AppData\default.pls
2017-03-01 05:40 - 2014-06-19 07:54 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2017-03-01 04:06 - 2016-09-06 02:01 - 00162528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00126600 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00100640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00075704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00038296 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2017-03-01 04:05 - 2016-09-06 02:01 - 00993608 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2017-03-01 04:05 - 2016-09-06 02:01 - 00032088 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2017-03-01 04:04 - 2016-09-06 02:01 - 00461640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetSec.sys
2017-02-28 23:49 - 2016-10-08 21:03 - 00000000 ____D C:\Program Files\HP
2017-02-25 13:42 - 2016-09-06 01:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-24 20:58 - 2013-04-01 04:31 - 00000000 ____D C:\Temp
2017-02-24 04:44 - 2016-09-06 02:01 - 00337080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys.148794039645104
2017-02-21 10:40 - 2009-07-13 21:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Some files in TEMP:
====================
2017-03-17 02:23 - 2011-01-18 04:25 - 0180136 _____ (Autodesk, Inc.) C:\Users\Lomi\AppData\Local\Temp\AcDeltree.exe
2017-03-15 09:21 - 2017-03-15 09:21 - 0134144 _____ () C:\Users\Lomi\AppData\Local\Temp\dnschanger_1.exe
2017-03-17 02:23 - 2017-03-17 02:28 - 1976656 _____ (Flexera Software, Inc.) C:\Users\Lomi\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-03-16 06:41 - 2017-03-16 06:41 - 0396982 _____ () C:\Users\Lomi\AppData\Local\Temp\global_installer.exe
2017-03-16 06:42 - 2017-03-16 06:42 - 0425674 _____ () C:\Users\Lomi\AppData\Local\Temp\S3HO8V7.exe
2017-03-16 06:41 - 2017-03-16 06:41 - 1247620 _____ (VideoBox                                                    ) C:\Users\Lomi\AppData\Local\Temp\vbsetup.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2015-02-02 01:46] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2015-02-02 01:46] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 3002.93 MB
Available physical RAM: 2186.37 MB
Total Virtual: 3001.07 MB
Available Virtual: 2186.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:143.88 GB) (Free:31.76 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:69.34 GB) (Free:9.13 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:73.44 GB) (Free:12.08 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:11.24 GB) (Free:2.02 GB) NTFS
Drive i: () (Removable) (Total:7.45 GB) (Free:1.71 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F8838554)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=143.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-03-14 03:45

==================== End of FRST.txt ============================

Link to post
Share on other sites

Hello Vamn and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

If your system will boot normally run the following and post the logs.. FRST.txt and Additional.txt

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Can, you run again as follows....

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

If your system will boot normally run the following and post the logs.. FRST.txt and Additional.txt

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

fixlist.txt

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Lomi (administrator) on LOMI-PC (19-03-2017 22:40:27)
Running from C:\Users\Lomi\Desktop
Loaded Profiles: Lomi (Available Profiles: Lomi)
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
() C:\Program Files (x86)\Reliance 3G\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Reliance 3G\UIExec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-01] (AVAST Software)
HKLM-x32\...\Run: [USB Antivirus] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Reliance 3G\UIExec.exe [153424 2011-08-09] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\Run: [GoogleChromeAutoLaunch_F7D298390FC18DAC6355161D983C39B0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3981368 2016-10-01] (Tonec Inc.)
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\Run: [XOFYP9VZ2N] => "C:\Program Files (x86)\BeCleaner\P34OA.exe"
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {12d252a7-cf12-11e1-ba6f-c80aa99185d7} - H:\Windows/AutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {13dcd877-54cd-11e6-ba41-fe2f38f8b0b2} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {1dd04af1-c82f-11e6-b2e2-f1bca20594b0} - H:\Setup.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {225facb7-e6d8-11e2-bdd6-c80aa99185d7} - H:\AutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {225facd9-e6d8-11e2-bdd6-c80aa99185d7} - H:\AutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {44d000d1-f95b-11e1-998e-c80aa99185d7} - H:\AutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {44d000df-f95b-11e1-998e-c80aa99185d7} - H:\AutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {6c1e474c-ef22-11e4-b5b7-ba66af7047b9} - H:\AutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {741ca753-272b-11e2-84b3-c80aa99185d7} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {7c2a2668-e6f1-11e2-b979-c80aa99185d7} - I:\AutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {a4a64c00-f851-11e3-bbea-c80aa99185d7} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {ab4c0513-7ce4-11e6-b8e3-a2acfcdca1a7} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {ae77dfbb-7b81-11e3-b859-c80aa99185d7} - H:\LGAutoRun.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {af17f380-3be7-11e4-ba17-8c1ae6681fd2} - H:\Startme.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {e0c1eebd-6e82-11e5-b7ca-a92d9e7ac5fa} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\MountPoints2: {e727d39c-7c9e-11e5-b8be-bfbbc5586fac} - M:\Lenovo_Suite.exe
ShellExecuteHooks: No Name - {E4CA1236-0398-11E7-A247-64006A5CFC23} - C:\Users\Lomi\AppData\Roaming\Putodom\Ljeent.dll -> No File
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-01] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-01] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2017-03-17]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-03-17]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2017-03-12]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\Lomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-04-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1CE07A9C-19E1-4F34-AB0B-66DAF162BC15}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{477eec62-25e2-4a30-b5f6-8987e860b343}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{A8FA4F14-9452-465F-A938-CB50FAB5EEE9}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{BE16C2BF-7744-4B39-8B1B-C32B819C1726}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{E68CCD3A-812C-45DF-9643-A64D99E5D59D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-3720556517-2290334221-82917080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7dba49b7&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-052d0ae8&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7dba49b7&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-052d0ae8&q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7dba49b7&q={searchTerms}
SearchScopes: HKLM-x32 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3720556517-2290334221-82917080-1000 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7dba49b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3720556517-2290334221-82917080-1000 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-052d0ae8&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3720556517-2290334221-82917080-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7dba49b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3720556517-2290334221-82917080-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-01] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-01] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-26]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-03-05] [not signed]
FF HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-09-21]
FF HKU\S-1-5-21-3720556517-2290334221-82917080-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Lomi\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Lomi\AppData\Roaming\IDM\idmmzcc5 [2017-03-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3720556517-2290334221-82917080-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Lomi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxp://www.youndoo.com/?z=34723af9ac234d6f22927c0g3z7b4t3qcm7w6z5wdb&from=amz&uid=HitachiXHTS723232L9A360_090910FCC400NEHHRKLGX&type=hp
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.youndoo.com/?z=34723af9ac234d6f22927c0g3z7b4t3qcm7w6z5wdb&from=amz&uid=HitachiXHTS723232L9A360_090910FCC400NEHHRKLGX&type=hp"
CHR Profile: C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-19] <==== ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-15]
CHR Profile: C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\Default [2017-03-17]
CHR Extension: (Docs) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17]
CHR Extension: (Google Drive) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17]
CHR Extension: (YouTube) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Lomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-01] (AVAST Software s.r.o.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-03-01] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 UDisk Monitor; C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [402944 2008-08-25] () [File not signed]
R2 UI Assistant Service; C:\Program Files (x86)\Reliance 3G\AssistantServices.exe [270672 2011-08-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-01] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-01] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-01] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-01] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-01] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-02-24] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [461640 2017-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-14] (Sony Mobile Communications)
S3 LNonPnP; C:\Windows\System32\Drivers\LNonPnP.sys [18960 2017-03-19] (Logitech, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-06-04] (电脑管家)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105160 2012-12-20] (WIBU-SYSTEMS AG)
S3 zteusbser; C:\Windows\System32\DRIVERS\ztemtusbser.sys [118784 2008-08-22] (ZTEMT Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-19 22:40 - 2017-03-19 22:41 - 00024437 _____ C:\Users\Lomi\Desktop\FRST.txt
2017-03-19 22:39 - 2017-03-19 22:39 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-19 22:39 - 2017-03-19 00:37 - 02424832 _____ (Farbar) C:\Users\Lomi\Desktop\FRST64.exe
2017-03-19 21:26 - 2017-03-19 21:26 - 00000000 ____H C:\ProgramData\cm-lock
2017-03-19 14:15 - 2017-03-19 22:40 - 00000000 ____D C:\FRST
2017-03-17 15:40 - 2017-03-17 15:40 - 00000198 ____H C:\Users\Lomi\Documents\Drawing1.dwl2
2017-03-17 15:40 - 2017-03-17 15:40 - 00000048 ____H C:\Users\Lomi\Documents\Drawing1.dwl
2017-03-17 15:15 - 2017-03-17 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-17 08:28 - 2017-03-17 08:28 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-03-17 08:28 - 2017-03-17 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-03-17 08:14 - 2017-03-17 08:14 - 00015415 _____ C:\Windows\Forgotten Riddles - The Moonlight Sonatas Uninstall Log.txt
2017-03-17 00:28 - 2017-03-17 00:28 - 00001191 _____ C:\Users\Public\Desktop\BIMx for ArchiCAD 17.lnk
2017-03-17 00:28 - 2017-03-17 00:28 - 00001016 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2017-03-17 00:13 - 2017-03-17 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
2017-03-17 00:13 - 2017-03-17 00:14 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2017-03-17 00:13 - 2017-03-17 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2017-03-17 00:13 - 2017-03-17 00:13 - 00000000 ____D C:\ProgramData\CodeMeter
2017-03-17 00:13 - 2017-03-17 00:13 - 00000000 ____D C:\Program Files\CodeMeter
2017-03-17 00:13 - 2012-12-20 10:40 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lcn
2017-03-17 00:12 - 2017-03-17 00:12 - 00000000 ____D C:\Program Files\WIBU-SYSTEMS
2017-03-17 00:12 - 2017-03-17 00:12 - 00000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2017-03-17 00:12 - 2017-03-17 00:12 - 00000000 ____D C:\Program Files (x86)\WIBUKEY
2017-03-17 00:12 - 2012-12-20 23:33 - 00021376 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\Wibukey2_64.sys
2017-03-17 00:12 - 2012-12-20 10:40 - 00599584 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\wibuKJni64.dll
2017-03-17 00:12 - 2012-12-20 10:40 - 00459808 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\wibuKJni.dll
2017-03-17 00:12 - 2012-12-20 10:40 - 00432128 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkExt64.dll
2017-03-17 00:12 - 2012-12-20 10:40 - 00344064 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkExt32.dll
2017-03-17 00:12 - 2012-12-20 10:40 - 00176640 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.dll
2017-03-17 00:12 - 2012-12-20 10:40 - 00156672 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.dll
2017-03-17 00:12 - 2012-12-20 10:40 - 00105160 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\WibuKey64.sys
2017-03-17 00:12 - 2012-12-20 10:40 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lde
2017-03-17 00:12 - 2012-12-20 10:40 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lde
2017-03-17 00:12 - 2012-12-20 10:40 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lfr
2017-03-17 00:12 - 2012-12-20 10:40 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.les
2017-03-17 00:12 - 2012-12-20 10:40 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lbr
2017-03-17 00:12 - 2012-12-20 10:40 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lfr
2017-03-17 00:12 - 2012-12-20 10:40 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.les
2017-03-17 00:12 - 2012-12-20 10:40 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lit
2017-03-17 00:12 - 2012-12-20 10:40 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lit
2017-03-17 00:12 - 2012-12-20 10:40 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.ljp
2017-03-17 00:12 - 2012-12-20 10:40 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.ljp
2017-03-17 00:12 - 2012-12-20 10:40 - 00020480 _____ C:\Windows\SysWOW64\WkWin32.lhu
2017-03-17 00:12 - 2012-12-20 10:40 - 00020480 _____ C:\Windows\system32\WkWin64.lhu
2017-03-17 00:12 - 2012-12-20 10:40 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lcn
2017-03-17 00:08 - 2017-03-17 20:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-17 00:08 - 2017-03-17 00:08 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-17 00:03 - 2017-03-17 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT
2017-03-16 18:17 - 2017-03-16 18:17 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17 (1).zip
2017-03-16 18:15 - 2017-03-16 18:15 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17.zip
2017-03-15 23:25 - 2017-03-15 23:25 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter3
2017-03-15 23:21 - 2017-03-15 23:25 - 00001212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SpyHunter.lnk
2017-03-15 22:20 - 2017-03-15 22:20 - 00000000 ____D C:\Program Files\EaseUS
2017-03-14 22:59 - 2017-03-14 22:59 - 00016728 _____ C:\Windows\System32\Tasks\8173P2314P6855k7507-dll
2017-03-14 19:17 - 2017-03-14 22:30 - 00000000 ____D C:\Windows\System32\Tasks\updates
2017-03-14 01:30 - 2017-03-14 01:30 - 00000000 ___HD C:\$AV_ASW
2017-03-13 22:33 - 2017-03-17 14:51 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.dwg
2017-03-13 22:33 - 2017-03-17 14:51 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.bak
2017-03-12 18:03 - 2017-03-19 22:39 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\stickies
2017-03-12 18:02 - 2017-03-12 18:02 - 00000620 _____ C:\Windows\uninstallstickies.bat
2017-03-12 18:02 - 2017-03-12 18:02 - 00000000 ____D C:\Program Files (x86)\Stickies
2017-03-11 16:22 - 2017-03-16 13:15 - 00000000 ____D C:\Users\Lomi\AppData\LocalLow\uTorrent
2017-03-08 08:57 - 2011-01-27 11:40 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAL.DLL
2017-03-08 08:57 - 2011-01-27 11:40 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINDEV.DLL
2017-03-08 08:57 - 2011-01-27 11:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2017-03-08 08:57 - 2011-01-27 11:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2017-03-08 08:57 - 2011-01-27 11:40 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2017-03-08 08:57 - 2011-01-27 11:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2017-03-08 08:57 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2017-03-08 08:57 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2017-03-08 08:57 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2017-03-08 08:56 - 2011-01-27 11:56 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-08 08:56 - 2011-01-27 11:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINPUN.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINGUJ.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE2.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE1.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINASA.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2017-03-08 08:56 - 2011-01-27 11:40 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2017-03-08 08:56 - 2011-01-27 11:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-08 08:56 - 2011-01-27 11:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2017-03-08 08:56 - 2011-01-27 11:02 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2017-03-08 08:56 - 2011-01-27 09:24 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINEN.DLL
2017-03-08 08:56 - 2011-01-27 05:30 - 00419712 _____ C:\Windows\SysWOW64\locale.nls
2017-03-08 08:56 - 2011-01-27 05:26 - 00419712 _____ C:\Windows\system32\locale.nls
2017-03-08 08:54 - 2017-03-08 08:55 - 13437272 _____ C:\Users\Lomi\Downloads\Windows6.1-KB2496898-v3-x64.msu
2017-03-08 02:14 - 2017-03-08 02:14 - 00020484 _____ C:\Users\Lomi\Downloads\call-of-the-wolf_english-1498614.zip
2017-03-05 21:23 - 2017-03-08 02:15 - 00000000 ____D C:\Users\Lomi\Downloads\Call of the Wolf 2017.HDRip.XviD.AC3-EVO
2017-03-05 21:18 - 2017-03-05 21:18 - 00001882 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2017-03-05 21:18 - 2017-03-05 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-03-05 21:14 - 2017-03-01 17:36 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-05 01:38 - 2017-03-05 01:38 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2017-03-05 01:38 - 2017-03-05 01:38 - 00000000 ____D C:\ProgramData\Logitech
2017-03-05 01:37 - 2017-03-19 16:38 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-03-05 01:35 - 2017-03-05 01:38 - 00000000 ____D C:\ProgramData\Logishrd
2017-03-05 01:35 - 2017-03-05 01:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-03-05 01:34 - 2017-03-05 01:34 - 00000000 ____D C:\Program Files\Logitech
2017-03-05 01:10 - 2017-03-05 01:37 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-03-05 01:02 - 2017-03-05 01:38 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logitech
2017-03-05 01:02 - 2017-03-05 01:02 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logishrd
2017-03-05 01:01 - 2017-03-05 01:09 - 04147600 _____ ($Co_Name Inc.) C:\Users\Lomi\Downloads\unifying250.exe
2017-03-05 00:57 - 2017-03-05 01:01 - 03679544 _____ (Logitech Inc.) C:\Users\Lomi\Downloads\SetPoint6.67.83_smart.exe
2017-03-05 00:42 - 2017-03-05 00:42 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-05 00:42 - 2017-03-05 00:42 - 00000000 ____D C:\Intel
2017-03-03 18:03 - 2017-03-17 15:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-03 18:03 - 2017-03-03 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-03-03 18:03 - 2017-03-03 18:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-03 18:03 - 2017-03-03 18:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-03 18:03 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-03-03 18:03 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-03 18:03 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-03 14:52 - 2017-03-03 14:52 - 00001223 _____ C:\Users\Lomi\Documents\hosts.txt
2017-03-01 18:14 - 2017-03-01 18:14 - 00000000 ____H C:\Users\Lomi\Documents\Default.rdp
2017-03-01 13:19 - 2012-12-18 02:31 - 00574100 _____ C:\Windows\system32\hp1022n.img
2017-03-01 13:19 - 2012-12-18 02:31 - 00245248 _____ () C:\Windows\system32\zshp1020s.dll
2017-03-01 13:19 - 2012-12-18 02:31 - 00206768 _____ C:\Windows\system32\hp1022.img
2017-03-01 13:19 - 2012-12-18 02:31 - 00128820 _____ C:\Windows\system32\hp1020.img
2017-03-01 13:19 - 2012-12-18 02:31 - 00010632 _____ C:\Windows\system32\ZSHP1020.CHM
2017-03-01 13:19 - 2012-09-18 15:27 - 00501760 _____ C:\Windows\system32\ZSHP1020.EXE
2017-03-01 13:19 - 2012-09-18 15:27 - 00192512 _____ C:\Windows\system32\ZLhp1020.DLL
2017-02-24 18:28 - 2017-02-24 18:28 - 00000000 ____D C:\Users\Lomi\Documents\GomPlayer
2017-02-24 18:16 - 2017-03-19 01:29 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-24 18:15 - 2017-03-01 17:34 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-24 18:15 - 2017-03-01 17:34 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-24 18:15 - 2017-03-01 17:34 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-24 18:15 - 2017-03-01 17:34 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-24 18:13 - 2017-02-24 18:13 - 00029432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-20 06:29 - 2009-07-14 08:50 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-19 22:38 - 2009-07-14 08:04 - 00000513 _____ C:\Windows\win.ini
2017-03-19 22:36 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-19 21:49 - 2016-09-13 21:19 - 00000976 _____ C:\Windows\Tasks\Bing Powered Search coner.job
2017-03-19 17:40 - 2016-10-21 08:57 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\DMCache
2017-03-19 17:40 - 2009-07-14 10:15 - 00019728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-19 17:40 - 2009-07-14 10:15 - 00019728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-19 17:04 - 2012-04-21 12:40 - 00000000 ____D C:\Users\Lomi
2017-03-19 16:38 - 2016-08-28 23:20 - 02936662 _____ C:\Windows\ntbtlog.txt
2017-03-17 23:46 - 2012-07-16 12:21 - 00000000 ____D C:\Program Files (x86)\Reliance 3G
2017-03-17 23:46 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2017-03-17 23:46 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2017-03-17 16:11 - 2016-08-29 00:06 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-03-17 16:01 - 2013-11-09 13:46 - 00000000 ____D C:\Users\Lomi\Desktop\New Folder
2017-03-17 15:26 - 2016-08-19 14:14 - 00000000 ____D C:\Users\Lomi\Desktop\New folder (2)
2017-03-17 15:24 - 2012-04-27 11:09 - 00000000 ____D C:\Users\Lomi\AppData\Local\Google
2017-03-17 14:51 - 2016-02-02 13:39 - 00000000 ____D C:\Users\Lomi\Graphisoft
2017-03-17 14:00 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2017-03-17 13:23 - 2016-02-08 15:05 - 00000321 _____ C:\Users\Lomi\Documents\BIMx_Export_Log.txt
2017-03-17 13:23 - 2016-02-08 15:05 - 00000000 ____D C:\Users\Lomi\Documents\BIMx
2017-03-17 13:13 - 2012-05-06 12:22 - 00000000 ____D C:\Users\Lomi\AppData\Local\ElevatedDiagnostics
2017-03-17 09:11 - 2016-02-02 13:39 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Graphisoft
2017-03-17 08:28 - 2016-02-02 13:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-03-17 08:21 - 2016-05-11 09:18 - 00000000 ____D C:\Users\Lomi\AppData\Local\app
2017-03-17 08:14 - 2014-08-16 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Riddles - The Moonlight Sonatas
2017-03-17 07:14 - 2013-03-28 07:56 - 00000000 ____D C:\Users\Lomi\Downloads\PCPerformer-BitTorrent-a
2017-03-17 07:12 - 2016-10-21 08:57 - 00000000 ____D C:\Users\Lomi\Downloads\Compressed
2017-03-17 07:12 - 2015-06-14 16:52 - 00000000 ____D C:\Users\Lomi\Documents\Fax
2017-03-17 07:06 - 2016-07-19 08:19 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\excdir
2017-03-17 07:01 - 2016-06-04 21:44 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2017-03-17 00:32 - 2012-04-30 18:10 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\vlc
2017-03-17 00:07 - 2016-02-02 13:30 - 00008638 _____ C:\Windows\vpd.properties
2017-03-17 00:01 - 2016-02-02 13:25 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Install.GS
2017-03-16 22:00 - 2016-02-08 14:41 - 00000000 ____D C:\Program Files\GRAPHISOFT
2017-03-16 20:16 - 2016-12-25 22:02 - 00002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-16 20:16 - 2016-12-25 22:02 - 00002311 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-16 17:06 - 2012-10-18 12:38 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\uTorrent
2017-03-16 01:31 - 2013-09-19 23:49 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720556517-2290334221-82917080-1000Core.job
2017-03-15 23:36 - 2016-07-30 00:33 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 23:36 - 2012-04-27 13:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 23:36 - 2012-04-27 13:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 23:35 - 2012-04-27 13:35 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-15 23:35 - 2012-04-27 13:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-14 22:05 - 2014-09-10 16:13 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2017-03-14 15:38 - 2016-09-06 15:31 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-13 22:12 - 2016-07-06 11:50 - 00000000 ____D C:\Users\Lomi\Desktop\moveeee
2017-03-13 22:12 - 2015-04-13 16:03 - 00000000 ____D C:\Users\Lomi\Desktop\movies and series
2017-03-12 20:25 - 2015-04-30 15:55 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
2017-03-12 15:06 - 2015-02-02 15:13 - 00000000 ____D C:\Windows\pss
2017-03-11 15:44 - 2016-10-21 09:19 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\IDM
2017-03-11 15:43 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\ModemLogs
2017-03-11 15:39 - 2016-09-06 15:32 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1473156157
2017-03-11 15:24 - 2016-09-06 15:31 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-10 13:09 - 2017-01-14 23:05 - 00003561 _____ C:\Users\Lomi\AppData\LocalLow\lpm.dat
2017-03-08 09:00 - 2009-07-14 10:15 - 00483512 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-03 18:42 - 2009-07-14 11:02 - 00000000 ____D C:\Windows\Performance
2017-03-03 15:40 - 2017-01-22 13:24 - 00000000 ____D C:\Users\Lomi\Desktop\akru
2017-03-03 15:00 - 2012-04-21 13:40 - 00000111 _____ C:\Users\Lomi\AppData\default.pls
2017-03-01 19:10 - 2014-06-19 21:24 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2017-03-01 17:36 - 2016-09-06 15:31 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-01 17:36 - 2016-09-06 15:31 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-01 17:36 - 2016-09-06 15:31 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-01 17:36 - 2016-09-06 15:31 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-01 17:36 - 2016-09-06 15:31 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-01 17:35 - 2016-09-06 15:31 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-01 17:35 - 2016-09-06 15:31 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-01 17:34 - 2016-09-06 15:31 - 00461640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-03-01 13:20 - 2015-05-11 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-03-01 13:19 - 2016-10-09 10:33 - 00000000 ____D C:\Program Files\HP
2017-02-26 03:12 - 2016-09-06 15:29 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-25 10:28 - 2013-04-01 18:01 - 00000000 ____D C:\Temp
2017-02-24 18:14 - 2016-09-06 15:31 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148794039645104
2017-02-23 22:37 - 2016-09-13 21:07 - 00001111 _____ C:\Users\Lomi\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-02-22 00:10 - 2009-07-14 10:38 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-17 09:48 - 2012-06-21 17:47 - 00000000 ____D C:\ProgramData\TEMP
2017-02-17 09:43 - 2014-08-16 20:34 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\ForgottenRiddles2

==================== Files in the root of some directories =======

2014-01-29 14:22 - 2014-01-29 14:57 - 50053120 _____ () C:\Program Files (x86)\GUTA380.tmp
2016-05-11 08:33 - 2016-05-11 08:33 - 6748160 _____ () C:\Program Files (x86)\GUTA7AD.tmp
2014-01-29 14:22 - 2014-01-29 14:57 - 50053120 _____ () C:\Program Files (x86)\GUTC5BF.tmp
2014-06-20 02:22 - 2015-05-06 18:57 - 0045270 _____ () C:\Users\Lomi\AppData\Roaming\room_v3.dat
2012-05-31 21:33 - 2015-02-06 17:13 - 0018944 _____ () C:\Users\Lomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-09 16:20 - 2013-05-09 16:20 - 0000058 _____ () C:\Users\Lomi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2012-06-18 23:39 - 2012-06-18 23:39 - 0017408 _____ () C:\Users\Lomi\AppData\Local\WebpageIcons.db
2016-02-05 18:52 - 2016-02-05 18:52 - 0000000 _____ () C:\Users\Lomi\AppData\Local\{49202BD0-65F4-41A8-8226-0878F08E04DC}
2015-05-11 14:25 - 2015-05-11 14:25 - 0000000 _____ () C:\Users\Lomi\AppData\Local\{4DCB906E-1B9A-4C7B-B494-19622E93ACFC}
2015-04-09 11:52 - 2015-04-09 11:52 - 0000000 _____ () C:\Users\Lomi\AppData\Local\{53C74B0A-AEE1-42C6-88A2-B525B81F96F1}
2015-11-19 18:57 - 2015-11-19 18:57 - 0000000 _____ () C:\Users\Lomi\AppData\Local\{A42C49C3-EE1C-4714-B8A7-9A314CDF7F8F}
2017-03-19 21:26 - 2017-03-19 21:26 - 0000000 ____H () C:\ProgramData\cm-lock
2015-05-11 14:12 - 2015-06-05 19:56 - 0013473 _____ () C:\ProgramData\hpzinstall.log
2015-01-12 16:43 - 2015-01-12 16:43 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
2017-03-17 15:53 - 2011-01-18 17:55 - 0180136 _____ (Autodesk, Inc.) C:\Users\Lomi\AppData\Local\Temp\AcDeltree.exe
2017-03-15 22:51 - 2017-03-15 22:51 - 0134144 _____ () C:\Users\Lomi\AppData\Local\Temp\dnschanger_1.exe
2017-03-17 15:53 - 2017-03-17 15:58 - 1976656 _____ (Flexera Software, Inc.) C:\Users\Lomi\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-03-16 20:11 - 2017-03-16 20:11 - 1247620 _____ (VideoBox                                                    ) C:\Users\Lomi\AppData\Local\Temp\vbsetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-14 05:08] - [2015-02-02 15:16] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-14 04:54] - [2015-02-02 15:16] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-14 17:15

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Thanks for those logs, can I also see the log from FRST fix carried out via recovery environment, should be on the USB stick...

Next,

Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Clean install Malwarebytes from version 2 to version 3...

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step



If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin....

 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.