Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black screen with mouse cursor after removing malware


  • This topic is locked This topic is locked
1 reply to this topic

#1 Vamn

Vamn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 19 March 2017 - 04:19 AM

Hello, my screen shows black screen with mouse cursor and windows script dialouge box. The dialouge box has a question mark (?) and close options only. This happened right after malwarebytes scan and restart. I went through some post and tried all the instructions but to no avail. Please help. 

Thanks,

Vamn

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-HTHJCVS (19-03-2017 00:45:49)
Running from i:\
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet003
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-27] (Nico Mak Computing)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-01] (AVAST Software)
HKLM-x32\...\Run: [USB Antivirus] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Reliance 3G\UIExec.exe [153424 2011-08-09] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\Winlogon: [Userinit] wscript, <==== ATTENTION
HKLM-x32\...\Winlogon: [Userinit] wscript, <==== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\Users\Lomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-04-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-01] (AVAST Software s.r.o.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-03-01] (AVAST Software)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-19] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S2 UDisk Monitor; C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [402944 2008-08-25] ()
S2 UI Assistant Service; C:\Program Files (x86)\Reliance 3G\AssistantServices.exe [270672 2011-08-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-01] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-01] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-01] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-01] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-01] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-01] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-01] (AVAST Software)
S3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-02-24] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [461640 2017-03-01] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-01] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-01] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-01] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-01] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
S1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-14] (Sony Mobile Communications)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2017-03-17] (Malwarebytes)
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-06-04] (电脑管家)
S2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105160 2012-12-19] (WIBU-SYSTEMS AG)
S3 zteusbser; C:\Windows\System32\DRIVERS\ztemtusbser.sys [118784 2008-08-21] (ZTEMT Incorporated)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S2 MPCProtectService; no ImagePath
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-19 00:45 - 2017-03-19 00:45 - 00000000 ____D C:\FRST
2017-03-17 07:07 - 2017-03-17 07:07 - 00000000 ____H C:\ProgramData\cm-lock
2017-03-17 02:10 - 2017-03-17 02:10 - 00000198 ____H C:\Users\Lomi\Documents\Drawing1.dwl2
2017-03-17 02:10 - 2017-03-17 02:10 - 00000048 ____H C:\Users\Lomi\Documents\Drawing1.dwl
2017-03-17 01:45 - 2017-03-17 01:45 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-16 18:58 - 2017-03-16 18:58 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-03-16 18:44 - 2017-03-16 18:44 - 00015415 _____ C:\Windows\Forgotten Riddles - The Moonlight Sonatas Uninstall Log.txt
2017-03-16 10:58 - 2017-03-16 10:58 - 00001191 _____ C:\Users\Public\Desktop\BIMx for ArchiCAD 17.lnk
2017-03-16 10:58 - 2017-03-16 10:58 - 00001016 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2017-03-16 10:43 - 2017-03-16 10:44 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2017-03-16 10:43 - 2017-03-16 10:43 - 00000000 ____D C:\ProgramData\CodeMeter
2017-03-16 10:43 - 2017-03-16 10:43 - 00000000 ____D C:\Program Files\CodeMeter
2017-03-16 10:43 - 2012-12-19 21:10 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lcn
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files\WIBU-SYSTEMS
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2017-03-16 10:42 - 2017-03-16 10:42 - 00000000 ____D C:\Program Files (x86)\WIBUKEY
2017-03-16 10:42 - 2012-12-20 10:03 - 00021376 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\Drivers\Wibukey2_64.sys
2017-03-16 10:42 - 2012-12-19 21:10 - 00599584 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\wibuKJni64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00459808 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\wibuKJni.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00432128 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkExt64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00344064 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkExt32.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00176640 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00156672 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.dll
2017-03-16 10:42 - 2012-12-19 21:10 - 00105160 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\Drivers\WibuKey64.sys
2017-03-16 10:42 - 2012-12-19 21:10 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lde
2017-03-16 10:42 - 2012-12-19 21:10 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lde
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lfr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.les
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lbr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lfr
2017-03-16 10:42 - 2012-12-19 21:10 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.les
2017-03-16 10:42 - 2012-12-19 21:10 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lit
2017-03-16 10:42 - 2012-12-19 21:10 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lit
2017-03-16 10:42 - 2012-12-19 21:10 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.ljp
2017-03-16 10:42 - 2012-12-19 21:10 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.ljp
2017-03-16 10:42 - 2012-12-19 21:10 - 00020480 _____ C:\Windows\SysWOW64\WkWin32.lhu
2017-03-16 10:42 - 2012-12-19 21:10 - 00020480 _____ C:\Windows\System32\WkWin64.lhu
2017-03-16 10:42 - 2012-12-19 21:10 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\System32\WkWin64.lcn
2017-03-16 10:38 - 2017-03-17 07:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-16 06:49 - 2017-03-16 17:12 - 00000000 ____D C:\Program Files (x86)\39df6c92-3037-4784-894d-3b61bbc4eee31489675743
2017-03-16 06:47 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\4ZR16G2LF7
2017-03-16 06:44 - 2017-03-17 08:50 - 00000000 ____D C:\Program Files (x86)\Qejisyfank
2017-03-16 06:44 - 2017-03-16 08:16 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Putodom
2017-03-16 06:44 - 2017-03-16 06:48 - 00000000 ____D C:\Users\Lomi\AppData\Local\Prermerward
2017-03-16 06:44 - 2017-03-16 06:44 - 00006050 _____ C:\Windows\System32\Tasks\Codetcherpers Update
2017-03-16 06:44 - 2017-03-16 06:44 - 00000000 ____D C:\Program Files (x86)\Codetcherpers Update
2017-03-16 06:42 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\CAHSBVYC0M
2017-03-16 06:42 - 2017-03-16 17:13 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-03-16 06:41 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files\58A0X417OW
2017-03-16 06:41 - 2017-03-16 18:44 - 00000000 ____D C:\Program Files (x86)\Jogotempo
2017-03-16 06:41 - 2017-03-16 18:31 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-03-16 06:41 - 2017-03-16 06:42 - 02405056 _____ (BitTorrent Inc.) C:\Users\Lomi\Downloads\archicad 17 serial key generator
2017-03-16 04:47 - 2017-03-16 04:47 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17 (1).zip
2017-03-16 04:45 - 2017-03-16 04:45 - 00456704 _____ C:\Users\Lomi\Downloads\GraphiSoft ArchiCAD 17.zip
2017-03-15 09:55 - 2017-03-15 09:55 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter3
2017-03-15 09:21 - 2017-03-15 09:23 - 00000000 ___HD C:\ProgramData\347Q436Q80J306
2017-03-15 09:20 - 2017-03-17 10:16 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Prukatain
2017-03-15 09:20 - 2017-03-16 17:20 - 00000000 ____D C:\Program Files (x86)\Prerus
2017-03-15 09:20 - 2017-03-15 09:25 - 00000000 ____D C:\Users\Lomi\AppData\Local\Couqlegrefase
2017-03-15 09:20 - 2017-03-15 09:20 - 00006002 _____ C:\Windows\System32\Tasks\Cpiing Client
2017-03-15 08:50 - 2017-03-15 08:50 - 00000000 ____D C:\Program Files\EaseUS
2017-03-14 09:29 - 2017-03-14 09:29 - 00016728 _____ C:\Windows\System32\Tasks\8173P2314P6855k7507-dll
2017-03-14 05:47 - 2017-03-14 09:00 - 00000000 ____D C:\Windows\System32\Tasks\updates
2017-03-13 12:07 - 2017-03-17 10:16 - 00000000 ____D C:\Program Files (x86)\Biposhbonle
2017-03-13 12:07 - 2017-03-16 17:25 - 00000000 ___HD C:\ProgramData\8173P2314P6855k7507
2017-03-13 12:07 - 2017-03-14 08:44 - 00000000 ____D C:\ProgramData\RegisterObject
2017-03-13 12:07 - 2017-03-13 12:07 - 00005090 _____ C:\Windows\System32\Tasks\Ghuwolyarnock
2017-03-13 12:07 - 2017-03-13 12:07 - 00000000 ____D C:\Users\Lomi\AppData\Local\Nuwotmolient
2017-03-13 12:00 - 2017-03-13 12:00 - 00000000 ___HD C:\$AV_ASW
2017-03-13 09:03 - 2017-03-17 01:21 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.dwg
2017-03-13 09:03 - 2017-03-17 01:21 - 00289766 _____ C:\Users\Lomi\Desktop\security wall drawing.bak
2017-03-12 04:33 - 2017-03-17 03:14 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\stickies
2017-03-12 04:32 - 2017-03-12 04:32 - 00000620 _____ C:\Windows\uninstallstickies.bat
2017-03-12 04:32 - 2017-03-12 04:32 - 00000000 ____D C:\Program Files (x86)\Stickies
2017-03-11 02:52 - 2017-03-15 23:45 - 00000000 ____D C:\Users\Lomi\AppData\LocalLow\uTorrent
2017-03-07 19:27 - 2011-01-26 22:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2017-03-07 19:27 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2017-03-07 19:27 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2017-03-07 19:26 - 2011-01-26 22:26 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2017-03-07 19:26 - 2011-01-26 22:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2017-03-07 19:26 - 2011-01-26 21:40 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-07 19:26 - 2011-01-26 21:32 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2017-03-07 19:26 - 2011-01-26 21:32 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2017-03-07 19:26 - 2011-01-26 19:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2017-03-07 19:26 - 2011-01-26 16:00 - 00419712 _____ C:\Windows\SysWOW64\locale.nls
2017-03-07 19:26 - 2011-01-26 15:56 - 00419712 _____ C:\Windows\System32\locale.nls
2017-03-07 19:24 - 2017-03-07 19:25 - 13437272 _____ C:\Users\Lomi\Downloads\Windows6.1-KB2496898-v3-x64.msu
2017-03-07 12:44 - 2017-03-07 12:44 - 00020484 _____ C:\Users\Lomi\Downloads\call-of-the-wolf_english-1498614.zip
2017-03-05 07:53 - 2017-03-07 12:45 - 00000000 ____D C:\Users\Lomi\Downloads\Call of the Wolf 2017.HDRip.XviD.AC3-EVO
2017-03-05 07:48 - 2017-03-05 07:48 - 00001882 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2017-03-05 07:44 - 2017-03-01 04:06 - 00398408 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2017-03-04 12:08 - 2017-03-04 12:08 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2017-03-04 12:08 - 2017-03-04 12:08 - 00000000 ____D C:\ProgramData\Logitech
2017-03-04 12:07 - 2017-03-04 12:07 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2017-03-04 12:05 - 2017-03-04 12:08 - 00000000 ____D C:\ProgramData\Logishrd
2017-03-04 12:04 - 2017-03-04 12:04 - 00000000 ____D C:\Program Files\Logitech
2017-03-04 11:40 - 2017-03-04 12:07 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-03-04 11:32 - 2017-03-04 12:08 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logitech
2017-03-04 11:32 - 2017-03-04 11:32 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Logishrd
2017-03-04 11:31 - 2017-03-04 11:39 - 04147600 _____ ($Co_Name Inc.) C:\Users\Lomi\Downloads\unifying250.exe
2017-03-04 11:27 - 2017-03-04 11:31 - 03679544 _____ (Logitech Inc.) C:\Users\Lomi\Downloads\SetPoint6.67.83_smart.exe
2017-03-04 11:12 - 2017-03-04 11:12 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-04 11:12 - 2017-03-04 11:12 - 00000000 ____D C:\Intel
2017-03-03 04:33 - 2017-03-17 02:02 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-03 04:33 - 2017-03-03 04:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-03 04:33 - 2017-03-03 04:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-03 04:33 - 2016-03-10 00:39 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2017-03-03 04:33 - 2016-03-10 00:38 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-03-03 04:33 - 2016-03-10 00:38 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-03-03 01:22 - 2017-03-03 01:22 - 00001223 _____ C:\Users\Lomi\Documents\hosts.txt
2017-03-01 04:44 - 2017-03-01 04:44 - 00000000 ____H C:\Users\Lomi\Documents\Default.rdp
2017-02-28 23:49 - 2012-12-17 13:01 - 00574100 _____ C:\Windows\System32\hp1022n.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00245248 _____ () C:\Windows\System32\zshp1020s.dll
2017-02-28 23:49 - 2012-12-17 13:01 - 00206768 _____ C:\Windows\System32\hp1022.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00128820 _____ C:\Windows\System32\hp1020.img
2017-02-28 23:49 - 2012-12-17 13:01 - 00010632 _____ C:\Windows\System32\ZSHP1020.CHM
2017-02-28 23:49 - 2012-09-18 01:57 - 00501760 _____ C:\Windows\System32\ZSHP1020.EXE
2017-02-28 23:49 - 2012-09-18 01:57 - 00192512 _____ C:\Windows\System32\ZLhp1020.DLL
2017-02-24 04:58 - 2017-02-24 04:58 - 00000000 ____D C:\Users\Lomi\Documents\GomPlayer
2017-02-24 04:46 - 2017-03-18 09:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-24 04:45 - 2017-03-01 04:04 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbloga.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsha.sys
2017-02-24 04:45 - 2017-03-01 04:04 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbuniva.sys
2017-02-24 04:43 - 2017-02-24 04:43 - 00029432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetNd6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-18 10:59 - 2016-08-28 09:50 - 02416560 _____ C:\Windows\ntbtlog.txt
2017-03-18 10:55 - 2009-07-13 18:34 - 00000513 _____ C:\Windows\win.ini
2017-03-18 10:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-18 09:48 - 2009-07-13 20:45 - 00019728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-18 09:48 - 2009-07-13 20:45 - 00019728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-17 10:16 - 2012-07-15 22:51 - 00000000 ____D C:\Program Files (x86)\Reliance 3G
2017-03-17 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2017-03-17 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-17 03:14 - 2016-10-20 19:27 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\DMCache
2017-03-17 02:41 - 2016-08-28 10:36 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-03-17 02:31 - 2013-11-09 00:16 - 00000000 ____D C:\Users\Lomi\Desktop\New Folder
2017-03-17 02:19 - 2016-09-13 07:49 - 00000976 _____ C:\Windows\Tasks\Bing Powered Search coner.job
2017-03-17 01:56 - 2016-08-19 00:44 - 00000000 ____D C:\Users\Lomi\Desktop\New folder (2)
2017-03-17 01:54 - 2012-04-26 21:39 - 00000000 ____D C:\Users\Lomi\AppData\Local\Google
2017-03-17 01:21 - 2016-02-02 00:09 - 00000000 ____D C:\Users\Lomi\Graphisoft
2017-03-17 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2017-03-16 23:53 - 2016-02-08 01:35 - 00000321 _____ C:\Users\Lomi\Documents\BIMx_Export_Log.txt
2017-03-16 23:53 - 2016-02-08 01:35 - 00000000 ____D C:\Users\Lomi\Documents\BIMx
2017-03-16 23:43 - 2012-05-05 22:52 - 00000000 ____D C:\Users\Lomi\AppData\Local\ElevatedDiagnostics
2017-03-16 20:47 - 2012-04-20 23:10 - 00000000 ____D C:\users\Lomi
2017-03-16 19:41 - 2016-02-02 00:09 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Graphisoft
2017-03-16 18:58 - 2016-02-02 00:02 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-03-16 18:51 - 2016-05-10 19:48 - 00000000 ____D C:\Users\Lomi\AppData\Local\app
2017-03-16 17:44 - 2013-03-27 18:26 - 00000000 ____D C:\Users\Lomi\Downloads\PCPerformer-BitTorrent-a
2017-03-16 17:42 - 2016-10-20 19:27 - 00000000 ____D C:\Users\Lomi\Downloads\Compressed
2017-03-16 17:42 - 2015-06-14 03:22 - 00000000 ____D C:\Users\Lomi\Documents\Fax
2017-03-16 17:36 - 2016-07-18 18:49 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\excdir
2017-03-16 17:31 - 2016-06-04 08:14 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2017-03-16 11:02 - 2012-04-30 04:40 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\vlc
2017-03-16 10:37 - 2016-02-02 00:00 - 00008638 _____ C:\Windows\vpd.properties
2017-03-16 10:31 - 2016-02-01 23:55 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\Install.GS
2017-03-16 08:30 - 2016-02-08 01:11 - 00000000 ____D C:\Program Files\GRAPHISOFT
2017-03-16 06:46 - 2016-12-25 08:32 - 00002311 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-16 03:36 - 2012-10-17 23:08 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\uTorrent
2017-03-15 12:01 - 2013-09-19 10:19 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720556517-2290334221-82917080-1000Core.job
2017-03-15 10:06 - 2016-07-29 11:03 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 10:06 - 2012-04-27 00:05 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 10:06 - 2012-04-27 00:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 10:05 - 2012-04-27 00:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-15 10:05 - 2012-04-27 00:05 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-14 08:35 - 2014-09-10 02:43 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2017-03-14 02:08 - 2016-09-06 02:01 - 00337592 _____ (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys
2017-03-13 08:42 - 2016-07-05 22:20 - 00000000 ____D C:\Users\Lomi\Desktop\moveeee
2017-03-13 08:42 - 2015-04-13 02:33 - 00000000 ____D C:\Users\Lomi\Desktop\movies and series
2017-03-12 06:55 - 2015-04-30 02:25 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
2017-03-12 01:36 - 2015-02-02 01:43 - 00000000 ____D C:\Windows\pss
2017-03-11 02:14 - 2016-10-20 19:49 - 00000000 ____D C:\Users\Lomi\AppData\Roaming\IDM
2017-03-11 02:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2017-03-11 02:09 - 2016-09-06 02:02 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1473156157
2017-03-11 01:54 - 2016-09-06 02:01 - 00548928 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2017-03-09 23:39 - 2017-01-14 09:35 - 00003561 _____ C:\Users\Lomi\AppData\LocalLow\lpm.dat
2017-03-07 19:30 - 2009-07-13 20:45 - 00483512 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-03 05:12 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2017-03-03 02:10 - 2017-01-21 23:54 - 00000000 ____D C:\Users\Lomi\Desktop\akru
2017-03-03 01:30 - 2012-04-21 00:10 - 00000111 _____ C:\Users\Lomi\AppData\default.pls
2017-03-01 05:40 - 2014-06-19 07:54 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2017-03-01 04:06 - 2016-09-06 02:01 - 00162528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00126600 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00100640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00075704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2017-03-01 04:06 - 2016-09-06 02:01 - 00038296 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2017-03-01 04:05 - 2016-09-06 02:01 - 00993608 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2017-03-01 04:05 - 2016-09-06 02:01 - 00032088 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2017-03-01 04:04 - 2016-09-06 02:01 - 00461640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetSec.sys
2017-02-28 23:49 - 2016-10-08 21:03 - 00000000 ____D C:\Program Files\HP
2017-02-25 13:42 - 2016-09-06 01:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-24 20:58 - 2013-04-01 04:31 - 00000000 ____D C:\Temp
2017-02-24 04:44 - 2016-09-06 02:01 - 00337080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys.148794039645104
2017-02-21 10:40 - 2009-07-13 21:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Some files in TEMP:
====================
2017-03-17 02:23 - 2011-01-18 04:25 - 0180136 _____ (Autodesk, Inc.) C:\Users\Lomi\AppData\Local\Temp\AcDeltree.exe
2017-03-15 09:21 - 2017-03-15 09:21 - 0134144 _____ () C:\Users\Lomi\AppData\Local\Temp\dnschanger_1.exe
2017-03-17 02:23 - 2017-03-17 02:28 - 1976656 _____ (Flexera Software, Inc.) C:\Users\Lomi\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-03-16 06:41 - 2017-03-16 06:41 - 0396982 _____ () C:\Users\Lomi\AppData\Local\Temp\global_installer.exe
2017-03-16 06:42 - 2017-03-16 06:42 - 0425674 _____ () C:\Users\Lomi\AppData\Local\Temp\S3HO8V7.exe
2017-03-16 06:41 - 2017-03-16 06:41 - 1247620 _____ (VideoBox                                                    ) C:\Users\Lomi\AppData\Local\Temp\vbsetup.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2015-02-02 01:46] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2015-02-02 01:46] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 3002.93 MB
Available physical RAM: 2186.37 MB
Total Virtual: 3001.07 MB
Available Virtual: 2186.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:143.88 GB) (Free:31.76 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:69.34 GB) (Free:9.13 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:73.44 GB) (Free:12.08 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:11.24 GB) (Free:2.02 GB) NTFS
Drive i: () (Removable) (Total:7.45 GB) (Free:1.71 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F8838554)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=143.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-03-14 03:45

==================== End of FRST.txt ============================


Edited by hamluis, 19 March 2017 - 09:57 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:58 AM

Posted 19 March 2017 - 12:27 PM

Topic closed.
 
User gets help at MB Forum...
https://forums.malwarebytes.com/topic/197921-black-screen-with-mouse-cursor-and-windows-script-host-dialouge-box-after-removing-malware/

Edited by Jo*, 19 March 2017 - 12:29 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users