Hi,
my PC turns slow now and then (Slow = 30s-1min to open prgs, ...).
Panda Protection finds C:\Windows\TEMP\installPacket.exe the trojan Trj/CI.A
It is "deleted", but it keeps coming back every restart. I also checked with Malwarebytes Anti-Malware 2.2.1.1043 with Database Version v2017.09.09.05 and AdwCleaner 7.0.2.1 and JRT 8.1.4 and finally Malewarebytes Anti-Rootkit 1.9.3.1001. But nothing is found, except the above described trojan will be detected by Panda Protection on every restart.
I am using Windows 7 Ultimate SP1 64bit.
I do not have another Windows Installation disc/image or whatever.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18763
Run by Dr. Babak Bayani at 13:07:16 on 2017-09-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.41.1033.18.32701.28442 [GMT 2:00]
.
AV: Panda Protection *Enabled/Updated* {CF440CD9-5435-10B1-04E0-7768B6F10320}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Panda Protection *Enabled/Updated* {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AOMEI Backupper\ABService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Users\Dr. Babak Bayani\Desktop\mbar-1.09.3.1001.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Dr. Babak Bayani\Desktop\mbar\mbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - <orphaned>
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
uRunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRun: [ABNotify] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TWONKY~1.LNK - C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{400F314E-EA26-4D61-8E8F-8B059881EDD8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{555C7476-98D1-4FF5-B2D7-9FBC8A6DDF98} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{B7354D65-591E-4ABE-934B-5DDB0D1DBE04} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F0959A58-1F86-4959-A4CF-CC7800F9FF6E} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: WSAllMyTubechrome - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: WSAllMyTubechrome - <Clsid value has no data>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch/?gws_rd=ssl
FF - plugin: C:\Program Files (x86)\VLC Player\VLC\npvlc.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_26_0_0_131.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;C:\Windows\System32\ambakdrv.sys [2017-7-7 31192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-11-18 283064]
R1 NNSALPC;NNSAlpc;C:\Windows\System32\drivers\NNSAlpc.sys [2017-4-6 105472]
R1 NNSHTTP;NNSHttp;C:\Windows\System32\drivers\NNSHttp.sys [2017-4-6 211008]
R1 NNSHTTPS;NNSHttps;C:\Windows\System32\drivers\NNSHttps.sys [2017-4-6 119880]
R1 NNSIDS;NNSids;C:\Windows\System32\drivers\NNSIds.sys [2017-4-6 124488]
R1 NNSNAHSL;NNSNAHSL;C:\Windows\System32\drivers\NNSNAHSL.sys [2017-3-15 92536]
R1 NNSPICC;NNSPicc;C:\Windows\System32\drivers\NNSpicc.sys [2017-4-6 116784]
R1 NNSPIHSW;NNSPihsw;C:\Windows\System32\drivers\NNSPihsw.sys [2017-4-6 83824]
R1 NNSPOP3;NNSPop3;C:\Windows\System32\drivers\NNSPop3.sys [2017-4-6 134288]
R1 NNSPROT;NNSProt;C:\Windows\System32\drivers\NNSProt.sys [2017-4-6 336168]
R1 NNSPRV;NNSPrv;C:\Windows\System32\drivers\NNSPrv.sys [2017-4-6 225464]
R1 NNSSMTP;NNSSmtp;C:\Windows\System32\drivers\NNSSmtp.sys [2017-4-6 121952]
R1 NNSSTRM;NNSStrm;C:\Windows\System32\drivers\NNSStrm.sys [2017-4-6 279536]
R1 NNSTLSC;NNSTlsc;C:\Windows\System32\drivers\NNStlsc.sys [2017-4-6 123976]
R1 PSINKNC;PSINKnc;C:\Windows\System32\drivers\PSINKNC.sys [2017-7-19 206424]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2246256]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-21 244736]
R2 ammntdrv;ammntdrv;C:\Windows\System32\ammntdrv.sys [2017-7-7 152024]
R2 amwrtdrv;amwrtdrv;C:\Windows\System32\amwrtdrv.sys [2017-7-7 18392]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files (x86)\AOMEI Backupper\ABService.exe [2017-7-8 52856]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2015-2-26 5103640]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2017-7-19 109024]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-7-19 86104]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2017-7-19 178264]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2017-7-19 139352]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2017-7-19 132696]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2017-7-19 146008]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2017-7-19 116312]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2017-7-19 48784]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2013-4-10 11576]
R2 TwonkyProxy;TwonkyProxy;C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start [?]
R2 TwonkyServer;TwonkyServer;C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 [?]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2016-5-11 33872]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-4-1 104976]
R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-11-18 109272]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-11-18 192216]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2017-9-10 72280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-17 941784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 ampa;ampa;C:\Windows\System32\ampa.sys [2017-7-8 38320]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-11-16 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2017-7-8 24056]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2017-7-8 10848]
S3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2009-2-8 111104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-8-8 116224]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-7-5 243376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-18 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-18 1255736]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2015-8-31 29288]
S4 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [2015-8-31 339968]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2017-09-10 09:19:46 72280 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2017-09-10 08:44:32 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-09 10:55:02 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA8532D-ED2E-47FE-8BE9-7CC1DD47CAF6}\offreg.3976.dll
2017-09-08 16:52:09 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA8532D-ED2E-47FE-8BE9-7CC1DD47CAF6}\mpengine.dll
2017-08-28 19:37:17 96720 ----a-w- C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2017-08-28 19:37:17 893880 ----a-w- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
2017-08-28 19:37:16 63440 ----a-w- C:\Program Files\Mozilla Firefox\pingsender.exe
2017-08-28 19:37:15 127440 ----a-w- C:\Program Files\Mozilla Firefox\AccessibleHandler.dll
2017-08-26 17:32:23 -------- d-----w- C:\ProgramData\TwonkyServer
2017-08-26 16:51:51 973312 ----a-w- C:\Windows\SysWow64\DXPTaskRingtone.dll
2017-08-26 16:51:51 757248 ----a-w- C:\Windows\System32\win32spl.dll
2017-08-26 16:51:51 497664 ----a-w- C:\Windows\SysWow64\win32spl.dll
2017-08-26 16:51:51 1143296 ----a-w- C:\Windows\System32\DXPTaskRingtone.dll
2017-08-26 16:44:05 -------- d-----w- C:\Windows\SysWow64\GroupPolicy
2017-08-26 16:44:05 -------- d-----w- C:\Users\Dr. Babak Bayani\AppData\Roaming\Panda Security
2017-08-26 16:43:57 -------- d-----w- C:\Program Files (x86)\Panda Security
2017-08-26 16:43:10 -------- d-----w- C:\ProgramData\Panda Security
2017-08-26 16:42:22 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-08-21 19:29:01 87888 ----a-w- C:\Program Files\Mozilla Firefox\vcruntime140.dll
2017-08-21 19:29:01 65522640 ----a-w- C:\Program Files\Mozilla Firefox\xul.dll
2017-08-21 19:29:01 358864 ----a-w- C:\Program Files\Mozilla Firefox\updater.exe
2017-08-21 19:29:00 997056 ----a-w- C:\Program Files\Mozilla Firefox\ucrtbase.dll
2017-08-21 19:29:00 185808 ----a-w- C:\Program Files\Mozilla Firefox\softokn3.dll
2017-08-21 19:28:59 36304 ----a-w- C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe
2017-08-21 19:28:59 18896 ----a-w- C:\Program Files\Mozilla Firefox\qipcap64.dll
2017-08-21 19:28:59 101328 ----a-w- C:\Program Files\Mozilla Firefox\plugin-container.exe
2017-08-20 08:28:44 -------- d-----w- C:\ProgramData\Medtronic
2017-08-20 08:26:03 110144 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-64.dll
2017-08-20 08:23:48 110144 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2017-08-15 12:03:56 244480 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
.
==================== Find3M ====================
.
2017-09-10 10:55:07 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-09-10 10:54:26 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-07-29 14:56:30 117248 ----a-w- C:\Windows\System32\drivers\tdx.sys
2017-07-21 14:26:31 282624 ----a-w- C:\Windows\SysWow64\mstext40.dll
2017-07-21 14:26:30 518144 ----a-w- C:\Windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26:30 409600 ----a-w- C:\Windows\SysWow64\msexch40.dll
2017-07-21 14:26:30 290816 ----a-w- C:\Windows\SysWow64\msjtes40.dll
2017-07-19 03:35:54 146008 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2017-07-19 03:34:16 132696 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2017-07-19 03:32:41 116312 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2017-07-19 03:31:03 139352 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2017-07-19 03:28:29 178264 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2017-07-19 03:26:46 206424 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2017-07-16 07:58:56 47472 ----a-w- C:\ProgramData\agent.1500191935.bdinstall.bin
2017-07-15 16:48:07 1024 ---h--w- C:\AMTAG.BIN
2017-07-15 09:55:26 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-07-15 09:55:26 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-07-14 15:29:15 486400 ----a-w- C:\Windows\System32\wer.dll
2017-07-14 15:29:15 34304 ----a-w- C:\Windows\System32\werdiagcontroller.dll
2017-07-14 15:29:14 2319872 ----a-w- C:\Windows\System32\tquery.dll
2017-07-14 15:29:10 2058240 ----a-w- C:\Windows\System32\Query.dll
2017-07-14 15:29:04 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-07-14 15:29:04 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-07-14 15:29:04 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-07-14 15:29:04 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-07-14 15:29:04 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-07-14 15:29:04 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-07-14 15:29:04 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-07-14 15:29:04 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-07-14 15:12:22 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-07-14 15:12:14 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-07-14 15:11:51 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-07-14 15:10:33 382976 ----a-w- C:\Windows\SysWow64\wer.dll
2017-07-14 15:10:32 1549824 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-07-14 15:10:27 1363968 ----a-w- C:\Windows\SysWow64\Query.dll
2017-07-14 15:10:23 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-07-14 15:10:23 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-07-14 15:10:23 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-07-14 15:10:23 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-07-14 15:10:23 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-07-14 15:10:23 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-07-14 15:10:23 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-07-14 15:00:23 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00:11 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59:33 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59:18 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-07-14 14:57:38 50688 ----a-w- C:\Windows\System32\wermgr.exe
2017-07-14 14:50:25 54272 ----a-w- C:\Windows\SysWow64\wermgr.exe
2017-07-14 14:50:23 28672 ----a-w- C:\Windows\SysWow64\werdiagcontroller.dll
2017-07-14 07:16:17 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-07-14 07:15:32 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-07-14 06:47:07 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-07-14 06:45:24 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-07-14 06:45:12 417792 ----a-w- C:\Windows\System32\html.iec
2017-07-14 06:44:09 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-07-14 06:44:07 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-07-14 06:20:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-07-14 06:20:08 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-07-14 06:19:36 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-07-14 06:08:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-07-14 05:49:39 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-07-14 05:48:16 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-07-14 05:35:38 5981184 ----a-w- C:\Windows\System32\jscript9.dll
2017-07-14 05:09:44 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-07-14 05:09:18 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-07-14 04:23:17 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-07-14 03:01:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-07-14 02:48:47 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-07-14 02:48:43 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-07-14 02:48:10 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-07-14 02:48:01 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-07-14 02:47:13 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-07-14 02:38:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-07-14 02:38:25 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-07-14 02:26:20 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-07-14 02:25:47 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-07-14 02:17:41 4546048 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-07-14 02:11:47 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-07-14 02:11:34 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-07-14 01:53:27 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-07-08 15:34:46 370920 ----a-w- C:\Windows\System32\clfs.sys
2017-07-08 15:00:10 3224064 ----a-w- C:\Windows\System32\win32k.sys
2017-07-08 13:21:32 1024 ---ha-w- C:\SYSTAG.BIN
2017-07-07 15:37:50 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-07-07 15:33:37 706792 ----a-w- C:\Windows\System32\winload.efi
2017-07-07 15:33:36 363752 ----a-w- C:\Windows\System32\drivers\volmgrx.sys
2017-07-07 15:33:33 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-07-07 15:33:30 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-07-07 15:33:30 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-07-07 15:31:14 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-07-07 15:15:23 4001000 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-07-07 15:15:23 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-07-07 15:13:31 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-07-07 15:10:59 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2017-07-07 15:02:00 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-07-07 15:01:54 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-07-07 15:01:54 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-07-07 15:01:12 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-07-07 14:58:14 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-07-07 14:57:23 296960 ----a-w- C:\Windows\System32\rstrui.exe
.
============= FINISH: 13:08:07.33 ===============
my PC turns slow now and then (Slow = 30s-1min to open prgs, ...).
Panda Protection finds C:\Windows\TEMP\installPacket.exe the trojan Trj/CI.A
It is "deleted", but it keeps coming back every restart. I also checked with Malwarebytes Anti-Malware 2.2.1.1043 with Database Version v2017.09.09.05 and AdwCleaner 7.0.2.1 and JRT 8.1.4 and finally Malewarebytes Anti-Rootkit 1.9.3.1001. But nothing is found, except the above described trojan will be detected by Panda Protection on every restart.
I am using Windows 7 Ultimate SP1 64bit.
I do not have another Windows Installation disc/image or whatever.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18763
Run by Dr. Babak Bayani at 13:07:16 on 2017-09-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.41.1033.18.32701.28442 [GMT 2:00]
.
AV: Panda Protection *Enabled/Updated* {CF440CD9-5435-10B1-04E0-7768B6F10320}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Panda Protection *Enabled/Updated* {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AOMEI Backupper\ABService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Users\Dr. Babak Bayani\Desktop\mbar-1.09.3.1001.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Dr. Babak Bayani\Desktop\mbar\mbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - <orphaned>
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
uRunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRun: [ABNotify] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TWONKY~1.LNK - C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{400F314E-EA26-4D61-8E8F-8B059881EDD8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{555C7476-98D1-4FF5-B2D7-9FBC8A6DDF98} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{B7354D65-591E-4ABE-934B-5DDB0D1DBE04} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F0959A58-1F86-4959-A4CF-CC7800F9FF6E} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: WSAllMyTubechrome - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: WSAllMyTubechrome - <Clsid value has no data>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch/?gws_rd=ssl
FF - plugin: C:\Program Files (x86)\VLC Player\VLC\npvlc.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_26_0_0_131.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;C:\Windows\System32\ambakdrv.sys [2017-7-7 31192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-11-18 283064]
R1 NNSALPC;NNSAlpc;C:\Windows\System32\drivers\NNSAlpc.sys [2017-4-6 105472]
R1 NNSHTTP;NNSHttp;C:\Windows\System32\drivers\NNSHttp.sys [2017-4-6 211008]
R1 NNSHTTPS;NNSHttps;C:\Windows\System32\drivers\NNSHttps.sys [2017-4-6 119880]
R1 NNSIDS;NNSids;C:\Windows\System32\drivers\NNSIds.sys [2017-4-6 124488]
R1 NNSNAHSL;NNSNAHSL;C:\Windows\System32\drivers\NNSNAHSL.sys [2017-3-15 92536]
R1 NNSPICC;NNSPicc;C:\Windows\System32\drivers\NNSpicc.sys [2017-4-6 116784]
R1 NNSPIHSW;NNSPihsw;C:\Windows\System32\drivers\NNSPihsw.sys [2017-4-6 83824]
R1 NNSPOP3;NNSPop3;C:\Windows\System32\drivers\NNSPop3.sys [2017-4-6 134288]
R1 NNSPROT;NNSProt;C:\Windows\System32\drivers\NNSProt.sys [2017-4-6 336168]
R1 NNSPRV;NNSPrv;C:\Windows\System32\drivers\NNSPrv.sys [2017-4-6 225464]
R1 NNSSMTP;NNSSmtp;C:\Windows\System32\drivers\NNSSmtp.sys [2017-4-6 121952]
R1 NNSSTRM;NNSStrm;C:\Windows\System32\drivers\NNSStrm.sys [2017-4-6 279536]
R1 NNSTLSC;NNSTlsc;C:\Windows\System32\drivers\NNStlsc.sys [2017-4-6 123976]
R1 PSINKNC;PSINKnc;C:\Windows\System32\drivers\PSINKNC.sys [2017-7-19 206424]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2246256]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-21 244736]
R2 ammntdrv;ammntdrv;C:\Windows\System32\ammntdrv.sys [2017-7-7 152024]
R2 amwrtdrv;amwrtdrv;C:\Windows\System32\amwrtdrv.sys [2017-7-7 18392]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files (x86)\AOMEI Backupper\ABService.exe [2017-7-8 52856]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2015-2-26 5103640]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2017-7-19 109024]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-7-19 86104]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2017-7-19 178264]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2017-7-19 139352]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2017-7-19 132696]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2017-7-19 146008]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2017-7-19 116312]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2017-7-19 48784]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2013-4-10 11576]
R2 TwonkyProxy;TwonkyProxy;C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start [?]
R2 TwonkyServer;TwonkyServer;C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 [?]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2016-5-11 33872]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-4-1 104976]
R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-11-18 109272]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-11-18 192216]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2017-9-10 72280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-17 941784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 ampa;ampa;C:\Windows\System32\ampa.sys [2017-7-8 38320]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-11-16 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2017-7-8 24056]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2017-7-8 10848]
S3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2009-2-8 111104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-8-8 116224]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-7-5 243376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-18 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-18 1255736]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2015-8-31 29288]
S4 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [2015-8-31 339968]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2017-09-10 09:19:46 72280 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2017-09-10 08:44:32 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-09 10:55:02 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA8532D-ED2E-47FE-8BE9-7CC1DD47CAF6}\offreg.3976.dll
2017-09-08 16:52:09 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA8532D-ED2E-47FE-8BE9-7CC1DD47CAF6}\mpengine.dll
2017-08-28 19:37:17 96720 ----a-w- C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2017-08-28 19:37:17 893880 ----a-w- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
2017-08-28 19:37:16 63440 ----a-w- C:\Program Files\Mozilla Firefox\pingsender.exe
2017-08-28 19:37:15 127440 ----a-w- C:\Program Files\Mozilla Firefox\AccessibleHandler.dll
2017-08-26 17:32:23 -------- d-----w- C:\ProgramData\TwonkyServer
2017-08-26 16:51:51 973312 ----a-w- C:\Windows\SysWow64\DXPTaskRingtone.dll
2017-08-26 16:51:51 757248 ----a-w- C:\Windows\System32\win32spl.dll
2017-08-26 16:51:51 497664 ----a-w- C:\Windows\SysWow64\win32spl.dll
2017-08-26 16:51:51 1143296 ----a-w- C:\Windows\System32\DXPTaskRingtone.dll
2017-08-26 16:44:05 -------- d-----w- C:\Windows\SysWow64\GroupPolicy
2017-08-26 16:44:05 -------- d-----w- C:\Users\Dr. Babak Bayani\AppData\Roaming\Panda Security
2017-08-26 16:43:57 -------- d-----w- C:\Program Files (x86)\Panda Security
2017-08-26 16:43:10 -------- d-----w- C:\ProgramData\Panda Security
2017-08-26 16:42:22 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-08-21 19:29:01 87888 ----a-w- C:\Program Files\Mozilla Firefox\vcruntime140.dll
2017-08-21 19:29:01 65522640 ----a-w- C:\Program Files\Mozilla Firefox\xul.dll
2017-08-21 19:29:01 358864 ----a-w- C:\Program Files\Mozilla Firefox\updater.exe
2017-08-21 19:29:00 997056 ----a-w- C:\Program Files\Mozilla Firefox\ucrtbase.dll
2017-08-21 19:29:00 185808 ----a-w- C:\Program Files\Mozilla Firefox\softokn3.dll
2017-08-21 19:28:59 36304 ----a-w- C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe
2017-08-21 19:28:59 18896 ----a-w- C:\Program Files\Mozilla Firefox\qipcap64.dll
2017-08-21 19:28:59 101328 ----a-w- C:\Program Files\Mozilla Firefox\plugin-container.exe
2017-08-20 08:28:44 -------- d-----w- C:\ProgramData\Medtronic
2017-08-20 08:26:03 110144 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-64.dll
2017-08-20 08:23:48 110144 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2017-08-15 12:03:56 244480 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
.
==================== Find3M ====================
.
2017-09-10 10:55:07 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-09-10 10:54:26 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-07-29 14:56:30 117248 ----a-w- C:\Windows\System32\drivers\tdx.sys
2017-07-21 14:26:31 282624 ----a-w- C:\Windows\SysWow64\mstext40.dll
2017-07-21 14:26:30 518144 ----a-w- C:\Windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26:30 409600 ----a-w- C:\Windows\SysWow64\msexch40.dll
2017-07-21 14:26:30 290816 ----a-w- C:\Windows\SysWow64\msjtes40.dll
2017-07-19 03:35:54 146008 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2017-07-19 03:34:16 132696 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2017-07-19 03:32:41 116312 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2017-07-19 03:31:03 139352 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2017-07-19 03:28:29 178264 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2017-07-19 03:26:46 206424 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2017-07-16 07:58:56 47472 ----a-w- C:\ProgramData\agent.1500191935.bdinstall.bin
2017-07-15 16:48:07 1024 ---h--w- C:\AMTAG.BIN
2017-07-15 09:55:26 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-07-15 09:55:26 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-07-14 15:29:15 486400 ----a-w- C:\Windows\System32\wer.dll
2017-07-14 15:29:15 34304 ----a-w- C:\Windows\System32\werdiagcontroller.dll
2017-07-14 15:29:14 2319872 ----a-w- C:\Windows\System32\tquery.dll
2017-07-14 15:29:10 2058240 ----a-w- C:\Windows\System32\Query.dll
2017-07-14 15:29:04 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-07-14 15:29:04 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-07-14 15:29:04 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-07-14 15:29:04 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-07-14 15:29:04 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-07-14 15:29:04 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-07-14 15:29:04 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-07-14 15:29:04 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-07-14 15:12:22 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-07-14 15:12:14 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-07-14 15:11:51 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-07-14 15:10:33 382976 ----a-w- C:\Windows\SysWow64\wer.dll
2017-07-14 15:10:32 1549824 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-07-14 15:10:27 1363968 ----a-w- C:\Windows\SysWow64\Query.dll
2017-07-14 15:10:23 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-07-14 15:10:23 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-07-14 15:10:23 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-07-14 15:10:23 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-07-14 15:10:23 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-07-14 15:10:23 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-07-14 15:10:23 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-07-14 15:00:23 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00:11 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59:33 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59:18 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-07-14 14:57:38 50688 ----a-w- C:\Windows\System32\wermgr.exe
2017-07-14 14:50:25 54272 ----a-w- C:\Windows\SysWow64\wermgr.exe
2017-07-14 14:50:23 28672 ----a-w- C:\Windows\SysWow64\werdiagcontroller.dll
2017-07-14 07:16:17 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-07-14 07:15:32 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-07-14 06:47:07 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-07-14 06:45:24 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-07-14 06:45:12 417792 ----a-w- C:\Windows\System32\html.iec
2017-07-14 06:44:09 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-07-14 06:44:07 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-07-14 06:20:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-07-14 06:20:08 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-07-14 06:19:36 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-07-14 06:08:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-07-14 05:49:39 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-07-14 05:48:16 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-07-14 05:35:38 5981184 ----a-w- C:\Windows\System32\jscript9.dll
2017-07-14 05:09:44 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-07-14 05:09:18 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-07-14 04:23:17 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-07-14 03:01:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-07-14 02:48:47 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-07-14 02:48:43 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-07-14 02:48:10 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-07-14 02:48:01 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-07-14 02:47:13 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-07-14 02:38:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-07-14 02:38:25 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-07-14 02:26:20 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-07-14 02:25:47 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-07-14 02:17:41 4546048 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-07-14 02:11:47 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-07-14 02:11:34 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-07-14 01:53:27 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-07-08 15:34:46 370920 ----a-w- C:\Windows\System32\clfs.sys
2017-07-08 15:00:10 3224064 ----a-w- C:\Windows\System32\win32k.sys
2017-07-08 13:21:32 1024 ---ha-w- C:\SYSTAG.BIN
2017-07-07 15:37:50 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-07-07 15:33:37 706792 ----a-w- C:\Windows\System32\winload.efi
2017-07-07 15:33:36 363752 ----a-w- C:\Windows\System32\drivers\volmgrx.sys
2017-07-07 15:33:33 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-07-07 15:33:30 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-07-07 15:33:30 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-07-07 15:31:14 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-07-07 15:15:23 4001000 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-07-07 15:15:23 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-07-07 15:13:31 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-07-07 15:10:59 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2017-07-07 15:02:00 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-07-07 15:01:54 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-07-07 15:01:54 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-07-07 15:01:12 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-07-07 14:58:14 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-07-07 14:57:23 296960 ----a-w- C:\Windows\System32\rstrui.exe
.
============= FINISH: 13:08:07.33 ===============