User Tag List

trj/CI.A

This is a discussion on trj/CI.A within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, my PC turns slow now and then (Slow = 30s-1min to open prgs, ...). Panda Protection finds C:\Windows\TEMP\installPacket.exe the


Closed Thread
 
Thread Tools Search this Thread
Old 09-10-2017, 04:22 AM   #1
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



Hi,
my PC turns slow now and then (Slow = 30s-1min to open prgs, ...).
Panda Protection finds C:\Windows\TEMP\installPacket.exe the trojan Trj/CI.A
It is "deleted", but it keeps coming back every restart. I also checked with Malwarebytes Anti-Malware 2.2.1.1043 with Database Version v2017.09.09.05 and AdwCleaner 7.0.2.1 and JRT 8.1.4 and finally Malewarebytes Anti-Rootkit 1.9.3.1001. But nothing is found, except the above described trojan will be detected by Panda Protection on every restart.
I am using Windows 7 Ultimate SP1 64bit.
I do not have another Windows Installation disc/image or whatever.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18763
Run by Dr. Babak Bayani at 13:07:16 on 2017-09-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.41.1033.18.32701.28442 [GMT 2:00]
.
AV: Panda Protection *Enabled/Updated* {CF440CD9-5435-10B1-04E0-7768B6F10320}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Panda Protection *Enabled/Updated* {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AOMEI Backupper\ABService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Users\Dr. Babak Bayani\Desktop\mbar-1.09.3.1001.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Dr. Babak Bayani\Desktop\mbar\mbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - <orphaned>
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
uRunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRun: [ABNotify] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TWONKY~1.LNK - C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{400F314E-EA26-4D61-8E8F-8B059881EDD8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{555C7476-98D1-4FF5-B2D7-9FBC8A6DDF98} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{B7354D65-591E-4ABE-934B-5DDB0D1DBE04} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F0959A58-1F86-4959-A4CF-CC7800F9FF6E} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: WSAllMyTubechrome - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: WSAllMyTubechrome - <Clsid value has no data>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch/?gws_rd=ssl
FF - plugin: C:\Program Files (x86)\VLC Player\VLC\npvlc.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_26_0_0_131.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;C:\Windows\System32\ambakdrv.sys [2017-7-7 31192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-11-18 283064]
R1 NNSALPC;NNSAlpc;C:\Windows\System32\drivers\NNSAlpc.sys [2017-4-6 105472]
R1 NNSHTTP;NNSHttp;C:\Windows\System32\drivers\NNSHttp.sys [2017-4-6 211008]
R1 NNSHTTPS;NNSHttps;C:\Windows\System32\drivers\NNSHttps.sys [2017-4-6 119880]
R1 NNSIDS;NNSids;C:\Windows\System32\drivers\NNSIds.sys [2017-4-6 124488]
R1 NNSNAHSL;NNSNAHSL;C:\Windows\System32\drivers\NNSNAHSL.sys [2017-3-15 92536]
R1 NNSPICC;NNSPicc;C:\Windows\System32\drivers\NNSpicc.sys [2017-4-6 116784]
R1 NNSPIHSW;NNSPihsw;C:\Windows\System32\drivers\NNSPihsw.sys [2017-4-6 83824]
R1 NNSPOP3;NNSPop3;C:\Windows\System32\drivers\NNSPop3.sys [2017-4-6 134288]
R1 NNSPROT;NNSProt;C:\Windows\System32\drivers\NNSProt.sys [2017-4-6 336168]
R1 NNSPRV;NNSPrv;C:\Windows\System32\drivers\NNSPrv.sys [2017-4-6 225464]
R1 NNSSMTP;NNSSmtp;C:\Windows\System32\drivers\NNSSmtp.sys [2017-4-6 121952]
R1 NNSSTRM;NNSStrm;C:\Windows\System32\drivers\NNSStrm.sys [2017-4-6 279536]
R1 NNSTLSC;NNSTlsc;C:\Windows\System32\drivers\NNStlsc.sys [2017-4-6 123976]
R1 PSINKNC;PSINKnc;C:\Windows\System32\drivers\PSINKNC.sys [2017-7-19 206424]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2246256]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-21 244736]
R2 ammntdrv;ammntdrv;C:\Windows\System32\ammntdrv.sys [2017-7-7 152024]
R2 amwrtdrv;amwrtdrv;C:\Windows\System32\amwrtdrv.sys [2017-7-7 18392]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files (x86)\AOMEI Backupper\ABService.exe [2017-7-8 52856]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2015-2-26 5103640]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2017-7-19 109024]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-7-19 86104]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2017-7-19 178264]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2017-7-19 139352]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2017-7-19 132696]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2017-7-19 146008]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2017-7-19 116312]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2017-7-19 48784]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2013-4-10 11576]
R2 TwonkyProxy;TwonkyProxy;C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start [?]
R2 TwonkyServer;TwonkyServer;C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 [?]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2016-5-11 33872]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-4-1 104976]
R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-11-18 109272]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-11-18 192216]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2017-9-10 72280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-17 941784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 ampa;ampa;C:\Windows\System32\ampa.sys [2017-7-8 38320]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-11-16 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2017-7-8 24056]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2017-7-8 10848]
S3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2009-2-8 111104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-8-8 116224]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-7-5 243376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-18 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-18 1255736]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2015-8-31 29288]
S4 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [2015-8-31 339968]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2017-09-10 09:19:46 72280 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2017-09-10 08:44:32 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-09 10:55:02 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA8532D-ED2E-47FE-8BE9-7CC1DD47CAF6}\offreg.3976.dll
2017-09-08 16:52:09 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA8532D-ED2E-47FE-8BE9-7CC1DD47CAF6}\mpengine.dll
2017-08-28 19:37:17 96720 ----a-w- C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2017-08-28 19:37:17 893880 ----a-w- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
2017-08-28 19:37:16 63440 ----a-w- C:\Program Files\Mozilla Firefox\pingsender.exe
2017-08-28 19:37:15 127440 ----a-w- C:\Program Files\Mozilla Firefox\AccessibleHandler.dll
2017-08-26 17:32:23 -------- d-----w- C:\ProgramData\TwonkyServer
2017-08-26 16:51:51 973312 ----a-w- C:\Windows\SysWow64\DXPTaskRingtone.dll
2017-08-26 16:51:51 757248 ----a-w- C:\Windows\System32\win32spl.dll
2017-08-26 16:51:51 497664 ----a-w- C:\Windows\SysWow64\win32spl.dll
2017-08-26 16:51:51 1143296 ----a-w- C:\Windows\System32\DXPTaskRingtone.dll
2017-08-26 16:44:05 -------- d-----w- C:\Windows\SysWow64\GroupPolicy
2017-08-26 16:44:05 -------- d-----w- C:\Users\Dr. Babak Bayani\AppData\Roaming\Panda Security
2017-08-26 16:43:57 -------- d-----w- C:\Program Files (x86)\Panda Security
2017-08-26 16:43:10 -------- d-----w- C:\ProgramData\Panda Security
2017-08-26 16:42:22 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-08-21 19:29:01 87888 ----a-w- C:\Program Files\Mozilla Firefox\vcruntime140.dll
2017-08-21 19:29:01 65522640 ----a-w- C:\Program Files\Mozilla Firefox\xul.dll
2017-08-21 19:29:01 358864 ----a-w- C:\Program Files\Mozilla Firefox\updater.exe
2017-08-21 19:29:00 997056 ----a-w- C:\Program Files\Mozilla Firefox\ucrtbase.dll
2017-08-21 19:29:00 185808 ----a-w- C:\Program Files\Mozilla Firefox\softokn3.dll
2017-08-21 19:28:59 36304 ----a-w- C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe
2017-08-21 19:28:59 18896 ----a-w- C:\Program Files\Mozilla Firefox\qipcap64.dll
2017-08-21 19:28:59 101328 ----a-w- C:\Program Files\Mozilla Firefox\plugin-container.exe
2017-08-20 08:28:44 -------- d-----w- C:\ProgramData\Medtronic
2017-08-20 08:26:03 110144 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-64.dll
2017-08-20 08:23:48 110144 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2017-08-15 12:03:56 244480 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
.
==================== Find3M ====================
.
2017-09-10 10:55:07 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-09-10 10:54:26 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-07-29 14:56:30 117248 ----a-w- C:\Windows\System32\drivers\tdx.sys
2017-07-21 14:26:31 282624 ----a-w- C:\Windows\SysWow64\mstext40.dll
2017-07-21 14:26:30 518144 ----a-w- C:\Windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26:30 409600 ----a-w- C:\Windows\SysWow64\msexch40.dll
2017-07-21 14:26:30 290816 ----a-w- C:\Windows\SysWow64\msjtes40.dll
2017-07-19 03:35:54 146008 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2017-07-19 03:34:16 132696 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2017-07-19 03:32:41 116312 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2017-07-19 03:31:03 139352 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2017-07-19 03:28:29 178264 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2017-07-19 03:26:46 206424 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2017-07-16 07:58:56 47472 ----a-w- C:\ProgramData\agent.1500191935.bdinstall.bin
2017-07-15 16:48:07 1024 ---h--w- C:\AMTAG.BIN
2017-07-15 09:55:26 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-07-15 09:55:26 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-07-14 15:29:15 486400 ----a-w- C:\Windows\System32\wer.dll
2017-07-14 15:29:15 34304 ----a-w- C:\Windows\System32\werdiagcontroller.dll
2017-07-14 15:29:14 2319872 ----a-w- C:\Windows\System32\tquery.dll
2017-07-14 15:29:10 2058240 ----a-w- C:\Windows\System32\Query.dll
2017-07-14 15:29:04 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-07-14 15:29:04 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-07-14 15:29:04 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-07-14 15:29:04 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-07-14 15:29:04 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-07-14 15:29:04 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-07-14 15:29:04 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-07-14 15:29:04 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-07-14 15:12:22 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-07-14 15:12:14 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-07-14 15:11:51 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-07-14 15:10:33 382976 ----a-w- C:\Windows\SysWow64\wer.dll
2017-07-14 15:10:32 1549824 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-07-14 15:10:27 1363968 ----a-w- C:\Windows\SysWow64\Query.dll
2017-07-14 15:10:23 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-07-14 15:10:23 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-07-14 15:10:23 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-07-14 15:10:23 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-07-14 15:10:23 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-07-14 15:10:23 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-07-14 15:10:23 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-07-14 15:00:23 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00:11 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59:33 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59:18 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-07-14 14:57:38 50688 ----a-w- C:\Windows\System32\wermgr.exe
2017-07-14 14:50:25 54272 ----a-w- C:\Windows\SysWow64\wermgr.exe
2017-07-14 14:50:23 28672 ----a-w- C:\Windows\SysWow64\werdiagcontroller.dll
2017-07-14 07:16:17 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-07-14 07:15:32 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-07-14 06:47:07 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-07-14 06:45:24 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-07-14 06:45:12 417792 ----a-w- C:\Windows\System32\html.iec
2017-07-14 06:44:09 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-07-14 06:44:07 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-07-14 06:20:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-07-14 06:20:08 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-07-14 06:19:36 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-07-14 06:08:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-07-14 05:49:39 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-07-14 05:48:16 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-07-14 05:35:38 5981184 ----a-w- C:\Windows\System32\jscript9.dll
2017-07-14 05:09:44 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-07-14 05:09:18 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-07-14 04:23:17 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-07-14 03:01:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-07-14 02:48:47 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-07-14 02:48:43 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-07-14 02:48:10 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-07-14 02:48:01 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-07-14 02:47:13 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-07-14 02:38:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-07-14 02:38:25 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-07-14 02:26:20 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-07-14 02:25:47 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-07-14 02:17:41 4546048 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-07-14 02:11:47 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-07-14 02:11:34 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-07-14 01:53:27 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-07-08 15:34:46 370920 ----a-w- C:\Windows\System32\clfs.sys
2017-07-08 15:00:10 3224064 ----a-w- C:\Windows\System32\win32k.sys
2017-07-08 13:21:32 1024 ---ha-w- C:\SYSTAG.BIN
2017-07-07 15:37:50 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-07-07 15:33:37 706792 ----a-w- C:\Windows\System32\winload.efi
2017-07-07 15:33:36 363752 ----a-w- C:\Windows\System32\drivers\volmgrx.sys
2017-07-07 15:33:33 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-07-07 15:33:30 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-07-07 15:33:30 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-07-07 15:31:14 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-07-07 15:15:23 4001000 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-07-07 15:15:23 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-07-07 15:13:31 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-07-07 15:10:59 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2017-07-07 15:02:00 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-07-07 15:01:54 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-07-07 15:01:54 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-07-07 15:01:12 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-07-07 14:58:14 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-07-07 14:57:23 296960 ----a-w- C:\Windows\System32\rstrui.exe
.
============= FINISH: 13:08:07.33 ===============
Attached Files
File Type: txt attach.txt (12.7 KB, 19 views)
jan henkel is offline  
Sponsored Links
Advertisement
 
Old 09-18-2017, 10:40 AM   #2
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



Thank you, I received so many help and comments. This Forum seems to be very active...

Is there anyone?
jan henkel is offline  
Old 09-23-2017, 10:04 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Slowness is not always caused by malware. I'm not seeing anything malicious in your logs.

If only Panda is flagging that file, it could just be a false positive.

Please go to: VirusTotal
  • Click the Upload and scan file button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Windows\TEMP\installPacket.exe

  • Click Open
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 09-24-2017, 02:05 AM   #4
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



HI,
first thanks for the answer. The expression slow may have been wrong. After Virus scans and a restart, the PC has to be restarted again, because e.g. the taskmanager does not open, firefox and others as well, ...
After my last updates of Malwarebytes 2 detections have been made (ccleaner 5.33.xxx). I attached the url and it does not look good.
The installpacket.exe is always there when I restart my PC and usually gets deleted by Panda, except if I stop it.
https://www.virustotal.com/#/file/21...08a0/detection
jan henkel is offline  
Old 09-24-2017, 01:38 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello jan henkel. Uninstall CCleaner for now. They are apparently having issues with their softwares as of late.

Please do not run any scanners unless instructed. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-24-2017, 02:02 PM   #6
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 24 20:57:00 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-23-2017.2
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [1300 B] - [2016/4/21 13:49:24]
C:/AdwCleaner/AdwCleaner[S1].txt - [1213 B] - [2016/4/21 13:48:33]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
Ran by Dr. Babak Bayani (administrator) on KOMIZUKI (24-09-2017 22:57:55)
Running from C:\Users\Dr. Babak Bayani\Desktop
Loaded Profiles: Dr. Babak Bayani (Available Profiles: Dr. Babak Bayani & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [144520 2017-07-19] (Panda Security, S.L.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [77432 2016-07-11] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-216576549-3052404505-3243353928-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9167864 2016-10-31] (Binary Fortress Software)
HKU\S-1-5-21-216576549-3052404505-3243353928-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-216576549-3052404505-3243353928-1000\...\RunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-216576549-3052404505-3243353928-1000\...\RunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2017-08-26]
ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{400F314E-EA26-4D61-8E8F-8B059881EDD8}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{555C7476-98D1-4FF5-B2D7-9FBC8A6DDF98}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{B7354D65-591E-4ABE-934B-5DDB0D1DBE04}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F0959A58-1F86-4959-A4CF-CC7800F9FF6E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131466996877614097&GUID=1CFA1B98-D6E3-4A70-A3F6-92E562400FFA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {97FA051B-152A-449B-9B6B-A65A3717EBAF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-03-30] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-20] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-03-30] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-03-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-03-30] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: WSAllMyTubechrome - No CLSID Value

FireFox:
========
FF DefaultProfile: mjhvzsl1.default-1447857174978
FF ProfilePath: C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978 [2017-09-24]
FF Homepage: Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978 -> hxxps://www.google.ch/?gws_rd=ssl
FF Extension: (AdBlock) - C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978\Extensions\[email protected] [2017-09-11]
FF Extension: (Video DownloadHelper) - C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-07-16]
FF Extension: (Adblock Plus) - C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\mjhvzsl1.default-1447857174978\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-16]
FF ProfilePath: C:\Users\Dr. Babak Bayani\AppData\Roaming\Mozilla\Firefox\Profiles\erlv5nik.default-1461239371857 [2017-07-17]
FF Homepage: Mozilla\Firefox\Profiles\erlv5nik.default-1461239371857 -> hxxp://google.ch/
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-11-18] [not signed]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @Java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-20] (Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @Videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VLC Player\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @Videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VLC Player\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @Videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VLC Player\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 -> C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (FileLab)
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Dr. Babak Bayani\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-07-05]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp:\/\/www.google.ch\/
CHR Profile: C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default [2017-09-24]
CHR Extension: (Google Slides) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Docs) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Adblock Plus) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-16]
CHR Extension: (Google Search) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (uBlock Adblock Plus) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-07-16]
CHR Extension: (Google Sheets) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Skype) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-15]
CHR Extension: (Video DownloadHelper) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\Dr. Babak Bayani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15]
CHR HKU\S-1-5-21-216576549-3052404505-3243353928-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [52856 2016-07-11] (AOMEI Tech Co., Ltd.)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-11-16] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5103640 2016-10-31] (Binary Fortress Software)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-07-19] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2017-07-19] (Panda Security, S.L.)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [973688 2014-04-01] () [File not signed]
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [605048 2014-04-01] (PacketVideo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [339968 2015-07-08] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [31192 2016-07-04] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [152024 2016-07-04] ()
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [18392 2016-07-04] ()
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-23] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105472 2017-04-06] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [211008 2017-04-06] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-04-06] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124488 2017-04-06] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [92536 2017-03-15] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [116784 2017-04-06] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [83824 2017-04-06] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [134288 2017-04-06] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [336168 2017-04-06] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [225464 2017-04-06] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121952 2017-04-06] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [279536 2017-04-06] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123976 2017-04-06] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [178264 2017-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [139352 2017-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206424 2017-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [132696 2017-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [146008 2017-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [116312 2017-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72280 2017-05-22] (Panda Security, S.L.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552384 2009-04-22] ()
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-07-30] (Wondershare)
U1 aswbdisk; no ImagePath
S3 cpuz134; \??\C:\Users\DR5C3B~1.BAB\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 22:57 - 2017-09-24 22:58 - 000022223 _____ C:\Users\Dr. Babak Bayani\Desktop\FRST.txt
2017-09-24 22:57 - 2017-09-24 22:57 - 000000000 ____D C:\FRST
2017-09-24 22:51 - 2017-09-24 22:51 - 002399744 _____ (Farbar) C:\Users\Dr. Babak Bayani\Desktop\FRST64.exe
2017-09-24 15:54 - 2017-09-24 15:57 - 000000000 ____D C:\Program Files\WinHex
2017-09-24 15:54 - 2017-09-24 15:54 - 003383828 _____ C:\Users\Dr. Babak Bayani\Desktop\winhex.zip
2017-09-24 15:54 - 2017-09-24 15:54 - 000000000 ____D C:\Users\Dr. Babak Bayani\Desktop\winhex
2017-09-24 11:00 - 2017-05-22 12:29 - 000072280 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-09-23 19:10 - 2017-09-23 19:12 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2017-09-23 19:10 - 2017-09-23 19:10 - 000001733 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-09-23 19:10 - 2017-09-23 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-09-23 19:06 - 2017-09-23 19:13 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Local\Disc_Soft_Ltd
2017-09-23 19:02 - 2017-09-23 19:02 - 000047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-09-23 19:02 - 2017-09-23 19:02 - 000030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-09-23 18:54 - 2017-09-23 18:55 - 000000000 ____D C:\Users\Dr. Babak Bayani\Desktop\USB Backub
2017-09-23 18:51 - 2017-09-23 18:51 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-23 18:28 - 2017-09-23 18:28 - 000000983 _____ C:\Users\Public\Desktop\zebNet Office Keyfinder.lnk
2017-09-23 18:28 - 2017-09-23 18:28 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Roaming\zebNet
2017-09-23 18:28 - 2017-09-23 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zebNet Office Keyfinder
2017-09-23 18:27 - 2017-09-23 18:29 - 000000000 ____D C:\Program Files\zebNet
2017-09-23 18:27 - 2017-09-23 18:27 - 000000995 _____ C:\Users\Public\Desktop\zebNet Windows Keyfinder.lnk
2017-09-23 18:27 - 2017-09-23 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zebNet Windows Keyfinder
2017-09-20 18:58 - 2017-09-20 19:01 - 000000000 ____D C:\Users\Dr. Babak Bayani\dwhelper
2017-09-15 21:30 - 2017-08-19 17:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-15 21:30 - 2017-08-19 17:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-15 21:30 - 2017-08-16 17:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-15 21:30 - 2017-08-16 17:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-15 21:30 - 2017-08-16 16:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-15 21:30 - 2017-08-16 03:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-15 21:30 - 2017-08-16 02:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-15 21:30 - 2017-08-15 17:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-15 21:30 - 2017-08-15 17:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-15 21:30 - 2017-08-15 17:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-15 21:30 - 2017-08-15 17:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-15 21:30 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-15 21:30 - 2017-08-15 16:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-15 21:30 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-15 21:30 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-15 21:30 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-15 21:30 - 2017-08-14 19:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-15 21:30 - 2017-08-14 19:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-15 21:30 - 2017-08-14 19:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-15 21:30 - 2017-08-14 19:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-15 21:30 - 2017-08-14 19:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-15 21:30 - 2017-08-14 19:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-15 21:30 - 2017-08-14 19:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-15 21:30 - 2017-08-14 19:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-15 21:30 - 2017-08-13 23:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-15 21:30 - 2017-08-13 23:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-15 21:30 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-15 21:30 - 2017-08-13 19:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-15 21:30 - 2017-08-13 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-15 21:30 - 2017-08-13 19:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-15 21:30 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-15 21:30 - 2017-08-13 19:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-15 21:30 - 2017-08-13 19:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-15 21:30 - 2017-08-13 19:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-15 21:30 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-15 21:30 - 2017-08-13 18:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-15 21:30 - 2017-08-13 18:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-15 21:30 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-15 21:30 - 2017-08-13 18:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-15 21:30 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-15 21:30 - 2017-08-13 18:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-15 21:30 - 2017-08-13 18:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-15 21:30 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-15 21:30 - 2017-08-13 18:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-15 21:30 - 2017-08-13 18:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-15 21:30 - 2017-08-13 18:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-15 21:30 - 2017-08-13 18:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-15 21:30 - 2017-08-13 18:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-15 21:30 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-15 21:30 - 2017-08-13 18:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-15 21:30 - 2017-08-13 18:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-15 21:30 - 2017-08-13 18:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-15 21:30 - 2017-08-13 18:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-15 21:30 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-15 21:30 - 2017-08-13 18:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-15 21:30 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-15 21:30 - 2017-08-13 18:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-15 21:30 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-15 21:30 - 2017-08-13 18:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-15 21:30 - 2017-08-13 18:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-15 21:30 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-15 21:30 - 2017-08-13 18:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-15 21:30 - 2017-08-13 18:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-15 21:30 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-15 21:30 - 2017-08-13 18:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-15 21:30 - 2017-08-13 18:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-15 21:30 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-15 21:30 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-15 21:30 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-15 21:30 - 2017-08-13 18:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-15 21:30 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-15 21:30 - 2017-08-13 18:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-15 21:30 - 2017-08-13 18:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-15 21:30 - 2017-08-13 18:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-15 21:30 - 2017-08-13 17:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-15 21:30 - 2017-08-13 17:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-15 21:30 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-15 21:30 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-15 21:30 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-15 21:30 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-15 21:30 - 2017-08-13 17:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-15 21:30 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-15 21:30 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-15 21:30 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-15 21:30 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-15 21:30 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-15 21:30 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-15 21:30 - 2017-08-11 08:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-15 21:30 - 2017-08-11 08:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-15 21:30 - 2017-08-11 08:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-15 21:30 - 2017-08-11 08:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-15 21:30 - 2017-08-11 08:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-15 21:30 - 2017-08-11 08:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-15 21:30 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-15 21:30 - 2017-08-11 08:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-15 21:30 - 2017-08-11 08:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-15 21:30 - 2017-08-11 08:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-09-15 21:30 - 2017-08-11 08:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-15 21:30 - 2017-08-11 08:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-15 21:30 - 2017-08-11 08:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 08:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-15 21:30 - 2017-08-11 08:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-15 21:30 - 2017-08-11 08:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-15 21:30 - 2017-08-11 08:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-15 21:30 - 2017-08-11 08:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-15 21:30 - 2017-08-11 08:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-15 21:30 - 2017-08-11 08:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-15 21:30 - 2017-08-11 08:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-15 21:30 - 2017-08-11 08:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-15 21:30 - 2017-08-11 08:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-15 21:30 - 2017-08-11 08:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-15 21:30 - 2017-08-11 08:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-15 21:30 - 2017-08-11 08:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-15 21:30 - 2017-08-11 07:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-15 21:30 - 2017-08-11 07:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-15 21:30 - 2017-08-11 07:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-15 21:30 - 2017-08-11 07:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-15 21:30 - 2017-08-11 07:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-15 21:30 - 2017-08-11 07:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-15 21:30 - 2017-08-11 07:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-15 21:30 - 2017-08-11 07:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-15 21:30 - 2017-08-11 07:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-15 21:30 - 2017-08-11 07:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-15 21:30 - 2017-08-11 07:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-15 21:30 - 2017-08-11 07:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-15 21:30 - 2017-08-11 07:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-15 21:30 - 2017-08-11 07:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 07:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 07:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-15 21:30 - 2017-08-11 07:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-12 22:31 - 2017-09-12 22:31 - 009826968 _____ (Piriform Ltd) C:\Users\Dr. Babak Bayani\Downloads\ccsetup534.exe
2017-09-10 15:12 - 2017-09-10 15:12 - 000002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-09-10 15:12 - 2017-09-10 15:12 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-10 15:12 - 2017-09-10 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-10 15:06 - 2017-09-10 15:06 - 001632208 _____ (Skype Technologies S.A.) C:\Users\Dr. Babak Bayani\Downloads\SkypeSetup.exe
2017-09-10 14:56 - 2017-09-10 14:56 - 000000000 ____D C:\Users\Dr. Babak Bayani\Tracing
2017-09-10 13:07 - 2017-09-10 13:07 - 000688992 ____R (Swearware) C:\Users\Dr. Babak Bayani\Downloads\dds.scr
2017-09-10 10:53 - 2017-09-10 10:53 - 001790024 _____ (Malwarebytes) C:\Users\Dr. Babak Bayani\Desktop\JRT.exe
2017-09-10 10:51 - 2017-09-10 10:51 - 008182736 _____ (Malwarebytes) C:\Users\Dr. Babak Bayani\Desktop\adwcleaner_7.0.2.1.exe
2017-09-10 10:44 - 2017-09-23 20:28 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-10 10:43 - 2017-09-23 20:28 - 000000000 ____D C:\Users\Dr. Babak Bayani\Desktop\mbar
2017-09-10 10:43 - 2017-09-10 10:43 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Dr. Babak Bayani\Desktop\mbar-1.09.3.1001.exe
2017-09-07 06:34 - 2017-09-08 18:42 - 000001211 _____ C:\Users\Dr. Babak Bayani\Desktop\LicenseCrawler.lnk
2017-09-07 06:34 - 2017-09-08 18:42 - 000000000 ____D C:\Users\Dr. Babak Bayani\Desktop\LicenseCrawler
2017-08-28 21:36 - 2017-08-28 21:37 - 000000000 ____D C:\Users\Dr. Babak Bayani\Desktop\Firefox
2017-08-28 21:35 - 2017-08-28 21:35 - 000000000 ____D C:\Users\Dr. Babak Bayani\Desktop\Lampe
2017-08-26 19:32 - 2017-09-24 11:01 - 000000000 ____D C:\ProgramData\TwonkyServer
2017-08-26 19:32 - 2017-08-26 19:32 - 000001120 _____ C:\Users\Public\Desktop\Twonky Server.lnk
2017-08-26 19:32 - 2017-08-26 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twonky Server
2017-08-26 19:08 - 2017-08-26 19:08 - 000003002 _____ C:\Windows\System32\Tasks\{D6A067BD-0955-466E-980C-7945657927D9}
2017-08-26 19:08 - 2017-08-26 19:08 - 000003002 _____ C:\Windows\System32\Tasks\{739940BF-95B1-4F98-9925-54E17E1971D5}
2017-08-26 18:51 - 2017-07-07 17:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-08-26 18:51 - 2017-07-07 17:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-08-26 18:44 - 2017-08-26 18:44 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-08-26 18:44 - 2017-08-26 18:44 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Roaming\Panda Security
2017-08-26 18:43 - 2017-08-26 18:44 - 000002168 _____ C:\Users\Public\Desktop\Panda Protection.lnk
2017-08-26 18:43 - 2017-08-26 18:44 - 000000000 ____D C:\ProgramData\Panda Security
2017-08-26 18:43 - 2017-08-26 18:44 - 000000000 ____D C:\Program Files (x86)\Panda Security
2017-08-26 18:43 - 2017-08-26 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 22:50 - 2016-04-21 15:46 - 000000000 ____D C:\AdwCleaner
2017-09-24 15:57 - 2017-07-15 02:15 - 000406944 _____ C:\Windows\system32\prfh0404.dat
2017-09-24 15:57 - 2017-07-15 02:15 - 000130988 _____ C:\Windows\system32\prfc0404.dat
2017-09-24 15:57 - 2017-07-14 23:06 - 000722478 _____ C:\Windows\system32\prfh0416.dat
2017-09-24 15:57 - 2017-07-14 23:06 - 000163554 _____ C:\Windows\system32\prfc0416.dat
2017-09-24 15:57 - 2017-07-14 19:48 - 000748960 _____ C:\Windows\system32\perfh015.dat
2017-09-24 15:57 - 2017-07-14 19:48 - 000171770 _____ C:\Windows\system32\perfc015.dat
2017-09-24 15:57 - 2017-07-14 16:35 - 000733202 _____ C:\Windows\system32\perfh019.dat
2017-09-24 15:57 - 2017-07-14 16:35 - 000166740 _____ C:\Windows\system32\perfc019.dat
2017-09-24 15:57 - 2017-07-14 13:23 - 000503116 _____ C:\Windows\system32\perfh014.dat
2017-09-24 15:57 - 2017-07-14 13:23 - 000111302 _____ C:\Windows\system32\perfc014.dat
2017-09-24 15:57 - 2017-07-14 10:13 - 000615590 _____ C:\Windows\system32\perfh008.dat
2017-09-24 15:57 - 2017-07-14 10:13 - 000127026 _____ C:\Windows\system32\perfc008.dat
2017-09-24 15:57 - 2017-07-14 02:02 - 000754058 _____ C:\Windows\system32\perfh00A.dat
2017-09-24 15:57 - 2017-07-14 02:02 - 000174372 _____ C:\Windows\system32\perfc00A.dat
2017-09-24 15:57 - 2017-07-14 00:20 - 000400946 _____ C:\Windows\system32\perfh00D.dat
2017-09-24 15:57 - 2017-07-14 00:20 - 000100656 _____ C:\Windows\system32\perfc00D.dat
2017-09-24 15:57 - 2017-07-13 21:16 - 000748648 _____ C:\Windows\system32\perfh010.dat
2017-09-24 15:57 - 2017-07-13 21:16 - 000162744 _____ C:\Windows\system32\perfc010.dat
2017-09-24 15:57 - 2016-06-07 11:43 - 000429632 _____ C:\Windows\system32\perfh011.dat
2017-09-24 15:57 - 2016-06-07 11:43 - 000142058 _____ C:\Windows\system32\perfc011.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000758842 _____ C:\Windows\system32\perfh007.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000758570 _____ C:\Windows\system32\perfh00C.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000756352 _____ C:\Windows\system32\perfh013.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000737620 _____ C:\Windows\system32\prfh0816.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000696608 _____ C:\Windows\system32\perfh00E.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000681694 _____ C:\Windows\system32\perfh005.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000676574 _____ C:\Windows\system32\perfh01D.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000669536 _____ C:\Windows\system32\perfh01F.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000522268 _____ C:\Windows\system32\perfh006.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000491868 _____ C:\Windows\system32\perfh001.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000392552 _____ C:\Windows\system32\prfh0804.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000191232 _____ C:\Windows\system32\perfc00E.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000173060 _____ C:\Windows\system32\perfc013.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000169830 _____ C:\Windows\system32\perfc007.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000169538 _____ C:\Windows\system32\perfc00C.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000168804 _____ C:\Windows\system32\prfc0816.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000162432 _____ C:\Windows\system32\perfc01D.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000161384 _____ C:\Windows\system32\perfc005.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000159958 _____ C:\Windows\system32\perfc01F.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000140342 _____ C:\Windows\system32\perfc012.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000139550 _____ C:\Windows\system32\prfc0804.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000118616 _____ C:\Windows\system32\perfc006.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000114730 _____ C:\Windows\system32\perfc001.dat
2017-09-24 15:57 - 2014-11-17 12:22 - 000088834 _____ C:\Windows\system32\perfh012.dat
2017-09-24 15:57 - 2014-11-16 22:38 - 000494356 _____ C:\Windows\system32\perfh00B.dat
2017-09-24 15:57 - 2014-11-16 22:38 - 000121478 _____ C:\Windows\system32\perfc00B.dat
2017-09-24 15:57 - 2009-07-14 07:13 - 018064284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-24 15:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-24 11:08 - 2009-07-14 06:45 - 000036848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-24 11:08 - 2009-07-14 06:45 - 000036848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-24 11:00 - 2017-06-09 11:41 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2017-09-24 11:00 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-23 20:13 - 2015-11-18 18:00 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-23 20:13 - 2015-11-18 18:00 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-09-23 20:11 - 2015-05-07 18:36 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Local\CrashDumps
2017-09-23 20:09 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Cursors
2017-09-23 19:50 - 2014-11-18 14:15 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Roaming\DAEMON Tools Lite
2017-09-23 18:51 - 2015-01-19 17:36 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Roaming\Dropbox
2017-09-22 20:30 - 2015-03-21 15:17 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Roaming\vlc
2017-09-20 21:44 - 2016-04-21 16:05 - 000000000 ____D C:\Program Files\CCleaner
2017-09-20 18:58 - 2014-11-16 21:30 - 000000000 ____D C:\Users\Dr. Babak Bayani
2017-09-18 19:48 - 2017-08-12 12:00 - 000067798 _____ C:\Users\Dr. Babak Bayani\Documents\starburn.txt
2017-09-16 13:19 - 2009-07-14 06:45 - 005172224 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-16 13:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2017-09-16 13:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2017-09-16 13:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2017-09-16 13:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\lv-LV
2017-09-16 13:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\lt-LT
2017-09-16 13:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\et-EE
2017-09-15 21:43 - 2014-11-18 14:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-15 21:42 - 2014-11-16 22:48 - 000000000 ____D C:\Windows\system32\MRT
2017-09-15 21:40 - 2014-11-16 22:48 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-15 21:35 - 2009-07-14 04:34 - 000000513 _____ C:\Windows\win.ini
2017-09-15 21:32 - 2014-11-17 12:46 - 017672792 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-12 22:31 - 2017-07-16 13:39 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-12 22:27 - 2015-04-11 11:46 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Roaming\Skype
2017-09-10 15:12 - 2015-04-11 11:45 - 000000000 ____D C:\ProgramData\Skype
2017-09-10 11:01 - 2015-09-17 17:21 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Local\Downloaded Installations
2017-09-07 19:22 - 2015-09-04 21:52 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\Local\René's Homepage
2017-09-07 19:22 - 2011-11-04 12:46 - 000733184 _____ (René's Homepage) C:\Users\Dr. Babak Bayani\Desktop\Snipping Tool Plus.exe
2017-09-05 06:21 - 2017-07-16 13:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-05 06:15 - 2015-06-02 17:06 - 000001268 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-216576549-3052404505-3243353928-1000UA.job
2017-09-04 19:41 - 2015-06-02 17:06 - 000001216 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-216576549-3052404505-3243353928-1000Core.job
2017-08-28 21:37 - 2017-07-16 13:23 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-28 21:37 - 2017-07-16 13:23 - 000000884 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-28 21:37 - 2017-07-16 13:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-28 21:35 - 2016-11-19 15:11 - 000000000 ____D C:\Users\Dr. Babak Bayani\AppData\LocalLow\Mozilla
2017-08-26 19:31 - 2017-07-21 22:03 - 000383237 _____ C:\Users\Dr-log.txt
2017-08-26 19:12 - 2017-07-21 22:03 - 001048582 _____ C:\Users\Dr-2017-08-26-19-12-19-log.txt
2017-08-26 18:59 - 2015-01-25 14:20 - 000000000 ____D C:\Windows\pss
2017-08-26 18:44 - 2014-11-16 21:55 - 000113168 _____ C:\Users\Dr. Babak Bayani\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-26 18:30 - 2017-07-15 23:45 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-26 18:00 - 2015-10-23 10:49 - 000000000 ____D C:\ProgramData\Avg
2017-08-26 18:00 - 2014-11-16 22:56 - 000000000 ____D C:\Program Files (x86)\AVG
2017-08-26 17:37 - 2016-08-04 10:46 - 000000000 ____D C:\Users\Administrator
2017-08-26 17:30 - 2017-08-07 19:01 - 000000000 ____D C:\ProgramData\TEMP

==================== Files in the root of some directories =======

2016-02-04 18:07 - 2016-02-04 18:07 - 000000011 _____ () C:\Users\Dr. Babak Bayani\AppData\Roaming\.tv7
2016-06-13 12:23 - 2016-06-13 13:29 - 000000033 _____ () C:\Users\Dr. Babak Bayani\AppData\Roaming\AdobeWLCMCache.dat
2016-05-20 18:24 - 2016-05-20 18:24 - 000000107 _____ () C:\Users\Dr. Babak Bayani\AppData\Roaming\settings.xml
2016-02-04 18:00 - 2016-02-04 18:00 - 000003584 _____ () C:\Users\Dr. Babak Bayani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-20 19:30 - 2017-07-20 19:30 - 000001385 _____ () C:\Users\Dr. Babak Bayani\AppData\Local\recently-used.xbel
2016-02-08 21:25 - 2016-02-08 21:25 - 000000011 _____ () C:\ProgramData\.tv5
2016-02-04 16:52 - 2016-02-04 16:52 - 000000011 _____ () C:\ProgramData\.tv7
2017-07-16 09:58 - 2017-07-16 09:58 - 000047472 _____ () C:\ProgramData\agent.1500191935.bdinstall.bin
2014-11-17 14:07 - 2014-11-17 14:07 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-23 19:25 - 2014-12-23 19:25 - 000000000 _____ () C:\ProgramData\New Text Document.txt
2016-05-11 19:40 - 2016-05-11 19:40 - 000004864 _____ () C:\ProgramData\oqztiqep.adk

Some files in TEMP:
====================
2017-09-23 18:59 - 2017-09-23 19:01 - 027536744 _____ (Disc Soft Ltd) C:\Users\Dr. Babak Bayani\AppData\Local\Temp\DTLite1060-0283.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-31 19:38

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (53.2 KB, 16 views)
jan henkel is offline  
Old 09-24-2017, 02:22 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jan henkel.

Did you uninstall CCleaner as requested previously?

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    AutoKMS.exe
    installPacket.exe
    
    :regfind
    AutoKMS.exe
    installPacket.exe
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-25-2017, 10:03 AM   #8
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



Sry, I forgot to unistall ccleaner. I scanned again and added the txt files.
Also the new files from SystemLook.
Attached Files
File Type: txt FRST.txt (68.0 KB, 16 views)
File Type: txt Addition.txt (52.9 KB, 340 views)
File Type: txt SystemLook.txt (1.2 KB, 25 views)
jan henkel is offline  
Old 09-25-2017, 08:08 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you running a pirated copy of Windows and/or Office?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-25-2017, 11:56 PM   #10
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



Sry, is that of any relevance? I do not know if or if not. I bought the PC from a colleague and upgraded it slowly and to be honest did not care what kind of license the programs (all that were installed) have.
Since you seem to be referring the the AutoKMS, it is from [20:11 18/11/2014], so I don't think it is relevant for the problem with the virus/trojan/malware installPacket [09:01 24/09/2017] [10:55 05/09/2017].
jan henkel is offline  
Old 09-26-2017, 08:22 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Even if the file is from 18/11/2014, you may have illegal software, which means we would not be able to continue here due to forum rules against helping users with illegal software(s).

These are the pitfalls of acquiring used machines. Is your colleague reputable?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-26-2017, 11:15 PM   #12
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



Well I do not know if he is reputable or not. At least I did not install any cracked or illegal SW. Before this is going back and forth with it, is there going to be any help from you in this case or am I screwed for buying a used PC?
Please tell me what the next steps are or if this case is closed.
jan henkel is offline  
Old 09-28-2017, 03:07 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let's try this:
  • Please download MGADiag.exe and Save it to your Desktop.
  • Double-click on MGADiag.exe then click Continue
  • When the program has finished, click on Copy
  • Please paste the results in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-28-2017, 10:34 AM   #14
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



Well here is the txt. Is that really helping me finding a solution for my trojan problem?
Attached Files
File Type: txt mgadiag.txt (6.5 KB, 26 views)
jan henkel is offline  
Old 09-29-2017, 10:47 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jan henkel.

Quote:
Is that really helping me finding a solution for my trojan problem?
No, it was used to determine if you were using illegal software.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/window...-windows-7.htm

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers1: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} =>  -> No File
    ContextMenuHandlers6: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} =>  -> No File
    Task: {1FA7CED6-F3AE-404C-9898-D09FFA58A428} - \{CA1D5856-CF30-4009-A556-F3D1342C7F3A} -> No File <==== ATTENTION
    Task: {3D312117-815D-473B-AEE9-EE61463FD12C} - no filepath
    Task: {3EF4816A-B6E1-4E42-9143-AA0A764D8C52} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
    Task: {436CED47-580E-4EC2-AF0E-35298991C79E} - no filepath
    Task: {4975C7F3-AAF1-4A37-998E-AC5CC4A48F0B} - no filepath
    Task: {586800BD-C1B1-4C6D-A467-F026E354674A} - no filepath
    Task: {6E035CE0-967E-4C8D-80B2-7484B6FFF721} - System32\Tasks\{A60FB532-2597-4449-9AE1-5ED24C5D09A7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Dr. Babak Bayani\Desktop\hijackthis.exe" -d "C:\Users\Dr. Babak Bayani\Desktop"
    Task: {B1F2ECA3-A20A-4262-8384-8D4E9E621D54} - no filepath
    Task: {D07BC9D5-BE78-437E-9839-AA14688788FD} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-18] ()
    AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [135]
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-216576549-3052404505-3243353928-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
    HKU\S-1-5-21-216576549-3052404505-3243353928-1000\...\RunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
    HKU\S-1-5-21-216576549-3052404505-3243353928-1000\...\RunOnce: [Uninstall C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dr. Babak Bayani\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {97FA051B-152A-449B-9B6B-A65A3717EBAF} URL =
    BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    Handler: WSAllMyTubechrome - No CLSID Value
    FF Plugin:  @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32:  @haitao.com/npHaitaoPlugin -> C:\Users\Dr. Babak Bayani\AppData\Local\htyh\application\htwebHelper.dll [No File]
    FF Plugin-x32:  @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32:  @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
    FF Plugin-x32:  @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
    CHR HKU\S-1-5-21-216576549-3052404505-3243353928-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - <not found>
    2017-09-20 21:44 - 2016-04-21 16:05 - 000000000 ____D C:\Program Files\CCleaner
    2017-09-12 22:31 - 2017-07-16 13:39 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-08-26 18:30 - 2017-07-15 23:45 - 000000000 ____D C:\ProgramData\AVAST Software
    2017-08-26 18:00 - 2015-10-23 10:49 - 000000000 ____D C:\ProgramData\Avg
    2017-08-26 18:00 - 2014-11-16 22:56 - 000000000 ____D C:\Program Files (x86)\AVG
    U1 aswbdisk; no ImagePath
    S3 cpuz134; \??\C:\Users\DR5C3B~1.BAB\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-02-2017, 09:36 AM   #16
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



I will provide the file tomorrow. This message is just to keep the thread open.
jan henkel is offline  
Old 10-03-2017, 10:09 AM   #17
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



Ok, here is the file.
Attached Files
File Type: txt FRST.txt (66.9 KB, 12 views)
jan henkel is offline  
Old 10-03-2017, 08:47 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jan henkel. My last instructions didn't ask for a new FRST log.

It asked for the Fixlog.txt log from the fix I had you run last. Go back and run the FRST fix I posted in post #15 above, and post the resulting Fixlog.txt log.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-03-2017, 09:22 PM   #19
Registered Member
 
Join Date: Sep 2017
Posts: 30
OS: Win / Ultimate



sry, here is the fixlog.
Attached Files
File Type: txt Fixlog.txt (12.3 KB, 15 views)
jan henkel is offline  
Old 10-04-2017, 06:35 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



*********************
Post ***
*********

Hello again, jan henkel. How is the machine behaving? Is Panda still detecting that file?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trj/CI.A
Was referred here by my Panda Cloud anti-virus software. While it seemed to get rid of this thing it has kept coming back. Ran full scan and it sent me here. I do not have any Windows Install disks or boot CDs. Thanks! . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer:...
marsbonfire Resolved HJT Threads 10 07-11-2011 08:38 PM
browser redirects and win upd blocked
Hi Guys, I have had a nasty virus on my PC for a few days. The symptoms include - no browsers will navigate to windows update - Firefox is redirecting to ad sites (such as stopzilla). - Generic Host Process intermittently crashing I have tried malware bytes and it did clean up some...
JCTJennings Resolved HJT Threads 44 04-25-2011 08:15 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:20 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts