I recently had a virus/malware infection. Various unknown programs were running when viewed in Task Manager. I managed to get rid of all of them except for "bridgeunattend.exe", which is located in Windows\System32 folder.
I eventually removed the hard drive, connected it to a non windows machine and managed to replace the offending file with a correct, non infected version. Before replacing the drive in the computer, I ran AVG and Malaware which found and deleted various threats.
Since replacing the drive, I cannot run AVG. It states "This program is blocked by group policy". I have also tried installing a 2015 version of AVG, but it fails as it cannot open registry key HKLM\S|W|CV|Run.
I have run CCleaner on the registry, without any improvement. I have installed Avasti antivirus. However, I consider that something is lurking in my widows operating system somewhere preventing me from running programs as they should.
Gmar crashed twice while running it; had to scan using only Sections and drive C.
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.15.2
Run by neone at 20:04:06 on 2014-11-24
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3325.1025 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\neone\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACCUCHEK360\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uProxyOverride = <local>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E243A8E7-6244-49E0-A361-22DBF30FD46C} - <orphaned>
BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - c:\program files\delorme\sendtogps\PNPluginForIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uExplorerRun: [BitTorrent] c:\users\neone\appdata\roaming\ajgjvhgh\uttihijh.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: http://www.peachonline.net
Trusted Zone: icatonline.net
Trusted Zone: peachonline.net
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EEF3E506-EAF4-45ED-BAF8-E21177D0390D} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\neone\appdata\roaming\mozilla\firefox\profiles\xzutxxpq.default-1412717310351\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\neone\appdata\locallow\stonetrip\webplayer1.8.1\npShiVa3D_1.8.1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-11-23 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-11-23 206248]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-2 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-11-23 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-11-23 423784]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-23 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-11-23 50344]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-10 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-10 968504]
R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);c:\program files\microsoft sql server\mssql10_50.accuchek360\mssql\binn\sqlservr.exe [2011-6-17 43040096]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2014-3-19 42264]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2014-3-19 10136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-10 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-23 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-10 51928]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2014-10-14 161288]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-2-24 25704]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service; [x]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2012-3-2 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2012-3-2 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2012-3-2 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2012-3-2 25088]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [2011-7-12 16896]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-10-29 12400]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S4 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]
S4 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0151;RsFx0151 Driver;c:\windows\system32\drivers\RsFx0151.sys [2011-6-17 240736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-11-24 18:49:32 -------- d-----w- C:\CC Cleaner
2014-11-23 20:58:39 -------- d-----w- c:\users\neone\appdata\roaming\AVAST Software
2014-11-23 20:55:33 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-23 20:55:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-23 20:55:30 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-23 20:55:29 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-23 20:55:23 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-23 20:55:11 43152 ----a-w- c:\windows\avastSS.scr
2014-11-23 20:48:56 -------- d-----w- c:\program files\AVAST Software
2014-11-23 20:43:02 -------- d-----w- c:\programdata\AVG2015
2014-11-23 20:39:36 -------- d-----w- c:\programdata\AVAST Software
2014-11-23 20:37:57 -------- d-----w- c:\users\neone\appdata\local\Avg2015
2014-11-23 19:07:10 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-23 19:06:26 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-23 19:00:32 131072 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp92EC.exe
2014-11-22 12:54:39 20992 ------w- c:\windows\system32\bridgeunattend.exe
2014-11-20 19:18:27 -------- d-----w- c:\users\neone\appdata\roaming\Elugzi
2014-11-15 10:45:11 -------- d-----w- c:\users\neone\appdata\roaming\FrameworkUpdate7
2014-11-14 18:21:22 3654 ----a-w- c:\windows\system32\out.bin
2014-11-13 15:15:15 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2014-11-12 22:10:18 -------- d-----w- c:\users\neone\appdata\local\YxqzPack
2014-11-12 21:38:12 2009600 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-11-12 21:17:22 -------- d-----r- C:\Sandbox
2014-11-12 20:38:38 -------- d-----w- c:\program files\Sandboxie
2014-11-05 22:10:52 -------- d-----w- c:\program files\CUE Splitter
.
==================== Find3M ====================
.
2014-10-01 11:11:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-20 14:22:47 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2009-07-05 20:32:00 9079808 ----a-w- c:\program files\ffmpeg.exe
2006-05-03 09:06:54 163328 --sh--w- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--w- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--w- c:\windows\system32\nbDX.dll
.
============= FINISH: 20:12:48.13 ===============
I eventually removed the hard drive, connected it to a non windows machine and managed to replace the offending file with a correct, non infected version. Before replacing the drive in the computer, I ran AVG and Malaware which found and deleted various threats.
Since replacing the drive, I cannot run AVG. It states "This program is blocked by group policy". I have also tried installing a 2015 version of AVG, but it fails as it cannot open registry key HKLM\S|W|CV|Run.
I have run CCleaner on the registry, without any improvement. I have installed Avasti antivirus. However, I consider that something is lurking in my widows operating system somewhere preventing me from running programs as they should.
Gmar crashed twice while running it; had to scan using only Sections and drive C.
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.15.2
Run by neone at 20:04:06 on 2014-11-24
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3325.1025 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\neone\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACCUCHEK360\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uProxyOverride = <local>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E243A8E7-6244-49E0-A361-22DBF30FD46C} - <orphaned>
BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - c:\program files\delorme\sendtogps\PNPluginForIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uExplorerRun: [BitTorrent] c:\users\neone\appdata\roaming\ajgjvhgh\uttihijh.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: http://www.peachonline.net
Trusted Zone: icatonline.net
Trusted Zone: peachonline.net
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EEF3E506-EAF4-45ED-BAF8-E21177D0390D} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\neone\appdata\roaming\mozilla\firefox\profiles\xzutxxpq.default-1412717310351\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\neone\appdata\locallow\stonetrip\webplayer1.8.1\npShiVa3D_1.8.1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-11-23 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-11-23 206248]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-2 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-11-23 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-11-23 423784]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-23 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-11-23 50344]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-10 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-10 968504]
R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);c:\program files\microsoft sql server\mssql10_50.accuchek360\mssql\binn\sqlservr.exe [2011-6-17 43040096]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2014-3-19 42264]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2014-3-19 10136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-10 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-23 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-10 51928]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2014-10-14 161288]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-2-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-2-24 25704]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service; [x]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2012-3-2 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2012-3-2 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2012-3-2 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2012-3-2 25088]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [2011-7-12 16896]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-10-29 12400]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S4 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]
S4 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0151;RsFx0151 Driver;c:\windows\system32\drivers\RsFx0151.sys [2011-6-17 240736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-11-24 18:49:32 -------- d-----w- C:\CC Cleaner
2014-11-23 20:58:39 -------- d-----w- c:\users\neone\appdata\roaming\AVAST Software
2014-11-23 20:55:33 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-23 20:55:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-23 20:55:30 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-23 20:55:29 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-23 20:55:23 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-23 20:55:11 43152 ----a-w- c:\windows\avastSS.scr
2014-11-23 20:48:56 -------- d-----w- c:\program files\AVAST Software
2014-11-23 20:43:02 -------- d-----w- c:\programdata\AVG2015
2014-11-23 20:39:36 -------- d-----w- c:\programdata\AVAST Software
2014-11-23 20:37:57 -------- d-----w- c:\users\neone\appdata\local\Avg2015
2014-11-23 19:07:10 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-23 19:06:26 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-23 19:00:32 131072 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp92EC.exe
2014-11-22 12:54:39 20992 ------w- c:\windows\system32\bridgeunattend.exe
2014-11-20 19:18:27 -------- d-----w- c:\users\neone\appdata\roaming\Elugzi
2014-11-15 10:45:11 -------- d-----w- c:\users\neone\appdata\roaming\FrameworkUpdate7
2014-11-14 18:21:22 3654 ----a-w- c:\windows\system32\out.bin
2014-11-13 15:15:15 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2014-11-12 22:10:18 -------- d-----w- c:\users\neone\appdata\local\YxqzPack
2014-11-12 21:38:12 2009600 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-11-12 21:17:22 -------- d-----r- C:\Sandbox
2014-11-12 20:38:38 -------- d-----w- c:\program files\Sandboxie
2014-11-05 22:10:52 -------- d-----w- c:\program files\CUE Splitter
.
==================== Find3M ====================
.
2014-10-01 11:11:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-20 14:22:47 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2009-07-05 20:32:00 9079808 ----a-w- c:\program files\ffmpeg.exe
2006-05-03 09:06:54 163328 --sh--w- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--w- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--w- c:\windows\system32\nbDX.dll
.
============= FINISH: 20:12:48.13 ===============
