Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Speedial virus (?) reaffecting Chrome, cannot be found


  • This topic is locked This topic is locked
1 reply to this topic

#1 Jerry The Infected

Jerry The Infected

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 07 June 2014 - 01:49 PM

Update: this has been solved with the help of this article:
 
I picked up speedial on a Windows 7 / 64 machine by visiting subloader.com (a site that provides subtitles). I usually just download the subtitles file, they typically come zipped up. But instead of a zip, they gave me an exe with their "subtitles download manager" bundled in along with speedial. In automatic click mode, I opened up the "zip", whoops it was an exe. Gah!
 
So it screwed up IE, Firefox, and Chrome. And the typical removal steps removed it from IE and Firefox. But not Chrome.  I uninstalled it from the Control Panel, and reset all the settings in IE, Firefox, and Chrome.
 
But still, when I restarted Chrome, Chrome told me a new extension had been installed by "Another program".
 
 
I can uninstall Chrome, deleting all user data (%APPDATA%\local\Google\Chrome\) and when I reinstall it. Same thing.
 
Chrome is very good about detecting it, and disabling it, but I can't find or get rid of the original problem.
 
I first cleaned with:
 
+ MSE
+ SuperAntiSpyware
+ MalwareBytes
 
None of those found anything (apart from typical cookie trackers). I surf pretty boringly, my machine is usually clean and I run a full MSE scan once a week.
 
Then I found AdwCleaner which was a great help in showing me which Chrome files had become infected.
 
%AppData%\Local\Google\Chrome\User Data\Default\Preferences
%AppData%\Local\Google\Chrome\User Data\Default\Protected Preferences
 
 
Still, uninstall Chrome removing all user data, reinstall Chrome, and the speedial extension is added.
 
Leaving Chrome uninstalled
 
I booted into safe mode and ran
 
+ MalwareBytes
+ Sophos Anti Root Kit
+ Kaspersky TDSS Killer
 
And none of those found anything.
 
I disconnected my machine from the net and booted back into normal mode.
 
Uninstalled Chrome removing all user data, and reinstalled Chrome, and ... fine. Started up Chrome and no extensions added. And then I reconnected the net, and started up Chrome and almost instantly, Chrome told me Speedial had been installed.
 
I uninstalled Chrome removing all user data, reinstalled, and it's repeatable.
 
I fired up Fiddler2 and I can see Chrome downloading what is presumably the bad extension from the Chrome extension store at client2.googleusercontent.com
 
I uninstalled Chrome and installed the PORTABLE APP version of Chrome, and it became infected. 
 
So ...
 
None of the antivirus, antispyware, or antirootkit programs I have found can help me find the root cause of this.
 
Chrome has been uninstalled and its settings reset multiple times and Chrome insists it is another program adding in this extension (but doesn't provide help on which program it is...)
 
And so I am hoping you can help me.
 
DDS is below.
Below that for the curious, is the addition of speedial in my Google preferences file
 
 
=-=-=
DDS
=-=-=
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by jerry at 11:34:19 on 2014-06-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6143.1360 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
C:\Program Files (x86)\3RVX\3RVX.exe
C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Thermostat for Windows\Thermostat.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\InSync Speech\MyBuddyMic\MyBuddyMic.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\InSync Speech\MyBuddyMic\MyBuddyMicDI.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\jerry\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseGit\bin\TGitCache.exe
C:\Users\jerry\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Users\jerry\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\nacl64.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jerry\emacs-24.3\bin\emacs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = www.google.com
uProxyServer = localhost:8888
uProxyOverride = <-loopback>;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - 
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\jerry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WideSearch] C:\Users\jerry\AppData\Local\WideSearch\wsearch.exe
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Akamai NetSession Interface] "C:\Users\jerry\AppData\Local\Akamai\netsession_win.exe"
uRun: [F88105C1F7DCE8C2149E01FB3B42BF56937DA1C7._service_run] "C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [BoxcryptorClassic.exe] "C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe"
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
uRun: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe
uRun: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
uRun: [GoogleChromeAutoLaunch_05AE3B8C44542EC73E17BEADC2E3303F] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [MyBuddyMic] "C:\Program Files (x86)\InSync Speech\MyBuddyMic\MyBuddyMic.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog
StartupFolder: C:\Users\jerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\jerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\THERMO~1.LNK - C:\Program Files (x86)\Thermostat for Windows\Thermostat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~2.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCABattery = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://192.168.0.80:8080/JpegInst.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://192.168.0.5/UltraMJCamX.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://192.168.0.149/JpegInstV4.cab
TCP: NameServer = 8.8.4.4 8.8.8.8
TCP: Interfaces\{36C7CBDC-A264-481F-BB56-CA9F20AFABEC} : DHCPNameServer = 8.8.4.4 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Windows\SysWOW64\G7PS.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
SSODL: EldosMountNotificator-cbfs4 - {23817742-71F4-4F44-B361-3ED3E1062E86} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - 
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - 
STS: Virtual Storage Mount Notification - {23817742-71F4-4F44-B361-3ED3E1062E86} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator-cbfs4 - {23817742-71F4-4F44-B361-3ED3E1062E86} - C:\Windows\System32\cbfsMntNtf4.dll
x64-STS: Virtual Storage Mount Notification - {23817742-71F4-4F44-B361-3ED3E1062E86} - C:\Windows\System32\cbfsMntNtf4.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\xqw8gget.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\xqw8gget.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\xqw8gget.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jerry\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\jerry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\jerry\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32 - Copy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: !HIDDEN! 2013-10-01 20:43; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2014-4-13 17200]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 cbfs4;cbfs4;C:\Windows\System32\drivers\cbfs4.sys [2013-9-7 386752]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-1 203776]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-3-13 402192]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-3-13 121616]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-3-13 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-3-13 770832]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-3-27 9954096]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-2-24 1343408]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
R2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-x64-9.1" -D "C:/PostgreSQL/9.1/data" -w --> C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.5.54609.0.sys [2014-3-31 46384]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2014-4-13 389936]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]
R3 vpnpbus;EldoS PnP Virtual Bus driver;C:\Windows\System32\drivers\vpnpbus.sys [2013-11-12 18624]
S0 edevmon;edevmon;C:\Windows\System32\drivers\edevmon.sys [2013-9-17 239296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-5-22 401920]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-2-2 31744]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-13 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\FF26.tmp [2014-6-6 6144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2010-11-25 53312]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-6-14 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-6-14 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2010-1-6 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2012-12-11 203104]
S3 tnkhid;TNK Virtual HID;C:\Windows\System32\drivers\tnkhid.sys [2013-9-25 18216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-10-26 105816]
S4 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2010-9-25 32840]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2009-11-3 17920]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-3 1153368]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-07 18:18:32 -------- d-----w- C:\Program Files\ESET
2014-06-07 08:22:00 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{519026D2-8B75-41D4-B1A7-B78FBAC90BEE}\gapaengine.dll
2014-06-07 08:19:56 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-07 08:19:39 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DD79FA9-1ADD-4DCB-AE46-AA33DC193224}\mpengine.dll
2014-06-07 03:04:18 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2014-06-07 00:23:20 6144 ------w- C:\Windows\System32\FF26.tmp
2014-06-07 00:20:01 6144 ------w- C:\Windows\System32\F814.tmp
2014-06-06 20:14:42 254240 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-06-06 20:14:14 128288 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-06-06 09:37:25 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-06 07:29:56 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-01 03:16:20 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-01 03:11:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-31 01:05:31 -------- d-----w- C:\Program Files (x86)\Android
2014-05-26 20:02:00 -------- d-----w- C:\Program Files (x86)\LastPass
2014-05-24 03:42:59 -------- d-----w- C:\Users\jerry\AppData\Roaming\Moonchild Productions
2014-05-24 03:42:59 -------- d-----w- C:\Users\jerry\AppData\Local\Moonchild Productions
2014-05-24 03:40:12 -------- d-----w- C:\Program Files (x86)\Pale Moon
2014-05-22 21:25:27 -------- d-----w- C:\Users\jerry\AppData\Roaming\VoxOx2
2014-05-22 21:24:54 -------- d-----w- C:\Program Files (x86)\VoxOx
2014-05-16 21:03:30 156448 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2014-05-16 21:03:30 141600 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-05-16 21:01:18 204064 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2014-05-14 14:03:43 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 14:03:43 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 13:50:29 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-14 13:50:29 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-05-31 19:29:29 14936064 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-04-15 09:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 21:02:10 46384 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.5.54609.0.sys
2014-03-31 21:02:08 948736 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.5.54609.0.dll
2014-03-27 17:53:10 389936 ----a-w- C:\Windows\System32\drivers\dlkmd.sys
2014-03-27 17:53:10 17200 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys
2014-03-27 17:50:18 1401648 ----a-w- C:\Windows\System32\dlumd9.dll
2014-03-27 17:50:18 1401648 ----a-w- C:\Windows\System32\dlumd64.dll
2014-03-27 17:50:18 1401648 ----a-w- C:\Windows\System32\dlumd11.dll
2014-03-27 17:50:18 1401648 ----a-w- C:\Windows\System32\dlumd10.dll
2014-03-27 17:50:16 1144112 ----a-w- C:\Windows\SysWow64\dlumd9.dll
2014-03-27 17:50:16 1144112 ----a-w- C:\Windows\SysWow64\dlumd32.dll
2014-03-27 17:50:16 1144112 ----a-w- C:\Windows\SysWow64\dlumd11.dll
2014-03-27 17:50:16 1144112 ----a-w- C:\Windows\SysWow64\dlumd10.dll
2014-03-19 22:27:44 76496 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2014-03-19 22:23:14 50896 ----a-w- C:\Windows\System32\drivers\point64.sys
2014-03-11 20:07:42 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-03-11 16:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 11:40:25.86 ===============
=-=-=
END DDS
=-=-=
 
For what it's worth, this is how the infection looks in the google preferences files:
 
=-=-=
google preferences file(s)
%AppData%\Local\Google\Chrome\User Data\Default\Preferences
%AppData%\Local\Google\Chrome\User Data\Default\Protected Preferences
=-=-=
 
         "bakijjialdiiboeaknfpmflphhmljfkd": {
            "ack_prompt_count": 1,
            "active_permissions": {
               "api": [ "bookmarks", "contextMenus", "history", "management", "storage", "tabs", "topSites", "unlimitedStorage", "webNavigation" ],
               "explicit_host": [ "chrome://favicon/*", "http://*/*", "https://*/*" ],
               "manifest_permissions": [  ]
            },
            "content_settings": [  ],
            "creation_flags": 9,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13046598173023235",
            "lastpingday": "13046597997312235",
            "location": 6,
            "manifest": {
               "background": {
                  "page": "/content/browser/background.html",
                  "persistent": true
               },
               "chrome_url_overrides": {
                  "newtab": "/content/newtab/newtab.html"
               },
               "content_security_policy": "script-src 'self' https://s3.amazonaws.com https://ssl.google-analytics.com; object-src 'self'",
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "A great, fun and helpful extension for setting your most favourite sites in the new tab page",
               "icons": {
                  "128": "/skin/icons/128.png",
                  "16": "/skin/icons/16.png",
                  "48": "/skin/icons/48.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuBiobDnSk9/szdruAX50DP4Oblbt72oUx9CvMxalfaMnMzyNmLBNperNpgLpUtBT8gxcIJPD5243rLaisYtVFHVdXzwKQp6GL23ItEFfMCINWJQ/bYLhY7u+Zw3jPWWeP4kuEKySZeVpiXgnyYLgoCC0ndcU/tG0J/RT9XylHMQIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "23",
               "name": "Speedial",
               "optional_permissions": [ "\u003Call_urls>", "webRequest", "webRequestBlocking" ],
               "permissions": [ "storage", "unlimitedStorage", "contextMenus", "webNavigation", "history", "bookmarks", "tabs", "management", "topSites", "chrome://favicon/", "http://*/*", "https://*/*" ],
               "sandbox": {
                  "pages": [  ]
               },
               "short_name": "Speedial",
               "update_url": "https://clients2.google.com/service/update2/crx",
               "version": "9.4.25",
               "web_accessible_resources": [ "/skin/icons/16.png" ]
            },
            "path": "bakijjialdiiboeaknfpmflphhmljfkd\\9.4.25_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 0,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
 
=-=-=
end google preferences file
=-=-=
 
 
Thanks for all the time and help you folks put into this! Amazing!
 

Attached Files


Edited by Jerry The Infected, 08 June 2014 - 12:06 PM.


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:52 AM

Posted 08 June 2014 - 12:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users