Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Java update errors on google chrome


  • This topic is locked This topic is locked
31 replies to this topic

#1 borvishal

borvishal

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 10 October 2014 - 04:53 PM

hello friends,

 

I have been getting these fake java update errors from last few days which appears as a pop up and when I close it, it takes me to a different page or sometimes I get Fishing attack related chrome specific page. 

I am struggling to figure out the root cause or the websites that are causing this issue. I have checked my programs and there is no suspicious program installed on my laptop. Please help me resolve the issue.

 

Thanks in Advance.



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:55 PM

Posted 12 October 2014 - 02:17 PM

Hi borvishal and Welcome to BleepingComputer !

I am reviewing your situation with my mentor and will advice you on what to do in my next reply.
 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:55 PM

Posted 12 October 2014 - 03:50 PM


Hello borvishal

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
skipfix-iedefaults;
process;
startupall;
services_list;
standardsearch;
installedprogs;
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 13 October 2014 - 09:04 PM

Hi Seedy21, 

 

Thank you for taking interest in my issue! Below is the logfile:

 

 

 

 
Zoek.exe v5.0.0.0 Updated 11-October-2014
Tool run by Vishal on Mon 10/13/2014 at 21:45:46.22.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Vishal\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
10/13/2014 9:48:48 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Installed Programs ======================
 
1.0  
Acrobat.com  
Adobe Acrobat 5.0  
Adobe AIR  
Adobe Reader XI (11.0.03)  
Advanced Audio FX Engine  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Auto Shutdown  
BarahaIME 1.0  
BitLord 1.1  
Bonjour  
CCleaner  
Cisco EAP-FAST Module  
Cisco LEAP Module  
Cisco PEAP Module  
Citrix Online Launcher  
Dell DataSafe Online  
Dell Dock  
Dell Edoc Viewer  
Dell Getting Started Guide  
Dell Remote Access  
Dell Support Center (Support Software)  
Dell System Detect  
Dell Touchpad  
Dell Webcam Central  
Dell Wireless WLAN Card Utility  
DNA  
Facebook Video Calling 3.1.0.521  
ffdshow [rev 3178] [2010-01-03]  
Google Chrome  
Google Earth Plug-in  
Google Talk (remove only)  
Google Talk Plugin  
Google Update Helper  
Google+ Auto Backup  
GoToAssist 8.0.0.514  
GoToMeeting 7.0.1.1796  
iCloud  
Intel® Graphics Media Accelerator Driver  
Intelr Matrix Storage Manager  
Internet Explorer Toolbar 4.6 by SweetPacks  
iTunes  
Java 7 Update 67  
Java Auto Updater  
Java™ 6 Update 14 (64-bit)  
Junk Mail filter update  
Live Cam Avatar Creator  
Microsoft Application Error Reporting  
Microsoft Choice Guard  
Microsoft Office Professional Edition 2003  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Sync Framework Runtime Native v1.0 (x86)  
Microsoft Sync Framework Services Native v1.0 (x86)  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual Studio 6.0 Enterprise Edition  
Microsoft Web Publishing Wizard 1.53  
Mozilla Firefox (3.6.13)  
MSVCRT  
Nero Media Player  
Nero OEM  
NeroVision Express 2 SE  
OnlineHDTV  
Performance Optimizer  
Picasa 3  
PowerDVD DX  
Quick Heal Internet Security  
Quickset64  
QuickTime 7  
Roxio Burn  
Security Update for CAPICOM (KB931906)  
Skype Click to Call  
SkypeT 6.20  
VLC media player 0.9.8a  
WIDCOMM Bluetooth Software  
Windows Live Call  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Mail  
Windows Live Messenger  
Windows Live Movie Maker  
Windows Live Photo Gallery  
Windows Live Sign-in Assistant  
Windows Live Sync  
Windows Live Upload Tool  
Windows Live Writer  
WinRAR 4.20 (32-bit)  
WinZip  
Wondershare MobileGo for iOS ( Version 3.3.2 )  
Yahoo Browser Services  
Yahoo Install Manager  
Yahoo Internet Mail  
Yahoo Messenger  
 
==== Running Processes ======================
 
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Vishal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Vishal\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\Vishal\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Basic Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3033 MB
CPU Info: Intel® Core™2 Duo CPU     T6600  @ 2.20GHz
CPU Speed: 1357.3 MHz
Sound Card: Speakers / Headphones (IDT High | 
Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Dell Wireless 1397 WLAN Mini-Card | Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
CD / DVD Drives: 1x (D: | ) D: SlimtypeDVD A  DS8A8SH
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  145.8GB | E:  73.2GB | F:  70.9GB
Hard Disks - Free: C:  40.3GB | E:  3.7GB | F:  7.9GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 08/27/09 | DELL   - 27d9081b
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc. 0U315R
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Quick Heal Internet Security 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Quick Heal Internet Security 2014 disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Quick Heal Firewall disabled
Default Browser: Google Chrome 37.0.2062.103
Internet Explorer Version: 11.0.9600.17280 
Mozilla Firefox version: (3.6.13)
Google Chrome version: 37.0.2062.103
Adobe Reader version: 11.0.03.37
Sun Java version: 1.7.0_67 (32-bit) 
Sun Java version: 1.6.0_14 (64-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Vishal\AppData\Local\Temp ====
2014-10-07 22:45:13 102D0F383AD476D0AE996E1EA9D1482A 6954856 ----a-w- C:\Users\Vishal\AppData\Local\Temp\CitrixUpdates\GoToMeeting\1796\G2MCoreInstExtractor.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-10 03:06:01 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-10-10 03:05:29 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-10-10 03:05:29 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-10-10 03:05:29 0F70F4DAF2BC5613EE75C9B2585CE67E 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-10 00:55:43 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-10-07 22:03:36 2DA56F462894DD246E97D16B5E72DE86 244336 ----a-w- C:\Windows\SysWOW64\SCSANDBOXAPI.DLL
2014-10-07 22:03:35 5660FC44E183DAD5638196D6DB2F9B46 331888 ----a-w- C:\Windows\SysWOW64\SCDETOUR.DLL
2014-10-07 22:03:35 04CB1ACB990F413E20B37E8C0B16EA8D 4096 ----a-w- C:\Windows\SysWOW64\DETOURED.DLL
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-07 22:05:40 0BD9902983B571D3A2694640AF763481 296048 ----a-w- C:\Windows\Sysnative\SCSANDBOXAPI.DLL
2014-10-07 22:03:36 F81A05444A2674E4BD89B9C64065C28C 156784 ----a-w- C:\Windows\Sysnative\SCSECAUTH.DLL
2014-10-07 22:03:35 7AA151731426960B81408146D3EC1D79 395880 ----a-w- C:\Windows\Sysnative\SCDETOUR.DLL
2014-10-07 22:03:35 473619C7471CB86F978DA83B5E811E07 4096 ----a-w- C:\Windows\Sysnative\DETOURED.DLL
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-10-10 03:06:09 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-10-10 03:04:25 -------- d-----w- C:\PROGRA~2\Java
2014-09-19 22:08:30 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
======= C: =====
====== C:\Users\Vishal\AppData\Roaming ======
2014-09-23 23:46:52 -------- d-sh--w- C:\Users\Vishal\AppData\Locallow\EmieUserList
2014-09-23 23:05:52 -------- d-sh--w- C:\Users\Vishal\AppData\Local\EmieUserList
2014-09-23 23:05:52 -------- d-sh--w- C:\Users\Vishal\AppData\Local\EmieSiteList
2014-09-23 23:05:13 -------- d-sh--w- C:\Users\Vishal\AppData\Locallow\EmieSiteList
2014-09-16 03:32:26 1036E3DDDC89A4E68D8A33F3823A180E 4 ----a-w- C:\Users\Vishal\AppData\Roaming\appdataFr2.bin
====== C:\Users\Vishal ======
2014-10-14 00:45:45 -------- d--h--w- C:\Users\Vishal\ScStore
2014-10-10 03:06:25 -------- d-----w- C:\ProgramData\Oracle
2014-10-10 03:05:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-10 00:51:30 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Vishal\Downloads\adwcleaner_3.311.exe
2014-10-09 03:17:28 FDBD58CF1A11BAB74E332456446B7758 53616 ----a-w- C:\Users\Vishal\Downloads\javaupdate_setup (2).exe
2014-10-09 03:17:18 68871B3A939135BB3AFFF1CDB899123B 53616 ----a-w- C:\Users\Vishal\Downloads\javaupdate_setup (1).exe
2014-10-09 03:17:05 E15734FF4BD17D95B814A979C48239E3 53616 ----a-w- C:\Users\Vishal\Downloads\javaupdate_setup.exe
2014-10-05 20:26:12 52E5A082989FDEA7D9A04F1B02BC92E3 398912 ----a-w- C:\Users\Vishal\Downloads\FLVPlayer-Chrome (1).exe
2014-10-04 23:45:10 FA4C6CB43F3C8837818C50156A696AE0 398616 ----a-w- C:\Users\Vishal\Downloads\FLVPlayer-Chrome.exe
2014-09-24 22:18:05 -------- d-----w- C:\ProgramData\savinogttOyoou
2014-09-19 22:08:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-15 22:47:46 -------- d-----w- C:\ProgramData\SuperManCoupon
 
====== C: exe-files ==
2014-10-10 03:05:21 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-10-10 03:05:21 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-10-10 03:05:20 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-10-10 03:05:19 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-10-10 03:05:19 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-10-10 03:05:18 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-10-10 03:05:18 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-10-10 03:05:18 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-10-10 03:05:18 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-10-10 03:05:15 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-10-10 03:05:15 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-10-10 03:05:14 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-10-10 03:05:14 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-10-10 03:05:13 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-10-10 03:05:09 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-10-10 03:05:01 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-10-10 03:05:01 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-10-10 03:04:58 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-10-10 03:04:53 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-10-10 03:04:51 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-10-10 03:04:50 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-10-10 03:01:37 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Vishal\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe
2014-10-10 00:51:30 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Vishal\Downloads\adwcleaner_3.311.exe
2014-10-09 03:17:28 FDBD58CF1A11BAB74E332456446B7758 53616 ----a-w- C:\Users\Vishal\Downloads\javaupdate_setup (2).exe
2014-10-09 03:17:18 68871B3A939135BB3AFFF1CDB899123B 53616 ----a-w- C:\Users\Vishal\Downloads\javaupdate_setup (1).exe
2014-10-09 03:17:05 E15734FF4BD17D95B814A979C48239E3 53616 ----a-w- C:\Users\Vishal\Downloads\javaupdate_setup.exe
2014-10-07 22:46:09 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe
2014-10-07 22:46:08 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mvideoconference.exe
2014-10-07 22:46:08 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mtranscoder.exe
2014-10-07 22:46:08 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mstart.exe
2014-10-07 22:46:08 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mlauncher.exe
2014-10-07 22:46:07 A9ECC1F13A1743DEBD08FCB16BC59550 39792 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mui.exe
2014-10-07 22:46:07 4A89B56CBA8E04F75DAE971DDABBF229 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mcomm.exe
2014-10-07 22:46:06 C38A80559545062BBAD3EBE750361F03 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\G2MUninstall.exe
2014-10-07 22:46:06 C38A80559545062BBAD3EBE750361F03 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\G2MInstHigh.exe
2014-10-07 22:46:06 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\G2MInstaller.exe
2014-10-07 22:45:13 102D0F383AD476D0AE996E1EA9D1482A 6954856 ----a-w- C:\Users\Vishal\AppData\Local\Temp\CitrixUpdates\GoToMeeting\1796\G2MCoreInstExtractor.exe
=== C: other files ==
2014-10-10 03:05:23 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-1813272413-964026061-3425874745-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe -quiet"
"Google Update"="C:\Users\Vishal\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"googletalk"="C:\Users\Vishal\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart"
"Facebook Update"="C:\Users\Vishal\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe /m"
"PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"Desktop Disc Tool"="c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"DellSupportCenter"="C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter"
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe -quiet"
"Google Update"="C:\Users\Vishal\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"googletalk"="C:\Users\Vishal\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart"
"Facebook Update"="C:\Users\Vishal\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="scdetour.dll"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe"
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe"
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"Quick Heal Core UI"="C:\Program Files\Quick Heal\Quick Heal Internet Security\strtupap.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="Scdetour.dll"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent DNA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitTorrent DNA"
"hkey"="HKCU"
"command"="\"C:\\Users\\Vishal\\Program Files (x86)\\DNA\\btdna.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeetItUpFree]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeetItUpFree"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\SpeedItup Free\\speeditupfree.exe\""
 
 
==== Startup Folders ======================
 
2009-12-24 06:55:44 1928 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2009-12-24 06:55:44 1928 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2009-12-24 06:43:19 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2009-12-24 06:45:14 2765 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000Core.job --a------ C:\Users\Vishal\AppData\Local\FC:ebook\Update\FC:ebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000UA.job --a------ C:\Users\Vishal\AppData\Local\FC:ebook\Update\FC:ebookUpdate.exe []
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1813272413-964026061-3425874745-1000.job --a------ C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe [10/07/2014 06:45 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/07/2013 01:50 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/07/2013 01:50 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000Core.job --a------ C:\Users\Vishal\AppData\LoC:al\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000UA.job --a------ C:\Users\Vishal\AppData\LoC:al\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\Quick Heal AntiMalware Scan.job --a------ C:\Program Files\Quick Heal\Quick Heal Internet Security\ASMAIN.exe [09/13/2013 12:12 AM]
C:\Windows\tasks\Resume Quickup Download.job --a------ C:\Program Files\Quick Heal\Quick Heal Internet SC:urity\ACAPPAA.exe []
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000Core" [C:\Users\Vishal\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000UA" [C:\Users\Vishal\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-1813272413-964026061-3425874745-1000" [C:\Users\Vishal\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000Core" [C:\Users\Vishal\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000UA" [C:\Users\Vishal\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Quick Heal AntiMalware Scan" [C:\Program Files\Quick Heal\Quick Heal Internet Security\ASMAIN.EXE]
"C:\Windows\SysNative\tasks\Resume Quickup Download" [C:\Program Files\Quick Heal\Quick Heal Internet Security\ACAPPAA.EXE]
"C:\Windows\SysNative\tasks\{442EA8B2-5A26-443F-8F14-17A3260545E5}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{5ED70F01-A7B3-448A-A262-5B225402E635}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{D698F386-38BE-4355-B291-C1FC4E6F0733}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\DCXRL4BS\Administrator - Start WLAN Tray Applet" [C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"search-snacks@search-snacks.com"="C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}"="C:\Users\Vishal\Program Files (x86)\DNA" [09/16/2014 12:32 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\h32z8ged.default
- Undetermined - C:\Users\Vishal\Program Files (x86)\DNA
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Undetermined - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
- Undetermined - %ProfilePath%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
- OneClickDownloader - %ProfilePath%\extensions\OneClickDownload@OneClickDownload.com
- Undetermined - %ProfilePath%\extensions\staged
- SweetPacks Toolbar for Firefox - %ProfilePath%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\h32z8ged.default
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Vishal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Vishal\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Vishal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dkinklhnkmkhkhofcnapakaoehijaoih - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx[10/21/2012 10:50 AM]
iijmpjamifmplbakhgikofogdfackici - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com.crx[]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Vishal\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[09/14/2012 04:26 PM]
kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Vishal\AppData\Local\Torch\Plugins\TorchPlugin.crx[02/28/2013 10:21 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]
noebaifjopccondbkcieccphcpijhdne - C:\Users\Vishal\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx[06/14/2012 01:18 PM]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\Vishal\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[09/14/2012 04:26 PM]
pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[07/31/2012 07:58 AM]
pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx[08/07/2012 07:10 AM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
noebaifjopccondbkcieccphcpijhdne - C:\Users\Vishal\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx[06/14/2012 01:18 PM]
 
Google Docs - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Vishal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Startpages ======================
 
C:\Users\Vishal\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {451C804F-C205-4F03-B48E-537EC94937BF} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: savinogttOyoou - {C83B09D9-5DC2-1743-A966-8337B9EDEA68} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vishal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Vishal\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Vishal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Vishal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.dell.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: WSWSVCUchrome - {1CA93FF0-A218-44F1 - (no file)
O20 - AppInit_DLLs: scdetour.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Behavior Detection System - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\bdssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Core Mail Protection - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\EMLPROXY.EXE
O23 - Service: Core Scanning Server - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE
O23 - Service: Core Scanning ServerEx - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\opssvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\quhlpsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANWSCS.EXE
O23 - Service: Core Browsing Protection (ScSecSvc) - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\ScSecSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Mon 10/13/2014 at 21:56:27.12 ======================
 

 

Will wait for your further instructions. Please let me know if you want me to share the screenshot of the error that appears on the machine. 

 

P.S.: I am new to this site so if there are better ways of posting (attachments, quote etc) please do not hesitate to explain to me. I didnt find attachment option hence had to paste entire log here.

 

Thanks a lot.



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:55 PM

Posted 15 October 2014 - 09:32 AM

Hi borvishal

Step 1

  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following Programs:-
    Bonjour
    DNA
    Internet Explorer Toolbar 4.6 by SweetPacks
    Java™ 6 Update 14 (64-bit)
    Performance Optimizer
  • Close the Add/Remove Programs and Control Panel

Restart your computer


Step 2

We need to re-run Zoek

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent DNA];r64
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
    "search-snacks@search-snacks.com"=-;r
    [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions];r
    "{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}"=-;r
    {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA};c
    {1FD91A9C-410C-4090-BBCC-55D3450EF433};c
    {EEE6C361-6118-11DC-9C72-001320C79847};c
    {C83B09D9-5DC2-1743-A966-8337B9EDEA68};c
    {ae07101b-46d4-4a98-af68-0333ea26e113};c
    jcdgjdiieiljkfkdcloehkohchhpekkn;chr
    noebaifjopccondbkcieccphcpijhdne;chr
    ogccgbmabaphcakpiclgcnmcnimhokcj;chr
    C:\Users\Vishal\Downloads\javaupdate_setup (2).exe;f
    C:\Users\Vishal\Downloads\javaupdate_setup (1).exe;f
    C:\Users\Vishal\Downloads\javaupdate_setup.exe;f
    C:\Users\Vishal\Downloads\FLVPlayer-Chrome (1).exe;f
    C:\Users\Vishal\Downloads\FLVPlayer-Chrome.exe;f
    C:\ProgramData\savinogttOyoou;f
    C:\ProgramData\SuperManCoupon;f
    C:\Program Files (x86)\DNA\;fs
    C:\Users\Vishal\AppData\Local\CRE\;f
    C:\Program Files (x86)\SweetIM\;fs
    C:\Users\Vishal\ScStore;vs
    autoclean;
    emptyclsid;
    emptyfolderscheck;delete
    services_list;
    emptyalltemp;
    standardsearch;
    
     
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

    Step 3

    Please download Malwarebytes Anti-Malware and save it to your desktop.
     
  • Install the progam and select update
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
    MBAMsettings.JPG
  • Go back to the Dashboard and select Scan Now
    MBAMScan.JPG
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
    MBAMReboot.JPG
  • On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop.
    MBAMLog.JPG[/list]


    Please post that log for my review.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 15 October 2014 - 08:17 PM

Attached File  zoek-results1015.txt   77.84KB   3 downloads

 

Hi Seedy21,

 

I have attached the Zoek logs. I will put AntiMalware's logs once it is complete:

 

 



#7 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 15 October 2014 - 10:35 PM

Attached File  mbam-log-2014-10-15 (22-47-29).xml   24.3KB   4 downloads

 

hi Seedy21,

 

Attached are the MalwareByte's logs. There were a lot of threats and application quarantined everything.



#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:55 PM

Posted 17 October 2014 - 02:43 PM


Hi borvishal


We need to re-run Zoek

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    C:\Users\Vishal\AppData\Local\FC:ebook\Update\FC:ebookUpdate.exe;virustotal;
    C:\Users\Vishal\AppData\LoC:al\Google\Update\GoogleUpdate.exe;virustotal;
    C:\Users\Vishal\ScStore;vs
    process;
    services_list;
    standardsearch;
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

Edited by seedy21, 17 October 2014 - 02:43 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 17 October 2014 - 10:34 PM

Attached File  zoek-results1017.txt   48.14KB   4 downloads

 

hi Seedy21,

 

attached are the latest logs. 



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:55 PM

Posted 18 October 2014 - 02:53 PM

Hi borvishal

Step 1

We need to re-run Zoek

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000Core.job;f
    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000UA.job;f
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000Core.job;f
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813272413-964026061-3425874745-1000UA.job;f
    C:\Users\Vishal\AppData\Local\FC:ebook\;fs
    C:\Users\Vishal\AppData\LoC:al\;fs

     
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

    Step 2

    Perform an Online Antivirus Scan with ESET:


    Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
     
  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 18 October 2014 - 03:29 PM

Attached File  zoek-results_1018.txt   1.19KB   3 downloads

 

hi Seedy21,

 

Here are Zoek's logs



#12 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 18 October 2014 - 11:58 PM

hi Seedy21,

 

I am not able to run the ESET online scanner. it runs till a particular point and my machine hangs, it has happened 3 times so far. I will still try to get it completed and if it works I will then upload the logs.



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:55 PM

Posted 19 October 2014 - 02:03 PM

Hi borvishal
 
Can you try running Eset Online Scanner again for me and note down what file it's trying to scan where the machine hangs.
 
Please run this next

Please download the Kaspersky Virus Removal Tool from Here and save it to your Desktop

  • Double-click the Removal Tool.
  • Click the cog in the upper right corner:
    AVPfront.gif
  • Select down to and including your main drive.
  • Once done please select the Automatic Scan tab and press Start Scan.
  • Allow AVP to delete all infections found.
  • Once it has finished select the Report tab.
  • Select the Detected threats report from the left and press the Save button.
  • Save it to your Desktop and post the contents in your next reply.

Edited by seedy21, 19 October 2014 - 02:03 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 20 October 2014 - 11:58 PM

Attached File  List of threats_ESET.txt   15.25KB   3 downloads

 

hi Seedy21,

 

I finally managed to run ESET today. Here are the logs.



#15 borvishal

borvishal
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 21 October 2014 - 12:00 AM

I was stuck at around 15% on the Kasperskey yesterday.  I will run it again tomorrow. I hope the other logs that i have just provided helps us narrow down the problem.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users