Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

JS.DOWNLOADER TROJAN SEKINDO [Solved]

Started by Idan611 , Nov 22 2015 05:22 AM
js torjan malware sekindo

  • This topic is locked This topic is locked

#16
Idan611
Posted 30 November 2015 - 06:20 AM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Oh, and one more thing - the ESET Online Scanner found 11 therats which I hadn't removed yet (I have Uncheck the box beside Remove Found Threats).

Should I run the scan again and remove the threats that would be found?

 

Regards,

Idan


  • 0

Advertisements

#17
Valinorum
Posted 30 November 2015 - 07:30 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Yes, please. :)
  • 0

#18
Idan611
Posted 30 November 2015 - 01:43 PM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

Here's the log after I ran ESET Online Scanner again. Any farther things to do?

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# end=init
# utc_time=2015-11-30 04:39:17
# local_time=2015-11-30 06:39:17 (+0200, Jerusalem Standard Time)
# country="Israel"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# end=init
# utc_time=2015-11-30 04:40:47
# local_time=2015-11-30 06:40:47 (+0200, Jerusalem Standard Time)
# country="Israel"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# end=init
# utc_time=2015-11-30 04:43:23
# local_time=2015-11-30 06:43:23 (+0200, Jerusalem Standard Time)
# country="Israel"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26975
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# end=updated
# utc_time=2015-11-30 04:47:04
# local_time=2015-11-30 06:47:04 (+0200, Jerusalem Standard Time)
# country="Israel"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# engine=26975
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-30 07:35:56
# local_time=2015-11-30 09:35:56 (+0200, Jerusalem Standard Time)
# country="Israel"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 98 14154 136049740 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 75294986 200542006 0 0
# scanned=271689
# found=11
# cleaned=11
# scan_time=10131
sh=CA1C278579580195A0094880C98EF177807824F4 ft=1 fh=e347f6fd5c8ddb6a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\AspManager.exe.vir"
sh=D9A63C85ABEEE7F74EB5612CEA9BAC61AB042F08 ft=1 fh=6e5ba9930d984e4b vn="a variant of Win32/Systweak.K potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\ASPUninstall.exe.vir"
sh=AA97D0680C6D88F7255CA72611393EBD806ADEEB ft=1 fh=cf28f42e75c9990a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\BrowserCleaner.exe.vir"
sh=942880327BE38DDB5BE15B3DFF290668D5DF7398 ft=1 fh=687d254b21a3b962 vn="a variant of Win32/Systweak.F potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Communication.dll.vir"
sh=8C3893BEAD93A15E3F7F71A1623515393B9D5E5D ft=1 fh=09bc09d84de32e8a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\filetypehelper.exe.vir"
sh=5B04F76DC0A6313B4CE2E3D6CDA9FB7504B32CE5 ft=1 fh=d89616663e9a677b vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\scandll.dll.vir"
sh=B342F65CC0D41AB01FAECCB6804905DD4BB56B20 ft=1 fh=8abfbe9fbc04fb8e vn="Win64/AdvancedSystemProtector.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\windows\SysNative\sasnative64.exe.vir"
sh=70D317C57C06F02DC93FF37061CBF10A6D0CF28F ft=1 fh=e48e1c6cc5616c36 vn="a variant of Win32/Bunndle potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Idan\Media\BitTorrent.exe.5728.tmp"
sh=604AE2F3B340A881491C381800BE21A889160FBF ft=1 fh=9debd758228f4d8d vn="a variant of Win32/Bunndle potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Idan\Media\BitTorrent.exe.7501.tmp"
sh=F3423F3E4E50E632396CC8B1C409DAC87FF95B73 ft=1 fh=66c25a75ae160939 vn="a variant of Win32/Adware.Kazaa.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Idan\Music\גיבוי סבתא\DownLoads\kazaa_setup.exe"
sh=EA0EE3C9B4FB6B2B00B0074C1F5303291FF081B9 ft=1 fh=e40dd9938df1a373 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\Installer\MSIA8C1.tmp"
 
Regards,
Idan

  • 0

#19
Idan611
Posted 30 November 2015 - 11:51 PM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

It seems I have now a new problem :(

Yesterday my computer ran very slowly and when I opened my task manager I saw something called javaws.exe 32 which had million lines.

I read through the web it might be a nasty virus\malware (have no idea where it came from since i thought we had cleaned all the computer).

 

Any ideas what to do? (i had uninstalled java from my computer but it said it can't find java web start or something like that)

 

Thanks,

Idan


  • 0

#20
Valinorum
Posted 01 December 2015 - 07:21 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Reboot into Safe Mode.



Go to; "C:\Program Files\Java"

And then into any/all JRExxxxx\bin folders ( example: C:\Program Files\Java\jre1.8.0_60\bin )

Rename; javaws.exe to; javaws.exe.BAK

Reboot into Normal Mode.

Then go to; Control Panel --> "Programs and Features" and Remove all versions Java.
  • 0

#21
Idan611
Posted 01 December 2015 - 10:34 AM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

I did that - couldn't find any javaws.exe file in the folders (there were bin folders but without any exe files).

I ran before that the malwarebytes  anti malware and it found 4 threats which i removed (See attached log) + restored factory settings to my chrome. 

 

In addition, I have attached a picture of my task manager - it seems now that chrome has the * 32 end + another process run by AVG with *32 at the end - is that OK?

Attached File  antimalware - 1.12.15.txt   1.04KB   209 downloadstaskmanager.jpg

 

Regards,

Idan


Edited by Idan611, 01 December 2015 - 10:35 AM.

  • 0

#22
Idan611
Posted 01 December 2015 - 01:24 PM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I also ran Adw-Cleaner - It did find lots of things:

 

# AdwCleaner v5.021 - Logfile created 21/11/2015 at 18:31:13
# Updated 14/11/2015 by Xplode
# Database : 2015-11-19.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Idan - IDAN-PC
# Running from : C:\Users\Idan\Downloads\adwcleaner_5.021.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : vToolbarUpdater18.9.0
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Program Files (x86)\ASP
[-] Folder Deleted : C:\Program Files (x86)\AVG Secure Search
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Systweak
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
[-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Idan\AppData\Local\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Idan\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Idan\AppData\Local\Systweak
[-] Folder Deleted : C:\Users\Idan\AppData\LocalLow\AVG Secure Search
[-] Folder Deleted : C:\Users\Idan\AppData\LocalLow\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Idan\AppData\Roaming\Systweak
[#] Folder Deleted : C:\windows\SysNative\Tasks\Advanced System~Protector
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\user.js
[-] File Deleted : C:\Users\Public\Desktop\Advanced System~Protector.lnk
[-] File Deleted : C:\windows\SysNative\sasnative64.exe
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Advanced System~Protector
[-] Task Deleted : Advanced System~Protector_startup
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\IGearSettings
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\prefs.js] [Preference] Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.9.0.230");
[-] [C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\prefs.js] [Preference] Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10271 bytes] ##########
# AdwCleaner v5.023 - Logfile created 01/12/2015 at 21:13:46
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Idan - IDAN-PC
# Running from : C:\Users\Idan\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : vToolbarUpdater18.9.0
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\AVG Secure Search
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\user.js
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\IGearSettings
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\prefs.js] [Preference] Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.9.0.230");
[-] [C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\prefs.js] [Preference] Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19265 bytes] ##########

  • 0

#23
Valinorum
Posted 08 December 2015 - 10:03 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
How is your system performing?
  • 0

#24
Idan611
Posted 09 December 2015 - 04:27 AM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

The CPU Usage is between 5%-20% and the Physical Memory Usage is between 1.8GB to 3.55GB most of the time.

I do see the windows pointer "thinking" from time to time even though i didn't start any new activity in my session.

 

Are the *32 endings in the task manager in some diffrenet processes (which some repeat in numerous lines) normal (for example chrome.exe, avg.exe, etc...)?

 

I run adwcleaner from time to time and it doesn't find anything nor my AVG.

 

Regards,

Idan


Edited by Idan611, 09 December 2015 - 06:08 AM.

  • 0

#25
Valinorum
Posted 11 December 2015 - 07:39 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Those are normal behavior for PC.

I do see the windows pointer "thinking" from time to time even though i didn't start any new activity in my session.

They are related to the background process.

Are the *32 endings in the task manager in some diffrenet processes (which some repeat in numerous lines) normal (for example chrome.exe, avg.exe, etc...)?

Yes. For example, Google Chrome creates different process for its add-ons, tabs et cetera.
  • 0

Advertisements

#26
Idan611
Posted 11 December 2015 - 10:44 AM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

OK. I am pretty sure I didn't have the *32 endings in the past (For example chrome.exe *32, ctfmon.exe *32, avgui.exe *32 etc). But, if from your experience it's normal and the logs are OK guess my computer is clean?


  • 0

#27
Valinorum
Posted 15 December 2015 - 10:08 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Yes, unless you are facing any other issues.
  • 0

#28
Idan611
Posted 16 December 2015 - 01:10 AM

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

So far, the sekindo pop-up alerts from AVG are gone, the AVG scans come clean nor the AWCleaner scans I run from time to time (Just to be on the safe side).

I guess everything is OK than.

 

Any more suggestions for the daily protection of the computer?

 

Thanks for all of your help!

 

Regards,

Idan


  • 0

#29
Valinorum
Posted 20 January 2016 - 11:08 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP