Author Topic: Fix for paul_marsh1983 (Read 2490 times)

TwinHeadedEagle · « **on:** June 10, 2015, 07:25:06 PM »

Hello,

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
chrdefaults;
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
bitsadmin /reset /allusers;b
emptyalltemp;
ipconfig /flushdns;b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

TwinHeadedEagle · « **Reply #1 on:** June 10, 2015, 07:28:53 PM »

Sorry, I didn't spot that you're already working with Argus.

You can continue with him when he arrives.

https://forum.avast.com/index.php?topic=171997.0

REDACTED · « **Reply #2 on:** June 12, 2015, 05:42:13 PM »

Hi TwinHeadedEagle,

I ran ZOEK and here are the results. I know I started working with Argus, but I am keen to try and resolve this ASAP and I am sure you and Argus have many requests for help...

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Paul on 12/06/2015 at 11:51:09.41.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Paul\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-06-12-090119.log 42016 bytes
C:\zoek-results2015-06-12-104217.log 7910 bytes

==== System Restore Info ======================

12/06/2015 11:56:12 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Administrator\AppData\Local\Google deleted successfully
C:\Users\Guest\AppData\Local\Comodo deleted successfully
C:\Users\Guest\AppData\Local\Google deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google deleted successfully
C:\Users\Paul\AppData\Local\Comodo deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

"C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/04/2015 16:30]

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[25/04/2015 16:24]

Avast Online Security - Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.uk.msn.com/HPNOT13/2"
"Old Start Page"="http://g.uk.msn.com/HPNOT13/2"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.uk.msn.com/HPNOT13/2"
"Old Start Page"="http://g.uk.msn.com/HPNOT13/2"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/710-29550-11896-25/4"

==== Reset Google Chrome ======================

C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paul\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Paul\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Paul\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Paul\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=46 folders=31 33513632 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Paul\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Paul\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 12/06/2015 at 16:37:49.72 ======================

TwinHeadedEagle · « **Reply #3 on:** June 12, 2015, 07:28:11 PM »

Good. How is your PC behaving now?

REDACTED · « **Reply #4 on:** June 12, 2015, 08:06:08 PM »

So far so good!

Thanks very much!

P

Author Topic: Fix for paul_marsh1983 (Read 2490 times)

TwinHeadedEagle

Fix for paul_marsh1983

TwinHeadedEagle

Re: Fix for paul_marsh1983

REDACTED

Re: Fix for paul_marsh1983

TwinHeadedEagle

Re: Fix for paul_marsh1983

REDACTED

Re: Fix for paul_marsh1983