Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network Firewall issues


  • This topic is locked This topic is locked
14 replies to this topic

#1 Blu2016

Blu2016

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 04 February 2017 - 11:37 AM

I have replaced Kasperasky software with Norton, still seem to be having issues securing pc, network etc. Seems everytime I change the network within a days or so it begins to act up. Have run adware cleaner and unhack me software to clean up older programs that could cause issues. Frst64 text included

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 05 February 2017 - 10:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2702796991-2883405959-2478176075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2702796991-2883405959-2478176075-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mech_1989\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2017-01-26]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2017-01-26]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170126.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170126.001\EX64.SYS [X]
Task: {2DCBF9A4-523D-47C8-8C8C-B3E008E76FB7} - \Auslogics\Disk Defrag Prof\Task {00000001-823E-48DC-BAA1-AB8053B98583} for Mech_1989 -> No File <==== ATTENTION
Task: {9D842057-5AD1-4206-8A92-12379EF63A98} - \Auslogics\Disk Defrag Prof\Task {00000001-83B7-4D2F-BEBB-2DA0382B2225} for Mech_1989 -> No File <==== ATTENTION
Task: {F930064A-590D-4875-9FEB-ACADE4EE4757} - \Auslogics\Disk Defrag Prof\Task {00000001-AFC8-4EC4-A167-9877C8E1A1B0} for Mech_1989 -> No File <==== ATTENTION


Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
===

p.s.
What is the problem with the Firewall?
I see in your Addition.txt log that the Norton Firewall is enabled.

In such a case the Windows Firewall is automatically disabled as both cannot work simultaneously.

#3 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 05 February 2017 - 12:55 PM

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2702796991-2883405959-2478176075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2702796991-2883405959-2478176075-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully
HKCR\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found.
C:\Users\Mech_1989\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DCBF9A4-523D-47C8-8C8C-B3E008E76FB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DCBF9A4-523D-47C8-8C8C-B3E008E76FB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\Disk Defrag Prof\Task {00000001-823E-48DC-BAA1-AB8053B98583} for Mech_1989 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D842057-5AD1-4206-8A92-12379EF63A98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D842057-5AD1-4206-8A92-12379EF63A98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\Disk Defrag Prof\Task {00000001-83B7-4D2F-BEBB-2DA0382B2225} for Mech_1989 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F930064A-590D-4875-9FEB-ACADE4EE4757} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F930064A-590D-4875-9FEB-ACADE4EE4757} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\Disk Defrag Prof\Task {00000001-AFC8-4EC4-A167-9877C8E1A1B0} for Mech_1989 => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 56450895 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2970045 B
Edge => 2641109 B
Chrome => 2293760 B
Firefox => 15631816 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 407086 B
NetworkService => 285026 B
Mech_1989 => 576255876 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 626.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-02-2017 11:42:59)

"C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Could not move
"C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.

==== End of Fixlog 11:43:00 ====

 

 

Seems a little more stable at this point, Many nights and during the day it seems like the system is in Virtual box mode, and occasional windows will flash instantaneously on the screen. When I work on Graphics many times there will be writing or someone elses drawing on to the picture. Just seems the firewall issue keeps recurring, no notice on it and nothing found in the scan, or with really anyother software I have tried to find out what is going on.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 05 February 2017 - 01:57 PM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#5 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 05 February 2017 - 06:22 PM

having an issue with Zotek like it hung up ran for at least 3hrs(1340 my time to1710). Did a restart and of course no log so will try again



#6 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 05 February 2017 - 06:38 PM

Interesting everytime I download this Norton sacks it for  trojan gen.2 software



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 06 February 2017 - 08:34 AM

Yes it does that for any new version of the tool.

It's safe.

If you have a copy in the Quarantine folder restore it.

https://support.norton.com/sp/en/us/home/current/solutions/v54276523_nis_mac_retail_6_en_us

#8 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 February 2017 - 08:50 AM

ok



#9 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 February 2017 - 09:40 AM

Software never completes scan, hangs firefox extensions, also about 2 mins into scan a DaS21 has stopped working attached is what i could get from the scan

 

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 06 February 2017 - 11:15 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

FF NetworkProxy: Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070 -> type", 0	
RemoveProxy:
Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

If your problem persists please run the Zoek tool as a admnistrator.

Post the log if you get one.
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 12 February 2017 - 09:51 AM

Are you still with me?

#12 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 19 February 2017 - 01:49 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
Ran by Mech_1989 (18-02-2017 16:59:02) Run:2
Running from C:\Users\Mech_1989\Desktop\FRST64_02
Loaded Profiles: Mech_1989 (Available Profiles: Mech_1989 & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

FF NetworkProxy: Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070 -> type", 0    
RemoveProxy:
Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
Firefox Proxy settings were reset.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2702796991-2883405959-2478176075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2702796991-2883405959-2478176075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========



The system needed a reboot.

==== End of Fixlog 17:00:41 ====



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 19 February 2017 - 02:07 PM

Any remaining issues?

#14 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 19 February 2017 - 02:33 PM

ool run by Mech_1989 on Sun 02/19/2017 at 12:51:49.61.
Microsoft Windows 10 Pro 10.0.14393  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Mech_1989\Desktop\FRST64_02\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-02-05-194748.log    4483 bytes
C:\zoek-results2017-02-06-141258.log    2596 bytes

==== System Restore Info ======================

2/19/2017 12:58:33 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Mech_1989\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2702796991-2883405959-2478176075-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully
HKEY_USERS\S-1-5-21-2702796991-2883405959-2478176075-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCBEAD8D-BA8F-4EE0-96A7-5FEE226A4A74} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\MECH_1~1\AppData\Roaming\Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\MECH_1~1\AppData\Roaming\Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\ProductData deleted
C:\Users\MECH_1~1\AppData\Roaming\Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\MECH_1~1\AppData\Roaming\Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon" [01/27/2017 11:01]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon" [01/27/2017 11:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\MECH_1~1\AppData\Roaming\Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070
- Blur - %ProfilePath%\extensions\donottrackplus@abine.com.xpi
- Search and New Tab by Yahoo - %ProfilePath%\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi
- Save Button for Pinterest - %ProfilePath%\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Mech_1989\AppData\Roaming\Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070
8CE35D76726DFC8C3848BB26B3C79A54    - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll -    Shockwave for Director / Shockwave for Director
86BD236BE6DA240730EFD2C8026E5B16    - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx[11/11/2016 21:09]
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Blur - Mech_1989\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Mech_1989\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Mech_1989\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mech_1989\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mech_1989\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mech_1989\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Mech_1989\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Mech_1989\AppData\Local\Mozilla\Firefox\Profiles\qf35irxb.default-1447964677070\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Mech_1989\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=4 3240 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\MECH_1~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 02/19/2017 at 13:26:35.89 ======================

 

 

Ran zoeck after seems better. Rendering graphics are slow but that may have come from update from MS
 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 20 February 2017 - 07:47 AM

Ran zoeck after seems better. Rendering graphics are slow but that may have come from update from MS

All of you Caches have been cleaned. It should get better.

===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users