Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Needing Help Removing Ad.Yieldmanager Malware

  1. #11
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi sls0463 :

    1. remove program
    Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.
    • Click start>> Control Panel >> Under Programs, click on Uninstall a program.
    • Locate the following program(s):
      Adobe Reader 9.3.3
      Java(TM) 6 Update 17
      Microsoft Security Essentials
      Java(TM) 6 Update 22
    • Select the program above and click on Uninstall to uninstall it.
    NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


    2. OTL fix
    Please make sure OTL.exe is on your Desktop.
    Important! Close all applications and windows so that you have nothing open and are at your Desktop
    • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    • Copy the following text... do not include the quote box title "Quote'
      :OTL
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes,DefaultScope = {9D3676F2-C158-46AA-904C-C97C63544026}
      IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}: "URL" = http://findgala.com/?&uid=5618&q={searchTerms}
      IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      [2012/01/05 21:22:40 | 000,001,210 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\search.xml
      [2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\Search_Results.xml
      [2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
      CHR - homepage: http://www.searchnu.com/406
      CHR - default_search_provider: Search Results ()
      CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=287&systemid=406&sr=0&q={searchTerms}
      CHR - homepage: http://www.searchnu.com/406
      O1 - Hosts: 93.115.241.28 www.google-analytics.com.
      O1 - Hosts: 93.115.241.28 ad-emea.doubleclick.net.
      O1 - Hosts: 93.115.241.28 www.statcounter.com.
      O1 - Hosts: 69.72.252.254 www.google-analytics.com.
      O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
      O1 - Hosts: 69.72.252.254 www.statcounter.com.
      O4 - HKLM..\Run: [] File not found
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
      O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: Web-Based Email Tools http://email00.secureserver.net/Download.CAB (Reg Error: Key error.)

      :Files
      ipconfig /flushdns /c

      :Commands
      [EmptyTemp]
      [ResetHosts]
      [CreateRestorePoint]
    • Click under the Custom Scan/Fixes box and paste the copied text.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes, Notepad will open with the scan results.
    • Please post the contents of report in your next reply.

    note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


    3. SystemLook
    Please download SystemLook from one of the links below, and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook_x64.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    This scan can take some time to run so please be patient.



    4. Do you know these folder?
    C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
    C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
    C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n

    Thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  2. #12
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default OTL Scan 9/19/12

    All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
    HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D3676F2-C158-46AA-904C-C97C63544026}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
    File C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\search.xml not found.
    File C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\Search_Results.xml not found.
    File C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml not found.
    Use Chrome's Settings page to change the HomePage.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to change the HomePage.
    93.115.241.28 www.google-analytics.com. removed from HOSTS file successfully
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control Web-Based Email Tools
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Shawn\Desktop\cmd.bat deleted successfully.
    C:\Users\Shawn\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Shawn
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 3383645 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 291 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 67674 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 839201393 bytes

    Total Files Cleaned = 804.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.61.4 log created on 09192012_200118

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Shawn\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    C:\Users\Shawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PG1EZX7O\showthread[2].htm moved successfully.
    C:\Users\Shawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Shawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  3. #13
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default SystemLook Scan 9/19/12

    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:10 on 19/09/2012 by Shawn
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Searchqu*"
    No files found.

    Searching for "*iLivid*"
    No files found.

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*iLivid*"
    C:\Users\Shawn\AppData\Local\Ilivid Player d------ [00:27 28/07/2012]

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    C:\Users\Shawn\AppData\LocalLow\DataMngr d------ [00:26 28/07/2012]

    Searching for "*trolltech*"
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    No data found.

    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"

    Searching for "iLivid"
    No data found.

    Searching for "whitesmoke"
    No data found.

    Searching for "datamngr"
    No data found.

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    [HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

    -= EOF =-

  4. #14
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default Folders

    I don't know what these folders are.....

    4. Do you know these folder?
    C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
    C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
    C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n

  5. #15
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi sls0463 :

    1. Reset Google Chrome
    • Open the Google Chrome browser.
    • Click the spanner icon on the browser toolbar.
    • Click Options.
    • In the Google Chrome Options window, click the basics.
    • Click manage search engines
    • Under Default search options, click on any search engine (but not the searchqu.com or Search Results) and click on the make default
    • Now, click the Search Results () and click x and the right hand side of the same row to remove the searchqu.com search engine.
    • Close the browser.

    Note: Don't forget to change your default homepage too. You may read how to change your homepage in google chrome here



    2. OTL fix
    Please make sure OTL.exe is on your Desktop.
    Important! Close all applications and windows so that you have nothing open and are at your Desktop
    • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    • Copy the following text... do not include the quote box title "Quote'
      :Reg
      [-HKEY_CURRENT_USER\Software\Trolltech]
      [-HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Trolltech]

      :Files
      ipconfig /flushdns /c
      C:\Users\Shawn\AppData\Local\Ilivid Player
      C:\Users\Shawn\AppData\LocalLow\DataMngr
      C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
      C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
      C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n

      :Commands
      [EmptyTemp]
      [CreateRestorePoint]
    • Click under the Custom Scan/Fixes box and paste the copied text.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes, Notepad will open with the scan results.
    • Please post the contents of report in your next reply.

    note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


    3. SystemLook
    Please make sure SystemLook is located on your Desktop.
    • Double-click SystemLook_x64.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    This scan can take some time to run so please be patient.



    4. re-scan with OTL
    Please make sure OTL.exe is on your Desktop.
    Important! Close all applications and windows so that you have nothing open and are at your Desktop. Disable you antivirus if needed.
    • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    • Under Output, ensure that Minimal Output is selected.
    • Click the Scan All Users checkbox.
      Leave the remaining selections to the default settings.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    • Please post the contents of OTL.txt ONLY in your next reply.




    5. Checklist
    Please post:
    • Any problem to reset goolge chrome
    • OTL fix log
    • SystemLook log
    • OTL.txt only
    • An update on your problems

    note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

    Thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  6. #16
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi sls0463:

    It has been 2 days since my last post to you.
    • Do you still need help with this problem?
    • Do you need more time?
    • Are you having problems understanding or following my instructions?


    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  7. #17
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default Time Needed

    I will need a couple of days to do this. Been out of town.

    I do appreciate your help.

  8. #18
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    still need time?
    Graduate of Malware Removal University, - You too could train to help others

  9. #19
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello sls0463,

    This thread has been closed due to inactivity and will not be re-opened.

    If you still require help, please start a new topic and include the DDS & aswMBR logs with a link to your previous thread.

    Please do not add any logs that might have been requested previously, you would be starting fresh.

    Applies only to the original poster, anyone else with similar problems please start your own topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •