|
Post by choltz on Feb 14, 2014 9:10:13 GMT -8
Attachment DeletedHere is the SystemLook file after running the application; per your instructions.
|
|
|
Post by choltz on Feb 14, 2014 9:12:20 GMT -8
Attachment DeletedHere is the SystemLook file after running the application with your instruction.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 9:19:37 GMT -8
I have to slowly an create a OTL script to remove files, folders and registry keys, including these 2 keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome
Not sure what to do about gpt,ini, it is modified inside and I manually opened mine and removed the entry and the saved and closed it, unless I give you a copy of gpt.ini to place on your desktop and I have FRST list it later and then have FRST swap them over,
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 13:29:26 GMT -8
Disable Norton Start OTL, Right click "Run as Administrator" Under Copy and paste What I have put in the .txt file I have attached, It is in the correct line by line layout as it is to be for OTL to understand, what I want it to do. (include the : at the start of :OTL and all the way to the end / bottom) and run the script. (Red Run Fix Button) The output log, should be placed in the C:\_OTL\MovedFiles folder after, to attach back here. Looks like a txt file not a Folder Quads
|
|
|
Post by choltz on Feb 14, 2014 14:39:59 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 14:46:39 GMT -8
Now has the Chrome/policy entry and the extension listing gone?? Your versions of these below Type or copy and paste into the chrome address bar chrome://policy/ then click on the show value seen below in picture Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 14:58:11 GMT -8
Interesting how OTL could not find the files yet FRST64 can, I wonder FRST64 bit version scanning vs OTL.
Quads
|
|
|
Post by choltz on Feb 14, 2014 15:32:31 GMT -8
The naaaef.... / Media Player path is still in the extensions list and the Policies of Chrome.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 15:44:37 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST64 that is on the desktop When the tool opens click Yes to disclaimer. (if it still does) Press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 15:47:31 GMT -8
I sure I look like your Avatar by now, I am not sure why OTL could not find the group policy (.pol) files.
The Browser may play up or look like there is no change until the next system restart.
I see someone else has the same idea as me "The problem lies in C:\Windows\System32\GroupPolicy\User and C:\Windows\System32\GroupPolicy\Machine and it's subfolders - look for any .pol files "
Quads
|
|