BEFORE YOU POST YOUR OTL LOG, READ THIS FIRST Options

[MrCharlie]

Please perform these tasks and run these programs before posting your OTL log on the forum.

Note: If you are unable to run any programs just post an OTL log and we'll guide you from there or check Start HERE

If your computer is also running slow.....check Here and also HERE.

Also please check our Malware Removal Guides

Operating system problems not related to malware, check this site :
GeeksToGo

_________

First a couple of WARNINGS:

Peer-to-peer programs/cracks/keygens/warez :

Downloading cracks and keygens from p2p programs ( Limewire, eMule, uTorrent ) is the most common way computers get infected. We do not support the use of illegal software. We recommend that ALL p2p programs, cracks and keygens be removed before posting.

If you download cracks you will get infected, that is a guarantee. We won't be here to help you every time, users who keep getting infected from using p2p programs may be refused help in the future, so use some common sense and avoid illegal software as they always contain malware. It just isn't worth it.

Also.......

DO NOT follow advice from a topic other than your own. Other topics may have similar problems but please do NOT follow the advice given. Doing so will/can cause your PC some damage. ALL PC's have different situations. We cannot and will not stress this any more.

DO NOT run any tools used on the forum here unless instructed to by a helper, otherwise you may damage your PC !

_____________

Vista users:
1. These tools MUST be run from the executable. (.exe)
2. With Admin Rights (Right click, choose "Run as Administrator")

Next.....

Backup Your Registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it.
  http://aumha.org/freeware/freeware.php
• Accept the default settings except for:
  Say No to the portion that asks you to add ERUNT to the start-up folder.
  You can enable this option later if needed.
  
• For version with the Installer:
  Use the setup program to install ERUNT on your computer
• For the zipped version:
  Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Next.....

Scan for malware:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

Extra Note: Do not run a full scan with MBAM. It is not required or needed, and in fact makes our job tougher.


Reboot your PC and run a full scan with your anti-virus program. This scan along with Malwarebytes should remove most malware.


If you're still having problems, continue to the next step. Otherwise, read "Preventing Malware and Safe Computing" to prevent future Spyware/Hijack attacks.



Next....

Do a quick scan for rootkits:

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Download LockSearch to your desktop

• A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
• A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

Download CKScanner from here

Important : Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

• Please download WVCheck by Artellos from one of the mirrors below;
  

  Artellos.com (exe)
  Artellos.com (zip)

• After the download, run WVCheck.exe
• As indicated by the prompt, This program can take a while depending on your hard drive space.
• Once the program is done, copy the contents of the notepad file into your topic.

Next....

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.



Next....

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Update\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %systemroot%\*.scr
  %systemroot%\*._sy
  CREATERESTOREPOINT
  %systemroot%\*. /mp /s
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\*.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

-------------------

Last....

Reboot the computer and post the OTL log on the forum along with the logs from MalwareBytes' Anti-Malware, Rooter, LockSearch, CKScanner, WVCheck, and GMER.
Note: If the logs are large you may need several post to fit them.

Please let us know that you have followed this tutorial and what problems you are having.

____________

Here's how to post your logs:

First please Register and Login.


---->Do Not Put Your Logs In QUOTES<----



Good Luck and..... Please be PATIENT.....we will get to you ASAP.

Please remember we are all volunteers. We try to respond as quickly as possible, but sometimes our jobs, families, or everyday events get in the way.

Please don't BUMP your post as we look for posts with zero replies!

MrC

This post has been edited by Rorschach112: Yesterday, 02:40 PM

Reason for edit: updated procedure - Ror april 01

[MrCharlie]

bump