How To Post An Otl Log


Recommended Posts

Welcome to BestTechie.net!

Before we can help you, we need you to help us by completing the following procedure.

Step 1 : Preparation

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now for a scan to remove malware :

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

Extra Note: Do not run a full scan with MBAM. It is not required or needed, and in fact makes our job tougher.

Reboot your PC and run a full scan with your anti-virus program. This scan along with Malwarebytes should remove most malware.

If you're still having problems, continue to the next step. Otherwise, read "Preventing Malware and Safe Computing" to prevent future Spyware/Hijack attacks.

Step 2 : Post on the forum

Peer-to-peer programs/cracks/keygens/warez :

Downloading cracks and keygens from p2p programs ( Limewire, eMule, uTorrent ) is the most common way of how people get infected. We do not support the use of illegal software, that is why if you wish to get help on the forums, ALL p2p programs, cracks and keygens must be removed before posting. Failure to do so will result in your helper refusing to help you until they are completely removed.

If you download cracks you will get infected, that is a guarantee. We wont be here to help you every time, users who keep getting infected from using p2p programs will have to reformat, so use some common sense and avoid illegal software as they always contain spyware. It just isn't worth it.

Now for some scans so we can fix your PC

Download Rooter.exe to your desktop

  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that in your topic

Download LockSearch to your desktop

  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • Please download WVCheck by Artellos from one of the mirrors below;



  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file in your topic.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Then go to the Malware Removal forum here and post your MBAM, Rooter, LockSearch, CKScanner, WVCheck, GMER, and OTL logs in a topic there. If you know the name of your infection put this in your topic title. Please do not make multiple topics as this will waste helpers time, have some patience as your log will get handled eventually.

If you haven't received a response in over two days, then go and post here, make sure to include a link to your original topic. Do not post OTL logs in your topic, they will just be removed.

If you don't follow the steps in this topic and go straight to the Malware Removal forum, our first reply will be to send you back here. These steps are designed to help fix a lot of cases and get important things done from the start, it will save us all time.

Warning :

DO NOT follow advice from a topic other than your own. Other topics may have similar problems but please do NOT follow the advice given. Doing so will/can cause your PC some damage. ALL PC's have different situations. I cannot and will not stress this any more.

DO NOT run any tools used on the forum here unless instructed to by a helper, otherwise you may damage your PC !

Kindest Regards,

The BestTechie.net Staff

We hope you have a great experience and welcome you to the BestTechie community.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.