Read before posting your log

Is it your first time here? If so, welcome to The Ultimate Geek TaskForce!

To post a topic in the forums, you must first Register. Our New Members Guide should be of great use. You may also want to print this topic or bookmark/favorite it.

Malware (spyware, trojans, viruses, adware, worms, etc.) is becoming a lot harder to remove and requires more than just a simple antivirus scanner or antispyware scanner. Sometimes, infections get so bad that you need a geek to help you, because you cannot remove it yourself. This topic will help you get prepared to work with a geek on getting your computer clean.

People helping here are volunteers and have decided to make it a hobby to help people. In their spare time, these malware experts study the capabilities of malware and how to remove some of the roughest forms of malware. Please be patient, as we can get busy with real life activities. Tip: be well informed here on the site, and while waiting for a reply, read other topics in other sections of the site and learn about computers.

Finally, please follow your topic to its conclusion. We like helping people, and when we know you have a clean computer, it makes us feel good that we have helped you. Notice: If you fail to follow your topic to conclusion, your system may not be completely clean, and it will be vulnerable to future infections. Afterwards, once declared clean, we will give you prevention tips on how to stay clean in the future.

We offer Malware removal guides to help you remove some of the most common infections.



Preparation
TFC (Temp File Cleaner) - Download - Homepage
This will remove unneeded temporary files from your system. Many infections also load from a temporary file location. Cleaning temporary files is also recommended, because the scans run faster.

1. Download TFC to your desktop, or other location.
   
2. Save any unsaved work. TFC will close all open application windows.
   
3. Double-click TFC.exe to run the program.
   
4. If prompted, click "Yes" to reboot your computer.
   

ERUNT - Download
This ensures you have a complete registry backup. ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry, and if problems occur you can restore to undo harmful changes. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions.

1. Download ERUNT
   
2. Double-click erunt_setup.exe to run.
   
3. Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
   
4. Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
   
5. Start ERUNT
   
6. Choose a location for the backup
   The default location C:\WINDOWS\ERDNT\[today's date] is preferred
   
7. The first two check boxes are ticked by default (System registry and Current user registry).
   
8. Press OK
   
9. When prompted, click YES to create a new folder.
   
10. Progress bars will show backup status.
    
11. A confirmation window will popup when complete. Click OK to close.
    

Scanning for malware and removing it:
Step 1:
Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2:
Scan with antivirus and antispyware software. If you do not have either of these, please pick one of each from this list. Warning: running more than one antivirus or antispyware can cause system crashes, inaccurate data, software crashes, and Internet slowdowns.

Step 3:
Windows Update
Get all the latest patches for your system. As a true geek would tell you, an unpatched system leaves your computer wide open to infection.

Step 4:

Cannot run Malwarebytes? Please do the following:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe
cngaudit.dll


  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please post the Malwarebytes log in your first post. If you ran SystemLook, post that in your first reply as well.

If Malwarebytes did not find an infection, and you still suspect your computer is infected, please do the following:
Download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in your new thread.
  
• You may need to use two posts to get it all.
  

If you have any problems in doing the above tasks, then open a topic, and tell your story about what is going on.