Read Me Preparation for Malware removal help.. WinXP, Vista and Win7

Discussion in 'Malware Removal' started by starbuck, Oct 6, 2009.

Thread Status:
Not open for further replies.
  1. Offline


    Sep 26, 2009
    Midlands, UK
    Please read and complete the following steps before posting your logs in the Malware Help Forum:
    This may seem a lot of work, but the steps are designed to protect you and to aid the helper that replies to you..
    After completion of these steps, your helper will have a much better idea of what he/she is dealing with.

    Step 1
    Before you start to remove malware, it's always recommended that you make some backups of your system.
    Call it a 'Safety Net' if you like.

    Backup Your Registry

    The easiest way to do this is to use a program called ERUNT

    Please download ERUNT from Here
    and save it to your 'Desktop'.
    Click Erunt.exe and follow the prompts to backup your registry to a folder of your choice.

    To restore your registry, go to the folder and start ERDNT.exe

    Note *:
    The automatic backup won't work with Vista or W7. You may receive error messages related to ERUNT on boot as it attempts to automatically backup. Please backup manually using ERUNT with the following instructions:
    • Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
    • Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
    • Click OK at the first message box.
    • Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
    • Click OK.
    • Click Yes to create the new folder.
    • You'll get a window saying "registry backup complete" once it's done. Click OK.
    If you get an error message, please STOP and inform the 'Helper' that replies to you.

    Step 2
    Scan your computer with Malwarebytes Anti Malware

    • Download Malwarebytes Anti-Malware Free and save it to your desktop
    • Double click the desktop icon, click Run, then OK
    • Click Next
    • Select I accept the agreement then continue to click Next then finally click Install
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
    • Click Finish
    • If you are notified the Database is out of date click Update Now

    • Click Scan Now >>
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    (Copy to clipboard for pasting into forum replies)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab >> Application Logs.

    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'

    • Paste the contents of the clipboard into your reply.

    Even if MBAM finds nothing, we would still like you to post the report.
    There are other things we like to check.

    Step 3
    • Download OTL to your desktop.
      if you have problems, try this download link:
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check

    • Now copy the lines in bold below.

      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %USERPROFILE%\..|smtmp;true;true;true /FP
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your post.
    Running the above script with OTL will :
    turn on your system restore and set a new restore point (XP only)
    set a new restore point (if system restore is turned on) Vista & Win7

    Step 4
    Download aswMBR and save it to your desktop.
    • Double click the aswMBR.exe to run it.
    • The latest version gives you the option of adding the latest Avast definitions:

    • It is recommended at this time to click NO. ( as there is a possibility of crashing the system)
    • Click the Scan button to start scan.

    On completion of the scan click Save log and save it to your desktop.


    Please post this in your reply.

    will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Then please wait for your thread to be answered.
    Please do not 'bump' your thread... if we see more than 0 replies we may think that someone has already answered you.

    In your post, please supply:
    MBAM scan report (whether anything is found or not)
    aswMBR report
    and Extras.Txt.

    If you follow the above steps, it will accomplish three things:
    • Your computer will be cleaner and in better shape before we even get to your reports!
    • It will save the volunteers on this site many hours of work and add to the accuracy of the information they are able to give you.
    • You won't delay the process of getting help by having to answer a lot of questions.
    If you have any problems running any of the above requests, please inform the helper that replies to you.

    Last edited: Mar 27, 2014
Thread Status:
Not open for further replies.

Share This Page