----------------------------------------------------------------------------------------
Step 1
OTMoveIt
Please download OTM by OldTimer and save it to your desktop
- Double-click OTM.exe to run it.
- Copy the lines in the codebox below. ( Make sure you include :Processes )
Code:
:Processes
:Reg
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\Components]
:Files
C:\WINDOWS\system32\onhelp.htm
c:\windows\system32\images
c:\Program Files\creytd
:Commands
[Purity]
[EmptyTemp]
- Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- - Close ALL open windows (especially Internet Explorer!)-
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar), and paste it in your next reply.
- Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------------------------------------
Step 2
Download and Run Registry Search
Download (LINK >>>) Registry Search (<<< LINK) to your desktop.
- Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
- Open the new folder, and double click on regsearch.exe
- In the top window copy/paste the following line
- Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
- Please save the text file at you desktop and call it found-entries.
Paste the results in your reply
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
- OTMoveIt Log
- RegSearch Log
- A fresh HJT log (C:\Program Files\trend micro\Owner.exe)