Hi Katana and thanks again. Well, I've ran OTM three times now, and every time I copy/paste the custom script and click "moveit" results show up on the right under the green bar but the computer instantly freezes up. I cannot copy the results, the entire back ground disappears, and I am forced to restart. How should I proceed from here?
Let's break it down into a couple of sections
Put each section in and run it separately.
Code::Processes :Reg [-HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}] [-HKEY_CURRENT_USER\Software\DelFin] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer] [-HKEY_CURRENT_USER\Software\Need2Find] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3] [-HKEY_LOCAL_MACHINE\SOFTWARE\DelFin] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Function] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search MS.C] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Select CashBack] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sidebar Search] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch Tools] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Search] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your MS.C Assistant] [-HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find] [-HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}] [-HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\DelFin] [-HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer] [-HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Need2Find] [-HKEY_classes_root\appid\adm.exe] :CommandsCode::Processes :Reg [-HKEY_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}] [-HKEY_classes_root\need2findbar.settingsplugin.1] [-HKEY_classes_root\need2findbar.settingsplugin] [-HKEY_classes_root\need2findbar.toolbarplugin.1] [-HKEY_classes_root\need2findbar.toolbarplugin] [-HKEY_classes_root\wsg.wsgobj] [-HKEY_current_user\software\delfin] [-HKEY_current_user\software\need2find] [-HKEY_current_user\software\traynotifier] [-HKEY_local_machine\software\classes\appid\adm.exe] [-HKEY_local_machine\software\classes\appid\altnet signing module.exe] [-HKEY_local_machine\software\delfin] [-HKEY_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\downloadware] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search assistant] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search function] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\sidebar search] [-HKEY_local_machine\software\need2find] [-HKEY_local_machine\software\perfectnav] [-HKEY_local_machine\software\whenu] [-HKEY_local_machine\system\controlset001\enum\root\legacy_tbpssvc] :FilesCode::Files C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx C:\WINNT\Downloaded Program Files\RCXF39.tmp C:\WINNT\ntconfig\windows\bootup\sysconfig\boot.exe C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll C:\WINNT\ntconfig\windows\bootup\sysconfig\mscfg32bit.exe C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll C:\WINNT\ntconfig\windows\bootup\sysconfig\restart.exe C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll C:\WINNT\pss\PowerReg Scheduler.exeStartup C:\WINNT\pss\PowerReg SchedulerV2.exeStartup C:\WINNT\system32\4o256jcj.exe c:\documents and settings\owner\favorites\-autos- c:\documents and settings\owner\favorites\-business directory- c:\documents and settings\owner\favorites\-computers and internet- c:\documents and settings\owner\favorites\-entertainment- c:\documents and settings\owner\favorites\-games- c:\documents and settings\owner\favorites\-health and fitness- c:\documents and settings\owner\favorites\-music- c:\documents and settings\owner\favorites\-travel- c:\program files\perfectnav c:\winnt\downloaded program files\mediaticketsinstaller.inf c:\winnt\gatorpatch.log c:\winnt\system32\auto_update_uninstall.log c:\winnt\system32\wsxsvc :Commands [EmptyTemp] :Files
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Wow you're on to something. Breaking it down seems to be having an effect. First log...
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_CURRENT_USER\Software\DelFin\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_CURRENT_USER\Software\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DelFin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Function\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search MS.C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Select CashBack\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sidebar Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your MS.C Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\DelFin\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Need2Find\ not found.
Registry key HKEY_classes_root\appid\adm.exe\ not found.
Error: Unable to interpret <:CommandsCode:> in the current context!
OTM by OldTimer - Version 3.0.0.4 log created on 07122009_190307
second scan froze the computer.... third fixed alot and required a reboot hopefully this is the log you need....
All processes killed
========== FILES ==========
C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx unregistered successfully.
C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx moved successfully.
C:\WINNT\Downloaded Program Files\RCXF39.tmp moved successfully.
C:\WINNT\ntconfig\windows\bootup\sysconfig\boot.exe moved successfully.
LoadLibrary failed for C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll NOT unregistered.
C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll moved successfully.
C:\WINNT\ntconfig\windows\bootup\sysconfig\mscfg32bit.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll NOT unregistered.
C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll moved successfully.
C:\WINNT\ntconfig\windows\bootup\sysconfig\restart.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll NOT unregistered.
C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll moved successfully.
C:\WINNT\pss\PowerReg Scheduler.exeStartup moved successfully.
C:\WINNT\pss\PowerReg SchedulerV2.exeStartup moved successfully.
C:\WINNT\system32\4o256jcj.exe moved successfully.
c:\documents and settings\owner\favorites\-Autos- moved successfully.
c:\documents and settings\owner\favorites\-Business Directory- moved successfully.
c:\documents and settings\owner\favorites\-Computers and Internet- moved successfully.
c:\documents and settings\owner\favorites\-Entertainment- moved successfully.
c:\documents and settings\owner\favorites\-Games- moved successfully.
c:\documents and settings\owner\favorites\-Health and Fitness- moved successfully.
c:\documents and settings\owner\favorites\-Music- moved successfully.
c:\documents and settings\owner\favorites\-Travel- moved successfully.
c:\program files\PerfectNav\BHO moved successfully.
c:\program files\PerfectNav moved successfully.
c:\winnt\downloaded program files\MediaTicketsInstaller.INF moved successfully.
c:\winnt\GatorPatch.log moved successfully.
c:\winnt\system32\auto_update_uninstall.log moved successfully.
c:\winnt\system32\wsxsvc moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Owner
->Temp folder emptied: 77901 bytes
->Temporary Internet Files folder emptied: 16005676 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 319736 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 102289 bytes
Total Files Cleaned = 15.82 mb
========== FILES ==========
OTM by OldTimer - Version 3.0.0.4 log created on 07122009_191118
Files moved on Reboot...
Registry entries deleted on Reboot...
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_CURRENT_USER\Software\DelFin\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_CURRENT_USER\Software\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DelFin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Function\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search MS.C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Select CashBack\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sidebar Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your MS.C Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\DelFin\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Need2Find\ not found.
Registry key HKEY_classes_root\appid\adm.exe\ not found.
========== COMMANDS ==========
OTM by OldTimer - Version 3.0.0.4 log created on 07122009_233846
Ok, lets break section two down again and see if we can get that one to run.
Code::Processes :Reg [-HKEY_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}] [-HKEY_classes_root\need2findbar.settingsplugin.1] [-HKEY_classes_root\need2findbar.settingsplugin] [-HKEY_classes_root\need2findbar.toolbarplugin.1] [-HKEY_classes_root\need2findbar.toolbarplugin] [-HKEY_classes_root\wsg.wsgobj] [-HKEY_current_user\software\delfin] [-HKEY_current_user\software\need2find] [-HKEY_current_user\software\traynotifier] [-HKEY_local_machine\software\classes\appid\adm.exe] [-HKEY_local_machine\software\classes\appid\altnet signing module.exe] :FilesCode::Processes :Reg [-HKEY_local_machine\software\delfin] [-HKEY_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\downloadware] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search assistant] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search function] [-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\sidebar search] [-HKEY_local_machine\software\need2find] [-HKEY_local_machine\software\perfectnav] [-HKEY_local_machine\software\whenu] [-HKEY_local_machine\system\controlset001\enum\root\legacy_tbpssvc] :Files
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Hiya Katana... Okay, the first set still froze the computer, but it ony had two lines, I wrote down what I could...
Process
Registry
Registry Key HKEY_Classes_root\clsid\{630d6140[04c5-dbl
Registry Key HKEY-Local_Machine\Software\Classes
They cut off and thats all I could write down. The second set worked and here is the result...
rror: Unable to interpret <Processes> in the current context!
========== REGISTRY ==========
Registry key HKEY_local_machine\software\delfin\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer\ deleted successfully.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\downloadware\ deleted successfully.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search assistant\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search function\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\sidebar search\ not found.
Registry key HKEY_local_machine\software\need2find\ not found.
Registry key HKEY_local_machine\software\perfectnav\ deleted successfully.
Registry key HKEY_local_machine\software\whenu\ deleted successfully.
Registry key HKEY_local_machine\system\controlset001\enum\root\legacy_tbpssvc\ deleted successfully.
========== FILES ==========
OTM by OldTimer - Version 3.0.0.4 log created on 07132009_101646
Ok, let's get heavy with it
Custom CFScript
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:Registry:: [-HKEY_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}] [-HKEY_classes_root\need2findbar.settingsplugin.1] [-HKEY_classes_root\need2findbar.settingsplugin] [-HKEY_classes_root\need2findbar.toolbarplugin.1] [-HKEY_classes_root\need2findbar.toolbarplugin] [-HKEY_classes_root\wsg.wsgobj] [-HKEY_current_user\software\delfin] [-HKEY_current_user\software\need2find] [-HKEY_current_user\software\traynotifier] [-HKEY_local_machine\software\classes\appid\adm.exe] [-HKEY_local_machine\software\classes\appid\altnet signing module.exe] ADS::- Save this as CFScript.txt and place it on your desktop.
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Are there any problems left now ?
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Sweet. Let's Kick ass. Gotta log for you. Thanks a ton!
ComboFix 09-07-13.01 - Owner 07/13/2009 16:35.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.139 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-12 01:48 . 2009-07-12 01:48 -------- d-----w- C:\_OTM
2009-07-11 02:55 . 2009-07-11 02:55 127872 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-07-11 02:55 . 2009-07-11 02:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-07-10 22:15 . 2008-06-19 21:24 28544 ----a-w- c:\winnt\system32\drivers\pavboot.sys
2009-07-10 22:15 . 2009-07-10 22:15 -------- d-----w- c:\program files\Panda Security
2009-07-10 15:59 . 2009-07-10 15:59 -------- d-----w- C:\rsit
2009-07-09 01:54 . 2009-07-09 01:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-09 01:53 . 2009-06-17 15:27 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-09 01:53 . 2009-07-09 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 01:53 . 2009-07-09 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 01:53 . 2009-06-17 15:27 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-07-07 00:09 . 2009-07-07 00:09 -------- d-----w- c:\program files\ERUNT
2009-07-05 16:39 . 2009-07-08 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 16:39 . 2009-07-05 16:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-05 15:48 . 2009-07-05 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comcast
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-07-11 02:55 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 13:17 . 2003-09-08 01:59 -------- d-----w- c:\program files\Common Files\AOL
2009-07-10 13:15 . 2003-09-08 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-10 13:13 . 2004-05-02 17:34 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
2009-07-10 11:40 . 2002-12-10 02:59 -------- d-----w- c:\program files\Symantec
2009-07-10 11:40 . 2002-12-10 02:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-10 02:47 . 2002-12-10 01:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 02:46 . 2002-12-10 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-09 23:24 . 2007-10-15 20:10 -------- d-----w- c:\program files\ComcastToolbar
2009-07-09 23:21 . 2007-10-15 20:10 -------- d-----w- c:\documents and settings\Owner\Application Data\ComcastToolbar
2009-07-09 21:58 . 2006-10-20 21:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
.
((((((((((((((((((((((((((((( SnapShot@2009-07-09_22.21.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-03 18:22 . 2009-07-12 02:34 285312 c:\winnt\system32\FNTCACHE.DAT
- 2002-09-03 18:22 . 2007-04-04 07:11 285312 c:\winnt\system32\FNTCACHE.DAT
+ 2009-07-12 07:52 . 2009-07-12 07:52 172032 c:\winnt\ERDNT\AutoBackup\7-12-2009\Users\00000002\UsrClass.dat
+ 2009-07-12 07:52 . 2005-10-20 16:02 163328 c:\winnt\ERDNT\AutoBackup\7-12-2009\ERDNT.EXE
+ 2009-07-11 09:29 . 2009-07-11 09:29 172032 c:\winnt\ERDNT\AutoBackup\7-11-2009\Users\00000002\UsrClass.dat
+ 2009-07-11 09:29 . 2005-10-20 16:02 163328 c:\winnt\ERDNT\AutoBackup\7-11-2009\ERDNT.EXE
+ 2009-07-10 11:36 . 2009-07-10 11:36 155648 c:\winnt\ERDNT\AutoBackup\7-10-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 11:36 . 2005-10-20 16:02 163328 c:\winnt\ERDNT\AutoBackup\7-10-2009\ERDNT.EXE
+ 2009-04-17 12:59 . 2009-04-17 12:59 128256 c:\winnt\Downloaded Program Files\as2stubie.dll
+ 2009-07-12 07:52 . 2009-07-12 07:52 8937472 c:\winnt\ERDNT\AutoBackup\7-12-2009\Users\00000001\ntuser.dat
+ 2009-07-11 09:29 . 2009-07-11 09:29 8937472 c:\winnt\ERDNT\AutoBackup\7-11-2009\Users\00000001\ntuser.dat
+ 2009-07-10 11:36 . 2009-07-10 11:36 8937472 c:\winnt\ERDNT\AutoBackup\7-10-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-12-10 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-17 98304]
"VX3000"="c:\winnt\vVX3000.exe" [2006-06-29 707376]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\winnt\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [7/10/2009 6:15 PM 28544]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [12/9/2002 10:59 PM 6736]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\winnt\system32\drivers\usbscan.sys [4/20/2003 9:05 PM 15104]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\winnt\system32\drivers\rt2500usb.sys [9/14/2006 11:50 PM 79616]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - NMSSVC
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 16:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-13 16:55
ComboFix-quarantined-files.txt 2009-07-13 20:54
ComboFix2.txt 2009-07-09 22:28
ComboFix3.txt 2009-07-06 22:37
Pre-Run: 25,479,974,912 bytes free
Post-Run: 25,562,824,704 bytes free
109 --- E O F --- 2008-03-01 08:04
Oh hi Katana.... I just saw your question about any problems left now. There doesn't seem to be anything wrong now. Everything is running very smooth. Thanks again.
Posting Permissions
