Computer runs insanely slow, has never been checked for Malware (Resolved)

Hi Katana and thanks again. Well, I've ran OTM three times now, and every time I copy/paste the custom script and click "moveit" results show up on the right under the green bar but the computer instantly freezes up. I cannot copy the results, the entire back ground disappears, and I am forced to restart. How should I proceed from here?
 
Let's break it down into a couple of sections
Put each section in and run it separately.

Code: 
:Processes
:Reg
[-HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}]
[-HKEY_CURRENT_USER\Software\DelFin]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer]
[-HKEY_CURRENT_USER\Software\Need2Find]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DelFin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Function]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search MS.C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Select CashBack]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sidebar Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch Tools]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your MS.C Assistant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find]
[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}]
[-HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\DelFin]
[-HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer]
[-HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Need2Find]
[-HKEY_classes_root\appid\adm.exe]
:Commands
Code: 
:Processes
:Reg
[-HKEY_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}]
[-HKEY_classes_root\need2findbar.settingsplugin.1]
[-HKEY_classes_root\need2findbar.settingsplugin]
[-HKEY_classes_root\need2findbar.toolbarplugin.1]
[-HKEY_classes_root\need2findbar.toolbarplugin]
[-HKEY_classes_root\wsg.wsgobj]
[-HKEY_current_user\software\delfin]
[-HKEY_current_user\software\need2find]
[-HKEY_current_user\software\traynotifier]
[-HKEY_local_machine\software\classes\appid\adm.exe]
[-HKEY_local_machine\software\classes\appid\altnet signing module.exe]
[-HKEY_local_machine\software\delfin]
[-HKEY_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\downloadware]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search assistant]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search function]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\sidebar search]
[-HKEY_local_machine\software\need2find]
[-HKEY_local_machine\software\perfectnav]
[-HKEY_local_machine\software\whenu]
[-HKEY_local_machine\system\controlset001\enum\root\legacy_tbpssvc]
:Files
Code: 
:Files
C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx
C:\WINNT\Downloaded Program Files\RCXF39.tmp
C:\WINNT\ntconfig\windows\bootup\sysconfig\boot.exe
C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\mscfg32bit.exe
C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\restart.exe
C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll 
C:\WINNT\pss\PowerReg Scheduler.exeStartup
C:\WINNT\pss\PowerReg SchedulerV2.exeStartup
C:\WINNT\system32\4o256jcj.exe

c:\documents and settings\owner\favorites\-autos-
c:\documents and settings\owner\favorites\-business directory-
c:\documents and settings\owner\favorites\-computers and internet-
c:\documents and settings\owner\favorites\-entertainment-
c:\documents and settings\owner\favorites\-games-
c:\documents and settings\owner\favorites\-health and fitness-
c:\documents and settings\owner\favorites\-music-
c:\documents and settings\owner\favorites\-travel-
c:\program files\perfectnav
c:\winnt\downloaded program files\mediaticketsinstaller.inf
c:\winnt\gatorpatch.log
c:\winnt\system32\auto_update_uninstall.log
c:\winnt\system32\wsxsvc
:Commands
[EmptyTemp]
:Files
 
Wow you're on to something. Breaking it down seems to be having an effect. First log...

========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_CURRENT_USER\Software\DelFin\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_CURRENT_USER\Software\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DelFin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Function\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search MS.C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Select CashBack\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sidebar Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your MS.C Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\DelFin\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Need2Find\ not found.
Registry key HKEY_classes_root\appid\adm.exe\ not found.
Error: Unable to interpret <:CommandsCode:> in the current context!

OTM by OldTimer - Version 3.0.0.4 log created on 07122009_190307
 
second scan froze the computer.... third fixed alot and required a reboot hopefully this is the log you need....


All processes killed
========== FILES ==========
C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx unregistered successfully.
C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx moved successfully.
C:\WINNT\Downloaded Program Files\RCXF39.tmp moved successfully.
C:\WINNT\ntconfig\windows\bootup\sysconfig\boot.exe moved successfully.
LoadLibrary failed for C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll NOT unregistered.
C:\WINNT\ntconfig\windows\bootup\sysconfig\java.dll moved successfully.
C:\WINNT\ntconfig\windows\bootup\sysconfig\mscfg32bit.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll NOT unregistered.
C:\WINNT\ntconfig\windows\bootup\sysconfig\nhtml.dll moved successfully.
C:\WINNT\ntconfig\windows\bootup\sysconfig\restart.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll
C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll NOT unregistered.
C:\WINNT\ntconfig\windows\bootup\sysconfig\uuid.dll moved successfully.
C:\WINNT\pss\PowerReg Scheduler.exeStartup moved successfully.
C:\WINNT\pss\PowerReg SchedulerV2.exeStartup moved successfully.
C:\WINNT\system32\4o256jcj.exe moved successfully.
c:\documents and settings\owner\favorites\-Autos- moved successfully.
c:\documents and settings\owner\favorites\-Business Directory- moved successfully.
c:\documents and settings\owner\favorites\-Computers and Internet- moved successfully.
c:\documents and settings\owner\favorites\-Entertainment- moved successfully.
c:\documents and settings\owner\favorites\-Games- moved successfully.
c:\documents and settings\owner\favorites\-Health and Fitness- moved successfully.
c:\documents and settings\owner\favorites\-Music- moved successfully.
c:\documents and settings\owner\favorites\-Travel- moved successfully.
c:\program files\PerfectNav\BHO moved successfully.
c:\program files\PerfectNav moved successfully.
c:\winnt\downloaded program files\MediaTicketsInstaller.INF moved successfully.
c:\winnt\GatorPatch.log moved successfully.
c:\winnt\system32\auto_update_uninstall.log moved successfully.
c:\winnt\system32\wsxsvc moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 77901 bytes
->Temporary Internet Files folder emptied: 16005676 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 319736 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 102289 bytes

Total Files Cleaned = 15.82 mb

========== FILES ==========

OTM by OldTimer - Version 3.0.0.4 log created on 07122009_191118

Files moved on Reboot...

Registry entries deleted on Reboot...
 
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_CURRENT_USER\Software\DelFin\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_CURRENT_USER\Software\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DelFin\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Function\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search MS.C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Select CashBack\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sidebar Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your MS.C Assistant\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\DelFin\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer\ not found.
Registry key HKEY_USERS\S-1-5-21-2411869081-1018091610-1310527055-1003\Software\Need2Find\ not found.
Registry key HKEY_classes_root\appid\adm.exe\ not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.0.0.4 log created on 07122009_233846
 
Ok, lets break section two down again and see if we can get that one to run.

Code: 
:Processes
:Reg
[-HKEY_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}]
[-HKEY_classes_root\need2findbar.settingsplugin.1]
[-HKEY_classes_root\need2findbar.settingsplugin]
[-HKEY_classes_root\need2findbar.toolbarplugin.1]
[-HKEY_classes_root\need2findbar.toolbarplugin]
[-HKEY_classes_root\wsg.wsgobj]
[-HKEY_current_user\software\delfin]
[-HKEY_current_user\software\need2find]
[-HKEY_current_user\software\traynotifier]
[-HKEY_local_machine\software\classes\appid\adm.exe]
[-HKEY_local_machine\software\classes\appid\altnet signing module.exe]
:Files

Code: 
:Processes
:Reg
[-HKEY_local_machine\software\delfin]
[-HKEY_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\downloadware]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search assistant]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search function]
[-HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\sidebar search]
[-HKEY_local_machine\software\need2find]
[-HKEY_local_machine\software\perfectnav]
[-HKEY_local_machine\software\whenu]
[-HKEY_local_machine\system\controlset001\enum\root\legacy_tbpssvc]
:Files
 
Hiya Katana... Okay, the first set still froze the computer, but it ony had two lines, I wrote down what I could...

Process
Registry

Registry Key HKEY_Classes_root\clsid\{630d6140[04c5-dbl

Registry Key HKEY-Local_Machine\Software\Classes

They cut off and thats all I could write down. The second set worked and here is the result...


rror: Unable to interpret <Processes> in the current context!
========== REGISTRY ==========
Registry key HKEY_local_machine\software\delfin\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer\ deleted successfully.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\downloadware\ deleted successfully.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search assistant\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\search function\ not found.
Registry key HKEY_local_machine\software\microsoft\windows\currentversion\uninstall\sidebar search\ not found.
Registry key HKEY_local_machine\software\need2find\ not found.
Registry key HKEY_local_machine\software\perfectnav\ deleted successfully.
Registry key HKEY_local_machine\software\whenu\ deleted successfully.
Registry key HKEY_local_machine\system\controlset001\enum\root\legacy_tbpssvc\ deleted successfully.
========== FILES ==========

OTM by OldTimer - Version 3.0.0.4 log created on 07132009_101646
 
Ok, let's get heavy with it :laugh:


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    Registry::
[-HKEY_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}]
[-HKEY_classes_root\need2findbar.settingsplugin.1]
[-HKEY_classes_root\need2findbar.settingsplugin]
[-HKEY_classes_root\need2findbar.toolbarplugin.1]
[-HKEY_classes_root\need2findbar.toolbarplugin]
[-HKEY_classes_root\wsg.wsgobj]
[-HKEY_current_user\software\delfin]
[-HKEY_current_user\software\need2find]
[-HKEY_current_user\software\traynotifier]
[-HKEY_local_machine\software\classes\appid\adm.exe]
[-HKEY_local_machine\software\classes\appid\altnet signing module.exe]
ADS::
  • Save this as CFScript.txt and place it on your desktop.


    CFScriptb.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Are there any problems left now ?
 
Sweet. Let's Kick ass. Gotta log for you. Thanks a ton!

ComboFix 09-07-13.01 - Owner 07/13/2009 16:35.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.139 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-12 01:48 . 2009-07-12 01:48 -------- d-----w- C:\_OTM
2009-07-11 02:55 . 2009-07-11 02:55 127872 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-07-11 02:55 . 2009-07-11 02:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-07-10 22:15 . 2008-06-19 21:24 28544 ----a-w- c:\winnt\system32\drivers\pavboot.sys
2009-07-10 22:15 . 2009-07-10 22:15 -------- d-----w- c:\program files\Panda Security
2009-07-10 15:59 . 2009-07-10 15:59 -------- d-----w- C:\rsit
2009-07-09 01:54 . 2009-07-09 01:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-09 01:53 . 2009-06-17 15:27 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-09 01:53 . 2009-07-09 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 01:53 . 2009-07-09 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 01:53 . 2009-06-17 15:27 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-07-07 00:09 . 2009-07-07 00:09 -------- d-----w- c:\program files\ERUNT
2009-07-05 16:39 . 2009-07-08 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 16:39 . 2009-07-05 16:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-05 15:48 . 2009-07-05 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comcast
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-07-11 02:55 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 13:17 . 2003-09-08 01:59 -------- d-----w- c:\program files\Common Files\AOL
2009-07-10 13:15 . 2003-09-08 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-10 13:13 . 2004-05-02 17:34 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
2009-07-10 11:40 . 2002-12-10 02:59 -------- d-----w- c:\program files\Symantec
2009-07-10 11:40 . 2002-12-10 02:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-10 02:47 . 2002-12-10 01:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 02:46 . 2002-12-10 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-09 23:24 . 2007-10-15 20:10 -------- d-----w- c:\program files\ComcastToolbar
2009-07-09 23:21 . 2007-10-15 20:10 -------- d-----w- c:\documents and settings\Owner\Application Data\ComcastToolbar
2009-07-09 21:58 . 2006-10-20 21:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
.

((((((((((((((((((((((((((((( SnapShot@2009-07-09_22.21.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-03 18:22 . 2009-07-12 02:34 285312 c:\winnt\system32\FNTCACHE.DAT
- 2002-09-03 18:22 . 2007-04-04 07:11 285312 c:\winnt\system32\FNTCACHE.DAT
+ 2009-07-12 07:52 . 2009-07-12 07:52 172032 c:\winnt\ERDNT\AutoBackup\7-12-2009\Users\00000002\UsrClass.dat
+ 2009-07-12 07:52 . 2005-10-20 16:02 163328 c:\winnt\ERDNT\AutoBackup\7-12-2009\ERDNT.EXE
+ 2009-07-11 09:29 . 2009-07-11 09:29 172032 c:\winnt\ERDNT\AutoBackup\7-11-2009\Users\00000002\UsrClass.dat
+ 2009-07-11 09:29 . 2005-10-20 16:02 163328 c:\winnt\ERDNT\AutoBackup\7-11-2009\ERDNT.EXE
+ 2009-07-10 11:36 . 2009-07-10 11:36 155648 c:\winnt\ERDNT\AutoBackup\7-10-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 11:36 . 2005-10-20 16:02 163328 c:\winnt\ERDNT\AutoBackup\7-10-2009\ERDNT.EXE
+ 2009-04-17 12:59 . 2009-04-17 12:59 128256 c:\winnt\Downloaded Program Files\as2stubie.dll
+ 2009-07-12 07:52 . 2009-07-12 07:52 8937472 c:\winnt\ERDNT\AutoBackup\7-12-2009\Users\00000001\ntuser.dat
+ 2009-07-11 09:29 . 2009-07-11 09:29 8937472 c:\winnt\ERDNT\AutoBackup\7-11-2009\Users\00000001\ntuser.dat
+ 2009-07-10 11:36 . 2009-07-10 11:36 8937472 c:\winnt\ERDNT\AutoBackup\7-10-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-12-10 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-17 98304]
"VX3000"="c:\winnt\vVX3000.exe" [2006-06-29 707376]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\winnt\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [7/10/2009 6:15 PM 28544]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [12/9/2002 10:59 PM 6736]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\winnt\system32\drivers\usbscan.sys [4/20/2003 9:05 PM 15104]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\winnt\system32\drivers\rt2500usb.sys [9/14/2006 11:50 PM 79616]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSSVC
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 16:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-13 16:55
ComboFix-quarantined-files.txt 2009-07-13 20:54
ComboFix2.txt 2009-07-09 22:28
ComboFix3.txt 2009-07-06 22:37

Pre-Run: 25,479,974,912 bytes free
Post-Run: 25,562,824,704 bytes free

109 --- E O F --- 2008-03-01 08:04
 
Oh hi Katana.... I just saw your question about any problems left now. There doesn't seem to be anything wrong now. Everything is running very smooth. Thanks again.
 
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up


Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png


Uninstall OTMoveIt (OTM.exe)
  • Open OTMoveIt Click Cleanup,
  • When a box pops up click YES.

You can also delete any logs we have produced, and empty your Recycle bin.


----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
 
Hi Katana and thanks yet again. You're probably getting tired of hearing me say that! I have followed all of your instructions and things are running superb. You guys are the best! I hope you don't have to hear from me again!

Scofield.
 
You must log in or register to reply here.
Back
Top