thermophilis

here's main.txt

http://myfreefilehosting.com/f/71cdde63ed_0.04MB

and extra.txt

http://myfreefilehosting.com/f/b5ce45ec21_0.03MB

and in safe mode, it was taking way too long, it took 5 hours to scan 50,000 files, and there are over a million on this machine.

ceewi1

Can you check your links? They appear to be broken.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

Buzz1927

They work fine for me, I can send the logs if you want?

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!

thermophilis

Hmmm. They worked fine for me, but I'll try a different site
main.txt
http://www.mediafire.com/?unwtyrb0mgj
extra.txt
http://www.mediafire.com/?nmlymm32jjd

ceewi1

The links work fine for me now as well, must have been a temporary issue. I can see no signs of active malware in any of the logs you've provided, I suspect it's something else that's responsible for this. I'd like to know if an online scan is able to complete.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post if it completes successfully.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

thermophilis

Sorry about taking so long. I ran it last night but there was a storm, and my surge protector switched when there was a surge (good to know that works ) anyways. I just tried to start it again, and it said "Starting Java applet has failed! Please go online to use this program." when it tried to update and install.
Edit: Tried it several times with the same result.
Edit 2: I jumped the gun, I tried it in a different instance of FF And I was able to update and start the scan.

ceewi1

No problems about the delay (I've done it to you a couple of times now, sorry ). I'll be interested to see the results.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

thermophilis

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 04, 2008 07:57:56
Records in database: 912450
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Files scanned 195529
Threat name 8
Infected objects 8
Suspicious objects 0
Duration of the scan 03:17:32

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D266616.dll Infected: Packed.Win32.Klone.k 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EB70CD.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367942E6.htm Infected: Exploit.HTML.IESlice.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C51149E Infected: not-a-virus:AdWare.Win32.Virtumonde.dt 1
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\fljdw6h5.default\Mail\Lo cal Folders\Junk Infected: Trojan-Spy.HTML.Fiffraud.n 1
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe Infected: not-a-virus:AdWare.Win32.Agent.aeh 1
F:\Eric\Stuff\Antivirus and Antispyware\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
F:\Eric\Stuff\Game Maker 7[1].0.rar Infected: Trojan.Win32.Dialer.yz 1
The selected area was scanned.

ceewi1

There are a few leftovers showing in the various scans, but nothing active. Nonetheless we can remove them.

Please click on Start -> Control Panel -> Add or Remove Programs. If WildTangent appears, click on it and click Remove.

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\WINDOWS\wt\
  C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus
  
  HKEY_CLASSES_ROOT\AppID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}
  HKEY_USERS\PE_C_COMPAQ_OWNER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
  HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}
  HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession.1
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}
  HKEY_USERS\PE_C_COMPAQ_OWNER\AtlMon.ReusableComp.5

  
  
• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

This archive is also infected and I strongly suggest you delete it:
F:\Eric\Stuff\Game Maker 7[1].0.rar

That said, these would not be responsible for the problems you've been having. A software conflict or similar problem strikes me as the most likely suspect. I know that Malwarebytes didn't run normally in Safe Mode, but see if you can run any of your other scans such as A-squared in Safe Mode. If that works, we can narrow down the list of suspects.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

thermophilis

ot move it:

C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info moved successfully.
C:\WINDOWS\wt\wtupdates\wtwebdriver moved successfully.
C:\WINDOWS\wt\wtupdates\wtupdater moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files \install moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files \controlpanel moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23 moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_in fo moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpa nel moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1 moved successfully.
C:\WINDOWS\wt\wtupdates\webd moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\control panel moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19 moved successfully.
C:\WINDOWS\wt\wtupdates\DRM moved successfully.
C:\WINDOWS\wt\wtupdates moved successfully.
C:\WINDOWS\wt\webdriver\4.1.1 moved successfully.
C:\WINDOWS\wt\webdriver moved successfully.
C:\WINDOWS\wt\updater moved successfully.
C:\WINDOWS\wt moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A49FEB7D-38B7-4C5C-B126-9C201E4BD0BD} moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{6C743BD3-A21D-4E58-9AAE-92A9D141061F} moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{677FCD49-921A-40A7-977B-D979CE3119FC} moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus moved successfully.
File/Folder not found.
< HKEY_CLASSES_ROOT\AppID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93} >
Registry key HKEY_CLASSES_ROOT\AppID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}\\ deleted successfully.
< HKEY_USERS\PE_C_COMPAQ_OWNER\Software\Microsoft\Wi ndows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} >
Registry key HKEY_USERS\PE_C_COMPAQ_OWNER\Software\Microsoft\Wi ndows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\\ not found.
< HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0} >
Registry key HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}\\ deleted successfully.
< HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866} >
Registry key HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WildTangent CDA >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WildTangent CDA\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSess ion >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSess ion\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSess ion.1 >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSess ion.1\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99 E-922E-4ECA-A1D9-B54EF294A3CC} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99 E-922E-4ECA-A1D9-B54EF294A3CC}\\ deleted successfully.
< HKEY_USERS\PE_C_COMPAQ_OWNER\AtlMon.ReusableComp.5 >
Registry key HKEY_USERS\PE_C_COMPAQ_OWNER\AtlMon.ReusableComp.5 \\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_231659

Okay, so I started in safe mode, and safe mode for some reason normally runs really slow, but today it was running REALLY slow, I logged into the admin account and an hour later it was still trying to log in.