All scanners lock up on the same file

thermophilis

thermophilis

Member
Okay, I KNOW I have some malware, and whenever I do a scan with any program it freezes at the same place. Um, don't mean to sound rude, but I'd appreciate if only ceewi1 or buzz helped on this one.
Here's a screenshot from a squared:


and a HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:20 AM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A-SQUA~1\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://renewalcenter.symantec.com/s...5&GUID=19FE11AD94C43EFE4D2BCA8EA1D1E5D2&ENG&U
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?649588b87676446cabcf0a7afae14502
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?649588b87676446cabcf0a7afae14502
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} (SonicActivator Class) - http://hp.sonic.com/SonicActivation.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRA~1\A-SQUA~1\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8655 bytes
 
Your HijackThis log isn't showing up anything, so I'd like to look deeper:

1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
 
My apologies for the delay. I take it the screenshot in your first post is the point where it is freezing? If not, do not proceed with the below.

Are you intentionally using the Indexing Service? This appears to be causing the problem. If not, please do the following:

Please click on Start -> Run. Type in services.msc and click OK. Right click on Indexing Service and choose Properties. Under Service Status click Stop, then under Startup Type change it to Disabled.

Once done, close the services windows. Right click My Computer -> Manage. Go to Services and Application -> Indexing Service

If catalog appears in the list, right click on it and choose Delete.

Try running another scan and see if it completes successfully.
 
No problem about the delay! Indexing service wasn't enabled in services.msc but it was set to manual on startup. And there was a catalog. I'll run a scan tonight before I go to sleep and let you know what happens tomorrow, thanks!
 
Okay, so the scanner locked up again, but it was a different file this time, I can give you a screenshot if you like, but it's a file inside of an old game, so I don't know if it matters.

edit: I ran spybot and it didn't lock up (I thought of it because of how it scans) and it found several infections, one of them is a vundo infection, so I figured I wouldn't fix them through spybot, but I'll give you the log of what was found, plus I'm going to stop all internet on this computer and use a different one for here.

oh and here's the log from spybot, I don't know if you can read those, but it can at least tell you what it found
http://www.mediafire.com/?z0sewxzxxg2
 
Last edited:
Thanks for the log. The Vundo detections in that log are just orphaned registry entries, they're not active. Try this scanner and see if it will complete:

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
 
That one locked up too! on another random file from a game (simtower.ini if it matters) it also found an infection, though it could have been just a tracking cookie...
 
OK, try rebooting into Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list) and running the scan there.

I'd also like to see another log:

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
 
The links work fine for me now as well, must have been a temporary issue. I can see no signs of active malware in any of the logs you've provided, I suspect it's something else that's responsible for this. I'd like to know if an online scan is able to complete.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post if it completes successfully.
 
Sorry about taking so long. I ran it last night but there was a storm, and my surge protector switched when there was a surge (good to know that works :P) anyways. I just tried to start it again, and it said "Starting Java applet has failed! Please go online to use this program." when it tried to update and install.
Edit: Tried it several times with the same result.
Edit 2: I jumped the gun, I tried it in a different instance of FF And I was able to update and start the scan.
 
Last edited:
No problems about the delay (I've done it to you a couple of times now, sorry :o). I'll be interested to see the results.
 
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 04, 2008 07:57:56
Records in database: 912450
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Files scanned 195529
Threat name 8
Infected objects 8
Suspicious objects 0
Duration of the scan 03:17:32

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D266616.dll Infected: Packed.Win32.Klone.k 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EB70CD.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367942E6.htm Infected: Exploit.HTML.IESlice.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C51149E Infected: not-a-virus:AdWare.Win32.Virtumonde.dt 1
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\fljdw6h5.default\Mail\Local Folders\Junk Infected: Trojan-Spy.HTML.Fiffraud.n 1
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe Infected: not-a-virus:AdWare.Win32.Agent.aeh 1
F:\Eric\Stuff\Antivirus and Antispyware\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
F:\Eric\Stuff\Game Maker 7[1].0.rar Infected: Trojan.Win32.Dialer.yz 1
The selected area was scanned.
 
There are a few leftovers showing in the various scans, but nothing active. Nonetheless we can remove them.

Please click on Start -> Control Panel -> Add or Remove Programs. If WildTangent appears, click on it and click Remove.

Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\WINDOWS\wt\
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus

HKEY_CLASSES_ROOT\AppID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}
HKEY_USERS\PE_C_COMPAQ_OWNER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}
HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}
HKEY_USERS\PE_C_COMPAQ_OWNER\AtlMon.ReusableComp.5
  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

This archive is also infected and I strongly suggest you delete it:
F:\Eric\Stuff\Game Maker 7[1].0.rar

That said, these would not be responsible for the problems you've been having. A software conflict or similar problem strikes me as the most likely suspect. I know that Malwarebytes didn't run normally in Safe Mode, but see if you can run any of your other scans such as A-squared in Safe Mode. If that works, we can narrow down the list of suspects.
 
Last edited:
ot move it:

C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info moved successfully.
C:\WINDOWS\wt\wtupdates\wtwebdriver moved successfully.
C:\WINDOWS\wt\wtupdates\wtupdater moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23 moved successfully.
C:\WINDOWS\wt\wtupdates\WireControl moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1 moved successfully.
C:\WINDOWS\wt\wtupdates\webd moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19 moved successfully.
C:\WINDOWS\wt\wtupdates\DRM moved successfully.
C:\WINDOWS\wt\wtupdates moved successfully.
C:\WINDOWS\wt\webdriver\4.1.1 moved successfully.
C:\WINDOWS\wt\webdriver moved successfully.
C:\WINDOWS\wt\updater moved successfully.
C:\WINDOWS\wt moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A49FEB7D-38B7-4C5C-B126-9C201E4BD0BD} moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{6C743BD3-A21D-4E58-9AAE-92A9D141061F} moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{677FCD49-921A-40A7-977B-D979CE3119FC} moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus moved successfully.
File/Folder not found.
< HKEY_CLASSES_ROOT\AppID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93} >
Registry key HKEY_CLASSES_ROOT\AppID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}\\ deleted successfully.
< HKEY_USERS\PE_C_COMPAQ_OWNER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} >
Registry key HKEY_USERS\PE_C_COMPAQ_OWNER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\\ not found.
< HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0} >
Registry key HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}\\ deleted successfully.
< HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866} >
Registry key HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession.1 >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession.1\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}\\ deleted successfully.
< HKEY_USERS\PE_C_COMPAQ_OWNER\AtlMon.ReusableComp.5 >
Registry key HKEY_USERS\PE_C_COMPAQ_OWNER\AtlMon.ReusableComp.5\\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_231659

Okay, so I started in safe mode, and safe mode for some reason normally runs really slow, but today it was running REALLY slow, I logged into the admin account and an hour later it was still trying to log in.
 
You must log in or register to reply here.
Back
Top