it's baaaack. Downloader.exe back with friends.

Before you said you could access normal mode, but locks up?

Could be the stuff you having running, taking heavy hits on your processor.
If normal mode still refuses to run, lets do this.

While in safe mode,

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/2007/fjcruiser/int360.html?noreloadredir
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

accidentally responded to wrong post. I did that and rebooted and i'm frozen at the login screen

Crud.
Do you have your XP CD?

i dont think so

Darn.
Well we might be able to do it without the CD.
Boot back to safe mode and do this.

Start > Run
type this in: sfc /scannow
Note the space after the c and before the /
Press enter.

It will now check your files incase their damaged.
Allow it to do it's run.
See if you can boot in normal mode now.

I believe that one came pre-installed. I have it for the other one

Ah.
Well do the instructions I left on the first page of this topic.

not looking so good. everything taking a long time.

nothing will open. I noticed you locked the other chain. We got PMP 2 working again but you said the first log I sent looked clean. It ran after ATF.

PMP2, this chain, has nothing working in normal mode

And of course now, neither computer is working. PMP2 has stopped now and I'm on the wireless UPDATE: I got PMP2 back up by renewing the IP address...somehow it was lost

Internet stopped working on that too?
Tried winsock fix?

Can you do this? Follow this path:
C:\WINDOWS\erdnt\Hiv-backup\ERDNT.exe <-- run that.

I was able to get PMP2 on by going to the LAN and hitting repair. It said there was no IP address assigned...(again, PMP2 never showed a virus today, just been acting weird)

Was the last command for the one we've been working on , PMP1?

I'm not hopeful on this, but worth a shot.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log with a fresh copy of HijackThis log.

will this work in safe mode? I can't even get 'my computer' open in normal mode

Yeah, MBAM will work in safe mode.