My cousin has a computer full of viruses and junk.
well she asked me to clean it since she couldnt get a web browser open.
I deleted all the viruses and spyware with Kaspersky, and spybot.
I dont want to reinstall windows since she has a lot of things on there which would take a long time to backup(and check if there not infected)
The computer is really old and slow, 1MHz processor, 32mb ram and well its only used for GG and IE, so she need it until she gets a new one.
Now the only way i can get into windows is by going into safe mode(with network, or without..they both work)
If i try to start windows normally it gets to the welcome screen then the computer restarts by itself.
There were a lot of registration changes made and i set them all back using spybot and ill try to find some type of registration cleaner.
Also i found a W32 Blaster Worm in the system using FixBlast, i downloaded a patch to fix it and the program said it was gone.
After cleaning it with kaspersky and spybot i STILL cant get it to start normaly.
Could some one please give me some advise on what to do.
This is the hijackthis report.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:20, on 2008-01-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\userinit.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {897fe88e-1dd2-11b2-92c5-9c93f4e93ae8} - C:\WINDOWS\pohwfgje.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201271948.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows File XP Manager] wfdmgr.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [wlyvoren] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\wlyvoren.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\lsyvg.exe
O4 - HKLM\..\Run: [DioCleaner] D:\actfight\actfight\DioCleaner.exe
O4 - HKLM\..\Run: [Windows Control Server] wmlmsnsvc.exe
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [Windows Update] srv.exe
O4 - HKLM\..\Run: [Windll] C:\WINDOWS\windll.exe
O4 - HKLM\..\Run: [WindowsLiveMessengers] msngr.exe
Marked Solved 
![Warrior[PU] is offline](http://images.daniweb.com/user_offline.gif){kind=small}
