Posts by caperjack

Boor quality file conversion ,i could never find a fix ,just rewind a bit and hope it didn't freeze the next time ,sorry maybe someone else knows what to do with them .

IEhelper.dll was the problem - sorry for not replying sooner - been out of town for a couple of weeks.
Thanks for all your help

Nice to see you got it fixed ,hope you had a nice trip out of town ,
I was out of this chair all day yesterday !:)LOL

Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.zerosrealm.com/downloads.php
http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

reboot and post a fresh hijackthis log
Forget the virus scans for now .Please run Ad-Aware ,spybot and CWShredder first

Pleasssseeee helpppppp..... :-|
. I "chatted" with the "Compaq tech." before, but...they seemed to be "clueless".

This happens to a lot of us

I've tried to reboot and reinstall my notebook so many times already, but none seemed to work. :sad: .

Reloading windows is not going to help as the Bios is written in a ROM CMOS chip on you motherboard .
You dont even need a OS install on you computer to axcess the Bios

I really need help from you, guys. I need to know the steps on how to get into the BIOS setup system so i can disable the BIOS shadow. . Don't tell me to press F10, 'cause i did that already and the BIOS setup system is not in there.

only thing I can think to cause this is you are starting to hit the f10 key to late into the boot ,what does happen when you hit the f10 key !

I have a 4 year old PC that I am giving to a friend. I had a "profesional" clean the drive and reload the system (ME). I took it to the friend and then started installing DSL software and getting her online. I had trouble and called the service provider for help. Turns our I cannot get to internet sites when I put the name in (www.yahoo.com) but it does work if I enter the numbers for the site in the address window. At that point the service provider told me it was a PC problem. Anybody have any clues what the problem might be?

Did you try goig to windows updates and update IE/in IE tool /windows updates .

Please do this.
Download 'Hijack This!'.

htt

p://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\,

double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a

"Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its

contents here. Most of what it lists will be harmless or even

essential, don't fix anything yet.
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Scanning in

Spybot

Search and Destroy:

1. Downloaded and Install

Spybot

S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see

'Mode'. Make certain that 'default mode' has a

check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then

download and install the Updates.

5. Next click the button ‘Check for Problems’

6. When Spybot is complete, it will be showing

‘RED’ entries bold 'Black'

entries and ‘GREEN’ entries in

the window

7. Make certain there is a check mark beside all of the

RED entries ONLY.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix

the RED entries.

9.REBOOT to complete the scan and clear memory.

Finally if you …

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Out Dated Hijackthis program ,but i don't see anything in the log to cause your problems .Delete the old version and get newer virsion .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

;;;;;;;;;;;;;;;;

This could be fixed if you didn't set these yourself .
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Also fix all the 016,the good ones you will download again when you go to that site ,
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/gam...nts/y/it1_x.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {CA1811B0-28B5-44AB-8DB3-DC9BEAA77D04} - http://us.dl1.yimg.com/download.yah...ropper1_3au.cab

Also you are running an old version of Hijackthis download a new version and delete the old .
,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.zerosrealm.com/downloads.php
http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406
,,,,,,,,,,,,,,,,,,,,,,,,,,,

Scanning in Spybot Search and Destroy:

1. Downloaded and Install Spybot S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then download and install the Updates.

5. Next click the button ‘Check for Problems’

6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

7. Make certain there is a check mark beside all of the RED entries ONLY.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

9.REBOOT to complete the scan and clear memory.

Finally if you are going to run both …

I also posted this:
http://www.annoyances.org/exec/forum/winxp/1101599826

Please help!!!!

so did you download and run the MacAfee Stinger virus scan as directed !

Looks OK to me now !
do the following .
......................
After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

first time i ever heard of that error myself ,but they know HERE what causes it !

Next to deal with these 2 !
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmim.dll' missi

we need to do this '''
First, download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of new.net and 'osmim.dll' (and nothing else), and move them to the "Remove" pane.
Then click Finish.

You have new .net and need to unistall it first ,
follow instructions here .
http://www.newdotnet.com/removal.html
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\PDF7f51.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

O4 - HKLM\..\Run: [OSS] C:\WINDOWS\SYSTEM32\ossproxy.exe -boot

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

To …

how is this done formatting the hard drive and loosing windows me i wastold once windows me is there from a ome install your stuck with it
thanks
tazkrazy

It can sometimes be a challenge ,but once you format the drive you can put what ever OS you wish back on !

yea, thanks caper, i'm going to try that... another question-- also after installing sp2 i can't access my yahoo msgr??? help please, thank you!!

Sorry no Yahoo on my machine .Probably a firewall issue

Thanks for all the help but it just seemed easier to format the C drive and reinstall W98 completely afresh... I have done that... unfortunately I didnt make a note of the drivers for sound and graphics and now have no idea how to find what I have... it just says there are conflicts on PCI devices... so I have no sound and the screen display is very basic... any ideas how to find out how I can find the correct driver for sound and display/video?

Download this free version tool to tell you everything that is installe on you computer ,may even gige links to manufactore site to download drivers .great tool !
http://www.lavalys.com/products/download.php?pid=1&lang=en

I would not suggest f10 but will suggest f1 or f11

Ad Aware 6 is old now; the latest version is Ad Aware SE Personal.

Yes but the link goes to the new version .

all set.................problem solved ( safe mode/ad aware; solved all issues)

It would have solved a lot but lets see and new log to make sure ,so get the updated hijackthis and post a fresh log .thanks

Adaware

Please download and install Adaware from here. You will need to change some of the settings before your first scan.

Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program

Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list.

Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window.

1. In the ‘General’ window make sure the following are selected:
• Automatically save log-file
• Automatically quarantine objects prior to removal
• Safe Mode (always request confirmation)

2. Click on the ‘Scanning’ button on the left and select :
• Scan Within Archives
• Scan Active Processes
• Scan Registry
• Deep Scan Registry
• Scan my IE favorites for banned URL’s
• Scan my Hosts file
• Under ‘Click here to select drives + folders’, choose:
• All of your hard drives

3. Click on the ‘Advanced’ button on the left and select:
• Include additional process information
• Include additional file information
• Include environment information
• Include additional object details

4. Click the ‘Tweak’ button and select:
• Under the ‘Scanning Engine’:
• Unload recognized processes during scanning
• Include basic Ad-aware settings in logfile
• Include …

Download and run this great fully working trojan scanner Demo
Trojan hunter

Then Please run these free online Virus scan

Be sure to Check off Auto Fix on this site

http://housecall.trendmicro.com/housecall/start_corp.asp
please run this one also to be sure .

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

My research finds that its a baddie but a hijackthis log will help ,as it need to be fixed with LSPFix.
''''''''''''''''''''

Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

First you may want to setup Ad-Aware here is how to .after setup reboot computer inSafe mode and run ad-aware ;
Reboot to SAFE run ad-aware
How to start computer in safe mode
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list.

Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window.

1. In the ‘General’ window make sure the following are selected:
• Automatically save log-file
• Automatically quarantine objects prior to removal
• Safe Mode (always request confirmation)

2. Click on the ‘Scanning’ button on the left and select :
• Scan Within Archives
• Scan Active Processes
• Scan Registry
• Deep Scan Registry
• Scan my IE favorites for banned URL’s
• Scan my Hosts file
• Under ‘Click here to select drives + folders’, choose:
• All of your hard drives

3. Click on the ‘Advanced’ button on the left and select:
• Include additional process information
• Include additional file information
• Include environment information
• Include additional object details

4. Click the ‘Tweak’ button and select:
• Under the ‘Scanning Engine’:
• Unload recognized processes during scanning
• Include basic Ad-aware settings in logfile
• Include additional Ad-aware …

post you hijackthis log if you wish!:)

i've done some research, after many more scans with many more programs, and found i have a problem

its called adsnp.dll

google yields very few results on this (less than 1 pages worth), but i will look through them and see if i can figure this out for myself :D

now, im not sure what creates it, but it didnt 'exist' on my PC in normal mode, so no anti-virus software could get rid of it, and i couldnt see it, so i couldnt delete it, also, renaming something to adsnp.dll makes that file disapear, so i cant even overwrite it, then delete that file.

i decided to go into safe mode, and sure enough, there it was, so i deleted it.
however, on restarting into normal mode, the DLL is still active, as my AV software is warning me of its existence every time i open a window, be it 'IE', or just 'my computer'

also, the "O15 - Trusted Zone: http://*.63.219.181.7" must have something to do with it, as every time i try to remove that, it reapears on the next scan, even if i do it right there and then.

feel free to give any suggestions, im gonna try and figure it out for myself, but hey, the more the merrier, right?

-G

Try running Hijackthis in safe mode and fix that 015

Might i suggest ,This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Alo check this out ,,,
How I got infected in the first place .

Time to ugrade Norton ,the 2005s' are out now .
Check this out ,Microsoft

Giving that the Print preview doesn't even have a hot key to use I think it might be a problem !just my un-profesional opinion!:)

I dont want my page file to be disabled .. but at the same time I want my ram to be used more .. not the pagefile.

This might be what you need .Memory tweak guide And This site also .Here

caperjack,

there's a pint of the best guinness in Ireland in the best pub in ireland awaiting you :)

thanks a lot .. the lspfix did the trick !

bb

Thanks Glad i could help .
Me Being From Cape Breton ,Nova Scotia ,Canada .I can pretend I drank the Guinness,Actuall I think its imported as a specutally Beet here .just send me a fiver and I go out and buy one ,!:)LOL

As a precaution to this happening again when you install a program that you just want to try ,and you don't want it to take over all the different file type ,the program usuall asks what file types you want the program to use its always best to uncheck all ,or all but the file types associated with that program if you know them ,

I went through the steps until you say to click on "advanced". There is no advanced to click on, also, how do I find the picture viewers .exe file?

Sorry I was using my memory, as i use WinXp and its a little different ,but when you go in hilite open , and then hit edit ,and then edit again ,and the browse ,to then browse through the windows directory and fine the EXE file for the viewer ,sorry I don't know where its at ,but you could do a search in Start /search file and folders .and search for *.exe and see if you fine the viewer one and if you do take not as to what folder is in !

Edit: I have a win98 machine here but i can't find picture viewer on it .Mind you i didn't look that hard !hehe ,My Teen Daughters computer ,my very impatient Daughter!

check your other post
http://www.daniweb.com/techtalkforums/showthread.php?p=70645#post70645

I think this problem or one like it was fixed by temporary disabling the new windows popup stopper in security center in the control panel or configuring it to allow your home page as a popup ,I think maybe you homepage is seen as a popup !!

This {O10 - Broken Internet access because of LSP provider 'c:\winnt\newdot~1.dll' missing}they say indicates the NewDot net wasn't uninstalle correctly ,this item can't be fixed with hijackthis as it may cause you to loose your internet connection ,
The problem is discused in this fourm ,HERE I think you should try this as suggested in above link .

,,,,,,,,,,,,,,,,,,,,,,
Download LSPfix here: http://www.cexx.org/lspfix.htm

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of newdotnet1.dll' if its there ,(and nothing else), and move them to the "Remove" pane.
Then click Finish.

Its a little tricky if you have never done it before ,
Go to mycomputer/View ,folder options and File Types and then scroll through the list to you graphics type ,(you can fine the file type of your graphics by right clicking on a photo and checking its properties ) Click on Advanced and then make sure OPEN is highlited ,then go to EDIT,and you then need to scroll and look through the directory and find the Picture Viewers .EXE (should be in the C:\Windows ,Folder )file and clik it to use it ,make sure to OK your way back out so it saves the changes .You will need to do this with all the files tyes you want to change to be opened with Picture viewer .

thanks for the help no sound but i was trying to put in windows 98 unfortunately i belive thats not an option because according to windows its a downgrade from windows me but again thank you for your intrest
tazkrazy

You can install win98 ,but you would have to format your Hard Drive and lose windowes Me along with everthing else is on your computer !

Ther is no uninstall option ,are you trying to install XP if so don't do a upgrade of ME ,just looking for trouble do a full install ,only downside to a full install is you will lose everything on the drive .http://support.microsoft.com/default.aspx?scid=kb;EN-US;q255867

Installed new hard drive running xp, and keep getting "ntldr" message? Hard drive is 80 GB Maxtor 7200rpm t/m ultra ata/133 8mb cache. Old one crashed, Can anyone help i tried microsofts solution but will not work? What am i doing wrong? I followed instruction and ran cd provided.

Me slow learner !
what is the full ntldr message ,you are running XP is this a fresh install on the new drive .do you only have one HD drive in the computer

have you tried using Divix. http://www.divx.com/

you could try update to media player 10

I was looking into my task manager ... and I got that my pc was using 120 MB as paging file while about 150 MB of my ram was still not used. I wonder why is it so? And if I want all of my ram to be utilized .. then what should I do?

By the way I have 256 MB of ram.

256 is not really enough to have if you want to stop using paging file ,It would work but you would be always getting a message that resources are running low .or out of memory message .about 1gig of memory would be the best .
to change it you ,right click on mycomputer go properties/advanced /performance/settings/advanced /virtual memory /change /turn off paging file

Hello everyone,

!

Should I format the drive... is it the better solution?

Thanks in advance!

It would be the fastes solution for sure .if you don't need to backup a lot of Stuff !

@caperjack,
thanx a lot m8, I've also followed your latest suggestion and installed some further spy "protection" sw.
Zap
PS if we stay on Pc topic I might never be able to "pay back my debt" but if you will ver need some "tips" about satellite tv's (only European) and encryption systems give me a shout. ;)

Glad to have helped ,I live in Canada and Don't use satelite anyway! thanks .Good luck

Some program to download and use after you fix the above and scan with hijackthis again a post a fresh log
http://subratam.org/?page=software&part=Spyware-preventions

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - D:\WINDOWS\system32\u88bawx.dll

O4 - HKLM\..\Run: [explorer] D:\WINDOWS\system32\explorer.exe -go -c77 -w

O4 - HKLM\..\RunOnce: [b8fmu00.exe] D:\WINDOWS\System32\b8fmu00.exe /k

O4 - HKCU\..\RunOnce: [b8fmu00.exe] D:\WINDOWS\System32\b8fmu00.exe /k

Just to be safe remove all of the 016s' as the good one can be downloaded again when you go to that site .

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/gam...nts/y/tt2_x.cab

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab

O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game18.zylomgames.com/activex/zylomloader.cab

O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} - http://us.dl1.yimg.com/download.yah...ropper1_3uk.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

Looks ok to me!
I would suggest installing the recomended program on this SITE

The Experts say that Hijackthis doesn't work up to snuff if Internet Explorer is open when you run the scan ,this shows you have not closed all browser windows when you ran the scan [C:\Program Files\Internet Explorer\iexplore.exe
],
I would suggest you fix the ones Chrunchies said in his reply ,if they came back and empty the temp folder .Nothing should be running from a temp folder .

O4 - HKLM\..\Run: [ccregle] C:\DOCUME~1\Claudio\LOCALS~1\Temp\Project1.exe
,,,,
Also when i do a search for info on this one ,[O20 - AppInit_DLLs: PAVWAIT.DLL]this is what the Experts say about it ..fixing is up to you I quwss .,,,,,,,,,

CRACKLOC (added 7. september by Ayora from the French forum PCAstuces)

O20 - AppInit_DLLs: CLKERN.DLL

Sources :
Now what is this GREEN color for you might think.... well, Crackloc is not really spyware, but the program is for "cracking"
programs you have downloaded in time-limited trial-versions. I cannot support that kind of cheats

you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot.

Now please create a new Hijackthis Log and post it as a reply.

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
,,,,,,,,,,,,,,,
You can wait for Crunchie reply to see if he agrees !!