My cousin has a computer full of viruses and junk.
well she asked me to clean it since she couldnt get a web browser open.

I deleted all the viruses and spyware with Kaspersky, and spybot.
I dont want to reinstall windows since she has a lot of things on there which would take a long time to backup(and check if there not infected)
The computer is really old and slow, 1MHz processor, 32mb ram and well its only used for GG and IE, so she need it until she gets a new one.

Now the only way i can get into windows is by going into safe mode(with network, or without..they both work)
If i try to start windows normally it gets to the welcome screen then the computer restarts by itself.

There were a lot of registration changes made and i set them all back using spybot and ill try to find some type of registration cleaner.
Also i found a W32 Blaster Worm in the system using FixBlast, i downloaded a patch to fix it and the program said it was gone.
After cleaning it with kaspersky and spybot i STILL cant get it to start normaly.

Could some one please give me some advise on what to do.

This is the hijackthis report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:20, on 2008-01-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\userinit.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {897fe88e-1dd2-11b2-92c5-9c93f4e93ae8} - C:\WINDOWS\pohwfgje.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201271948.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows File XP Manager] wfdmgr.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [wlyvoren] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\wlyvoren.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\lsyvg.exe
O4 - HKLM\..\Run: [DioCleaner] D:\actfight\actfight\DioCleaner.exe
O4 - HKLM\..\Run: [Windows Control Server] wmlmsnsvc.exe
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [Windows Update] srv.exe
O4 - HKLM\..\Run: [Windll] C:\WINDOWS\windll.exe
O4 - HKLM\..\Run: [WindowsLiveMessengers] msngr.exe

remove the following:
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)

O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

you need to close out the internet browser before clicking fix selected

download CCleaner from the link in my signature, that has a registry cleaner in it.

and download AVG anti spyware, i'm pretty sure filehippo.com has it...

see if you can get it to start normally now...

what does your cousin have on the computer because you can do a system recovery without losing music or pictures

also make sure she has all of the necessary updates from windows and microsoft

remove this too
R3 - Default URLSearchHook is missing

Thnx ill try that today. so all of those things i should remove are in the registry right.

and i can access the internet but only in safe mode.

when you do a system scan with HijackThis you can select those entries and then click FIX SELECTED

and then you are gonna have to do a new scan and post a new HiJackThis logfile here. DO NOT EDIT THE LOGFILE IN ANY WAY WHEN YOU POST IT!!!

what does your cousin have on the computer because you can do a system recovery without losing music or pictures