remove the following:
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)

O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

you need to close out the internet browser before clicking fix selected

download CCleaner from the link in my signature, that has a registry cleaner in it.

and download AVG anti spyware, i'm pretty sure filehippo.com has it...

see if you can get it to start normally now...

what does your cousin have on the computer because you can do a system recovery without losing music or pictures

also make sure she has all of the necessary updates from windows and microsoft

remove this too
R3 - Default URLSearchHook is missing

when you do a system scan with HijackThis you can select those entries and then click FIX SELECTED

and then you are gonna have to do a new scan and post a new HiJackThis logfile here. DO NOT EDIT THE LOGFILE IN ANY WAY WHEN YOU POST IT!!!

what does your cousin have on the computer because you can do a system recovery without losing music or pictures

Hello, Warrior... that Hijackthis log looks truncated.. I know it is run in safe mode, but even so...
There are a lot of things to fix, those that Overwhelmed pointed out and a lot more. If we fix those and remove a couple of files could you post another log, and we'll see where we go from there.
Orrite, start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\userinit.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {897fe88e-1dd2-11b2-92c5-9c93f4e93ae8} - C:\WINDOWS\pohwfgje.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201271948.dll
O4 - HKLM\..\Run: [Windows File XP Manager] wfdmgr.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKLM\..\Run: [wlyvoren] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\wlyvoren.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\lsyvg.exe
O4 - HKLM\..\Run: [DioCleaner] D:\actfight\actfight\DioCleaner.exe
O4 - HKLM\..\Run: [Windows Control Server] wmlmsnsvc.exe
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [Windows Update] srv.exe
O4 - HKLM\..\Run: [Windll] C:\WINDOWS\windll.exe
O4 - HKLM\..\Run: [WindowsLiveMessengers] msngr.exe

Good. That's a big list, huh? Now you must delete some files, and because that is only part of the log I cannot tell what some are, so they may not delete straight off... but we shall try this time around anyway.
Uninstall this pgm:
Helper [superfindout]

Delete these files: [note the paths and spelling closely!!]
C:\lsyvg.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\All Users\Dane aplikacji\wlyvoren.dll
C:\WINDOWS\svchost.exe [NOT svchost.exe in system32 !!]
C:\WINDOWS\windll.exe
C:\WINDOWS\pohwfgje.dll
C:\WINDOWS\system32\wfdmgr.exe
C:\WINDOWS\system32\wbcmgr.exe
C:\WINDOWS\system32\wmlmsnsvc.exe
C:\WINDOWS\system32\drivers\spool.exe
c:\windows\system32\userinit.dll [NOT userinit.exe]
C:\WINDOWS\system32\wkssvc.exe
C:\WINDOWS\system32\windll.exe
C:\WINDOWS\system32\srv.exe
C:\WINDOWS\system32\msngr.exe
C:\WINDOWS\System32\spool.exe
C:\WINDOWS\system32\drivers\spool.exe
D:\actfight\actfight\DioCleaner.exe

and this folder:
C:\Program Files\Helper

Oh dear, not a lot left, is there? Never mind..
Orrite, that workload is cruel; because you can get SM with Networking running, you could try this INSTEAD:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
... and if that does what I think it will, post another log. See if you can enter Normal mode first; if so, run the log from there.

well let us know if you get your hands on her computer or not...... hope we can help you further

You are not serious, are you? CCleaner is a great tool, but it cleans what it is pointed at, pretty much usually basic temp and logging files. And your registry if you so wish. It was not pointed at and would not remove your mailing worm, your backdoor trojans, your ad trojans... now that you have got it working it is no longer yours, it can be controlled when on the net. Hackers have full access to it.
It is all up to you. But I do feel sorry for any friends your cousin contacts by email etc.

Good-oh. Well, if you are happy with it, fine, but feel free to post another ht log or a combofix run.
Cheers.

was this marked as solved?