Need help with Hijackthis report

remove the following:
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)

O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

you need to close out the internet browser before clicking fix selected

download CCleaner from the link in my signature, that has a registry cleaner in it.

and download AVG anti spyware, i'm pretty sure filehippo.com has it...

see if you can get it to start normally now...

what does your cousin have on the computer because you can do a system recovery without losing music or pictures

also make sure she has all of the necessary updates from windows and microsoft

remove this too
R3 - Default URLSearchHook is missing

Thnx ill try that today. so all of those things i should remove are in the registry right.

and i can access the internet but only in safe mode.

when you do a system scan with HijackThis you can select those entries and then click FIX SELECTED

and then you are gonna have to do a new scan and post a new HiJackThis logfile here. DO NOT EDIT THE LOGFILE IN ANY WAY WHEN YOU POST IT!!!

what does your cousin have on the computer because you can do a system recovery without losing music or pictures

Ok thnx well ill have to do it tomorrow since i cant get to the computer today.
she has mostly music and pictures, but her brother has but a lot of junk on there and thats y there were so many viruses, and he's so slow that he couldn't possibly tell me how he broke it.
and i think that system recovery wasn't ever even turned on, but ill check it tomorrow and take your advice.
Thnx for the help

Hello, Warrior... that Hijackthis log looks truncated.. I know it is run in safe mode, but even so...
There are a lot of things to fix, those that Overwhelmed pointed out and a lot more. If we fix those and remove a couple of files could you post another log, and we'll see where we go from there.
Orrite, start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\userinit.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {897fe88e-1dd2-11b2-92c5-9c93f4e93ae8} - C:\WINDOWS\pohwfgje.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201271948.dll
O4 - HKLM\..\Run: [Windows File XP Manager] wfdmgr.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKLM\..\Run: [wlyvoren] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\wlyvoren.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\lsyvg.exe
O4 - HKLM\..\Run: [DioCleaner] D:\actfight\actfight\DioCleaner.exe
O4 - HKLM\..\Run: [Windows Control Server] wmlmsnsvc.exe
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [Windows Update] srv.exe
O4 - HKLM\..\Run: [Windll] C:\WINDOWS\windll.exe
O4 - HKLM\..\Run: [WindowsLiveMessengers] msngr.exe

Good. That's a big list, huh? Now you must delete some files, and because that is only part of the log I cannot tell what some are, so they may not delete straight off... but we shall try this time around anyway.
Uninstall this pgm:
Helper [superfindout]

Delete these files: [note the paths and spelling closely!!]
C:\lsyvg.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\All Users\Dane aplikacji\wlyvoren.dll
C:\WINDOWS\svchost.exe [NOT svchost.exe in system32 !!]
C:\WINDOWS\windll.exe
C:\WINDOWS\pohwfgje.dll
C:\WINDOWS\system32\wfdmgr.exe
C:\WINDOWS\system32\wbcmgr.exe
C:\WINDOWS\system32\wmlmsnsvc.exe
C:\WINDOWS\system32\drivers\spool.exe
c:\windows\system32\userinit.dll [NOT userinit.exe]
C:\WINDOWS\system32\wkssvc.exe
C:\WINDOWS\system32\windll.exe
C:\WINDOWS\system32\srv.exe
C:\WINDOWS\system32\msngr.exe
C:\WINDOWS\System32\spool.exe
C:\WINDOWS\system32\drivers\spool.exe
D:\actfight\actfight\DioCleaner.exe

and this folder:
C:\Program Files\Helper

Oh dear, not a lot left, is there? Never mind..
Orrite, that workload is cruel; because you can get SM with Networking running, you could try this INSTEAD:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
... and if that does what I think it will, post another log. See if you can enter Normal mode first; if so, run the log from there.

Thnx alot for that advise. but i cant get to the computer since she left the country, but i might be able to get it and take it to my house so i can fix it for her while she is gone.

Thanx alot again for the help guys and gals

well let us know if you get your hands on her computer or not...... hope we can help you further

sweet thanx for all the help guys. i fixed the computer, that ccleaner did the job, there was a registry in there which was changed so that windows wouldn't boot.

so its fixed now and thnx for the help

You are not serious, are you? CCleaner is a great tool, but it cleans what it is pointed at, pretty much usually basic temp and logging files. And your registry if you so wish. It was not pointed at and would not remove your mailing worm, your backdoor trojans, your ad trojans... now that you have got it working it is no longer yours, it can be controlled when on the net. Hackers have full access to it.
It is all up to you. But I do feel sorry for any friends your cousin contacts by email etc.

lol no, i deleted all those viruses and trojens when i booted back up in normal mode.
i just saying that ccleaner helped me get the computer started in normal mode

Good-oh. Well, if you are happy with it, fine, but feel free to post another ht log or a combofix run.
Cheers.

was this marked as solved?

ya i guess so, since the problem is fixed

download CCleaner from the link in my signature, that has a registry cleaner in it.

What is the point of this?
Are you inferring that posters should have it "Scan for issues?" Because, that is not good advice. Only people familiar with how the registry works should do this.
And, only after properly backing up the registry.

Gerbil is correct - with a massive infestation such as this, a tool such as ComboFix or SDFix needs to be run.