as requested by bugbatter...antivirus 2009 and more...

Hi,

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

It appears that you are running two anti-virus applications. That can cause conflicts and slowdowns and actually make your computer less secure as both are fighting to take control of the situation. Please remove one of them and follow with the appropriate removal tool

1. For McAfee:
 http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
2. Click Save and save the file to any folder on your computer.
3. Navigate to the folder where the file is saved.
4. Make sure all McAfee windows are closed.
5. Double-click MCPR.EXE to run the removal tool.
6. Restart your computer after receiving the message CleanUp Successful.
Your McAfee product will not be fully removed until the system is restarted.
If the message Cleanup Unsuccessful is displayed, you can view and save your MCPR log files for analysis by McAfee Technical Support.

For AVG:
 http://www.avg.com/download-tools
Save the file to your desktop, close all programs before running the Removal Tool (in Vista right click the file and select run as Administrator).

Following that, please do the following:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

• 1. DDS.txt
  2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum.
• Close the program window, and delete the program from your desktop.

• Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

  * If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

  I look forward to your reply so we can begin cleaning.

  Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

   

   

A few updates before I post what you requested. Before I logged back into this forum, a friend to ld me to delete my Mcafee( i can it it back from work when needed) and AVG. I deleted both programs. The icon in the taskbar returned. When I run roguescanfix it gets rid of it but I still get the pop ups and when I restart my computer the icon appears back in the task bar.

To get to what you requested, I deleted Metacafe and MP3rocket P2P programs. I'm not sure about system restore, I haven't made any changes to that. And I don't believe I have any cracked software. I had ran hijackthis once again before i logged back in, here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:09, on 02/24/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 2297 bytes

Here are the DDS logs:

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 01/27/07 6:42:27 PM
System Uptime: 02/24/09 1:43:19 PM (0 hours ago)

Motherboard: Dell Inc. |  | 0FF049
Processor: Intel(R) Core(TM)2 CPU         T5200  @ 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 21.6 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1D31B161424FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1D31B161424FC000
Service: NIC1394

==== System Restore Points ===================

RP524: 01/23/09 5:00:27 AM - Software Distribution Service 3.0
RP525: 01/23/09 10:11:25 PM - Software Distribution Service 3.0
RP526: 01/24/09 11:04:56 PM - System Checkpoint
RP527: 01/25/09 5:00:26 AM - Software Distribution Service 3.0
RP528: 01/25/09 11:27:52 PM - Software Distribution Service 3.0
RP529: 01/26/09 11:40:18 PM - System Checkpoint
RP530: 01/27/09 5:00:26 AM - Software Distribution Service 3.0
RP531: 01/28/09 5:00:31 AM - Software Distribution Service 3.0
RP532: 01/28/09 9:20:11 PM - Software Distribution Service 3.0
RP533: 01/29/09 9:41:46 PM - System Checkpoint
RP534: 01/30/09 5:00:24 AM - Software Distribution Service 3.0
RP535: 01/31/09 5:00:26 AM - Software Distribution Service 3.0
RP536: 01/31/09 7:10:32 AM - Software Distribution Service 3.0
RP537: 01/31/09 7:38:20 AM - Installed Windows Internet Explorer 8.
RP538: 01/31/09 7:40:22 AM - Software Distribution Service 3.0
RP539: 02/02/09 1:10:47 PM - Software Distribution Service 3.0
RP540: 02/03/09 5:00:26 AM - Software Distribution Service 3.0
RP541: 02/03/09 10:15:45 PM - Software Distribution Service 3.0
RP542: 02/04/09 10:21:44 PM - System Checkpoint
RP543: 02/05/09 5:00:25 AM - Software Distribution Service 3.0
RP544: 02/06/09 5:00:27 AM - Software Distribution Service 3.0
RP545: 02/06/09 5:39:11 PM - Software Distribution Service 3.0
RP546: 02/06/09 10:44:31 PM - Software Distribution Service 3.0
RP547: 02/07/09 11:51:59 PM - System Checkpoint
RP548: 02/08/09 5:00:26 AM - Software Distribution Service 3.0
RP549: 02/09/09 5:00:31 AM - Software Distribution Service 3.0
RP550: 02/10/09 5:00:29 AM - Software Distribution Service 3.0
RP551: 02/11/09 12:34:42 AM - Software Distribution Service 3.0
RP552: 02/11/09 8:59:02 AM - Software Distribution Service 3.0
RP553: 02/12/09 5:00:26 AM - Software Distribution Service 3.0
RP554: 02/13/09 5:00:30 AM - Software Distribution Service 3.0
RP555: 02/13/09 7:58:27 PM - Software Distribution Service 3.0
RP556: 02/14/09 5:00:25 AM - Software Distribution Service 3.0
RP557: 02/15/09 5:00:26 AM - Software Distribution Service 3.0
RP558: 02/16/09 5:00:26 AM - Software Distribution Service 3.0
RP559: 02/17/09 6:52:41 AM - Software Distribution Service 3.0
RP560: 02/18/09 5:00:18 AM - Software Distribution Service 3.0
RP561: 02/19/09 5:00:18 AM - Software Distribution Service 3.0
RP562: 02/19/09 9:02:56 PM - Software Distribution Service 3.0
RP563: 02/20/09 9:44:23 PM - System Checkpoint
RP564: 02/21/09 5:00:19 AM - Software Distribution Service 3.0
RP565: 02/22/09 5:00:18 AM - Software Distribution Service 3.0
RP566: 02/22/09 10:18:08 AM - Software Distribution Service 3.0
RP567: 02/23/09 5:00:22 AM - Software Distribution Service 3.0
RP568: 02/23/09 7:51:49 AM - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP569: 02/23/09 7:58:24 AM - Advanced Registry Optimizer Mon, Feb 23, 09  07:58
RP570: 02/23/09 7:59:28 AM - Advanced Registry Optimizer - Before Optimize
RP571: 02/23/09 8:06:10 AM - Advanced Registry Optimizer - Before One Click
RP572: 02/23/09 11:58:40 AM - Installed AVG Free 8.0
RP573: 02/24/09 5:00:22 AM - Software Distribution Service 3.0
RP574: 02/24/09 12:12:41 PM - Software Distribution Service 3.0
RP575: 02/24/09 12:58:05 PM - Removed AVG Free 8.0
RP576: 02/24/09 12:59:00 PM - Installed AVG Free 8.0
RP577: 02/24/09 1:00:14 PM - Removed McAfee VirusScan Enterprise

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
AiO_Scan_CDA
AiOSoftwareNPI
AOLIcon
Apple Mobile Device Support
Apple Software Update
Authentium AntiVirus SDK - 2
AutoUpdate
Banctec Service Agreement
Bonjour
Broadcom Management Programs
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
DellConnect
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Documentation & Support Launcher
Encore LaunchPad 6.7.25.300
ESPN Java Check
eSupportQFolder
Fax_CDA
Games, Music, & Photos Launcher
getPlus(R) for Adobe
getPlus(R)_ocx
GoToAssist 8.0.0.514
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
InterActual Player
iPod for Windows 2005-02-22
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
Media Center Extender
Merriam-Webster Online Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.6)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
NetWaiting
NewCopy_CDA
PC SpeedScan Pro
PowerDVD
PPSDKRedistributables
ProductContextNPI
PureEdge Viewer 6.5
QuickSet
QuickTime
Radialpoint Security Services
Readme
RealPlayer
Roguescanfix 1.5
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SolutionCenter
Sonic Encoders
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VC80CRTRedist - 8.0.50727.762
Verizon Online Help and Support
Verizon PC Security Checkup
Verizon Servicepoint 1.5.22
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

02/17/09 6:50:35 AM, error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.
02/17/09 6:50:35 AM, error: Service Control Manager [7000]  - The DellBIOS service failed to start due to the following error:  The system cannot find the file specified.
02/17/09 6:52:47 AM, error: Service Control Manager [7022]  - The dvpapi service hung on starting.
02/17/09 6:54:18 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).
02/17/09 7:05:28 AM, error: Service Control Manager [7023]  - The dvpapi service terminated with the following error:  The class is configured to run as a security id different from the caller
02/18/09 4:50:37 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
02/22/09 5:00:54 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for SQL Server 2000 Service Pack 4 (KB960082).
02/22/09 10:31:42 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
02/23/09 6:34:48 PM, error: Service Control Manager [7031]  - The AVG Free8 WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
02/23/09 6:41:54 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
02/23/09 6:41:54 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
02/23/09 6:41:54 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
02/23/09 6:41:54 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
02/23/09 6:41:54 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX eeCtrl Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
02/23/09 6:41:55 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/23/09 6:47:07 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
02/23/09 7:02:32 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================

Other one:

DDS (Ver_09-02-01.01) - NTFSx86 
Run by Eric at 13:49:28.45 on 02/24/09
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1466 [GMT -8:00]

FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\QOA66BY2\dds[1].com

============== Pseudo HJT Report ===============

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: Merriam-Webster Online: {b7b76dd6-b6f0-4443-af81-6a3ecf12a57d} - c:\windows\_MWOLTB.DLL
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
Trusted Zone: cumulusstreaming.com\player
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\lxbckzha.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 DLADiagN;DLADiagN;c:\windows\system32\drivers\DLADiagN.SYS [2007-12-31 10908]
R1 DLAPMonN;DLAPMonN;c:\windows\system32\drivers\DLAPMonN.SYS [2007-12-31 22812]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-2-28 104000]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 DellBIOS;DellBIOS;\??\c:\windows\dellbios.sys --> c:\windows\DellBIOS.Sys [?]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2005-8-16 5120]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-31 33752]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-15 1247600]

=============== Created Last 30 ================

2009-02-23 11:58 

Is Authentium AntiVirus SDK updated?
If not, I'm not sure why you are on the internet with no anti-virus. why did you remove BOTH AVG and McAfee? You need to have one updated anti-virus unless we instruct you to temporarily disable it.

RogueScanFix has not been updated in almost a year. That's why it did not work.

Your HijackThis log is incompete. Please repost your log.

I reinstalled McAfee. I only deleted it to attempt a fix that had been recommended. I also updated roguescanfix. I'm on board with you now and here is the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:47, on 02/24/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O23 - Service: McAfee Application Installer Cleanup (0073651235523049) (0073651235523049mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Eric\LOCALS~1\Temp\007365~1.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4382 bytes

Understand, on rogue. It's deleted. Here is the MBAM scan log I just did.

Malwarebytes' Anti-Malware 1.34
Database version: 1795
Windows 5.1.2600 Service Pack 3

02/24/09 6:07:56 PM
mbam-log-2009-02-24 (18-07-56).txt

Scan type: Quick Scan
Objects scanned: 92157
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also updated roguescanfix.

RoguscanFix has not had an update for almost a year, Updating it now will do no good. You might as well delete it.

Please update Malwarebytes' Anti-Malware and run a scan. Please post that log.

Do not reboot the computer.  Please leave as is for now until I can review your log. Thanks.

Okay, here we go. Please follow these instructions carefully.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

* Additional information on A/V control HERE.

Here is the ComboFix log:

ComboFix 09-02-24.02 - Eric 2009-02-25 11:54:59.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1544 [GMT -8:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
FW: Norton Internet Worm Protection *disabled*
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\init32.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\userinit.exe . . . is infected!!

.
(((((((((((((((((((((((((   Files Created from 2009-01-25 to 2009-02-25  )))))))))))))))))))))))))))))))
.

2009-02-25 08:24 . 2009-02-25 08:24 

Did you install something from Webroot today?

Yes per guidance from dell. The install would never complete, so I aborted the mission and deleted what had installed. Since running ComboFix I havn't had any popups. My computer seems to be runing great. Is that the completion of the removal or do you still see suspicious?

Bugbatter, thanks for all your help. Sorry, forthe dificulties. This was my first such issue and my head was spinning. Thank you again, you really helped.

Yes per guidance from dell. The install would never complete, so I aborted the mission and deleted what had installed.

I requested in the beginning of this thread that you do not install any programs during our fix.

Please remove ComboFix.

* Click Start then Run
Copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and / Then hit enter.

This will remove ComboFix, run some cleanup procedures, and flush System Restore, thus creating a Restore Point.

I am going to discontinue my participation in this thread. If you have any new problems, I suggest a reformat. That is the only way that you will know that this one is really clean.

You're welcome.

One more question for you! I have just restarted my computer and when I login my background image appears but I can do nothing with windows. Upon startup it gives me the option to go to restore? Can you help! My computer is dead after the restart!