spyware guard 2008

My laptop is infected with spyware guard 2008. I was able to put hijackthis on it and get a log. I was not able to do the rest of the things because i am not able to open internet explorer to get to your site and download them. I have tried to run malwarebytes but once downloaded it will not let me open it. Thanks for taking the time to help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:53 PM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\1370291476.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Max Merkin\Application Data\U3\08A1396071815940\LaunchPad.exe
C:\Documents and Settings\Max Merkin\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
O1 - Hosts: 82.98.235.133 speed-runner.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 us.mcafee.com
O1 - Hosts: 82.98.235.133 www.kaspersky.com
O1 - Hosts: 82.98.235.133 www.my-etrust.com
O1 - Hosts: 82.98.235.133 www.symantec.com
O1 - Hosts: 82.98.235.133 www.winmx.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnmlmjj.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O2 - BHO: (no name) - {F8EFC7B6-A4F9-4900-8015-E01428D11A85} - C:\WINDOWS\system32\yayWnnnM.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\attfocyv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\1370291476.exe
O4 - HKCU\..\Run: [A00F11822D.exe] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\_A00F11822D.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186622693406
O18 - Filter hijack: text/html - {abcb379e-0880-465b-9e06-812312659ff4} - C:\WINDOWS\system32\iehlpr32.dll
O20 - AppInit_DLLs: isakcn.dll ndkyda.dll kydrgu.dll jugfwt.dll kordtv.dll bcggar.dll ktphua.dll
O20 - Winlogon Notify: nnnmlmjj - C:\WINDOWS\SYSTEM32\nnnmlmjj.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: __c00B8770 - C:\WINDOWS\system32\__c00B8770.dat
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11738 bytes

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
  O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
  O1 - Hosts: 82.98.235.133 speed-runner.com
  O1 - Hosts: 82.98.235.133 url.adtrgt.com
  O1 - Hosts: 82.98.235.133 us.mcafee.com
  O1 - Hosts: 82.98.235.133 www.kaspersky.com
  O1 - Hosts: 82.98.235.133 www.my-etrust.com
  O1 - Hosts: 82.98.235.133 www.symantec.com
  O1 - Hosts: 82.98.235.133 www.winmx.com
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnmlmjj.dll
  O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
  O2 - BHO: (no name) - {F8EFC7B6-A4F9-4900-8015-E01428D11A85} - C:\WINDOWS\system32\yayWnnnM.dll
  O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
  O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
  O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
  O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\attfocyv.dll",b
  O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
  O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\winloggn.exe
  O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\csrssc.exe
  O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\1370291476.exe
  O4 - HKCU\..\Run: [A00F11822D.exe] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\_A00F11822D.exe
  O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
  O18 - Filter hijack: text/html - {abcb379e-0880-465b-9e06-812312659ff4} - C:\WINDOWS\system32\iehlpr32.dll
  O20 - AppInit_DLLs: isakcn.dll ndkyda.dll kydrgu.dll jugfwt.dll kordtv.dll bcggar.dll ktphua.dll
  O20 - Winlogon Notify: nnnmlmjj - C:\WINDOWS\SYSTEM32\nnnmlmjj.dll
  O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
  O20 - Winlogon Notify: __c00B8770 - C:\WINDOWS\system32\__c00B8770.dat
  O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\nnnmlmjj.dll
C:\WINDOWS\system32\yayWnnnM.dll
C:\WINDOWS\system32\tyshb36rfjdf.dll
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\attfocyv.dll
C:\WINDOWS\system32\iehlpr32.dll
C:\WINDOWS\SYSTEM32\nnnmlmjj.dll
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\system32\__c00B8770.dat
C:\WINDOWS\system32\isakcn.dll
C:\WINDOWS\system32\ndkyda.dll
C:\WINDOWS\system32\kydrgu.dll
C:\WINDOWS\system32\jugfwt.dll
C:\WINDOWS\system32\kordtv.dll
C:\WINDOWS\system32\bcggar.dll
C:\WINDOWS\system32\ktphua.dll

Folders to delete:
C:\Program Files\Spyware Guard 2008

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Ok i did what you said and when it restarted the computer for me it wont let me get past the welcome page. I click on my name to choose a user and it starts to load but in a few seconds logs me off again and leaves me with a screen saying welcome and my name to log on.

Darn.
Well as I mentioned, the malware has caused a lot of damage and sometimes unforeseen things happen in cases like this.

Can you try booting to safe mode and try loading your profile in safe mode?

Safe mode does the same thing.

Okay, lets see if we can use last known good.

Reboot again and start tapping F8 key after the beep to access the advanced boot menu.
Choose "Last known good configuration"
See if you can access it now.

Last known good did not work either.

Hello.
Darn, sorry the malware has caused so much damage.
If you have your XP disc, I would say now would be a wise choice to format before the malware authors use this machine to spread more malware around.

Let me know in your next post

What if i dont have my XP disc?

Does the machine have a factory image stored on the HD?

Im not sure what that means. It is a toshiba satelite laptop...

Reboot again.
Start tapping the F12 key and you'll get another boot menu.

Is there a "Factory image restore"?

When i tap F12 it shows

Boot Menu
1. HDD
2. FDD
3. CD/DVD
4. LAN
5. USB Memory

Wrong button, some computers are different.
Reboot again, start tapping F10, what menu do you get this time?

F10 didnt do anything

Hello.
Can you write to CD's? We can use Avira rescue CD and boot from that.

yes i can

Okay, read this guide for how to use it (pictures included)

http://www.raymond.cc/blog/archives/2008/06/28/free-avira-antivir-rescue-system-cd-to-clean-unremovable-virus/

Download link for it is at the bottom of the article.

well one avira didnt run like it said in the article and two it didnt do anything once i figured out how to run it. i can send you the log file if you wish but it just said unremovable for the problems it found. After running it, my laptop still will not boot up. I am still looking for my windows xp disc...hopefully i will find it soon and we can just start over. can you give me directions on how to do that if i find my windows xp disc. Thank you sooooo much.

Hello.
What did Avira find? UACd.sys? or a driver called UACd?

If you can get your XP disc, we'll format because there's too much damage done to fix it.

I dont think it found either of those.

If i buy a toshiba recovery cd for my laptop is that the same as having my XP disc, because i think my xp disc is gone

The disc might work, depends if the license key for this OS will still work.

Ok i have finally acquired a windows disc. Where do we go from here. It is windows XP SP2 upgrade

See here:

When should I do a reformat and reinstallation of my OS

How to format Windows:
http://www.whitecanyon.com/how-to-format-computer.php

When i put in the windows disc and restart the computer still loads the same as it has been. Any ideas?

Boot order needs to be changed in the BIOS.
When you boot, it will give you "Press DEL to enter BIOS", sometimes it's not DEL, but some other key, it will tell you anyway.

Every BIOS is different, but a general guide on changing boot order is here:
http://www.whitecanyon.com/how-to-change-boot-order.php

Ok i did that and now it says "press any key to boot from CD..." but when hit a key (i tried several different keys) it still does not boot

Do you mean it still won't boot Windows? it's not meant to. It's meant to boot from the CD so we could try a repair install.

It isnt booting at all it is a black screen that reads "press any key to boot from CD" And it doesnt boot just stays on that screen

Still trying to get my laptop running any ideas left for me?

Nope, I've no ideas at this moment.
I'm gonna ask someone later when I see him online.