Issue with Malware on XP laptop

First off thanks for this forum. I look forward to receiving some assistance as I sure need it. Unfortunately my wife caught one of these malware programs. I have tried to clean her computer with AVG Free 8, Lavasoft AdAware. I found a thread on Google that spoke about SmitfraudFix,etc and ran that but it only helped a litte. I have all the symtoms browser popus, tools not running, crashes,etc. I have followed all steps in the Run First section and the information and logs that I coudl gather are attached below.

Thanks in advance for your help,

Bo

Step 1: Completed
- Add/Remove malware
--found and uninstalled Viewpoint Media Player via add/remove

- Update Java- already had latest version
- MSconfig - already set to normal startup mode
- Quarantined files
--removed C:\Program Files\Common\helper.dll named as Infection: Trojan horse Adload_r.FP
- Emptied recycle bin
- Norton not installed
- Ccleaner ran successfully
--cleaned for each user including Administrator in Safe Mode

Step 2: Completed
- All hidden files shown

Step 3: Partially Completed - Downloaded programs using non-infected computer and copied to infected computer over LAN network.
SUPERAntiSpyware
-double clicked on SUPERAntiSpyware.exe
-clicked Run
-received "SUPERAntiSpyware Free Edition has encountered a problem an needs to close" message
-clicked Don't Send

--moved on to next cleaning step
Spybot Search and Destroy
-installed and made sure that TeaTimer was not checked
-click "Run" after finish and nothing happened
-ran updates using Program options from Start menue and got Immunization database to update
-tried to run again and nothing happened (hour glass shows up briefly and then nothing happens)

-- move on to next cleaning step
Malware bytes
--downloaded malwarebytes
--saved as mb.exe
--double click mb.exe
--installed fine and made sure that Update..and Launch.. were both checked
--click Finish
--program did not launch after install nor when shortcut is clicked on desktop after install
--(hour glass shows up briefly and then nothing happens)

-- move on to next cleaning step
ComboFix
--downloaded combofix to desktop
--double clicked ComboFix.exe
--clicked Run
--program did not launch
--(hour glass shows up briefly and then nothing happens)
--move on to next cleaning step

MGTools
--downloaded MGTools to C:\
--executed MGTools
--clicked "I Accept" twice as instructed
--MGlogs.zip file was created

 

First a question....what is this:
C:\DOCUME~1\KARENG~1\LOCALS~1\Temp\clclean.0001
bglenn: This is a file that Creative Sound Blaster Audigy uses
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Quote:
O2 - BHO: AgentWare.Tcd.Gds.Bho.GdsBho - {CD8AE3AE-B1FA-482B-9AD7-C2E74AEF6E69} - mscoree.dll (file missing)
O18 - Filter hijack: text/html - {0b0cd0af-789a-4f18-82a4-6e4fed89e6bf} - C:\WINDOWS\system32\mst122.dll


After clicking Fix, exit HJT.
bglenn: Done. All elements were fixed/removed by HJT. The AgentWare entry is from an application that my company develops and it is not harmful but I removed it anyway per your instructions

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD8AE3AE-B1FA-482B-9AD7-C2E74AEF6E69}]



Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.
bglenn:Saved and executed from the desktop and did receive the successful message
Now use windows explorer to find and delete:
C:\WINDOWS\system32\mst122.dll
bglenn:File was not found in C:\windows\system32 or from an entire C:\ drive search
See if you can now run the other scans.
Dowloaded all new version of previous tools that did not run and there was no change.
SuperAntiSpyware - crashed
Spybot Search and Destroy - Installed but did not run
Malwarebytes - Installed but did not run
ComboFix - did not run
Then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
New MGlogs.zip file is attached

 

Please check this thread:
TDSSserv Non-Plug & Play Driver Disable
I read the thread and did not have the non plug and play driver mentioned (TDS..). I have made a screen shot of all the non plug and play drivers installed but I have a feeling that the other logs will be of more importance.
I assume you tried safe mode and renaming the scans?
Yes I have tried to install/re-install in safe and normal mode without success so I decided to try another approach. Previously I had been installing under my wife's account so I decided to try to install all the other tools using my login (another login account). Here are the results:
-SuperAntiSpyware
--installed (first time it ever installed) but failed to run
Spybot Search and Destroy
--installed but failed to run
Malware Bytes
--installed but failed to run
-ComboFix
--ran and sucessfully detected rootkit
--created a ComboFix log
MGTools
--ran GetLogs.bat and attached new MGLogs.zip

I hope that you will give it a thumbs up as ComboFix never ran before now

 

Use windows explorer to find and delete:
c:\windows\system32\uacinit.dll
Found and removed
Then run CCleaner --> both the cleaner and the registry ( making sure to do the backup when prompted).
CCleaner ran (cleaner and registry) and registry backed up
Reboot and see if you can now run SAS and MBAM.
Rebooted and was able to run SAS (no malicious entries found) and MBAM (found 8 infected files and removed them)
I have attached log files for SAS, MBAM, and MTools. I also ran MBAM again after rebooting from the first run and this time it found 0 infected files so I think things are improving

I noticed that you did not say to run Spybot S&D...should I run that app as well?