For the past few days I have been battling problems WinXP SP3, IE6, NAV2004. On 11/28 a web search landed on an infected page which installed a rogue antivirus client going by the name Security Tool. My NAV definitions are from 6 months ago and it scans clean. I did disable the "tool" and downloaded new SAS which did remove the rogue. However occasional pop-ups did occur "You have won a $1000 gift-card from Walmart!" I continued digging and found some malware entries in HKLM/Software/Microsoft/Windows/CurrentVer/Run and Runonce and manually deleted them. I have updated SAS each day and scanned. Lo on the third day, SAS found four trojan threats that looked like they were it. After deleting, SAS asked to reboot to finish cleaning. Upon reboot, the screen remained black before even getting to the WinXP splash. Tried to boot into Safe Mode, it showed that it was stalling at kdcom.dll. At first I though SAS had removed a necessary file. Booting from WinXP CD, I was able to replace kdcom.dll and it did reboot fine. Shutting down and restarting worked fine, both soft and hard restart. However first opening of IE triggers another browser window and the pop-up for the $1000 gift card. Updated and rescanned with SAS which only found a few tracking cookies. Subsequent manual reboot again failed at kdcom.dll. Again I replaced that file and it booted fine. I then updated MBAM to new version which required a reboot. Which failed at kdcom.dll. I have replaced the file AGAIN, and have run scans in SAS, MBAM and NAV and it looks clean. But I know its not.