XP not functioning in normal or safe mode

ok i got confirmation from avg that the scanner does not run in safe mode i went ahead and did another scan. these are the results:

ComboFix 09-10-06.03 - Administrator 2009/10/06 21:42.5.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.886.1033.18.447.289 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\mtlff.exe"
"C:\nqxbk.exe"
"C:\rlswn.exe"
"c:\windows\system32\bahabona.dll"
"c:\windows\system32\bezizipu.dll"
"c:\windows\system32\difebebu.exe"
"c:\windows\system32\dipakule.dll"
"c:\windows\system32\fonodate.exe"
"c:\windows\system32\fumupofo.dll"
"c:\windows\system32\hazafupe.exe"
"c:\windows\system32\kavumefe.dll"
"c:\windows\system32\kiratero.dll"
"c:\windows\system32\laweyohe.exe"
"c:\windows\system32\lunegogu.dll"
"c:\windows\system32\nalusihe.exe"
"c:\windows\system32\nominenu.dll"
"c:\windows\system32\sokofosu.exe"
"c:\windows\system32\sonewibu.exe"
"c:\windows\system32\sovowuyi.dll"
"c:\windows\system32\tufujavu.dll"
"c:\windows\system32\vomuganu.dll"
"c:\windows\system32\wifenoho.dll"
"c:\windows\system32\wozupeva.dll"
"c:\windows\system32\wurebupe.dll"
"c:\windows\system32\yadebene.dll"
"c:\windows\system32\yiriyidi.dll"
"c:\windows\system32\yokamuye.dll"
"c:\windows\system32\yovalono.dll"
"c:\windows\system32\yuhisona.exe"
"c:\windows\system32\yunohoyo.exe"
"c:\windows\system32\zayitala.exe"
"c:\windows\win32k.sys"
"C:\yonm.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-06 23:50 . 2009-10-07 00:02 -------- d-----w- C:\Combo-Fix9963C
2009-10-06 22:35 . 2009-10-06 22:35 -------- d-----w- c:\windows\LastGood
2009-10-06 22:23 . 2004-08-04 07:56 55808 ----a-w- c:\windows\system32\eventlog.dll
2009-10-06 01:34 . 2009-10-06 22:18 -------- d-----w- C:\Combo-Fix
2009-10-06 00:53 . 2009-10-06 01:11 -------- d-----w- C:\Combo-Fix.txt
2009-10-03 17:40 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 17:40 . 2009-10-05 00:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 17:40 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 03:53 . 2009-10-01 03:53 -------- d-----w- c:\program files\Trend Micro
2009-09-30 13:37 . 2009-09-30 13:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-30 13:24 . 2009-09-30 13:24 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-09-30 13:23 . 2009-09-30 13:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-30 12:56 . 2009-09-30 12:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-30 05:20 . 2009-09-30 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 07:29 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 22:32 . 2005-04-18 04:46 793 --sha-w- c:\windows\system32\mmf.sys
2009-09-30 05:38 . 2008-10-19 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-09-30 04:51 . 2006-12-09 19:38 -------- d-----w- c:\program files\Windows Defender
2009-09-30 03:44 . 2008-10-19 05:02 -------- d-----w- c:\program files\DNA
2009-09-05 12:32 . 2009-09-05 12:32 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-09-05 07:24 . 2004-07-13 20:28 -------- d-----w- c:\program files\DivX
2009-09-05 07:23 . 2009-09-05 07:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-14 13:36 . 2009-02-01 15:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 13:36 . 2008-07-04 05:16 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 13:36 . 2007-01-01 08:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:24 . 2004-08-11 22:48 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-11 22:48 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-11 22:48 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-05-20 17:33 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-05-20 17:51 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-11 22:48 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-02-01 02:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-05-20 17:33 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 15:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2009-02-01 19:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-05-20 17:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-11 06:45 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-03-08 23:41 . 2005-03-08 23:41 56 --sha-r- c:\windows\system32\82F1638CF7.sys
2005-03-08 23:41 . 2005-03-08 23:41 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 1033728 . . [------] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-06_01.42.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:48 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-10-06 22:35 . 2008-10-16 20:06 208744 c:\windows\LastGood\system32\muweb.dll
+ 2009-10-06 22:35 . 2008-10-16 20:06 268648 c:\windows\LastGood\system32\mucltui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Acme.PCHButton"="c:\progra~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\pchbutton.exe" [2004-04-01 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-16 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-4-1 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-14 13:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\VectorWorks 10.1\\VectorWorks.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\InterVideo\\Quake III Arena\\quake3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7000:TCP"= 7000:TCP:btdownloadergui

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-14 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-14 297752]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2005-04-18 2560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 21:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2367046221-998718354-2122322601-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,6d,c5,fe,2e,8f,b3,40,ba,ea,4d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,6d,c5,fe,2e,8f,b3,40,ba,ea,4d,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6,a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de,a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d,07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b,a4,1e,da,46,25,2d,2a,72,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:c5,ff,57,75,f6,0a,be,c2
"3"=hex:48,0c,95,15,2b,0f,5c,2f,6f,53,7a,16,ea,05,fc,41,9c,cb,d7,93,ce,0b,b9,
e9,f3,cb,59,bb,1e,cc,c3,d2,4b,65,38,f1,04,90,3a,67,09,52,da,db,9c,b2,36,eb,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd,f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:5d,56,03,e5,33,b3,79,9e,4c,e0,61,6e,a5,60,95,f1,1d,da,60,89,a3,a0,95,
f9
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Completion time: 2009-10-07 21:53
ComboFix-quarantined-files.txt 2009-10-07 02:53
ComboFix2.txt 2009-10-07 00:02
ComboFix3.txt 2009-10-06 01:44

Pre-Run: 75,786,301,440 bytes free
Post-Run: 75,753,889,792 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=,1,3,4,5
248 --- E O F --- 2009-09-29 05:08

so just for shits and giggles i attempted to run MBAM following combo fix and it acutally ran successfuly! heres the results:

Malwarebytes' Anti-Malware 1.41
Database version: 2917
Windows 5.1.2600 Service Pack 3 (Safe Mode)

2009/10/6 ?? 10:44:36
mbam-log-2009-10-06 (22-44-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 241392
Time elapsed: 43 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 116

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c8ab177-7b09-4f5c-9e6d-82eaa765430c} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ed983c3-faac-400c-bbd4-f519d74ff188} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f80c1d93-0d22-436e-963e-9d3156997a4e} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Accoona (Adware.Accoona) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:
C:\Combo-Fix.txt\Combo-Fix.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\mtlff.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\nqxbk.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\rlswn.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\yonm.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\0071353322\0071353322.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\1595671417\1595671417.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\2238284318\2238284318.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\3353943843\3353943843.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\7712371694\7712371694.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\9642813372\9642813372.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\seres.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\svcst.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bahabona.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bezizipu.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\difebebu.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dipakule.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fonodate.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fumupofo.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hazafupe.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\huzisopo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kavumefe.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kiratero.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kogekebe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\laweyohe.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lejivaya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lunegogu.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nalusihe.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nominenu.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sokofosu.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sonewibu.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sovowuyi.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tufujavu.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vomuganu.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wifenoho.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wozupeva.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wurebupe.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yadebene.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yiriyidi.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yokamuye.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yovalono.dll.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yuhisona.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yunohoyo.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zayitala.exe.vir (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0175222.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0176295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0176296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0176297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0176337.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0176338.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0176339.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179341.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179343.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179368.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179372.exe (Backdoor.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179403.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179404.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179410.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179415.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179420.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179422.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179430.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179460.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179461.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179544.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179594.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179597.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179600.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179603.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179606.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179609.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179610.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179611.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179612.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179613.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179614.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179615.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179616.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179617.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179618.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179619.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179620.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179621.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179622.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179623.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179624.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179625.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179626.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179627.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179628.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179629.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179630.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179631.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179632.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179633.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179634.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179635.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179636.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179637.dll (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179638.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179639.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179640.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1670\A0179642.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1672\A0179707.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1672\A0179769.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1672\A0179837.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1672\A0179906.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1672\A0180068.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1672\A0180121.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP1672\A0180292.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Hello.
Nearly done now.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Uninstal Manager List:

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Adobe Reader 7.0.5
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Agere Systems PCI Soft Modem
Anvil Studio
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AutoCAD 2006 - English
Autodesk Express Viewer
AVG Free 8.5
AVI to MPEG Converter
BSPlayer
Combined Community Codec Pack 2005-12-21 (Remove Only)
Command & Conquer The First Decade
dBpowerAMP Music Converter
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EVGA Display Driver
ffdshow (remove only)
Garmin Communicator Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
HPIZ350
Huffyuv AVI lossless video codec (Remove Only)
intelliScore Polyphonic Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iPod for Windows 2005-03-23
iPod for Windows 2005-10-12
iPod for Windows 2005-11-17
iPod shuffle Reset Utility
IsoBuster 1.8
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Matroska Pack - Lazy Man's MKV 0.9.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MidiNotate Composer
MobileMe Control Panel
Morgan Stream Switcher
Mozilla Firefox (3.0.7)
MP3 Converter Simple
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NETGEAR Wireless Adapter WG311T
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Photosmart 140,240,7200,7600,7700,7900 Series
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
TallStick TS-AudioToMIDI 3.20 (remove only)
Toolkit View(HP)
Trillian
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Updates from HP
VC80CRTRedist - 8.0.50727.762
VDMSound
VectorWorks 10.1
VectorWorks Viewer 10.1
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.6c
Viewpoint Manager (Remove Only)
Viewpoint Media Player
ViviCam 3350
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
XviD Video Codec 24062003-1 (Koepi's developer build)
Yahoo! Anti-Spy

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Manager (Remove Only)
Viewpoint Media Player

How is the machine running now?

its the same. no start menu no desktop no access to the task manager when booted normally or in safe mode as user. no start menu or desktop when started in safe mode as admin. it wouldnt let me uninstall the java programs. it gave me an error about windows installer service not working in safe mode or being improperly installed.

Hmm, sounds like Explorer isn't working too well.

Boot to normal mode, and when it comes on blank, can you open the Task Manager by using alt/ctrl/del.

Under the Applications tab, press "New Task...", and type in "explorer" in the run field.

Does your Desktop load now?

ctrl alt del doesnt work. it gives me an error saying the admin has blocked this function or something to that effect.

Hello.
I want to check something.

Submit a file for analysis.

1. Please visit this website: Jotti's Malware Scanner
   
2. Press the "Browse" button and locate the following file in bold:
   C:\WINDOWS\explorer.exe
   
3. Press the "Submit File button to submit the file for analysis.
   
4. Allow it to be scanned, it could take a few minutes depending on server load.
   
5. Copy and paste the result back here.
   

This is what it had in the status bar:

File is empty (0 bytes)!

bump

Hmm, lets get a fresh copy of that file from a backup you have on your machine.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   FCopy::
   c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 09-10-12.03 - Administrator 2009/10/12 22:34.6.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.886.1033.18.447.267 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\iniasd.txt

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-07 02:41 . 2009-10-07 02:53 -------- d-----w- C:\Combo-Fix23555C
2009-10-06 23:50 . 2009-10-07 00:02 -------- d-----w- C:\Combo-Fix9963C
2009-10-06 22:23 . 2004-08-04 07:56 55808 ------w- c:\windows\system32\eventlog.dll
2009-10-06 01:34 . 2009-10-06 22:18 -------- d-----w- C:\Combo-Fix
2009-10-06 00:53 . 2009-10-06 01:11 -------- d-----w- C:\Combo-Fix.txt
2009-10-03 17:40 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 17:40 . 2009-10-07 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 17:40 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 03:53 . 2009-10-01 03:53 -------- d-----w- c:\program files\Trend Micro
2009-09-30 13:37 . 2009-09-30 13:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-30 13:24 . 2009-09-30 13:24 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-09-30 13:23 . 2009-09-30 13:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-30 12:56 . 2009-09-30 12:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-30 05:20 . 2009-09-30 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 01:30 . 2005-04-18 04:46 793 --sha-w- c:\windows\system32\mmf.sys
2009-10-09 01:26 . 2004-07-13 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-30 05:38 . 2008-10-19 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-09-30 04:51 . 2006-12-09 19:38 -------- d-----w- c:\program files\Windows Defender
2009-09-30 03:44 . 2008-10-19 05:02 -------- d-----w- c:\program files\DNA
2009-09-05 12:32 . 2009-09-05 12:32 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-09-05 07:24 . 2004-07-13 20:28 -------- d-----w- c:\program files\DivX
2009-09-05 07:23 . 2009-09-05 07:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-14 13:36 . 2009-02-01 15:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 13:36 . 2008-07-04 05:16 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 13:36 . 2007-01-01 08:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:24 . 2004-08-11 22:48 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-11 22:48 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-11 22:48 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-05-20 17:33 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-05-20 17:51 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-11 22:48 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-02-01 02:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-05-20 17:33 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 15:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2009-02-01 19:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-05-20 17:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-03-08 23:41 . 2005-03-08 23:41 56 --sha-r- c:\windows\system32\82F1638CF7.sys
2005-03-08 23:41 . 2005-03-08 23:41 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-06_01.42.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:48 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Acme.PCHButton"="c:\progra~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\pchbutton.exe" [2004-04-01 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-16 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-4-1 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-14 13:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\VectorWorks 10.1\\VectorWorks.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\InterVideo\\Quake III Arena\\quake3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7000:TCP"= 7000:TCP:btdownloadergui

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-14 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-14 297752]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2005-04-18 2560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 22:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2367046221-998718354-2122322601-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,6d,c5,fe,2e,8f,b3,40,ba,ea,4d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,6d,c5,fe,2e,8f,b3,40,ba,ea,4d,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6,a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de,a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d,07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b,a4,1e,da,46,25,2d,2a,72,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:c5,ff,57,75,f6,0a,be,c2
"3"=hex:48,0c,95,15,2b,0f,5c,2f,6f,53,7a,16,ea,05,fc,41,9c,cb,d7,93,ce,0b,b9,
e9,f3,cb,59,bb,1e,cc,c3,d2,4b,65,38,f1,04,90,3a,67,09,52,da,db,9c,b2,36,eb,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd,f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:5d,56,03,e5,33,b3,79,9e,4c,e0,61,6e,a5,60,95,f1,1d,da,60,89,a3,a0,95,
f9
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Completion time: 2009-10-13 22:45
ComboFix-quarantined-files.txt 2009-10-13 03:45
ComboFix2.txt 2009-10-07 02:53
ComboFix3.txt 2009-10-07 00:02
ComboFix4.txt 2009-10-06 01:44

Pre-Run: 75,604,992,000 bytes free
Post-Run: 75,660,136,448 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=,1,3,4,5
207 --- E O F --- 2009-09-29 05:08

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

its actually running reƖative well considering its an old un-upgraded pos. a little slower than normal i think and i cannot re-install windows defender. i uninstalled it when i thought a bad update was the cause of the problem. oops. it says something about insufficent permissions. i still cannot access the task manager. it still says it has been disabled by the admin. audio and video seem to work just fine.

Hello.
See here for Task Manager problem.
http://www.tips4pc.com/Computer_tips_and_tricks/disable_or_enable_the_task_manager.htm

The above guide is for disabling Task Manager, but follow the steps and turn it back on.

this also managed not to work, but i somehow found a way around it. i deleted the old defender file and then it let me re-install. ran mbam and got rid of the stuff it found, re-booted and pow i can get to the task manager. all seems to be good with it finally!

Ah, good then.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

thank you thank you thank you! i shall certainly try to stick to firefox from now on though i dont like the UI as much as IE. ive created the restore point so it should be good to go. i just have one question and another foray to ask of you. first is there a program or a setting in windows out there like carbonite or mozi that will instead of an on-line back up, automatically backup files to an external hard drive when it is connected? also as i mentioned earlier, could you also help with my net book that is getting assulted by police pro even in safe mode?

Hello.
For backup software, I know a few, but they don't do it automatically like your wanting, so it's probably better to ask in software forum for that, other techs on this forum will know some different programs than I do.

As for your net book, sure I'll help, just open a new topic for another machine.