Windows Police Pro on XP machine

Windows Police Pro has invaded my net book. Windows explorer is running normally in safe mode except for the fact that i am locked out of the task manager even when logged on as the admin. i cannot run avg, windows defender, malware bytes or hijackthis on it.

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

ComboFix Log:
ComboFix 09-10-23.01 - Administrator 10/24/2009 11:48.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.802 [GMT -5:00]
Running from: c:\documents and settings\Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Start Menu\Programs\Windows Police Pro
c:\documents and settings\Merlin\Start Menu\Programs\Windows Police Pro
c:\program files\AdvancedVirusRemover
c:\program files\Windows Police Pro
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-0823906687-9603902155-275191836-6971
c:\recycler\S-1-5-21-2841344863-9824998207-125976383-7598
c:\windows\system32\bcmwl5.inf
c:\windows\system32\Desktop_.ini
c:\windows\system32\images
c:\windows\system32\jasosise.exe
c:\windows\system32\ziperame.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\csrss.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\lsass.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\services.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\taskmgr.exe
c:\documents and settings\Administrator\Desktop\Windows Police Pro.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\documents and settings\Merlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Merlin\Desktop\Windows Police Pro.lnk
c:\documents and settings\Merlin\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\Merlin\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\program files\Windows Police Pro\winivsetup.exe
C:\qdgavjh.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858\Desktop.ini
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe
c:\recycler\S-1-5-21-0823906687-9603902155-275191836-6971\Desktop.ini
c:\recycler\S-1-5-21-0823906687-9603902155-275191836-6971\wnzip32.exe
c:\recycler\S-1-5-21-2841344863-9824998207-125976383-7598\Desktop.ini
c:\windows\msa.exe
c:\windows\svchast.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\bijukotu.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\certstore.dat
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\fegezofo.dll
c:\windows\system32\fepkd53qo7.dll
c:\windows\system32\fufakili.dll
c:\windows\system32\gosge7.dll
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\isasdk.sys
c:\windows\system32\iycrmtarub.dll
c:\windows\system32\kosagiti.dll
c:\windows\system32\lugesate.dll
c:\windows\system32\mea8blp5.dll
c:\windows\system32\nuar.old
c:\windows\system32\plkmn2o0.dll
c:\windows\system32\plUGie.dll
c:\windows\system32\pobojohe.dll
c:\windows\system32\pump.exe
c:\windows\system32\r4j6ipfyl.dll
c:\windows\system32\rush4imjo3.dll
c:\windows\system32\serubifa.dll
c:\windows\system32\skynet.dat
c:\windows\system32\sysnet.dat
c:\windows\system32\tonepopo.dll
c:\windows\system32\ulwbgxt.dll
c:\windows\system32\vapuhonu.dll
c:\windows\system32\vk71h9t9.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wispex.html
c:\windows\system32\wvdk6.dll
c:\windows\system32\xi94dzad.dll
c:\windows\system32\xmBSen6iii.dll
c:\windows\system32\xmgrf.dll
c:\windows\system32\yuwelete.dll
c:\windows\system32\zu09qz2x4.dll
c:\windows\system32\zzxjret.dll
c:\windows\wf3.dat
c:\windows\wf4.dat

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_ANTIPOL
-------\Legacy_GLAIDE32
-------\Legacy_ISASDK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_6to4
-------\Service_AntiPol
-------\Service_glaide32
-------\Service_isasdk


((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-03 17:42 . 2009-10-03 17:43 79360 ----a-w- C:\hsjcyle.exe
2009-10-03 17:28 . 2009-10-03 17:43 192951 ----a-w- C:\ituycggj.exe
2009-10-03 17:28 . 2009-10-03 17:42 9728 ----a-w- C:\luqnovd.exe
2009-10-03 17:27 . 2009-10-03 17:27 161280 ----a-w- C:\uheu.exe
2009-10-03 17:27 . 2009-10-03 17:43 51200 ----a-w- C:\dkvyax.exe
2009-10-03 17:27 . 2009-10-03 17:42 43520 ----a-w- C:\rmnkbgw.exe
2009-10-03 17:26 . 2009-10-03 17:27 161280 ----a-w- C:\faluw.exe
2009-10-03 17:25 . 2009-10-03 17:26 43520 ----a-w- C:\ejpjqdnw.exe
2009-10-03 03:28 . 2009-10-03 17:25 9728 ----a-w- C:\qhhi.exe
2009-10-03 03:28 . 2009-10-03 17:26 192951 ----a-w- C:\bxim.exe
2009-10-02 03:46 . 2009-10-02 03:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-02 03:45 . 2009-10-02 03:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-02 03:44 . 2009-10-02 03:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-02 03:07 . 2009-10-03 17:31 131731 ----a-w- c:\windows\system32\dbsinit.exe
2009-10-02 03:01 . 2009-10-02 03:01 -------- d-----w- c:\program files\Trend Micro
2009-10-02 02:38 . 2009-10-02 02:38 -------- d-----w- c:\documents and settings\Merlin\Application Data\6857436442
2009-10-02 02:38 . 2009-10-02 02:38 -------- d-----w- c:\documents and settings\Merlin\Application Data\2497265022
2009-10-02 02:32 . 2009-10-02 02:32 52736 ----a-w- C:\hyvt.exe
2009-10-02 02:32 . 2009-10-02 02:32 45568 ----a-w- C:\uekw.exe
2009-10-02 02:32 . 2009-10-24 16:38 0 ----a-r- c:\windows\win32k.sys
2009-10-02 02:32 . 2009-10-02 02:32 201200 ----a-w- C:\gsrilums.exe
2009-10-02 02:31 . 2009-10-02 02:32 79360 ----a-w- C:\qkfd.exe
2009-10-02 02:31 . 2009-10-02 02:32 245760 ----a-w- C:\utksugvj.exe
2009-10-02 02:31 . 2009-10-02 02:31 9728 ----a-w- C:\uxgjlq.exe
2009-09-30 04:56 . 2009-09-30 04:56 -------- d-----w- c:\documents and settings\Merlin\Application Data\Malwarebytes
2009-09-30 04:56 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 04:56 . 2009-10-03 05:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 04:56 . 2009-09-30 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 04:56 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-24 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-25 321344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-04 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

BHO-{bd9d5f1c-6c71-422f-ba86-86142ccbcf73} - lugesate.dll
HKCU-Run-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
HKCU-Run-PopRock - c:\docume~1\Merlin\LOCALS~1\Temp\b.exe
HKLM-Run-nupusijiw - c:\windows\system32\tonepopo.dll
HKLM-Run-nevahedopi - pobojohe.dll
AddRemove-HijackThis - c:\documents and settings\Merlin\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 11:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\commy\CF1171.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\progra~1\LAUNCH~1\LManager.exe
c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
c:\progra~1\AVG\AVG8\avgtray.exe
c:\program files\Windows Defender\MSASCui.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\windows\system32\igfxext.exe
c:\program files\iTunes\iTunesHelper.exe
c:\documents and settings\Merlin\Application Data\2497265022\2497265022.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\docume~1\Merlin\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgupd.exe
c:\commy\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 12:00 - machine was rebooted [Merlin]

Pre-Run: 136,693,600,256 bytes free
Post-Run: 136,107,671,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect



Add remove programs Log:

2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Acer eRecovery Management
Acer ScreenSaver
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AutoUpdate
AVG Free 8.5
BitTorrent
Bonjour
Broadcom Driver v4.170.25.12_Foxconn Installation Program
Choice Guard
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
ffdshow [rev 3026] [2009-07-05]
Google Toolbar for Internet Explorer
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Intel Matrix Storage Manager
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MSVCRT
MSXML 4.0 SP2 (KB954430)
OpenOffice.org 3.1
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VC80CRTRedist - 8.0.50727.762
WebCam
WebFldrs XP
Windows Defender
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Xvid 1.2.2 final uninstall

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   C:\hsjcyle.exe
   C:\ituycggj.exe
   C:\luqnovd.exe
   C:\uheu.exe
   C:\dkvyax.exe
   C:\rmnkbgw.exe
   C:\faluw.exe
   C:\ejpjqdnw.exe
   C:\qhhi.exe
   C:\bxim.exe
   C:\hyvt.exe
   C:\uekw.exe
   C:\gsrilums.exe
   C:\qkfd.exe
   C:\utksugvj.exe
   C:\uxgjlq.exe
   
   FileLook::
   crypt32.dll
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

ComboFix 09-10-23.01 - Administrator 10/24/2009 18:29.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.818 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\commy.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

FILE ::
"C:\bxim.exe"
"C:\dkvyax.exe"
"C:\ejpjqdnw.exe"
"C:\faluw.exe"
"C:\gsrilums.exe"
"C:\hsjcyle.exe"
"C:\hyvt.exe"
"C:\ituycggj.exe"
"C:\luqnovd.exe"
"C:\qhhi.exe"
"C:\qkfd.exe"
"C:\rmnkbgw.exe"
"C:\uekw.exe"
"C:\uheu.exe"
"C:\utksugvj.exe"
"C:\uxgjlq.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bxim.exe
C:\dkvyax.exe
c:\documents and settings\Merlin\Desktop\Security Tool.lnk
c:\documents and settings\Merlin\Local Settings\temp\RtkBtMnt.exe
c:\documents and settings\Merlin\Start Menu\Programs\Security Tool.lnk
C:\ejpjqdnw.exe
C:\faluw.exe
C:\gsrilums.exe
C:\hsjcyle.exe
C:\hyvt.exe
C:\ituycggj.exe
C:\luqnovd.exe
C:\qhhi.exe
C:\qkfd.exe
C:\rmnkbgw.exe
C:\uekw.exe
C:\uheu.exe
C:\utksugvj.exe
C:\uxgjlq.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 17:00 . 2009-10-24 17:00 -------- d-----w- c:\windows\LastGood
2009-10-02 03:46 . 2009-10-02 03:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-02 03:45 . 2009-10-02 03:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-02 03:44 . 2009-10-02 03:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-02 03:07 . 2009-10-03 17:31 131731 ----a-w- c:\windows\system32\dbsinit.exe
2009-10-02 03:01 . 2009-10-02 03:01 -------- d-----w- c:\program files\Trend Micro
2009-10-02 02:38 . 2009-10-02 02:38 -------- d-----w- c:\documents and settings\Merlin\Application Data\6857436442
2009-10-02 02:38 . 2009-10-02 02:38 -------- d-----w- c:\documents and settings\Merlin\Application Data\2497265022
2009-10-02 02:32 . 2009-10-24 16:38 0 ----a-r- c:\windows\win32k.sys
2009-09-30 04:56 . 2009-09-30 04:56 -------- d-----w- c:\documents and settings\Merlin\Application Data\Malwarebytes
2009-09-30 04:56 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 04:56 . 2009-10-03 05:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 04:56 . 2009-09-30 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 04:56 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 17:00 . 2009-05-25 04:36 -------- d-----w- c:\documents and settings\Merlin\Application Data\DNA
2009-10-24 16:58 . 2009-05-25 04:36 -------- d-----w- c:\program files\DNA
2009-10-24 16:38 . 2009-07-24 16:38 39424 --sha-w- c:\windows\system32\berikeki.dll
2009-10-03 05:08 . 2009-05-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-03 03:27 . 2009-07-03 03:27 194056 --sha-w- c:\windows\system32\goyetude.exe
2009-10-02 02:38 . 2009-07-02 02:37 1047588 --sha-w- c:\windows\system32\wanigedi.exe
2009-10-02 02:38 . 2009-07-02 02:37 1047588 --sha-w- c:\windows\system32\lewiyidi.exe
2009-10-02 02:37 . 2009-07-02 02:37 45568 --sha-w- c:\windows\system32\setorera.exe
2009-10-01 13:49 . 2009-05-25 04:36 -------- d-----w- c:\documents and settings\Merlin\Application Data\BitTorrent
2009-09-20 17:37 . 2009-09-20 17:37 -------- d-----w- c:\documents and settings\Merlin\Application Data\DivX
2009-09-20 03:43 . 2009-09-20 03:42 -------- d-----w- c:\program files\iTunes
2009-09-20 03:43 . 2009-09-20 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 03:42 . 2009-09-20 03:42 -------- d-----w- c:\program files\iPod
2009-09-20 03:42 . 2009-05-25 04:42 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 02:57 . 2009-09-20 02:56 -------- d-----w- c:\program files\QuickTime
2009-09-10 12:08 . 2009-07-10 00:55 -------- d-----w- c:\program files\Java
2009-09-05 07:15 . 2009-09-05 07:08 -------- d-----w- c:\program files\DivX
2009-09-05 07:14 . 2009-09-05 07:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-22 21:07 . 2009-05-24 18:37 64840 ----a-w- c:\documents and settings\Merlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 17:25 . 2009-05-24 19:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-22 17:25 . 2009-05-24 19:07 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 17:25 . 2009-05-24 19:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-05 09:01 . 2009-01-16 23:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-04 196608]
"NotificationCenterLauncher"="c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe" [2008-12-22 225280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-22 2007832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-25 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"2497265022"="c:\documents and settings\Merlin\Application Data\2497265022\2497265022.exe" [2009-10-02 1047588]
"6857436442"="c:\documents and settings\Merlin\Application Data\6857436442\6857436442.exe" [2009-10-02 1047588]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]

c:\documents and settings\Merlin\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 17:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2009 2:08 PM 108552]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [1/16/2009 6:19 PM 38400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2009 2:07 PM 335240]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/24/2009 2:07 PM 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/24/2009 2:07 PM 297752]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [1/16/2009 8:02 PM 237568]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{756974ad-cab0-4ed3-bc9f-6654a777fbf8} - c:\windows\system32\tonepopo.dll
SSODL-tizupufob-{756974ad-cab0-4ed3-bc9f-6654a777fbf8} - c:\windows\system32\tonepopo.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2165517387-2419647484-3825283475-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,98,55,dc,4a,72,c9,47,9f,d2,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,98,55,dc,4a,72,c9,47,9f,d2,02,\
.
Completion time: 2009-10-24 18:36
ComboFix-quarantined-files.txt 2009-10-24 23:36
ComboFix2.txt 2009-10-24 17:00

Pre-Run: 137,107,431,424 bytes free
Post-Run: 137,125,900,288 bytes free

- - End Of File - - 90562950951875CAC55F2F7E9F0415E1

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.41
Database version: 3028
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/25/2009 1:06:23 AM
mbam-log-2009-10-25 (01-06-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 144054
Time elapsed: 17 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 63

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2497265022 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6857436442 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Merlin\Application Data\2497265022 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Merlin\Application Data\6857436442 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Merlin\Application Data\2497265022\2497265022.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Merlin\Application Data\6857436442\6857436442.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\qdgavjh.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrss.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lsass.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\taskmgr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\winivsetup.exe.vir (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe.vir (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-0823906687-9603902155-275191836-6971\wnzip32.exe.vir (Backdoor.BHO) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fegezofo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fepkd53qo7.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fufakili.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gosge7.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\isasdk.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iycrmtarub.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lugesate.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mea8blp5.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\plkmn2o0.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\plugie.dll.vir (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pobojohe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pump.exe.vir (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\r4j6ipfyl.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rush4imjo3.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\serubifa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tonepopo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulwbgxt.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vapuhonu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vk71h9t9.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvdk6.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xi94dzad.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xmbsen6iii.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xmgrf.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zu09qz2x4.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zzxjret.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000122.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000125.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000128.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000129.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000131.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000132.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000133.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000134.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000135.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP2\A0000138.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbsinit.exe (Rogue.DB) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lewiyidi.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\setorera.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tftp.nfo (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wanigedi.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Merlin\Application Data\2497265022\2497265022.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Merlin\Application Data\2497265022\2497265022.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Merlin\Application Data\6857436442\6857436442.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Merlin\Application Data\6857436442\6857436442.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Seems to be running fine now. thanks guys!