Need help, not sure what virus

Hi, I was trying to fix my girlfriends computer when i found this site. Her computer has been running very slowly for the past few months and she has been getting a lot of pop-ups and ads along with redirects to ad sites. 2 days ago an alert came up on her taskbar saying "Warning your computer is infected!Click here etc.etc." it had a red circle with an X in it like the symbol Norton uses but she does not have Norton on her computer. We figured it was some kind of fake spyware thing but we clicked on it to see if maybe it wasn't. It took us to a website to download AntivirusProXp2009 but we did not download it as I'm pretty sure it is fake, as soon as this happened the computer started acting very weird so we disconnected it from the internet and i have been trying to find out whats wrong since. The alert still keeps popping up, the desktop wallpaper is gone, sometimes the desktop wallpaper is an ad saying i need to click on it to fix the virus, and ads try to pop-up using both internet explorer and firefox. A new administrator account has been created that was never there before and i am unable to view hidden files or use the task manager i was able to get the task manager back using "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" in run. When i start the computer up a lot of error windows open, one says init.exe has encountered a problem and needs to close, one says AppleSyncNotifier.exe has failed to start because CoreFoundation.dll was not found, one says there was an error loading nnxlothg.dll, and another says that Data Execution Prevention has closed Windows Logon UI for my protection. I ran AVG in safe mode and it found and deleted a file called "Win32/Rustock.C" and it said that the boot sector of C, Kernel32.dll, wsock32.dll, user32.dll shell32.dll, and ntoskcnl.exe had been changed. I hope this is enough information to help identify what the problem is. Thanks for your time. Here is the Hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:41 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
F:\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\winlognn.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\msrstart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\i89xts49yn2v.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\lxi4e5ql3z7.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\cp71an5iniczf.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\a61w9j4.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\b1sqlm2wcioo2.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\kfmkybysw.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\p9kgtqqkkgj10.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Qwest\QuickCare\agentui\quickcare.exe
C:\Program Files\Qwest\QuickCare\agentui\quickcare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Virus Removal\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqNEXpN.dll
O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [30a52330] rundll32.exe "C:\WINDOWS\system32\nnxlothg.dll",b
O4 - HKLM\..\Run: [Fkiya] rundll32.exe "C:\WINDOWS\Nhakisawanulamol.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Becky\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe
O4 - HKLM\..\Run: [DeskTopSrv] C:\WINDOWS\system32\grcrt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Becky\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [ofanc3wmgoftej1d082xcn5pgcg4xpnr4c] C:\DOCUME~1\Becky\LOCALS~1\Temp\itqvy91io.exe
O4 - HKCU\..\Run: [pk2kmvngm4sspim4m9n4ojil0lmkdflh161dq83hn9hvr] C:\DOCUME~1\Becky\LOCALS~1\Temp\en0uhgbg.exe
O4 - HKCU\..\Run: [a3eal0qhu81x2w9s7ksoeftxih] C:\DOCUME~1\Becky\LOCALS~1\Temp\p1ru2mgc6.exe
O4 - HKCU\..\Run: [rutz6ubdgcvd57lkmxsto292de0p34wlj] C:\DOCUME~1\Becky\LOCALS~1\Temp\q9nudyv3ty2.exe
O4 - HKCU\..\Run: [cpshjxqab459asn8k8vqe7aihmk0tx5joyfu7mvpqysyl] C:\DOCUME~1\Becky\LOCALS~1\Temp\x8ufwtpf9.exe
O4 - HKCU\..\Run: [ohyfe9vql7mga7ayhtpknxl7c48dmoh6f37jfo9rhmc22ba] C:\DOCUME~1\Becky\LOCALS~1\Temp\lup2a2vik2g.exe
O4 - HKCU\..\Run: [rr40d31bgj5xpubezh01r9nf52jety6zw153ori] C:\DOCUME~1\Becky\LOCALS~1\Temp\yg1db8tyd0.exe
O4 - HKCU\..\Run: [t4azsf2he26e0] C:\DOCUME~1\Becky\LOCALS~1\Temp\u0tp9epr.exe
O4 - HKCU\..\Run: [yz3rotd2aqyy47if2giaylhpbrn7s2cb0g] C:\DOCUME~1\Becky\LOCALS~1\Temp\a69vr8f.exe
O4 - HKCU\..\Run: [r6mqk7s6p0aug32dsgy5jn5llleqhedt4z3ij0erfi92d] C:\DOCUME~1\Becky\LOCALS~1\Temp\h55xk1bfaxo.exe
O4 - HKCU\..\Run: [gax57dgq0v] C:\DOCUME~1\Becky\LOCALS~1\Temp\r2d4w5dnbomm2.exe
O4 - HKCU\..\Run: [p7xsm6oe6hvg4e8j95v2toew] C:\DOCUME~1\Becky\LOCALS~1\Temp\p0xj5j5fi.exe
O4 - HKCU\..\Run: [u4yak88vtpidu05yk96ttlrkofodcc6nz] C:\DOCUME~1\Becky\LOCALS~1\Temp\ruffxtcuf1.exe
O4 - HKCU\..\Run: [q1jms2ep8ujoguk8l8aid1d02pj93gn9k40] C:\DOCUME~1\Becky\LOCALS~1\Temp\yut8swowpk.exe
O4 - HKCU\..\Run: [g5cvahtj87x2kns8infh5op5u7ti9q7qeeyi2d625d2] C:\DOCUME~1\Becky\LOCALS~1\Temp\ndq3tq28j4.exe
O4 - HKCU\..\Run: [q8pfzq1mazmj2jtiavt1ifx5myvgn97rej55nh2ha32] C:\DOCUME~1\Becky\LOCALS~1\Temp\m5pkjcrf5nhn.exe
O4 - HKCU\..\Run: [uxffz0c8psrva2njdl0cgua7aszngo] C:\DOCUME~1\Becky\LOCALS~1\Temp\zz43kdm9l0.exe
O4 - HKCU\..\Run: [gde1tdext5z3062d4tdu1dvm3wp0qs5gbs53fmz6om] C:\DOCUME~1\Becky\LOCALS~1\Temp\afl8rl7.exe
O4 - HKCU\..\Run: [u2pdiystzh82fwht5pn5edx83tto0] C:\DOCUME~1\Becky\LOCALS~1\Temp\a253yf25nd3l.exe
O4 - HKCU\..\Run: [zfu6mc80lvhhb] C:\DOCUME~1\Becky\LOCALS~1\Temp\xjwn5sa35ec.exe
O4 - HKCU\..\Run: [xw969393bbna643xtmn9gyv04r9qz63oa3ew0bxj7fhzhi] C:\DOCUME~1\Becky\LOCALS~1\Temp\b885i7nyskjxd.exe
O4 - HKCU\..\Run: [eklf5odx0y7o3kl2ypgfjc1zmqlf0f08xzip48] C:\DOCUME~1\Becky\LOCALS~1\Temp\atr7b8r.exe
O4 - HKCU\..\Run: [ehe12dzqn7bnzog62c7kiik9tznnyihqxtrt3rjds] C:\DOCUME~1\Becky\LOCALS~1\Temp\suhb0u.exe
O4 - HKCU\..\Run: [e5ux8s0ysyta8q934dzy50impo28da] C:\DOCUME~1\Becky\LOCALS~1\Temp\d7n35eg.exe
O4 - HKCU\..\Run: [ia5o0ig3jmnb2pvir4wlty9sdnp2k926v32vg0ew47dx8] C:\DOCUME~1\Becky\LOCALS~1\Temp\icna1h7n.exe
O4 - HKCU\..\Run: [xyv4g6vqldnk0] C:\DOCUME~1\Becky\LOCALS~1\Temp\m13i945760.exe
O4 - HKCU\..\Run: [e12ps1oz9y2auj72xafs4bb5xettj3y7cv5bab7] C:\DOCUME~1\Becky\LOCALS~1\Temp\v0fivobjhcb.exe
O4 - HKCU\..\Run: [ob24wkpzz8ur23az791crxe2j6g67syps1] C:\DOCUME~1\Becky\LOCALS~1\Temp\j8eswawptr2gf.exe
O4 - HKCU\..\Run: [muc87lavj19zg] C:\DOCUME~1\Becky\LOCALS~1\Temp\de8kkixu1gf.exe
O4 - HKCU\..\Run: [k0m6plgsel3bqy2jxs] C:\DOCUME~1\Becky\LOCALS~1\Temp\i89xts49yn2v.exe
O4 - HKCU\..\Run: [ycahktj4qffvlj4qwnrypv4a4dozx45nass2yv] C:\DOCUME~1\Becky\LOCALS~1\Temp\lxi4e5ql3z7.exe
O4 - HKCU\..\Run: [n658h5yxp1cakfwhmze2s5m5ksx3h8u7] C:\DOCUME~1\Becky\LOCALS~1\Temp\cp71an5iniczf.exe
O4 - HKCU\..\Run: [oz2b0vooo02y54oy6b9xbc23kihmrbhqe756cqc] C:\DOCUME~1\Becky\LOCALS~1\Temp\b1sqlm2wcioo2.exe
O4 - HKCU\..\Run: [ku6khmeznbubz0pvnt7etj8ycbtbjjmoc0lqfal0] C:\DOCUME~1\Becky\LOCALS~1\Temp\a61w9j4.exe
O4 - HKCU\..\Run: [z2fqt3z3ftqbbl46lr03d0g26ftdyjc5u8er331170] C:\DOCUME~1\Becky\LOCALS~1\Temp\p9kgtqqkkgj10.exe
O4 - HKCU\..\Run: [rnvi4oldaqnm8cbljtnxqhiyh4wfiiarrj0tl4kwiutfvis] C:\DOCUME~1\Becky\LOCALS~1\Temp\kfmkybysw.exe
O4 - HKCU\..\Run: [j8xob4g143g3wlv0u] C:\DOCUME~1\Becky\LOCALS~1\Temp\v592uoxymqtn.exe
O4 - HKCU\..\Run: [ezbpb6c1oabh7hcgs496ppvi] C:\DOCUME~1\Becky\LOCALS~1\Temp\m7c2w3tcif.exe
O4 - HKCU\..\Run: [e3gog8eb7cgdoz8dj1yffb7a0291tckhp3] C:\DOCUME~1\Becky\LOCALS~1\Temp\a0758tv.exe
O4 - HKCU\..\Run: [zjguzmcpgpa9bvs46iu0nbz9h6se1lmt2i1t6] C:\DOCUME~1\Becky\LOCALS~1\Temp\mp0a8ub2tmg.exe
O4 - HKCU\..\Run: [smzn3y1k9ogm61z62vzz1ug46f4l] C:\DOCUME~1\Becky\LOCALS~1\Temp\hwzliat2h.exe
O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Becky\LOCALS~1\Temp\rfmdp0xn9.exe
O4 - HKCU\..\Run: [owkcan4m7cxl6eocafebd65vs0kjy] C:\DOCUME~1\Becky\LOCALS~1\Temp\nvmvs3wvftfk.exe
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xs8xbbiq3] C:\WINDOWS\TEMP\m0xyj3ln.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [py7jljn1xfab35x] C:\WINDOWS\TEMP\spollfgn2li.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rkga2mko2fvimu6cccxm92juoylehmdgv72vuud7x68cko] C:\WINDOWS\TEMP\c5jmkreja.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [f8afqiq5kwe0xsqjzq62fs1i24y16e8dnkklt00xfrp6r] C:\WINDOWS\TEMP\rh60f09.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {07620F96-F90F-43E4-A903-182C51FA4212} - http://qwest.live.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\becky\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\becky\locals~1\temp\ntdll64.dll
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149746288399
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149750243389
O20 - AppInit_DLLs: sopefh.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: urqnexpn - C:\WINDOWS\SYSTEM32\urqNEXpN.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 15733 bytes

Hello.

You say it has been running slowly for the past few months? so this infection has been building and building even worse for months?

This machine is so badly damaged, it cannot be repaired.

This is one messy infection, but the bad news is that the malware is using a service that is actually legit, so if we kill the infection, we basically kill the machine along with it.
I would recommend a format and re-install here.

See these links for info on formatting.

When should I do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Ah that sucks, thanks a lot for the help though.

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.