Short version: Antivirus XP (prossibly others) has weakened my Windows to near unusability, by limiting the system resources/ virtual memory somehow (I have only been able to open Task Manager, Regedit, Windows Explorer, and HijackThis).

Long version: Okay, so the first weird thing was spoolsv.exe, which was filling up my harddrive. By the time I had installed an antivirus program, ntvdm.exe was eating at my CPU, but this was easily fixed. I think the antivirus program must have been infected, because then I got signs of Antivirus XP (popups,wallpaper,shortcuts). It wouldn't let me update a different antivirus program. so eventually I shutdown my laptop.

Here's the worrisome bit: When I start it up in normal mode, it takes ages and eventually just gets to the blue wallpaper. Nothing can be opened except Task Manager (Ctrl+alt+Delete) and from here I can see my files are still there, but I can't open any programs (that I suspect use too much memory). So I can't open/install any of the usual antivirus programs. Even System Restore won't open properly! In safe mode, Windows Explorer barely works, but crashes and logs out every minute or so.

All the while, icon graphics are disappearing, and I'm getting messages such as:
Low on Virtual Memory.
System Resources too low.
Out of Memory.
Parser Message.
And others that don't even have text.


The latest HijackThis almost completes a scan but gives me this error:
mod_Main_StartScan() Error #14 - Out of string space.
(I can give you the partial log if you like)
Luckily, HijackThis version 1.99.1 did work (the only other working program so far is Regedit) so here is the log:

Scan saved at 4:00:56 PM, on 19/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: QXK Olive - {14FA812F-A03D-4ACE-A134-EC65959D1546} -

C:\WINDOWS\twmxbsqrpeg.dll
O2 - BHO: (no name) - {28D5CFF1-56B7-40C6-94D6-99FCA38A194F} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-

B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {34A4E25E-3CE2-4AA2-A992-0B5BA68B712E} - C:\WINDOWS\system32

\yayyXPgE.dll
O2 - BHO: (no name) - {64C079F1-99B9-4329-AB94-715197057F07} - C:\WINDOWS\system32

\byXRigEV.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {9d88c5bc-4c9b-1adb-4274-e25e9e6c4e79} - {97e4c6e9-e52e-4724-bda1-

b9c4cb5c88d9} - C:\WINDOWS\system32\evgcpr.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program

Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-

90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: rafbsvnx - {C1BA55E4-0DD3-4F21-A036-94F6DEEB9F89} -

C:\WINDOWS\rafbsvnx.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06

\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdnxp.exe] C:\WINDOWS\system32\kdnxp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide

/waitservice
O4 - HKLM\..\Run: [\SUE1C4.exe] C:\Windows\SUE1C4.exe
O4 - HKLM\..\Run: [\SUE1C5.exe] C:\Windows\SUE1C5.exe
O4 - HKLM\..\Run: [\SUE1C6.exe] C:\Windows\SUE1C6.exe
O4 - HKLM\..\Run: [\SUE1C7.exe] C:\Windows\SUE1C7.exe
O4 - HKLM\..\Run: [\SUE1C8.exe] C:\Windows\SUE1C8.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [2629165f] rundll32.exe "C:\WINDOWS\system32\lpxnultj.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search &

Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA3894] command /c del "C:\WINDOWS\system32

\kdnxp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4428] cmd /c del "C:\WINDOWS\system32\kdnxp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk =

C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program

Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1

\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: evgcpr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayyXPgE - C:\WINDOWS\SYSTEM32\yayyXPgE.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: tsxngabr - {3B8CB3D0-CE9E-4A48-8EF1-186D592108CA} -

C:\WINDOWS\tsxngabr.dll
O21 - SSODL: vtqnxfko - {21EA940D-7A49-4471-9AA6-32E671137C8D} -

C:\WINDOWS\vtqnxfko.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1

\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1

\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32

\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe

Btw, I copied it onto USB and am typing this from another computer. However, I don't think I can reliably copy big files.
Also, can I use HijackThis to fix the problem? If I can't find a small enough virus removal program, I'm thinking I might have to do this manually somehow- deleting appropriate files/registry or maybe doing something with the paging file?
Are the actual system files damaged, or is the virus just making it look like that? I'm wondering if getting rid of the virus will automatically fix the system, or will I have to do something else?