OK, when i ran combofix, it prompted me to install the recovery console, so i just clicked ok and let it install. Here's the log
ComboFix 08-12-31.01 - Tim 2009-01-01 22:44:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1956 [GMT -5:00]
Running from: d:\documents and settings\Tim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ActiveArmor Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\docume~1\Tim\LOCALS~1\Temp\tmp2.tmp
d:\documents and settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
d:\windows\install.exe
d:\windows\kernel32.exe
d:\windows\system32\_004430_.tmp.dll
d:\windows\system32\_004431_.tmp.dll
d:\windows\system32\_004432_.tmp.dll
d:\windows\system32\_004433_.tmp.dll
d:\windows\system32\_004440_.tmp.dll
d:\windows\system32\_004441_.tmp.dll
d:\windows\system32\_004442_.tmp.dll
d:\windows\system32\_004443_.tmp.dll
d:\windows\system32\_004445_.tmp.dll
d:\windows\system32\_004446_.tmp.dll
d:\windows\system32\_004449_.tmp.dll
d:\windows\system32\_004450_.tmp.dll
d:\windows\system32\_004452_.tmp.dll
d:\windows\system32\_004453_.tmp.dll
d:\windows\system32\_004454_.tmp.dll
d:\windows\system32\_004456_.tmp.dll
d:\windows\system32\_004459_.tmp.dll
d:\windows\system32\_004460_.tmp.dll
d:\windows\system32\_004464_.tmp.dll
d:\windows\system32\_004465_.tmp.dll
d:\windows\system32\_004467_.tmp.dll
d:\windows\system32\_004470_.tmp.dll
d:\windows\system32\_004472_.tmp.dll
d:\windows\system32\_004473_.tmp.dll
d:\windows\system32\_004474_.tmp.dll
d:\windows\system32\_004475_.tmp.dll
d:\windows\system32\_004476_.tmp.dll
d:\windows\system32\_004479_.tmp.dll
d:\windows\system32\_004480_.tmp.dll
d:\windows\system32\_004481_.tmp.dll
d:\windows\system32\_004482_.tmp.dll
d:\windows\system32\_004483_.tmp.dll
d:\windows\system32\_004488_.tmp.dll
d:\windows\system32\_004490_.tmp.dll
d:\windows\system32\_004491_.tmp.dll
d:\windows\system32\adysltyi.ini
d:\windows\system32\cbXRLeBt.dll
d:\windows\system32\epeqeg.dll
d:\windows\system32\etvslz.dll
d:\windows\system32\ewhgmtrr.dll
d:\windows\system32\explorer32.exe
d:\windows\system32\fcccyVpN.dll
d:\windows\system32\hndubkxm.dll
d:\windows\system32\ieupdates.exe
d:\windows\system32\iQsrqtwa.ini
d:\windows\system32\iQsrqtwa.ini2
d:\windows\system32\iytlsyda.dll
d:\windows\system32\jfralsod.ini
d:\windows\system32\jthshsnn.dll
d:\windows\system32\kkseqqvi.dll
d:\windows\system32\lejxxq.dll
d:\windows\system32\lqfunh.dll
d:\windows\system32\lvwqob.dll
d:\windows\system32\mxkbudnh.ini
d:\windows\system32\nnshshtj.ini
d:\windows\system32\nqkihivs.dll
d:\windows\system32\omsqhckm.ini
d:\windows\system32\osxqkigb.dll
d:\windows\system32\oxoqlaix.ini
d:\windows\system32\pac.txt
d:\windows\system32\PqrXIkkj.ini
d:\windows\system32\PqrXIkkj.ini2
d:\windows\system32\quqvhwnn.dll
d:\windows\system32\riqbinqe.ini
d:\windows\system32\rjysapvb.ini
d:\windows\system32\ruFilnnn.ini
d:\windows\system32\ruFilnnn.ini2
d:\windows\system32\sxipyqhw.ini
d:\windows\system32\tBeLRXbc.ini
d:\windows\system32\tBeLRXbc.ini2
d:\windows\system32\uvjaospv.ini
d:\windows\system32\uvnikdjd.ini
d:\windows\system32\vhhojiph.ini
d:\windows\system32\vpsoajvu.dll
d:\windows\system32\winsrc.dll
d:\windows\system32\wxgshrsb.ini
d:\windows\system32\xinfhx.dll
d:\windows\system32\xvllsmto.ini
d:\windows\system32\yrnkcxid.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-01-01 13:25 . 2009-01-01 13:25 43,520 --a------ d:\windows\system32\whSLD022328.exe
2008-12-26 23:50 . 2008-12-26 23:50 <DIR> d-------- d:\windows\Sun
2008-12-26 23:49 . 2008-12-26 23:49 410,984 --a------ d:\windows\system32\deploytk.dll
2008-12-26 22:28 . 2008-12-26 22:28 <DIR> d-------- d:\program files\Trend Micro
2008-12-23 10:39 . 2008-12-23 10:39 0 --a------ d:\windows\Vcr32.INI
2008-12-23 10:35 . 2003-08-11 04:30 4,688 --------- d:\windows\system32\drivers\Drwebnet.sys
2008-12-23 10:15 . 2008-12-23 10:16 <DIR> d-------- d:\documents and settings\All Users\Application Data\Lavasoft
2008-12-19 13:12 . 2009-01-01 22:13 <DIR> d--hs---- d:\documents and settings\Tim\Searched
2008-12-19 13:12 . 2008-12-19 13:12 1,519,616 ---hs---- d:\documents and settings\Tim\nview.exe
2008-12-19 13:11 . 2008-12-31 17:40 <DIR> d-------- d:\windows\system32\whSLD02
2008-12-16 18:53 . 2008-12-16 18:53 51,712 ---hs---- d:\documents and settings\Tim\winlogon.exe
2008-12-16 10:50 . 2008-12-16 10:50 0 --ah----- d:\windows\AUTORUN.INI
2008-12-15 23:23 . 2008-12-15 23:23 <DIR> d--hs---- d:\windows\ftpcache
2008-12-15 23:20 . 2008-12-15 23:20 <DIR> d-------- d:\windows\Downloaded Installations
2008-12-15 23:16 . 1996-05-21 18:13 374,784 --ah----- d:\windows\3dg32.dll
2008-12-15 23:14 . 2008-12-15 23:14 <DIR> d-------- d:\documents and settings\All Users\Application Data\Protexis
2008-12-14 09:55 . 2008-04-13 14:45 26,368 --a--c--- d:\windows\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 23:25 --------- d-----w d:\program files\Common Files\Real
2008-12-31 23:24 --------- d-----w d:\documents and settings\All Users\Application Data\Apple Computer
2008-12-27 04:48 --------- d-----w d:\program files\Java
2008-12-26 06:46 --------- d-----w d:\program files\Viewpoint
2008-12-26 06:46 --------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint
2008-12-23 15:15 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2008-11-18 14:44 --------- d-----w d:\documents and settings\All Users\Application Data\AOL
2008-11-07 07:17 --------- d-----w d:\program files\Xvid
2008-11-03 22:49 --------- d-----w d:\documents and settings\Tim\Application Data\Apple Computer
2008-11-03 20:24 --------- d-----w d:\documents and settings\Tim\Application Data\Ashampoo
2008-11-03 02:46 --------- d-----w d:\documents and settings\Tim\Application Data\Viewpoint
2008-10-10 02:40 60,416 ---ha-w d:\windows\ALCFDRTM.EXE
.
------- Sigcheck -------
2008-10-09 22:55 502272 3f5f88baa114124cf9230b8ea84bbce6 d:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e d:\windows\ServicePackFiles\i386\winlogon.exe
2008-10-09 22:55 502272 3f5f88baa114124cf9230b8ea84bbce6 d:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"HostManager"="d:\program files\Common Files\AOL\1224032402\ee\AOLSoftware.exe" [2006-09-25 50736]
"Windows Logon Applicationedc"="d:\documents and settings\Tim\winlogon.exe" [2008-12-16 51712]
"NVIDIA nView"="d:\documents and settings\Tim\nview.exe" [2008-12-19 1519616]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2008-10-10 36953]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll lvwqob.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0lsdelete
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48417175449246268975850032158268
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-09 14:06 1519616 d:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
Contents of the 'Scheduled Tasks' folder
2008-11-26 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-02 d:\windows\Tasks\ztkbdohr.job
- d:\windows\system32\rundll32.exe [2004-08-04 07:00]
.
- - - - ORPHANS REMOVED - - - -
BHO-{034E474D-459A-4E4F-A3C9-57D2EB5BA0D2} - d:\windows\system32\awtqrsQi.dll
BHO-{4EE5CE1E-B50C-43BF-A3EB-0C2690A29294} - d:\windows\system32\nnnliFur.dll
BHO-{56921F4E-9E1B-4FE7-912E-04C7178811FE} - d:\windows\system32\jkkIXrqP.dll
BHO-{D3706104-2877-4200-A67E-E873CE521C5A} - d:\windows\system32\cbXRLeBt.dll
BHO-{da962ab3-8ea7-279c-5930-06a34521ab01} - d:\windows\system32\nsy5F.dll
BHO-{db5ad9a9-0a7f-48ca-b692-9e9337503734} - d:\windows\system32\lvwqob.dll
Notify-rqRIyYQG - rqRIyYQG.dll
Notify-rqRLdCUm - rqRLdCUm.dll
MSConfigStartUp-SoundMan - SOUNDMAN.EXE
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone:
www.kaspersky.com.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
"*"=dword:00000004
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}]
@Security="Inherited"
"*"=dword:00000004
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}www]
@Security="Inherited"
"*"=dword:00000004
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
@Allowed: (Full) (S-1-5-19)
@Allowed: (Full) (S-1-5-19)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
@Allowed: (Full) (S-1-5-19)
@Allowed: (Full) (S-1-5-19)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}]
@Security="Inherited"
"*"=dword:00000004
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}www]
@Security="Inherited"
"*"=dword:00000004
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
@Allowed: (Full) (S-1-5-20)
@Allowed: (Full) (S-1-5-20)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
@Allowed: (Full) (S-1-5-20)
@Allowed: (Full) (S-1-5-20)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}]
@Security="Inherited"
"*"=dword:00000004
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}www]
@Security="Inherited"
"*"=dword:00000004
[HKEY_USERS\S-1-5-21-1409082233-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
@Allowed: (Full) (S-1-5-21-1409082233-1708537768-854245398-1003)
@Allowed: (Full) (S-1-5-21-1409082233-1708537768-854245398-1003)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004
[HKEY_USERS\S-1-5-21-1409082233-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1409082233-1708537768-854245398-1003
@Allowed: (Full) (S-1-5-21-1409082233-1708537768-854245398-1003)
@Allowed: (Full) (S-1-5-21-1409082233-1708537768-854245398-1003)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
[HKEY_USERS\S-1-5-21-1409082233-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}]
@Security="Inherited"
"*"=dword:00000004
[HKEY_USERS\S-1-5-21-1409082233-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\m*NULL*e*NULL*i*NULL*n*NULL*e*NULL*-*NULL*g*NULL*r*NULL*u*NULL*Ã*NULL*xk*NULL*a*NULL*r*NULL*t*NULL*e*NULL*n*NULL*.*NULL*d*NULL*e*NULL*\{undo}www]
@Security="Inherited"
"*"=dword:00000004
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(924)
d:\windows\system32\khfFXrRH.dll
- - - - - - - > 'lsass.exe'(984)
d:\windows\system32\nvappfilter.dll
- - - - - - - > 'Explorer.exe'(1864)
d:\windows\system32\msi.dll
d:\windows\system32\khfFXrRH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
d:\windows\system32\LEXBCES.EXE
d:\windows\system32\LEXPPS.EXE
d:\progra~1\COMMON~1\aol\ACS\acsd.exe
d:\windows\ATKKBService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\nvsvc32.exe
d:\windows\wanmpsvc.exe
c:\progra~1\AVG\AVG8\avgemc.exe
d:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
d:\docume~1\Tim\TyBxRY.exe
C:\uckwvbf.exe
c:\program files\AVG\AVG8\fixcfg.exe
d:\windows\system32\imapi.exe
d:\windows\system32\regsvr32.exe
.
**************************************************************************
.
Completion time: 2009-01-01 22:49:21 - machine was rebooted [Tim]
ComboFix-quarantined-files.txt 2009-01-02 03:49:14
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
341 --- E O F --- 2008-10-14 14:01:29