Here's the ComboFix log
Things seem to be working better now, Firefox recognized the fact that I had no default browser set and allowed me to do something about it. It did pop up with some errors about missing DLL files, but they all had the junk names so I think they were bad files that CF deleted and the virus was lookign for them. After checking the list of running processes, it looks like several virus processes have been killed for good but others have not. Advice on the next step?
ComboFix 11-05-11.01 - Miranda Rian 05/11/2011 16:28:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1557 [GMT -4:00]
Running from: c:\documents and settings\Miranda Rian\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Miranda Rian\Application Data\avdrn.dat
c:\documents and settings\Miranda Rian\Application Data\Sun\ixokfmgyl68.dll
c:\documents and settings\Miranda Rian\Application Data\Sun\mxd1.txt
c:\documents and settings\Miranda Rian\Local Settings\Application Data\{0ECA710F-47D0-4675-B53F-35385D5E8880}
c:\documents and settings\Miranda Rian\Local Settings\Application Data\{0ECA710F-47D0-4675-B53F-35385D5E8880}\chrome.manifest
c:\documents and settings\Miranda Rian\Local Settings\Application Data\{0ECA710F-47D0-4675-B53F-35385D5E8880}\chrome\content\_cfg.js
c:\documents and settings\Miranda Rian\Local Settings\Application Data\{0ECA710F-47D0-4675-B53F-35385D5E8880}\chrome\content\overlay.xul
c:\documents and settings\Miranda Rian\Local Settings\Application Data\{0ECA710F-47D0-4675-B53F-35385D5E8880}\install.rdf
c:\documents and settings\Miranda Rian\Start Menu\Programs\Startup\rarliw32.exe
c:\documents and settings\Miranda Rian\WINDOWS
c:\documents and settings\Richard Rian\WINDOWS
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\recycle.bin\Recycle.Bin.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Glivua.exe
c:\windows\Glivub.exe
c:\windows\iyocusura.dll
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\itlnfw32.dll
c:\windows\system32\itlpfw32.dll
c:\windows\system32\RGSS104E.dll
c:\windows\system32\RGSS104J.dll
c:\windows\TDPLAP.dll
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_ITLPERF
-------\Service_6to4
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-07 15:05 . 2011-05-07 15:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-05-07 14:36 . 2010-02-10 16:42 303176 ----a-w- c:\windows\system32\BeTwinServiceXP.exe
2011-05-07 14:36 . 2010-02-10 16:42 33208 ----a-w- c:\windows\system32\drivers\BETWINKF.sys
2011-05-07 14:36 . 2010-02-10 16:42 81984 ----a-w- c:\windows\system32\BeTwinAudio.dll
2011-05-07 14:36 . 2006-03-17 03:35 249856 ----a-w- c:\windows\system32\SlsApi.dll
2011-05-07 14:36 . 2010-02-10 16:42 15040 ----a-w- c:\windows\system32\drivers\BeTwinSystem.sys
2011-05-07 14:36 . 2010-02-10 16:42 33336 ----a-w- c:\windows\system32\drivers\BETWINMF.sys
2011-05-07 14:36 . 2010-02-10 16:42 25656 ----a-w- c:\windows\system32\drivers\BETWINVF.sys
2011-05-07 14:36 . 2003-06-27 06:08 8704 ----a-w- c:\windows\system32\xtgina.dll
2011-05-07 14:28 . 2011-05-07 14:28 42016 ----a-w- c:\windows\system32\msywgahg.exe
2011-05-04 17:27 . 2011-05-04 17:28 -------- d-----w- c:\documents and settings\Administrator
2011-05-04 16:44 . 2011-05-04 16:44 -------- d-----w- c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\{3BACD646-8F03-493E-AE54-2FD3A84F1F4A}
2011-05-03 00:12 . 2011-05-11 18:40 0 ----a-w- c:\windows\Ffavunoli.bin
2011-04-30 08:51 . 2011-04-30 08:51 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-04-30 00:08 . 2011-04-30 00:08 -------- d-----w- c:\program files\Matroska Pack
2011-04-19 00:35 . 2011-04-19 00:35 -------- d-----w- c:\program files\iPod
2011-04-19 00:34 . 2011-04-19 00:35 -------- d-----w- c:\program files\iTunes
2011-04-19 00:30 . 2011-04-19 00:30 -------- d-----w- c:\program files\Bonjour
2011-04-17 23:51 . 2011-04-17 23:51 45056 ----a-r- c:\documents and settings\Miranda Rian\Application Data\Microsoft\Installer\{1DED5EFD-410A-48DB-909A-2B2022BB50D2}\Nethergate.exe1_1DED5EFD410A48DB909A2B2022BB50D2.exe
2011-04-17 23:51 . 2011-04-17 23:51 45056 ----a-r- c:\documents and settings\Miranda Rian\Application Data\Microsoft\Installer\{1DED5EFD-410A-48DB-909A-2B2022BB50D2}\Nethergate.exe_1DED5EFD410A48DB909A2B2022BB50D2.exe
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-13 23:53 . 2011-04-13 23:54 -------- d-----w- c:\program files\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 05:11 . 2009-12-28 16:52 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10 . 2009-12-28 16:52 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10 . 2009-12-28 16:52 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:09 . 2009-12-28 16:52 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08 . 2011-04-01 05:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08 . 2009-12-28 16:52 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07 . 2010-05-14 21:56 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07 . 2010-05-14 21:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06 . 2010-05-14 21:55 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56 . 2009-12-28 16:52 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-23 03:58 . 2011-03-23 03:58 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2011-03-19 17:46 . 2010-04-10 19:29 137656 -c--a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-09 16:11 . 2010-03-09 15:58 939139876 ----a-w- c:\program files\FEZsetup_2010-02-26.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-09-01 147456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"12933:TCP"= 12933:TCP:BitComet 12933 TCP
"12933:UDP"= 12933:UDP:BitComet 12933 UDP
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [6/5/2009 9:04 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/10/2010 3:29 PM 136360]
R2 Network Adapter Events;Network Adapter Events;c:\windows\SYSTEM32\msywgahg.exe [5/7/2011 10:28 AM 42016]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 1:11 AM 428640]
S0 BeTwinVideo;BeTwinVideo;c:\windows\SYSTEM32\DRIVERS\BETWINVF.sys [5/7/2011 10:36 AM 25656]
S1 BeTwinSystem;BeTwinSystem;c:\windows\SYSTEM32\DRIVERS\BeTwinSystem.sys [5/7/2011 10:36 AM 15040]
S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\SYSTEM32\DRIVERS\BETWINKF.sys [5/7/2011 10:36 AM 33208]
S3 BeTwinMouse;BeTwinMouse;c:\windows\SYSTEM32\DRIVERS\BETWINMF.sys [5/7/2011 10:36 AM 33336]
S3 dump_wmimmc;dump_wmimmc;\??\f:\the chronicles of spellborn\bin\client\GameGuard\dump_wmimmc.sys --> f:\the chronicles of spellborn\bin\client\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.comuSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7cmSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = *.local
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Miranda Rian\Application Data\Mozilla\Firefox\Profiles\ouel5a2r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Athena: {405e2f6c-b9b8-4515-a69c-e375d7156c86} - %profile%\extensions\{405e2f6c-b9b8-4515-a69c-e375d7156c86}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
exefile="c:\documents and settings\NetworkService\Local Settings\Application Data\hok.exe" -a "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Steam - i:\steam\Steam.exe
HKCU-Run-Dloqa - c:\windows\TDPLAP.dll
HKCU-Run-4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI - c:\recycle.bin\Recycle.Bin.exe
HKLM-Run-QuickTime Task - i:\quicktime\QTTask.exe
HKLM-Run-Ywokaqe - c:\windows\iyocusura.dll
Notify-itlntfy - itlnfw32.dll
AddRemove-Champions Online - f:\cryptic studios\Uninstall Champions Online.exe
AddRemove-Guild Wars - i:\guild wars\Gw.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Shin Megami Tensei: Imagine Online - f:\aeriagames\MegaTen\Uninst.exe
AddRemove-Steam App 7650 - i:\steam\steam.exe
AddRemove-Steam App 7660 - i:\steam\steam.exe
AddRemove-Steam App 7730 - i:\steam\steam.exe
AddRemove-Steam App 7760 - i:\steam\steam.exe
AddRemove-Steam App 7770 - i:\steam\steam.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{9C244239-ED8E-40f1-937F-51C706CD2160} - i:\ea games\The Sims 2 Deluxe\EAUninstall.exe
AddRemove-The Twilight Zone - i:\the twilight zone\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-11 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\xtgina.dll
c:\windows\system32\WINSCARD.DLL
.
- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-05-11 16:51:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 20:51
ComboFix2.txt 2010-08-06 23:36
.
Pre-Run: 14,587,121,664 bytes free
Post-Run: 16,250,331,136 bytes free
.
- - End Of File - - 602E313A295602BB876EC9FBEA0F1416