Desktop Computer 2 infected with multiple trojans & viruses

The computer was infected with multiple viruses. I ran AVG in safe mode and got rid of several.
I then ran malwarebytes and it got rid of several. I need to know what my next step is to clean the computer.
Thank you, Katilyn

Included below are the system check log, mbam log, and dds logs.


----------start security check-----------
Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
AVGFree8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Java™ 6 Update 11
Java™ 6 Update 13
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)

Scan took 30 seconds.
`````````End of Log```````````
----------end security check-----------






----------start mbam scan--------------
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

5/30/2009 12:20:00 PM
mbam-log-2009-05-30 (12-20-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 136142
Time elapsed: 30 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.106,85.255.112.128 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bfef929e-af0f-4247-8c6d-05d5a689b84f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.106,85.255.112.128 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.106,85.255.112.128 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bfef929e-af0f-4247-8c6d-05d5a689b84f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.106,85.255.112.128 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.106,85.255.112.128 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{bfef929e-af0f-4247-8c6d-05d5a689b84f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.106,85.255.112.128 -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Administrator\Start Menu\Programs\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\freehdplay\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\start menu\Programs\freehdplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gxvxcbppfttxrvaqpsntfucfpupkavporogfj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gxvxcdbvmlcdlmrnjqgiyublmiejyihoejmrj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\gxvxccvjlktbxmmqsnopylfrqtufnmxddfgoj.sys (Trojan.Agent) -> Quarantined and deleted successfully.
----------end mbam scan--------------






----------start dds log--------------

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 12:37:01.68 on Sat 05/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1513 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdcmon.exe] "c:\program files\lexmark 1300 series\lxdcmon.exe"
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210299458796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210299513640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\h8fks2u1.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\h8fks2u1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-29 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-29 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-29 298776]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]
S0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]
S0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]
S0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2007-5-25 99248]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029]

=============== Created Last 30 ================

2009-05-30 11:29 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-05-30 11:29 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 11:29 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-30 11:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-22 20:29 4 a------- c:\windows\system32\gxvxccount
2009-05-15 12:09 <DIR> --d----- c:\program files\Lx_cats
2009-05-15 12:08 44 a------- c:\windows\system32\lxdcrwrd.ini
2009-05-15 12:08 323,584 a------- c:\windows\system32\LXDChcp.dll
2009-05-15 12:08 286,720 a------- c:\windows\system32\LXDCinst.dll
2009-05-15 12:08 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-05-15 12:08 <DIR> --d----- c:\program files\Lexmark 1300 Series
2009-05-15 12:05 131,959 a------- c:\windows\system32\LexFiles.ulf
2009-05-15 12:05 <DIR> --d----- C:\logs
2009-05-15 12:04 344,064 a----r-- c:\windows\system32\lxdccoin.dll
2009-05-15 12:04 77,906 a----r-- c:\windows\system32\lxdccfg.dll
2009-05-15 12:04 1,827 a----r-- c:\windows\system32\lxdc.loc
2009-05-11 06:48 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-05-11 06:48 25,856 a------- c:\windows\system32\drivers\usbprint.sys

==================== Find3M ====================

2009-05-20 08:04 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-20 08:04 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-20 08:04 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2008-05-08 21:58 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 12:37:21.54 ===============
----------end dds log--------------

Hi Baybadoll,

Are you seeing any problems with this desktop computer?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
• Click the "Download" button to the right.
• At the Select Platform and Language for your download drop down box
  Select Windows and Mult-Language
• Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
• The page will refresh.
• Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  Examples of older versions in Add or Remove Programs:
  Java 6 Update 11
  Java 6 Update 13
  Java 6 Update 4
  Java 6 Update 5
  Java 6 Update 7
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• In the drop down box labeled Files of type change the type to Text file.
• Save the file to your desktop.
• Copy and paste that information in your next post.

This scanner will only scan. It does not remove any malware it finds.

Hey!

I'm thrilled to be getting to this computer so quickly! Thank you.

This computer had browser redirecting, but not anymore.
A few programs would freeze during use - had to use task manager to close them.
Computer has been slow - occasionally really slow.
Haven't noticed any other problems - so hopefully this one will be easy!

Thanks again for the help!
Katilyn

KAS log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 4, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 04, 2009 05:54:48
Records in database: 2304980
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 52183
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:13:33


File name / Threat name / Threats count
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIOT3W3V\asterouste_com[1].htm Infected: Exploit.JS.Agent.aib 1

The selected area was scanned.

Hi Katilyn,

We will remove the temp file(s).

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

***************

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus before running ComboFix, as they will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I’ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Here's the log:

ComboFix 09-06-04.01 - Administrator 06/04/2009 14:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1492 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 02:04 . 2009-06-04 02:09 -------- d-----w- c:\documents and settings\Administrator\.SunDownloadManager
2009-05-30 16:29 . 2009-05-30 16:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-30 16:29 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 16:29 . 2009-05-30 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 16:29 . 2009-05-30 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 16:29 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 01:37 . 2009-05-30 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-23 01:31 . 2009-05-23 01:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-23 01:29 . 2009-05-23 01:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-15 17:09 . 2009-05-31 12:19 -------- d-----w- c:\program files\Lx_cats
2009-05-15 17:08 . 2009-05-15 17:15 -------- d-----w- c:\program files\Lexmark Toolbar
2009-05-15 17:08 . 2009-05-15 17:09 -------- d-----w- c:\program files\Lexmark 1300 Series
2009-05-15 17:08 . 2007-05-17 14:09 286720 ----a-w- c:\windows\system32\LXDCinst.dll
2009-05-15 17:08 . 2007-05-17 13:54 323584 ----a-w- c:\windows\system32\LXDChcp.dll
2009-05-15 17:05 . 2009-05-15 17:05 -------- d-----w- C:\logs
2009-05-15 17:04 . 2007-03-28 13:16 344064 ----a-r- c:\windows\system32\lxdccoin.dll
2009-05-15 17:04 . 2007-03-19 01:45 77906 ----a-r- c:\windows\system32\lxdccfg.dll
2009-05-11 11:48 . 2008-04-13 11:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-05-11 11:48 . 2008-04-13 11:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 02:26 . 2009-01-29 20:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 02:26 . 2009-04-01 14:14 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-04 02:13 . 2008-05-09 01:30 -------- d-----w- c:\program files\Java
2009-05-20 13:04 . 2009-01-29 19:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-20 13:04 . 2009-01-29 19:43 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-20 13:04 . 2009-01-29 19:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-20 13:04 . 2009-01-29 19:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-24 02:35 . 2009-04-23 13:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-04-23 12:16 . 2009-01-29 21:16 47120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 12:16 . 2009-04-23 12:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\MozillaControl
2009-04-23 12:15 . 2009-04-23 12:12 -------- d-----w- c:\program files\Graboid
2009-04-23 12:15 . 2009-04-23 12:15 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-04-23 12:15 . 2009-04-23 12:15 -------- d-----w- c:\program files\VideoLAN
2009-04-10 21:07 . 2009-04-10 21:07 -------- d-----w- c:\program files\iTunes
2009-04-10 21:07 . 2009-04-10 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 21:07 . 2009-04-10 21:07 -------- d-----w- c:\program files\iPod
2009-04-10 21:07 . 2009-03-07 17:57 -------- d-----w- c:\program files\Common Files\Apple
2009-04-10 20:55 . 2009-04-10 20:55 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-10 20:42 . 2009-04-10 20:42 -------- d-----w- c:\program files\Bonjour
2009-04-08 13:50 . 2009-01-29 19:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-08 08:12 . 2008-05-09 03:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 21:32 . 2009-03-07 17:58 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-11 21:59 . 2009-03-11 21:59 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-355117e4-n\msvcp71.dll
2009-03-11 21:59 . 2009-03-11 21:59 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-355117e4-n\jmc.dll
2009-03-11 21:59 . 2009-03-11 21:59 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-355117e4-n\msvcr71.dll
2009-03-09 16:34 . 2009-04-04 13:29 971776 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8fks2u1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-20 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-20 13:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [11/2/2006 1:57 PM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [11/2/2006 1:57 PM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [11/2/2006 1:57 PM 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [11/2/2006 1:57 PM 17664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/29/2009 2:43 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/29/2009 2:43 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/29/2009 2:43 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/29/2009 2:43 PM 298776]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [5/25/2007 4:38 AM 99248]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/2/2006 1:57 PM 11029]
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8fks2u1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8fks2u1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 14:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(472)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdccoms.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-06-04 14:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 19:28

Pre-Run: 204,489,609,216 bytes free
Post-Run: 204,514,328,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

176 --- E O F --- 2009-05-13 13:43

Hi Katilyn,

Looks good to me.

How is the computer running?

Not quite done yet, as we still have do the clean up the programs we installed.

Oh good!

The computer seems to be running well.

I haven't noticed anything wacky.

Katilyn

Hi Katilyn,

Did you run Flash Disinfector on this computer also? If not please do so.


Now for the clean up.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTMoveIt3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.



Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously :!:

These few simple steps can stave off the vast majority of spyware problems.
Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.
You should definitely maintain a firewall.
Some good free firewalls are
Online Armor Free,
Comodo Firewall Pro + Antivirus, Sunbelt Kerio,ZoneAlarm, or Outpost
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Hi.
I ran flash disinfector and Uninstalled ComboFix.

Things are looking good!!

Thank you, Thank you so much!!

Katilyn

Your very welcome.

Hey!

Is there any way to make the autorun feature work again?

Thanks,
Katilyn

Hi Katilyn,

Yes, there is but I do not recommend it.
If you really want to enable this again - then it's your own responsibility. Don't complain afterwards if you get infected and are responsible for infecting a lot of other computers as well.


The autorun feature was disabled as a means of protecting your system.

Malware authors have been exploiting the autorun/autoplay feature for quite some time now, so the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it.

Many security apps disable it as well, and even Microsoft recommends disabling it.

Disabling autorun/autoplay does not prevent you from accessing those media sources. They are still available by opening My Computer and accessing the source drive (cd, dvd, usb flash or external harddrive). Pictures on a camera can still be accessed/transfered through My Pictures and selecting Get Pictures from a Scanner or Camera. Media can also be accessed via the program you intend to use it with, such as music cds accessed via Media Player, blank cds via your burning program, image handling software provided with the camera, etc.

I recommend you leave the feature disabled and get into the habit of accessing those media devices manually.

Please read Miekiemoes article about autorun.
http://miekiemoes.blogspot.com/2008/11/ple...torun-asap.html

Thank you!

I will explain this to everyone.
And it will remain disabled.

Appreciate it!
Katilyn

Your very welcome.

Since your problem appears to be resolved, this thread will now be closed.