I booted an Avira AntiVir, standalone CD in his system and let it run. Later, he said it had reported and renamed four files, and he used a different computer to send me a list of what he thought were the "filenames." Actually, they appeared more like threat names, and I am certain he didn't copy them down correctly (especially since he is neither computer savvy nor a good typist). Here's the list he sent:
The first thing I did with it was to run the Conficker detector/fixer from Symantec, but it said no problems were found.
Next, I ran HJT from a USB drive, and everything looked okay there (and also when analysed through an online HJT analyser that I have used before).
After that, I did a lot of Google searching, and finally came upon this blog entry that suggested renaming regedit.exe to something else so the virus wouldn't kill it, then making sure the value of HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 was set to wdmaud.drv. Sure enough, it wasn't, so I went ahead with the change. Before deleting the file to which that key had been pointing, though, I copied it onto a USB drive, carried it over to my Linux system, and submitted it to VirusTotal. Of course, it was definitely a virus file, and the various scanners used somewhat different names, but the easiest one to remember and write was "Defiler" (though, later, I couldn't find much about it by that name on the Web).
After that registry change, I was able to connect to the Internet from that machine again and, more importantly, I was able to uninstall, re-install, update and scan with AVG, which found one other file that it identified as "Defiler."
Right now, for a second opinion, I'm running an online scan from BitDefender, and it IS working, but I'm concerned that either not all of the malware is gone, or it IS gone, but some "scars" and "side effects" have been left behind, since I was NOT able to get TrendMicro's online scanner to work.
Once the BitDefender scan finishes, I'm hoping you guys will be able to lend a hand with my checking for any additional problems. In particular, if you feel it is appropriate or necessary, I would like you to walk me through ComboFix. I have a lot of IT experience (31 years), so you won't have to deal with things like "which key is the any key" from me (something many people have asked ME over the years), but I have absolutely NO experience with ComboFix, and am aware that it can cause big problems if not used properly.
With that, I'll let you take the lead and tell me where you would like me to begin.
Thank you very much.