I did as told
COMBOFIX:
ComboFix 10-04-06.05 - Administrator 04/07/2010 20:38:51.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.766.319 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\comfix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\TEMP\cdox.tmp\svchost.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EXPLORES
-------\Service_explores
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.
2010-04-07 05:34 . 2010-04-07 05:34 -------- d-----w- c:\windows\system32\custom matrices
2010-04-07 05:33 . 2010-04-07 05:35 -------- d-----w- c:\windows\system32\C2MP
2010-04-07 05:33 . 2010-04-07 05:33 -------- d-----w- c:\windows\system32\QuickTime
2010-04-07 02:35 . 2010-04-07 05:45 0 ------w- C:\h.zip
2010-04-04 15:54 . 2010-04-04 15:54 -------- d-----w- c:\program files\EDIROL
2010-04-01 04:17 . 2010-04-01 04:17 -------- d-----w- c:\program files\Trend Micro
2010-03-31 03:24 . 2010-04-01 04:07 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-12 00:48 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 15:54 . 2009-08-03 15:22 -------- d-----w- c:\program files\VstPlugins
2010-03-18 23:05 . 2001-08-23 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-17 00:29 . 2010-02-14 22:39 16 ----a-w- c:\windows\msocreg32.dat
2010-03-13 23:49 . 2009-08-03 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 12:38 . 2001-08-23 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-08-03 01:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-07 03:43 . 2010-02-26 11:42 -------- d-----w- c:\program files\Image-Line
2010-03-07 03:41 . 2010-02-22 01:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft
2010-03-05 01:32 . 2010-03-05 01:32 56532 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-05 00:32 . 2009-08-11 00:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-05 00:11 . 2010-03-05 00:06 -------- d-----w- c:\program files\iTunes
2010-03-05 00:11 . 2010-03-05 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-05 00:09 . 2010-03-05 00:09 -------- d-----w- c:\program files\iPod
2010-03-05 00:08 . 2009-08-11 00:37 -------- d-----w- c:\program files\Common Files\Apple
2010-03-04 23:50 . 2010-03-04 23:48 -------- d-----w- c:\program files\QuickTime
2010-03-04 23:21 . 2010-03-04 23:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-03 00:05 . 2009-08-03 02:24 69232 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 00:32 . 2010-02-08 00:02 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe
2010-03-01 00:29 . 2010-02-08 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook
2010-02-27 07:57 . 2009-08-03 17:53 -------- d-----w- c:\program files\Microsoft Works
2010-02-27 00:49 . 2010-02-27 00:49 -------- d-----w- c:\program files\FileASSASSIN
2010-02-26 23:26 . 2009-08-06 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-22 02:57 . 2010-02-22 02:57 -------- d-----w- c:\program files\Aida
2010-02-22 01:55 . 2009-08-22 12:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Unity
2010-02-22 01:55 . 2009-08-22 11:28 -------- d-----w- c:\program files\Unity
2010-02-22 00:10 . 2010-02-22 00:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2010-02-21 13:06 . 2009-10-14 00:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-20 23:42 . 2009-08-03 15:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-02-14 22:27 . 2009-08-03 03:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 22:27 . 2010-02-14 22:27 -------- d-----w- c:\program files\IK Multimedia
2010-02-10 00:34 . 2009-08-03 15:02 -------- d-----w- c:\program files\Dell
2010-02-04 14:01 . 2010-02-21 14:35 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 14:01 . 2010-02-21 14:35 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 14:01 . 2010-02-21 14:35 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 14:01 . 2010-02-21 14:35 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-13 14:57 . 2010-01-13 14:57 2157 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-01-13 14:28 . 2010-01-13 14:28 2165 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-01-13 14:27 . 2010-01-13 14:27 2095 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\login.live.com
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2009-12-7 3656]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
short.zip [2010-4-7 0]
Windows Defender.lnk - c:\plugins\Server.jar [2010-2-28 448750]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 01:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"snpstd3"=c:\windows\vsnpstd3.exe
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\lxdwcoms.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/6/2009 2:57 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/6/2009 2:57 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/6/2009 7:42 PM 297752]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [9/20/2009 10:54 AM 98984]
.
Contents of the 'Scheduled Tasks' folder
2009-12-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-28 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.pr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7o8duowg.default\
FF - plugin: c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-07 20:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdwcoms.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-07 21:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-08 01:04
ComboFix2.txt 2010-04-07 04:23
Pre-Run: 1,232,523,264 bytes free
Post-Run: 1,217,609,728 bytes free
- - End Of File - - E0704497514571F8A52C12E4860DED22
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
MALWAREBITES
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3967
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
4/7/2010 11:30:45 PM
mbam-log-2010-04-07 (23-30-45).txt
Scan type: Full scan (C:\|)
Objects scanned: 157424
Time elapsed: 2 hour(s), 11 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Sonic.Reality.Sonik.Synth.2.VSTi.DXi.RTAS.AU.iSO-SPiRiT\ikssynkg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Image-Line\FL Studio 9\FL.exe (Hoax.BadJoke) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\19698511-55c8-f003-2225-1865c63cf31a.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
ESET
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.UI trojan cleaned - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016742.bat BAT/KillAV.NBD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016743.bat BAT/KillAV.NBD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016744.bat BAT/KillWin.NBF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016748.bat BAT/KillFiles.NCJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016753.bat BAT/CDEject.C trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016759.bat BAT/Netstop.NAB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016761.bat BAT/Disabler.NAD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016764.bat BAT/KeyboardDisable.C trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016765.bat BAT/KeyboardDisable.C trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016766.bat BAT/MouseDisable.AD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{7B1E1AAA-9E6E-48FF-BFA3-300D2D09A4DC}\RP13\A0016767.bat BAT/MouseDisable.AD trojan cleaned by deleting - quarantined
Why there is not a single antivirus that can treat all this viruses and trojans and malwares at once??? Whithout people like you this would be imposible to fix. Thanks you again...Let me know the next step....