tena_79

Thank you for your reply, here is the combo fix report.


ComboFix 07-12-02.7 - Yakansang 2007-12-04 9:12:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.143 [GMT 8:00]
Running from: C:\Documents and Settings\Yakansang\desktop\combofix.exe
Command switches used :: /KillAll
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Yakansang\Application Data\macromedia\Flash Player\#SharedObjects\XSEFZ9BX\iforex.com
C:\Documents and Settings\Yakansang\Application Data\macromedia\Flash Player\#SharedObjects\XSEFZ9BX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Yakansang\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Yakansang\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\components

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-11-30 16:51 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-30 16:51 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-30 10:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-11-30 10:18 . 2001-08-17 12:48 281,600 --a--c--- C:\WINDOWS\system32\dllcache\atimtai.sys
2007-11-30 10:17 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2007-11-30 10:16 . 2001-08-17 14:07 56,960 --a--c--- C:\WINDOWS\system32\dllcache\aic78xx.sys
2007-11-30 10:16 . 2001-08-17 14:07 55,168 --a--c--- C:\WINDOWS\system32\dllcache\aic78u2.sys
2007-11-30 10:16 . 2001-08-17 12:11 27,678 --a--c--- C:\WINDOWS\system32\dllcache\ali5261.sys
2007-11-30 10:16 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\alifir.sys
2007-11-30 10:16 . 2001-08-17 13:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys
2007-11-30 10:16 . 2001-08-17 13:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys
2007-11-30 10:14 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-11-30 10:14 . 2001-08-17 14:55 689,216 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvs.dll
2007-11-30 10:14 . 2001-08-17 22:36 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2007-11-30 10:14 . 2001-08-17 12:48 148,352 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2007-11-30 10:14 . 2001-08-17 22:36 98,304 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2007-11-30 10:14 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2007-11-30 10:14 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2007-11-30 10:14 . 2001-08-17 14:55 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-11-30 10:14 . 2001-08-17 13:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys
2007-11-30 10:14 . 2004-08-03 23:00 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2007-11-30 10:14 . 2001-08-17 14:06 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2007-11-30 10:12 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-11-27 16:16 . 2007-11-27 16:16 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-27 16:06 . 2007-11-27 16:07 <DIR> d-------- C:\Program Files\Crawler
2007-11-27 16:05 . 2007-12-03 11:33 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-27 16:05 . 2007-12-03 11:01 <DIR> d-------- C:\Documents and Settings\Yakansang\Application Data\Spyware Terminator
2007-11-27 16:05 . 2007-12-03 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-26 16:26 . 2007-11-26 16:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 16:26 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-26 11:59 . 2007-11-27 11:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-26 11:59 . 2007-11-26 11:59 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-26 11:59 . 2007-11-26 11:59 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-26 11:59 . 2007-11-26 11:59 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-26 10:46 . 2007-11-26 10:46 <DIR> d-------- C:\Deckard
2007-11-26 10:21 . 2007-11-26 10:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-23 08:58 . 2007-11-23 08:58 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-23 08:58 . 2007-11-23 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-23 08:58 . 2007-12-04 09:18 6,003,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 08:58 . 2007-12-04 09:18 61,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 08:58 . 2007-12-04 09:19 55,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-23 08:58 . 2007-12-04 09:18 6,212 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-20 10:36 . 2007-11-20 10:36 <DIR> d-------- C:\WINDOWS\system32\upft
2007-11-20 09:19 . 2007-11-23 10:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 09:19 . 2007-11-20 09:19 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 01:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2007-12-04 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2007-11-30 09:07 --------- d-----w C:\Documents and Settings\Yakansang\Application Data\MySQL
2007-11-30 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-29 09:11 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-29 09:11 --------- d-----w C:\Program Files\Ahead
2007-11-28 00:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-26 06:53 --------- d-----w C:\Program Files\prjJtksm_WC
2007-11-26 06:53 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-20 06:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-20 06:09 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-12 01:18 --------- d-----w C:\Program Files\Java
2007-11-01 02:21 --------- d-----w C:\Program Files\Common Files\NSV
2007-10-29 00:34 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-10-29 00:28 --------- d-----w C:\Program Files\Macromedia
2007-10-10 02:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-08 01:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-08 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 01:16 --------- d-----w C:\Program Files\PSCS2Updater
2007-10-08 01:10 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-08 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-27 16:14]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 08:30]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-26 09:43]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 09:43]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\ccleaner.exe /AUTO

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
C:\Program Files\Glass2k\Glass2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)
"Nakido"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
S2 XAMPP;XAMPP Service;C:\Program Files\xampp\service.exe
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23fbf5f0-6fcc-11db-bd80-005056c00008}]
\Shell\AutoRun\command - E:\idstick.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b4d1570-d378-11db-aaef-005056c00008}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 09:22:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 9:24:42 - machine was rebooted
.
--- E O F ---



I have 3 antivirus installed because I thought that if one antivirus can't detect the virus, then another one can.

For your information, while the combofix is running, my kapersky antivirus detected that dss.exe is a trojan program so kapersky deleted it. Then while my pc is re-booting, the kapersky once again detected that there's a virus in the system but I have forgotten where, but it's a dll file.It said the program can't be accessed because access is denied and can't be deleted or disinfected, so kapersky didn't give me any other choice than the skip button for the file.