I did the search thing and the boot.exe and idstick.exe are not found in my pc. This is my combofix report.
ComboFix 07-12-02.7 - Yakansang 2007-12-07 9:39:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.137 [GMT 8:00]
Running from: C:\Documents and Settings\Yakansang\desktop\combofix.exe
Command switches used :: /KillAll
.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.
2007-11-30 16:51 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-30 16:51 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-30 10:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-11-30 10:18 . 2001-08-17 12:48 281,600 --a--c--- C:\WINDOWS\system32\dllcache\atimtai.sys
2007-11-30 10:17 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2007-11-30 10:16 . 2001-08-17 14:07 56,960 --a--c--- C:\WINDOWS\system32\dllcache\aic78xx.sys
2007-11-30 10:16 . 2001-08-17 14:07 55,168 --a--c--- C:\WINDOWS\system32\dllcache\aic78u2.sys
2007-11-30 10:16 . 2001-08-17 12:11 27,678 --a--c--- C:\WINDOWS\system32\dllcache\ali5261.sys
2007-11-30 10:16 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\alifir.sys
2007-11-30 10:16 . 2001-08-17 13:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys
2007-11-30 10:16 . 2001-08-17 13:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys
2007-11-30 10:14 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-11-30 10:14 . 2001-08-17 14:55 689,216 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvs.dll
2007-11-30 10:14 . 2001-08-17 22:36 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2007-11-30 10:14 . 2001-08-17 12:48 148,352 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2007-11-30 10:14 . 2001-08-17 22:36 98,304 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2007-11-30 10:14 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2007-11-30 10:14 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2007-11-30 10:14 . 2001-08-17 14:55 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-11-30 10:14 . 2001-08-17 13:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys
2007-11-30 10:14 . 2004-08-03 23:00 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2007-11-30 10:14 . 2001-08-17 14:06 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2007-11-30 10:12 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-11-27 16:16 . 2007-11-27 16:16 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-27 16:06 . 2007-11-27 16:07 <DIR> d-------- C:\Program Files\Crawler
2007-11-27 16:05 . 2007-12-06 11:45 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-27 16:05 . 2007-12-06 11:00 <DIR> d-------- C:\Documents and Settings\Yakansang\Application Data\Spyware Terminator
2007-11-27 16:05 . 2007-12-06 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-26 16:26 . 2007-11-26 16:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 16:26 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-26 11:59 . 2007-12-06 08:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-26 11:59 . 2007-12-06 08:35 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-26 11:59 . 2007-12-06 08:35 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-26 11:59 . 2007-12-06 08:35 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-26 10:46 . 2007-11-26 10:46 <DIR> d-------- C:\Deckard
2007-11-26 10:21 . 2007-11-26 10:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-23 08:58 . 2007-12-07 09:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-23 08:58 . 2007-11-23 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-23 08:58 . 2007-12-07 09:47 6,003,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 08:58 . 2007-12-07 09:48 73,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-23 08:58 . 2007-12-07 09:47 72,860 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 08:58 . 2007-12-07 09:47 7,964 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-20 10:36 . 2007-11-20 10:36 <DIR> d-------- C:\WINDOWS\system32\upft
2007-11-20 09:19 . 2007-11-23 10:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 09:19 . 2007-11-20 09:19 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 01:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2007-12-07 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2007-12-05 09:13 --------- d-----w C:\Documents and Settings\Yakansang\Application Data\MySQL
2007-12-05 02:05 --------- d-----w C:\Program Files\prjJtksm_WC
2007-11-29 09:11 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-29 09:11 --------- d-----w C:\Program Files\Ahead
2007-11-26 06:53 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-20 06:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-20 06:09 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-12 01:18 --------- d-----w C:\Program Files\Java
2007-11-01 02:21 --------- d-----w C:\Program Files\Common Files\NSV
2007-10-29 00:34 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-10-29 00:28 --------- d-----w C:\Program Files\Macromedia
2007-10-10 02:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-08 01:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-08 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 01:16 --------- d-----w C:\Program Files\PSCS2Updater
2007-10-08 01:10 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-08 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-04_ 9.22.51.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-23 03:11:42 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.sys
+ 2007-12-07 00:04:56 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.sys
- 2007-11-23 03:11:43 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.sys
+ 2007-12-07 00:04:56 90,980 ----a-w C:\WINDOWS\system32\drivers\klin.sys
- 2007-12-04 01:21:19 216,770 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-12-07 01:49:12 216,769 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-27 16:14]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\ccleaner.exe /AUTO
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
C:\Program Files\Glass2k\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)
"Nakido"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE
Start Pending2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
Stop Pending2 XAMPP;XAMPP Service;C:\Program Files\xampp\service.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23fbf5f0-6fcc-11db-bd80-005056c00008}]
\Shell\AutoRun\command - E:\idstick.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b4d1570-d378-11db-aaef-005056c00008}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-07 09:49:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-07 9:51:55 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-04 09:24
.
--- E O F ---
Kapersky also detected there was a Trojan program "Trojan.Win32.Inject.mf" found in C:\DOCUME~1\YAKANS~1\LOCALS~1\Temp\igvnodyk.dll. I try to delete it but failed because then Kapersky detected it couldn't be found in the system.
You told me not to worry about the viruses in the system restore, but today Kapersky found another 3 viruses in it. What if something happened and I need to restore my pc back, do those viruses infect my pc again?