Hello i have done the scan, and have posted up my results *see attacthments*
Thankfully it seems to have removed the "Anti Virus Pro" constant installation, also windows update suddenly has alot of updates needed for my computer (I think that the anti virus spoof was preventing windows updates to get onto my computer) do you think i should update, or wait further more information from your team?
Thanks very much for your help guys, i really appreciate it!!
ComboFix 08-11-17.06 - Compaq_Administrator 2008-11-18 17:03:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2590 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-fix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Compaq_Administrator\Cookies\ixezulupi.bat
c:\documents and settings\Compaq_Administrator\Cookies\ocilo.lib
c:\documents and settings\Compaq_Administrator\Cookies\rirok.dll
c:\documents and settings\Compaq_Administrator\Cookies\ujeragoryr.reg
c:\documents and settings\Compaq_Administrator\Cookies\ynuwedavo.db
c:\documents and settings\Compaq_Administrator\Local Settings\Temporary Internet Files\nucidaviwa.lib
c:\windows\brastk.exe
c:\windows\karna.dat
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\brastk.exe
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\karna.dat
c:\windows\system32\wini10894.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.
2008-11-18 17:06 . 2004-08-09 14:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-16 01:41 . 2008-11-16 01:41 917,504 --a------ c:\windows\system32\FLASH.OCX
2008-11-15 02:52 . 2008-11-15 02:52 19,110 --a------ c:\documents and settings\All Users\Application Data\elarejalev.pif
2008-11-15 02:52 . 2008-11-15 02:52 18,432 --a------ c:\windows\josepes.reg
2008-11-15 02:52 . 2008-11-15 02:52 17,689 --a------ c:\windows\xoraq.exe
2008-11-15 02:52 . 2008-11-15 02:52 16,297 --a------ c:\windows\boguje.dll
2008-11-15 02:52 . 2008-11-15 02:52 15,530 --a------ c:\documents and settings\Compaq_Administrator\Application Data\zegodyren.dat
2008-11-15 02:52 . 2008-11-15 02:52 15,314 --a------ c:\windows\epynoguvac.pif
2008-11-15 02:52 . 2008-11-15 02:52 11,183 --a------ c:\documents and settings\Compaq_Administrator\Application Data\afozynenux.pif
2008-11-15 02:52 . 2008-11-15 02:52 10,902 --a------ c:\windows\tyto.bat
2008-11-15 02:43 . 2008-11-15 02:43 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\AVGTOOLBAR
2008-11-15 02:43 . 2008-11-16 01:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-15 01:43 . 2008-11-15 01:43 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-11-15 01:43 . 2008-11-15 01:43 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-15 01:29 . 2008-11-15 01:29 <DIR> d-------- C:\Softpaq
2008-11-14 11:39 . 2008-11-14 11:39 148 --a------ c:\documents and settings\Compaq_Administrator\delself.bat
2008-11-14 02:27 . 2008-11-14 02:27 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{DE032019-B933-4DF4-9174-48C52613DA13}
2008-11-14 01:51 . 2008-11-14 01:51 <DIR> d-------- c:\windows\CDIIWall3res
2008-11-14 01:51 . 2008-11-14 01:51 6,144,054 --a------ c:\windows\CopperDeckII_1600.bmp
2008-11-14 01:43 . 2008-11-14 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Stardock
2008-11-14 01:43 . 2007-10-28 01:55 4,969,832 --a------ c:\windows\system32\Arileen.scr
2008-11-14 01:43 . 2008-11-14 01:43 3,932,214 --a------ c:\windows\Arileen 1280x1024.bmp
2008-11-14 01:43 . 2008-11-14 01:43 7,852 --a------ c:\windows\system32\mcdmsg7.dll
2008-11-14 01:40 . 2000-10-20 01:05 25,088 --a------ c:\windows\system32\msxml3a.dll
2008-11-14 01:33 . 2008-07-21 14:26 571,392 --a------ c:\windows\system32\Flurry.scr
2008-11-14 01:28 . 2008-11-14 02:27 <DIR> d-------- c:\program files\Stardock
2008-11-12 21:56 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:56 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:49 . 2008-11-11 17:49 720,896 --a------ c:\windows\iun6002ev.exe
2008-11-11 17:47 . 2008-11-11 17:50 26 --a------ c:\windows\popcinfo.dat
2008-11-10 17:41 . 2008-11-10 17:41 0 --a------ c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-11-04 00:38 . 2008-04-14 01:36 656,964 --a------ C:\New photoshop idea (Background) copy.jpg
2008-11-04 00:38 . 2008-07-09 02:09 338,998 --a------ C:\Aura Blast!.jpg
2008-11-04 00:37 . 2008-10-20 00:15 197,340 --a------ C:\Sully-YBC-spray.jpg
2008-11-02 00:01 . 1996-12-03 18:17 65,536 --a------ c:\windows\RAUNINST.EXE
2008-11-01 23:58 . 1996-08-16 13:49 298,496 --a------ c:\windows\uninst.exe
2008-11-01 16:30 . 2008-11-01 16:31 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\VideoEgg
2008-10-31 02:46 . 2008-10-31 02:46 <DIR> d-------- c:\windows\system32\msmq
2008-10-31 02:19 . 2008-10-31 02:19 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-30 04:32 . 2008-10-30 04:32 25 --a------ c:\windows\cdplayer.ini
2008-10-30 00:55 . 2008-10-30 00:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-10-28 02:23 . 2008-10-28 17:03 <DIR> d-------- c:\program files\Crysis
2008-10-28 00:28 . 2008-10-28 00:28 <DIR> d-------- c:\program files\Electronic Arts
2008-10-25 11:22 . 2008-11-05 23:32 23 --a------ c:\windows\BlendSettings.ini
2008-10-25 10:15 . 2008-10-25 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-10-25 10:08 . 2008-10-25 10:08 <DIR> d-------- c:\program files\Bethesda Softworks
2008-10-25 10:08 . 2008-10-25 10:08 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\InstallShield
2008-10-25 09:59 . 2008-10-25 10:07 <DIR> d-------- c:\program files\oblivion
2008-10-24 14:13 . 2008-10-24 14:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-10-24 14:08 . 2008-10-24 14:08 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-24 14:08 . 2008-10-24 14:08 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-24 14:07 . 2008-10-24 15:13 <DIR> d-------- c:\windows\NV28842852.TMP
2008-10-24 13:54 . 2008-10-25 02:51 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-10-24 13:54 . 2008-10-25 02:51 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab
2008-10-24 03:50 . 2008-10-24 03:50 <DIR> d-------- c:\program files\Download Manager
2008-10-24 03:50 . 2008-10-25 16:18 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\IGN_DLM
2008-10-24 02:14 . 2008-10-24 02:14 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-23 17:26 . 2008-10-15 16:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 14:37 . 2008-10-23 14:37 268 --ah----- C:\sqmdata01.sqm
2008-10-23 14:37 . 2008-10-23 14:37 244 --ah----- C:\sqmnoopt01.sqm
2008-10-21 22:54 . 2008-10-21 22:54 32 --a------ c:\windows\tdlp32.ini
2008-10-21 22:53 . 2008-11-16 03:05 <DIR> d-------- c:\program files\Xara
2008-10-21 22:53 . 2008-10-21 22:53 <DIR> d-------- c:\program files\Common Files\Xara
2008-10-19 23:56 . 2008-10-19 23:56 99,143 --a------ C:\Ollie's-Aurra-Space-YBC.jpg
2008-10-18 21:47 . 2008-11-05 21:21 <DIR> d-------- c:\program files\City of Heroes
2008-10-18 21:42 . 2008-10-18 21:42 <DIR> d-------- c:\windows\AFD5ED58271A490796C22745C83BB035.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 01:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-16 01:47 --------- d-----w c:\program files\Symantec
2008-11-16 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-15 22:34 --------- d-----w c:\program files\Common Files\Apple
2008-11-15 22:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 22:33 --------- d-----w c:\program files\ASUS
2008-11-14 23:59 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-14 19:03 --------- d-----w c:\program files\SpeedFan
2008-11-14 02:25 --------- d-----w c:\program files\Common Files\Stardock
2008-11-14 02:25 --------- d-----w c:\program files\AlienGUIse
2008-11-14 01:58 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-31 02:19 --------- d-----w c:\program files\Common Files\Real
2008-10-29 15:31 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\FileZilla
2008-10-29 12:48 --------- d-----w c:\program files\Blaze Media Pro
2008-10-24 14:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:14 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-21 23:14 --------- d-----w c:\program files\QuickTime
2008-10-21 23:14 --------- d-----w c:\program files\Microsoft Works
2008-10-21 23:14 --------- d-----w c:\program files\GemMaster
2008-10-21 09:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-15 18:23 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Sony
2008-10-10 11:04 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\AccurateRip
2008-10-09 22:36 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo
2008-10-07 12:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-10-02 01:56 --------- d-----w c:\program files\Doom 3
2008-09-30 14:58 --------- d-----w c:\program files\Ubisoft
2008-09-25 23:07 --------- d-----w c:\program files\Ventrilo
2008-09-18 04:18 --------- d-----w c:\program files\NVIDIA nTune Performance Application
2008-09-18 04:18 --------- d-----w c:\program files\NVIDIA Corporation
2008-09-16 18:38 22,328 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\PnkBstrK.sys
2008-09-05 21:28 98,304 ----a-w c:\windows\DUMP5b2f.tmp
2008-09-05 21:26 98,304 ----a-w c:\windows\DUMP5b4f.tmp
2008-09-05 21:24 98,304 ----a-w c:\windows\DUMP58af.tmp
2008-08-24 22:13 251 ----a-w c:\program files\wt3d.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-11-28 3714048]
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 415744]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-08-19 2074360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\ollie1989\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\ollie1989\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-15 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-15 29208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
HKCU-Run-brastk - c:\windows\system32\brastk.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\tsz1o7a3.default\
FF -: plugin - c:\documents and settings\Compaq_Administrator\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Download Manager\npfpdlm.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-18 17:09:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-11-18 17:15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 17:15:33
Pre-Run: 64,281,333,760 bytes free
Post-Run: 64,351,416,320 bytes free
263 --- E O F --- 2006-03-13 03:01:47