ComboFix 08-07-29.1 - Administrator 2008-07-30 19:06:58.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.478 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\inst.exe
C:\Documents and Settings\Administrator\Desktop\Error Cleaner.url
C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url
C:\Documents and Settings\Administrator\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\WINDOWS\eblv.exe
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\nfavxwdbxpw.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\wnslvxtf.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-31  )))))))))))))))))))))))))))))))
.

2008-07-30 01:21 . 2008-07-30 01:21	<DIR>	d--------	C:\Program Files\Trend Micro
2008-07-29 23:16 . 2008-07-29 23:16	1,606	--a------	C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-29 18:19 . 2008-07-29 18:19	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-29 18:15 . 2008-07-29 18:16	<DIR>	d--------	C:\WINDOWS\nview
2008-07-29 18:15 . 2006-10-22 12:22	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe
2008-07-29 18:15 . 2006-10-22 12:22	17,056	--a------	C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 18:11 . 2006-10-22 15:06	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 18:10 . 2008-07-29 18:10	<DIR>	d--------	C:\NVIDIA
2008-07-29 18:00 . 2008-07-29 18:01	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-07-29 18:00 . 2008-07-29 18:00	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-07-18 22:56 . 2008-07-18 22:56	<DIR>	d--------	C:\Program Files\Gabest
2008-07-17 18:21 . 2008-07-17 21:20	<DIR>	d--------	C:\Program Files\Audacity
2008-07-09 18:18 . 2008-07-28 19:13	<DIR>	d--------	C:\Program Files\SpeedFan
2008-07-09 18:18 . 2008-07-09 18:18	45	--a------	C:\WINDOWS\system32\initdebug.nfo
2008-06-26 10:46 . 2008-06-26 10:50	<DIR>	d--------	C:\Program Files\Mypops
2008-06-26 00:15 . 2008-06-26 00:15	<DIR>	d--------	C:\Program Files\MSTpscre
2008-06-26 00:15 . 2008-06-26 00:17	<DIR>	d--------	C:\Program Files\E.M. Youtube Video Download Tool
2008-06-26 00:02 . 2008-07-01 15:32	412	--a------	C:\WINDOWS\system32\Infob.dat
2008-06-26 00:02 . 2008-07-01 15:32	0	--a------	C:\WINDOWS\system32\Infoa.dat
2008-06-25 23:59 . 2008-06-25 23:59	<DIR>	d--------	C:\Y.D.T
2008-06-25 23:59 . 2008-06-26 00:03	354	--a------	C:\WINDOWS\system32\treeinfo.dat
2008-06-25 23:32 . 2007-02-25 15:36	383,238	--a------	C:\WINDOWS\system32\libmp3lame-0.dll
2008-06-22 23:55 . 2008-06-22 23:55	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-06-22 23:55 . 2008-06-22 23:55	1,409	--a------	C:\WINDOWS\QTFont.for
2008-06-20 10:41 . 2008-06-20 10:41	245,248	-----c---	C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 03:44 . 2008-06-20 03:44	138,368	-----c---	C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 15:46 . 2008-06-19 15:46	<DIR>	d--------	C:\Program Files\AviSynth 2.5
2008-06-19 15:43 . 2008-06-19 15:57	<DIR>	d--------	C:\Program Files\DVD2SVCD
2008-06-18 21:01 . 2008-06-18 21:01	<DIR>	d--------	C:\Program Files\Custom Technology
2008-06-18 21:01 . 2005-07-28 08:18	685,056	--a------	C:\WINDOWS\system32\drivers\hardlock.sys
2008-06-18 21:01 . 2008-07-30 19:09	0	--a------	C:\WINDOWS\TempFile
2008-06-16 19:58 . 2008-06-16 19:58	<DIR>	d--------	C:\Program Files\Xvid
2008-06-16 19:58 . 2006-11-01 14:52	765,952	--a------	C:\WINDOWS\system32\xvidcore.dll
2008-06-16 19:58 . 2007-06-28 18:54	180,224	--a------	C:\WINDOWS\system32\xvidvfw.dll
2008-06-16 19:58 . 2007-06-28 18:55	77,824	--a------	C:\WINDOWS\system32\xvid.ax
2008-06-16 18:52 . 2008-06-16 18:52	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
2008-06-16 18:51 . 2008-06-16 18:51	<DIR>	d--------	C:\Program Files\Pegasys Inc
2008-06-10 17:22 . 2008-06-13 06:10	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 22:42 . 2008-06-08 22:42	<DIR>	d--------	C:\Program Files\VSO
2008-06-08 19:14 . 2008-03-03 14:25	5,702	--ah-----	C:\WINDOWS\nod32restoretemdono.reg
2008-06-08 19:14 . 2008-03-03 18:21	568	--ah-----	C:\WINDOWS\nod32fixtemdono.reg
2008-06-08 19:13 . 2008-06-08 19:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ESET
2008-06-08 13:04 . 2008-06-08 13:06	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-06-03 18:35 . 2007-03-18 21:37	65,602	--a------	C:\WINDOWS\system32\cook3260.dll
2008-06-03 14:46 . 2006-09-29 11:24	217,127	--a------	C:\WINDOWS\system32\drv43260.dll
2008-06-03 14:46 . 2006-09-29 11:25	208,935	--a------	C:\WINDOWS\system32\drv33260.dll
2008-06-03 14:46 . 2006-09-29 11:26	176,165	--a------	C:\WINDOWS\system32\drv23260.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 06:18	---------	d-----w	C:\Program Files\PeerGuardian2
2008-07-30 03:16	---------	d-----w	C:\Program Files\mIRC
2008-07-23 02:17	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Vso
2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10	272,128	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 08:19	---------	d-----w	C:\Program Files\MSN Messenger
2008-06-09 05:42	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-09 05:42	47,360	----a-w	C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2008-06-09 02:13	---------	d-----w	C:\Program Files\ESET
2008-06-06 06:01	---------	d-----w	C:\Program Files\Google
2006-11-16 03:09	32,320	----a-w	C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-08-15 05:26	25,600	----a-w	C:\Documents and Settings\Administrator\usbsermptxp.sys
2006-08-15 05:26	22,768	----a-w	C:\Documents and Settings\Administrator\usbsermpt.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-03 23:46 5724184]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 03:15 106496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10 335872]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50 155648]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-10-27 16:07 987136]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"Tpscrex"="C:\Program Files\MSTpscre\Tpscrex.exe" [2008-06-26 00:15 110080]
"ypops"="C:\Program Files\Mypops\ypops.exe" [2008-06-26 10:50 88896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4"= MI-SC4.acm
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Rapidown.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-10-14 10:17 45056 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-10-06 13:04 492032 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 03:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 SiSRaid1;SiSRaid1;C:\WINDOWS\system32\DRIVERS\SiSRaid1.sys [2003-12-09 00:50]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-08-23 05:00]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 10:39]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-03-15 18:11]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
.
Contents of the 'Scheduled Tasks' folder

2004-10-29 C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{7EB73DDA-FC6B-4064-8B30-89E6AE779699} - C:\WINDOWS\fdkowvbp.dll
Notify-AtiExtEvent - (no file)
MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-My Web Search Bar - C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-WatchDog - C:\Program Files\mobile PhoneTools\WatchDog.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O8 -: &ICQ Toolbar Search
O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 19:10:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-07-30 19:16:38 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt  2008-07-31 02:16:35

Pre-Run: 9,306,390,528 bytes free
Post-Run: 9,237,344,256 bytes free

228	--- E O F ---	2008-07-08 23:47:45