ComboFix 08-06-10.5 - Arne 2008-06-11 16:49:15.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1044.18.2533 [GMT 2:00]
Running from: C:\Documents and Settings\Arne\Skrivebord\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-11 to 2008-06-11  )))))))))))))))))))))))))))))))
.

2008-06-11 16:40 . 2008-06-11 16:40	<DIR>	d--------	C:\Programfiler\Malwarebytes' Anti-Malware
2008-06-11 16:40 . 2008-06-11 16:40	<DIR>	d--------	C:\Documents and Settings\Arne\Programdata\Malwarebytes
2008-06-11 16:40 . 2008-06-11 16:40	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-06-11 16:40 . 2008-06-10 19:02	34,296	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 16:40 . 2008-06-10 19:02	15,864	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-06-11 16:18 . 2008-06-11 16:19	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-06-11 16:14 . 2008-04-14 18:01	272,256	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:14 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 22:46 . 2008-06-11 16:46	<DIR>	dr-h-----	C:\Documents and Settings\Arne\Siste
2008-06-10 19:40 . 2008-06-10 19:55	<DIR>	d--------	C:\Documents and Settings\Arne\Programdata\Uniblue
2008-06-10 19:01 . 2008-06-10 19:01	<DIR>	d--------	C:\Programfiler\Trend Micro
2008-06-10 18:58 . 2008-06-10 18:58	<DIR>	d--------	C:\Programfiler\XBox 360 Controller for Windows Software
2008-06-10 18:46 . 2008-06-10 18:46	<DIR>	d--------	C:\Programfiler\TechTracker
2008-06-10 18:46 . 2008-06-10 19:03	<DIR>	d--------	C:\Documents and Settings\Arne\Programdata\VersionTracker Pro
2008-06-08 16:30 . 2006-01-10 10:50	24,576	-ra------	C:\WINDOWS\system32\AsIO.dll
2008-06-08 16:30 . 2005-12-22 04:22	5,685	-ra------	C:\WINDOWS\system32\drivers\AsIO.sys
2008-06-08 16:09 . 2008-06-10 18:22	<DIR>	d--------	C:\Programfiler\Asus
2008-06-06 17:49 . 2008-06-06 17:49	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\media center programs
2008-06-06 17:05 . 2008-06-06 17:05	<DIR>	d--------	C:\Programfiler\Funcom
2008-06-06 17:05 . 2008-06-06 17:05	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Funcom
2008-06-02 20:25 . 2008-06-02 20:25	<DIR>	d--------	C:\Documents and Settings\Arne\Programdata\Games
2008-06-02 20:25 . 2008-06-02 20:25	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\InstallShield
2008-06-02 20:24 . 2008-06-02 20:24	278,984	--a------	C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-02 20:24 . 2008-06-02 20:24	25,416	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-01 09:15 . 2008-06-01 09:15	<DIR>	d--------	C:\Programfiler\Codemasters
2008-05-25 01:03 . 2008-06-07 11:53	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-05-25 01:03 . 2008-05-25 01:03	1,409	--a------	C:\WINDOWS\QTFont.for
2008-05-24 16:44 . 2008-05-24 16:44	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Aspyr
2008-05-24 11:08 . 2008-05-24 11:13	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\TrackMania
2008-05-24 11:04 . 2008-05-24 11:08	<DIR>	d--------	C:\Programfiler\TmUnitedForever
2008-05-20 17:15 . 2008-05-20 18:36	<DIR>	d--------	C:\Documents and Settings\Arne\.housecall6.6
2008-05-18 19:21 . 2008-05-29 19:50	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Codemasters
2008-05-18 19:18 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll
2008-05-18 19:18 . 2008-03-05 15:56	1,420,824	--a------	C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-18 19:18 . 2008-04-28 12:29	805,400	-ra------	C:\WINDOWS\system32\tmp2658.tmp
2008-05-18 19:18 . 2008-04-28 12:29	805,400	-ra------	C:\WINDOWS\system32\tmp2657.tmp
2008-05-18 19:18 . 2008-03-05 16:03	479,752	--a------	C:\WINDOWS\system32\XAudio2_0.dll
2008-05-18 19:18 . 2008-02-05 23:07	462,864	--a------	C:\WINDOWS\system32\d3dx10_37.dll
2008-05-18 19:18 . 2008-03-05 16:03	238,088	--a------	C:\WINDOWS\system32\xactengine3_0.dll
2008-05-18 19:18 . 2008-03-05 16:00	25,608	--a------	C:\WINDOWS\system32\X3DAudio1_3.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 17:04	---------	d-----w	C:\Documents and Settings\Arne\Programdata\uTorrent
2008-06-10 16:22	---------	d--h--w	C:\Programfiler\InstallShield Installation Information
2008-06-10 16:22	---------	d-----w	C:\Programfiler\Fellesfiler\InstallShield
2008-06-08 10:44	---------	d-----w	C:\Programfiler\Steam
2008-06-07 05:32	---------	d-----w	C:\Programfiler\Ubisoft
2008-06-02 18:25	---------	d-----w	C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-06-02 18:25	---------	d-----w	C:\Programfiler\AGEIA Technologies
2008-05-18 17:18	444,952	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-05-18 17:18	109,080	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-05-18 17:18	---------	d-----w	C:\Programfiler\OpenAL
2008-05-18 08:32	---------	d-----w	C:\Documents and Settings\Arne\Programdata\dvdcss
2008-05-11 23:24	---------	d-----w	C:\Documents and Settings\Arne\Programdata\Winamp
2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll
2008-05-06 18:11	---------	d-----w	C:\Programfiler\Guitar Pro 5
2008-05-03 13:43	---------	d-----w	C:\Documents and Settings\Arne\Programdata\Gearbox Software
2008-05-03 00:14	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Ubisoft
2008-05-02 19:26	---------	d-----w	C:\Programfiler\SCi Games
2008-05-01 22:23	---------	d-----w	C:\Programfiler\Google
2008-04-30 22:48	---------	d-----w	C:\Programfiler\Fellesfiler\DirectX
2008-04-30 15:27	442,368	----a-w	C:\WINDOWS\system32\NVUNINST.EXE
2008-04-28 14:33	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2008-04-28 14:33	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-28 14:33	22,328	----a-w	C:\Documents and Settings\Arne\Programdata\PnkBstrK.sys
2008-04-28 14:33	2,337,865	----a-w	C:\WINDOWS\system32\pbsvc.exe
2008-04-28 14:33	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-04-28 09:35	---------	d-----w	C:\Programfiler\Activision
2008-04-28 05:47	---------	d-----w	C:\Programfiler\Microsoft Games
2008-04-27 21:11	---------	d-----w	C:\Programfiler\MSXML 4.0
2008-04-27 07:12	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Apple Computer
2008-04-27 07:03	---------	d-----w	C:\Programfiler\QuickTime
2008-04-27 00:11	---------	d-----w	C:\Programfiler\Windows Media Connect 2
2008-04-26 23:37	---------	d-----w	C:\Programfiler\RadarSync Ltd
2008-04-26 08:33	---------	d-----w	C:\Programfiler\THQ
2008-04-26 07:32	---------	d-----w	C:\Programfiler\NSR_Stage_1
2008-04-26 06:13	---------	d-----w	C:\Programfiler\Electronic Arts
2008-04-25 20:27	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2008-04-25 19:19	---------	d--h--r	C:\Documents and Settings\Arne\Programdata\SecuROM
2008-04-25 19:07	---------	d-----w	C:\Documents and Settings\Arne\Programdata\InstallShield
2008-04-25 18:15	---------	d-----w	C:\Programfiler\Winamp
2008-04-25 07:38	---------	d-----w	C:\Programfiler\GTR2
2008-04-25 06:36	23,600	----a-w	C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-04-25 06:03	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-25 06:03	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-04-25 05:59	---------	d-----w	C:\Programfiler\Fellesfiler\Logitech
2008-04-25 05:58	---------	d-----w	C:\Programfiler\Logitech
2008-04-24 22:16	---------	d-----w	C:\Programfiler\Realtek
2008-04-24 22:11	---------	d-----w	C:\Programfiler\Analog Devices
2008-04-24 22:02	---------	d-----w	C:\Programfiler\Intel
2008-04-24 21:46	---------	d-----w	C:\Programfiler\microsoft frontpage
2008-04-24 21:45	---------	d-----w	C:\Programfiler\Elektroniske tjenester
2008-04-24 21:44	---------	d-----w	C:\Programfiler\uTorrent
2008-04-24 21:44	---------	d-----w	C:\Programfiler\Fellesfiler\Tjenester
2008-04-24 21:37	---------	d-----w	C:\Programfiler\Fellesfiler\Adobe
2008-04-24 21:13	---------	d-----w	C:\Documents and Settings\Arne\Programdata\vlc
2008-04-24 21:08	---------	d-----w	C:\Programfiler\VideoLAN
2008-04-24 21:00	---------	d-----w	C:\Documents and Settings\Arne\Programdata\JLC's Software
2008-04-24 20:09	---------	d-----w	C:\Programfiler\Alcohol Soft
2008-04-24 20:07	716,272	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 20:01	---------	d-----w	C:\Programfiler\Java
2008-04-24 20:00	---------	d-----w	C:\Programfiler\Fellesfiler\Java
2008-04-24 19:54	---------	d-----w	C:\Programfiler\CCleaner
2008-04-24 19:30	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Grisoft
2008-04-24 19:27	---------	d-----w	C:\Programfiler\ESET
2008-04-24 19:27	---------	d-----w	C:\Documents and Settings\All Users\Programdata\ESET
2008-04-23 04:22	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-04-14 16:39	1,804	----a-w	C:\WINDOWS\system32\dcache.bin
2008-04-14 16:26	330,752	----a-w	C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:22	996,352	----a-w	C:\WINDOWS\system32\msgina.dll
2008-04-14 16:21	98,304	----a-w	C:\WINDOWS\system32\actxprxy.dll
2008-04-14 16:20	7,680	----a-w	C:\WINDOWS\system32\kbdsmsno.dll
2008-04-14 16:19	9,344	----a-w	C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:19	3,584	----a-w	C:\WINDOWS\system32\icmp.dll
2008-04-14 16:19	3,072	----a-w	C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:19	3,072	----a-w	C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:19	285,696	----a-w	C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:19	16,896	----a-w	C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 16:01	272,256	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:56	73,344	----a-w	C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:56	120,192	----a-w	C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:55	80,000	----a-w	C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:55	68,224	----a-w	C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:55	46,592	----a-w	C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:53	2,146,816	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:53	2,025,472	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:52	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:50	799,872	----a-w	C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:50	24,448	----a-w	C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:50	153,344	----a-w	C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:50	14,592	----a-w	C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:49	79,360	------w	C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:49	37,376	----a-w	C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:48	77,312	------w	C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:48	40,576	----a-w	C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:48	40,192	----a-w	C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:47	556,032	----a-w	C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:47	47,616	----a-w	C:\WINDOWS\system32\inetres.dll
2008-04-14 15:46	64,640	----a-w	C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:45	51,840	----a-w	C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:44	25,600	------w	C:\WINDOWS\system32\drivers\hidbth.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2008-01-18 02:51 208896]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-24 21:28 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 18:49 217544 C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Programfiler\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Programfiler\\NSR_Stage_1\\Bin\\NSR_S1.exe"=
"C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\TmUnitedForever\\TmForever.exe"=
"C:\\Programfiler\\Steam\\steamapps\\common\\top spin 2\\Data\\Top Spin 2.exe"=
"C:\\Programfiler\\Codemasters\\DiRT\\DiRT.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-10 19:02]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 17:40:11 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-10 17:40:09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 16:51:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 16:51:43
ComboFix-quarantined-files.txt  2008-06-11 14:51:41

Pre-Run: 209,597,739,008 byte ledig
Post-Run: 209,594,724,352 byte ledig

220	--- E O F ---	2008-06-11 14:19:59