• An Australian Member of
• 
• and
• 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:25 AM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\HijackThis\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{53D6F619-E891-4E2F-84E9-735E2C2C1EA2}: NameServer = 202.165.244.2,202.125.115.27
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 6604 bytes

ComboFix 08-03-05.3 - Faraz Ahmed 2008-03-08 11:18:07.3 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.185 [GMT 5:00]
Running from: C:\Documents and Settings\Faraz Ahmed\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-02-08 to 2008-03-08  )))))))))))))))))))))))))))))))
.

2008-03-07 08:11 . 2008-03-07 08:11    <DIR>    d--------    C:\Program Files\Lavasoft
2008-03-07 08:11 . 2008-03-07 08:11    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-03-07 07:13 . 2004-08-04 00:56    388,608    --a------    C:\CF633.exe
2008-03-06 15:46 . 2004-08-04 00:56    577,024    --a------    C:\WINDOWS\system32\dllcache\user32.dll
2008-03-06 15:44 . 2008-03-06 15:44    <DIR>    d--------    C:\WINDOWS\ERUNT
2008-03-06 15:41 . 2008-03-05 02:37    <DIR>    d--------    C:\SDFix
2008-03-05 15:30 . 2008-03-05 15:30    <DIR>    d--------    C:\HijackThis
2008-03-05 00:44 . 2008-03-05 00:44    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 22:48 . 2008-03-04 22:48    <DIR>    d--------    C:\WINDOWS\system32\NtmsData
2008-03-04 19:18 . 2008-03-04 19:18    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2008-03-03 22:25 . 2008-03-03 22:25    <DIR>    d--------    C:\Program Files\Yahoo!
2008-03-02 11:49 . 2005-10-18 10:36    109,248    --a------    C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-02 11:49 . 1999-12-14 01:57    41,008    --a------    C:\WINDOWS\system32\DCSysTray.ocx
2008-02-25 09:20 . 2008-02-25 09:20    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2008-02-25 08:56 . 1998-06-18 00:00    89,360    --a------    C:\WINDOWS\system32\VB5DB.DLL
2008-02-25 08:55 . 2008-02-25 08:55    <DIR>    d--------    C:\Program Files\Ad Word Analyzer
2008-02-24 15:42 . 2008-02-24 15:42    <DIR>    d--------    C:\Program Files\Bonjour
2008-02-24 15:36 . 2008-02-24 15:36    <DIR>    d--------    C:\Program Files\Common Files\Macrovision Shared
2008-02-24 12:34 . 2008-03-08 11:11    3,284    --a------    C:\WINDOWS\system32\ANIWZCS{53D6F619-E891-4E2F-84E9-735E2C2C1EA2}
2008-02-22 19:11 . 2008-02-22 19:11    <DIR>    d--------    C:\Westwood
2008-02-22 19:11 . 2008-02-22 19:11    <DIR>    d--------    C:\Documents and Settings\Faraz Ahmed\WINDOWS
2008-02-22 19:11 . 1997-04-08 20:08    299,520    --a------    C:\WINDOWS\uninst.exe
2008-02-17 16:11 . 2008-02-17 16:11    <DIR>    d--------    C:\Program Files\Force5
2008-02-17 16:11 . 2004-02-10 23:32    491,520    --a------    C:\WINDOWS\system32\vbalSGrid6.ocx
2008-02-17 16:11 . 2005-09-10 15:57    143,360    --a------    C:\WINDOWS\system32\vbMHWB.dll
2008-02-17 16:11 . 2000-05-22 15:58    140,488    --a------    C:\WINDOWS\system32\COMDLG32.OCX
2008-02-17 16:11 . 2003-04-01 06:36    94,208    --a------    C:\WINDOWS\system32\vbalIml6.ocx
2008-02-17 16:11 . 2006-01-11 04:13    69,632    --a------    C:\WINDOWS\system32\sfFrameControl.ocx
2008-02-17 16:11 . 2003-01-26 12:41    40,960    --a------    C:\WINDOWS\system32\SSubTmr6.dll
2008-02-16 08:48 . 2008-02-16 08:48    <DIR>    d--------    C:\Program Files\Comical
2008-02-15 08:14 . 2008-02-15 08:14    <DIR>    d--------    C:\WINDOWS\system32\WTablet
2008-02-15 08:14 . 2008-02-15 08:14    <DIR>    d--------    C:\Program Files\Tablet
2008-02-15 08:14 . 2005-01-10 16:10    1,425,408    ---------    C:\WINDOWS\system32\PenTablet.cpl
2008-02-15 08:14 . 2005-01-10 15:49    1,343,424    ---------    C:\WINDOWS\system32\PenTablet.znc
2008-02-15 08:14 . 2005-01-10 16:10    729,088    ---------    C:\WINDOWS\system32\Tablet.exe
2008-02-15 08:14 . 2005-01-10 16:04    102,400    ---------    C:\WINDOWS\system32\Wintab32.dll
2008-02-15 08:14 . 2005-01-10 16:02    44,544    ---------    C:\WINDOWS\system32\TabHook.dll
2008-02-15 08:14 . 1999-05-07 13:12    15,744    ---------    C:\WINDOWS\system32\Wintab.dll
2008-02-15 08:14 . 2008-03-08 11:10    12,398    --a------    C:\WINDOWS\system32\tablet.dat
2008-02-15 08:14 . 2001-04-09 17:45    8,138    ---------    C:\WINDOWS\system32\drivers\PenClass.sys
2008-02-11 18:58 . 2008-02-11 18:58    <DIR>    d--------    C:\Program Files\Common Files\Download Manager
2008-02-11 18:58 . 2008-02-11 18:59    <DIR>    d--------    C:\Documents and Settings\Faraz Ahmed\Application Data\DiVision Studios XAvenger Demo
2008-02-10 17:13 . 1997-04-02 07:04    482,576    --a------    C:\WINDOWS\system\Comctl32.dll
2008-02-10 17:11 . 2008-02-10 17:11    <DIR>    d--------    C:\StarCraft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:49    ---------    d-----w    C:\Program Files\eRightSoft
2008-02-04 05:09    ---------    d-----w    C:\Program Files\DiskInternals
2008-02-01 13:34    ---------    d-----w    C:\Program Files\Mozilla Thunderbird
2008-02-01 13:34    ---------    d-----w    C:\Documents and Settings\Faraz Ahmed\Application Data\Thunderbird
2008-01-28 10:54    ---------    d-----w    C:\Documents and Settings\Faraz Ahmed\Application Data\vlc
2008-01-28 10:52    ---------    d-----w    C:\Program Files\VideoLAN
2008-01-26 02:04    ---------    d-----w    C:\Program Files\Codec Pack - All In 1
2008-01-26 02:03    737,280    ----a-w    C:\WINDOWS\iun6002.exe
2008-01-23 20:16    ---------    d-----w    C:\Program Files\uTorrent
2008-01-23 20:16    ---------    d-----w    C:\Documents and Settings\Faraz Ahmed\Application Data\uTorrent
2008-01-17 17:11    ---------    d-----w    C:\Program Files\MSIDVD
2008-01-17 17:11    ---------    d-----w    C:\Program Files\CyberLink
2008-01-17 17:11    ---------    d-----w    C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2008-01-16 04:58    ---------    d-----w    C:\Program Files\Paint.NET
2008-01-16 03:10    253,116    ----a-w    C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6750.exe
2008-01-16 03:10    14,290    ----a-w    C:\Program Files\settings.dat
2008-01-16 03:10    ---------    d-----w    C:\Program Files\PDFCreator Toolbar
2008-01-16 03:10    ---------    d-----w    C:\Program Files\PDFCreator
2008-01-15 13:24    ---------    d-----w    C:\Documents and Settings\Faraz Ahmed\Application Data\AdobeUM
2008-01-15 13:23    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-01-15 03:26    ---------    d-----w    C:\Program Files\FLVPlayer
2008-01-14 03:50    ---------    d-----w    C:\Program Files\FileZilla
2008-01-13 17:44    ---------    d-----w    C:\Program Files\Orbitdownloader
2008-01-13 17:44    ---------    d-----w    C:\Documents and Settings\Faraz Ahmed\Application Data\Orbit
2007-12-21 06:45    558,142    ----a-w    C:\WINDOWS\java\Packages\39FVTVDJ.ZIP
2007-12-21 06:45    155,995    ----a-w    C:\WINDOWS\java\Packages\CUSYI7FD.ZIP
2007-12-14 06:32    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2006-05-03 09:06    163,328    --sh--r    C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47    31,232    --sh--r    C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-03-07_ 8.05.15.93   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-07 03:11:20    1,038,336    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-03-07 03:11:20    178,688    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-03-07 03:11:20    171,008    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-03-07 03:11:20    8,704    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 08:37:26    6,272    ----a-w    C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 07:58:08    8,320    ----a-w    C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 07:56:58    9,344    ----a-w    C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2008-03-07 18:48:30    16,384    ----a-w    C:\WINDOWS\Temp\Perflib_Perfdata_4dc.dat
+ 2008-03-08 06:10:34    16,384    ----a-w    C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 15:29 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-06-06 14:18 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-06-21 11:51 81920]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 10:31 126976]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:00 79224]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-15 08:14:19 106496]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-01-13 22:44:40 1674432]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 18:20]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 00:28]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\System32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\System32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11809950-b70a-11dc-8f3c-000ae4f38616}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 11:19:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-03-08 11:20:16
ComboFix-quarantined-files.txt  2008-03-08 06:20:14
ComboFix3.txt  2008-03-07 03:05:30
ComboFix2.txt  2008-03-07 18:50:02

• An Australian Member of
• 
• and
•