943,609 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > andt.sys & indt2.sys HELP!!
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Feb 27th, 2008
0

andt.sys & indt2.sys HELP!!

Expand Post »
Need some help getting rid of andt & indt2. Spybot doesn't pick it up, any help would be greatly appreciated. Here's a log from Hijackthis.

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Say the Time\SayTimeMain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Say the Time.lnk = C:\Program Files\Say the Time\SayTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AshampooDefragService - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 7337 bytes

Thanks.
Reputation Points: 10
Solved Threads: 0
Light Poster
digital11 is offline Offline
38 posts
since Feb 2008
Permalink
Feb 27th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Have Hijackthis fix these entries:

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe

O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
Reputation Points: 10
Solved Threads: 5
Junior Poster in Training
Malwarehunter94 is offline Offline
61 posts
since Jan 2008
Permalink
Feb 27th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Click to Expand / Collapse  Quote originally posted by Malwarehunter94 ...
Have Hijackthis fix these entries:

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe

O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

Not getting the annoying clicking anymore but: O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe - still appears on the hijackthis log.

Thanks for your help.
Reputation Points: 10
Solved Threads: 0
Light Poster
digital11 is offline Offline
38 posts
since Feb 2008
Permalink
Feb 27th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Try fixing it in safe mode, Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Run Hijackthis in safe mode and have it fix the entry.
Reputation Points: 10
Solved Threads: 5
Junior Poster in Training
Malwarehunter94 is offline Offline
61 posts
since Jan 2008
Permalink
Feb 27th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Click to Expand / Collapse  Quote originally posted by Malwarehunter94 ...
Try fixing it in safe mode, Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Run Hijackthis in safe mode and have it fix the entry.
'Fixed checked' in safe mode here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:44, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Say the Time\SayTimeMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\routing.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Say the Time.lnk = C:\Program Files\Say the Time\SayTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AshampooDefragService - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 6601 bytes

As you can see it's still showing up.
Reputation Points: 10
Solved Threads: 0
Light Poster
digital11 is offline Offline
38 posts
since Feb 2008
Permalink
Feb 27th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Click to Expand / Collapse  Quote originally posted by digital11 ...
'Fixed checked' in safe mode here's the log:
As you can see it's still showing up.
HijackThis is more a diagnostic tool than a "fixer" program.
It does not attempt to delete any actual malware files (except for those associated with 02 BHO entries). At its core, it is a powerful registry editor.
The "fixes" you are attempting are incomplete and probably being thwarted by SpyBotSD's Tea Timer feature.

FIRST:
Disable SpybotSD's Tea Timer. Do that now.

THEN:
  • Download combofix.exe by sUBs to your computer's Desktop.
  • Alternate Download
  • (If you already have a previous version, delete it and download a new version).
  • Double click combofix.exe & follow the prompts.
    Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to
  • Produce a log for you. ( C:\ComboFix\ComboFix.txt)
  • Restore your Internet connection.

IMPORTANT:
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

Please post that log for us along with a fresh HJT. Let us know if you run into any difficulty.

Best Luck
PP
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006
Permalink
Feb 27th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Hi PP;
Here's the combofix log:

ComboFix 08-02-25.3 - Rob 2008-02-28 0:44:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1607 [GMT 0:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rob\Application Data\inst.exe
C:\Program Files\internet explorer\svchost.exe
C:\WINDOWS\msvrc20.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-28 00:15 . 2008-02-28 00:15 251,392 --a------ C:\WINDOWS\system32\andt.sys
2008-02-28 00:15 . 2008-02-28 00:15 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
2008-02-27 12:32 . 2008-02-27 12:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 12:32 . 2008-02-27 12:32 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\SUPERAntiSpyware.com
2008-02-27 12:32 . 2008-02-27 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 12:31 . 2008-02-27 12:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 10:53 . 2008-02-27 23:43 7,662 --a------ C:\WINDOWS\system32\oodbs.lor
2008-02-27 00:31 . 2008-02-27 17:00 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-27 00:10 . 2008-02-27 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-02-26 23:52 . 2008-02-26 23:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 23:47 . 2008-02-27 00:27 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\PrevxCSI
2008-02-26 19:16 . 2008-02-26 19:16 0 --a------ C:\WINDOWS\OODCNT.INI
2008-02-26 18:37 . 2008-02-27 22:15 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-02-26 18:24 . 2008-02-26 18:24 <DIR> d-------- C:\Program Files\OO Software
2008-02-26 17:04 . 2008-02-26 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-02-26 14:44 . 2008-02-26 14:44 <DIR> d-------- C:\Program Files\Veoh Networks
2008-02-25 19:13 . 2008-02-27 20:52 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-02-25 19:13 . 2008-02-25 19:13 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-02-25 14:19 . 2008-02-25 14:19 <DIR> d-------- C:\Program Files\Nero
2008-02-25 14:17 . 2008-02-25 14:17 31,232 --a------ C:\WINDOWS\system32\routing.exe
2008-02-25 14:17 . 2008-02-25 14:17 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-02-25 13:39 . 2008-02-25 13:39 <DIR> d-------- C:\Program Files\PowerISO
2008-02-25 13:32 . 2008-02-25 13:32 0 --a------ C:\WINDOWS\Irremote.ini
2008-02-25 10:10 . 2007-06-25 22:30 86,016 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-02-25 10:10 . 2007-04-24 19:33 32,768 --a------ C:\WINDOWS\system32\FrogASPI.DLL
2008-02-25 09:48 . 2008-02-25 09:48 <DIR> d-------- C:\Program Files\IObit
2008-02-25 01:35 . 2008-02-25 01:35 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-02-24 21:06 . 2008-02-24 21:06 <DIR> d-------- C:\Documents and Settings\Rob\dwhelper
2008-02-23 17:31 . 2008-02-23 17:32 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\TVU networks
2008-02-23 17:31 . 2008-02-23 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-23 17:30 . 2008-02-23 17:31 <DIR> d-------- C:\Program Files\TVUPlayer
2008-02-22 10:40 . 2008-02-22 10:40 <DIR> d-------- C:\WINDOWS\Sun
2008-02-18 18:53 . 2001-09-06 10:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-02-18 18:53 . 2007-06-25 14:02 475,136 --a------ C:\WINDOWS\system32\SkinCrafter2.dll
2008-02-17 00:04 . 2008-02-17 00:04 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\vlc
2008-02-17 00:03 . 2008-02-17 00:03 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-16 10:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-16 10:18 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-02-15 23:42 . 2004-03-22 23:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-15 23:42 . 2008-02-15 23:42 376 --a------ C:\WINDOWS\ODBC.INI
2008-02-15 23:40 . 2008-02-15 23:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-15 23:35 . 2008-02-15 23:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-15 23:34 . 2008-02-15 23:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-15 23:32 . 2008-02-15 23:32 <DIR> d-------- C:\Program Files\Disc2Phone
2008-02-15 23:26 . 2008-02-15 23:26 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-15 23:24 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Teleca
2008-02-15 23:23 . 2008-02-15 23:23 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-02-15 23:23 . 2008-02-15 23:24 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-15 23:23 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-15 23:23 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-15 23:22 . 2008-02-15 23:23 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-15 23:21 . 2008-02-15 23:21 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-02-15 23:21 . 2008-02-15 23:21 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-02-15 22:51 . 2008-02-15 22:51 <DIR> d-------- C:\Program Files\Real
2008-02-15 22:51 . 2008-02-15 22:51 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-15 22:51 . 2008-02-15 22:51 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-14 13:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-14 13:27 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-13 21:14 . 2008-02-13 21:14 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-02-13 21:13 . 2008-02-26 14:43 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-13 17:24 . 2008-02-13 17:25 81 --a------ C:\WINDOWS\WB.ini
2008-02-13 06:07 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-02-13 06:07 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-13 06:07 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-02-13 03:22 . 2008-02-13 03:22 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2008-02-12 20:13 . 2008-02-12 20:13 <DIR> d-------- C:\N360_BACKUP
2008-02-12 20:11 . 2008-02-12 20:11 16 --a------ C:\WINDOWS\system32\coh.cache
2008-02-12 17:46 . 2008-02-13 18:10 <DIR> d-------- C:\Program Files\Norton 360
2008-02-12 17:40 . 2008-02-12 22:09 <DIR> d-------- C:\Program Files\Symantec
2008-02-12 17:40 . 2008-02-12 22:09 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-12 17:40 . 2008-02-12 22:09 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-12 17:40 . 2008-02-12 22:09 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-12 17:40 . 2008-02-12 22:09 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-12 17:39 . 2008-02-26 02:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 17:38 . 2008-02-27 23:44 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 17:35 . 2008-02-12 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-12 16:08 . 2008-02-12 16:08 <DIR> d-------- C:\Program Files\LimeWire
2008-02-12 16:08 . 2008-02-26 16:31 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\LimeWire
2008-02-12 01:24 . 2008-02-12 01:24 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{404C1499-24DB-49AC-BF11-F0AD2C046836}
2008-02-11 23:30 . 2008-02-11 23:28 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 23:30 . 2008-02-11 23:30 3,439 --a------ C:\WINDOWS\unins000.dat
2008-02-11 23:26 . 2008-02-27 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 23:02 . 2008-02-11 23:02 <DIR> d-------- C:\Documents and Settings\Digital\Application Data\Nero
2008-02-11 23:02 . 2008-02-11 23:02 <DIR> d-------- C:\Documents and Settings\Digital\Application Data\Grisoft
2008-02-11 22:55 . 2008-02-11 22:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 22:13 . 2008-02-11 22:14 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-02-11 20:40 . 2008-02-11 20:43 <DIR> d-------- C:\Program Files\SopCast
2008-02-11 20:26 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-02-11 20:17 . 2008-02-12 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 19:28 . 2008-02-11 19:28 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-11 19:14 . 2008-02-11 19:14 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-11 19:10 . 2008-02-11 19:10 <DIR> d-------- C:\Program Files\Say the Time
2008-02-11 19:03 . 2008-02-28 00:44 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-02-11 19:02 . 2004-08-04 04:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 18:52 . 2008-02-11 18:58 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-02-11 18:52 . 2008-02-11 18:52 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\URSoft
2008-02-11 18:52 . 2008-02-27 17:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 18:51 . 2008-02-11 18:51 <DIR> d-------- C:\Program Files\VSO
2008-02-11 18:51 . 2008-02-26 13:36 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Vso
2008-02-11 18:51 . 2008-02-11 18:51 47,360 --a------ C:\Documents and Settings\Rob\Application Data\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 22:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-11 18:51 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-11 16:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-10 13:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 13:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 13:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 02:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 23:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-08 16:50 418120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 22:51 185896]
"Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" [2007-09-19 22:10 2916528]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-02-25 19:13 2283120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"1Atardock TrayMonitor"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Say the Time.lnk - C:\Program Files\Say the Time\SayTime.exe [2007-05-18 04:00:00 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-02-11 18:09 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragTaskBar]
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 1422632 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Program Files\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-21 14:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-02-22 21:42 3537968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SpeedBit Video Accelerator\sbbotdi.sys [2008-02-25 19:13]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start []
S2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe [2004-08-07 00:15]
S2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2008-02-25 14:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setupx.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 00:45:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-28 0:46:21
ComboFix-quarantined-files.txt 2008-02-28 00:46:13
.
2008-02-16 08:19:57 --- E O F ---


& here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:47:26, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Say the Time\SayTimeMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Say the Time.lnk = C:\Program Files\Say the Time\SayTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AshampooDefragService - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 6438 bytes

I appreciate the help.
Reputation Points: 10
Solved Threads: 0
Light Poster
digital11 is offline Offline
38 posts
since Feb 2008
Permalink
Feb 27th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Click to Expand / Collapse  Quote originally posted by digital11 ...
Hi PP;
Here's the combofix log:
I appreciate the help.
Happy to try to help

-- You should uninstall Limewire


Then, let's give this a go, shall we?

-- Please DELETE your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe to start ComboFix

-- Let Combofix run as before and post me that log.

And, I guess we'll go from there....

Cheers
PP
Last edited by PhilliePhan; Nov 20th, 2009 at 8:12 pm.
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006
Permalink
Feb 28th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Hi PP. Here's the combofix log as requested:

ComboFix 08-02-25.3 - Rob 2008-02-28 10:28:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1641 [GMT 0:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rob\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\routing.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-28 00:56 . 2008-02-28 00:56 <DIR> d---s---- C:\Documents and Settings\Rob\UserData
2008-02-27 12:32 . 2008-02-27 12:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 12:32 . 2008-02-27 12:32 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\SUPERAntiSpyware.com
2008-02-27 12:32 . 2008-02-27 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 12:31 . 2008-02-27 12:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 10:53 . 2008-02-28 10:30 10,216 --a------ C:\WINDOWS\system32\oodbs.lor
2008-02-27 00:31 . 2008-02-27 17:00 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-27 00:10 . 2008-02-27 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-02-26 23:52 . 2008-02-26 23:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 23:47 . 2008-02-27 00:27 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\PrevxCSI
2008-02-26 19:16 . 2008-02-26 19:16 0 --a------ C:\WINDOWS\OODCNT.INI
2008-02-26 18:37 . 2008-02-27 22:15 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-02-26 18:24 . 2008-02-26 18:24 <DIR> d-------- C:\Program Files\OO Software
2008-02-26 17:04 . 2008-02-26 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-02-26 14:44 . 2008-02-26 14:44 <DIR> d-------- C:\Program Files\Veoh Networks
2008-02-25 19:13 . 2008-02-27 20:52 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-02-25 19:13 . 2008-02-25 19:13 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-02-25 14:19 . 2008-02-25 14:19 <DIR> d-------- C:\Program Files\Nero
2008-02-25 14:17 . 2008-02-25 14:17 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-02-25 13:39 . 2008-02-25 13:39 <DIR> d-------- C:\Program Files\PowerISO
2008-02-25 13:32 . 2008-02-25 13:32 0 --a------ C:\WINDOWS\Irremote.ini
2008-02-25 10:10 . 2007-06-25 22:30 86,016 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-02-25 10:10 . 2007-04-24 19:33 32,768 --a------ C:\WINDOWS\system32\FrogASPI.DLL
2008-02-25 09:48 . 2008-02-25 09:48 <DIR> d-------- C:\Program Files\IObit
2008-02-25 01:35 . 2008-02-25 01:35 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-02-24 21:06 . 2008-02-24 21:06 <DIR> d-------- C:\Documents and Settings\Rob\dwhelper
2008-02-23 17:31 . 2008-02-23 17:32 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\TVU networks
2008-02-23 17:31 . 2008-02-23 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-23 17:30 . 2008-02-23 17:31 <DIR> d-------- C:\Program Files\TVUPlayer
2008-02-22 10:40 . 2008-02-22 10:40 <DIR> d-------- C:\WINDOWS\Sun
2008-02-18 18:53 . 2001-09-06 10:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-02-18 18:53 . 2007-06-25 14:02 475,136 --a------ C:\WINDOWS\system32\SkinCrafter2.dll
2008-02-17 00:04 . 2008-02-17 00:04 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\vlc
2008-02-17 00:03 . 2008-02-17 00:03 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-16 10:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-16 10:18 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-02-15 23:42 . 2004-03-22 23:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-15 23:42 . 2008-02-15 23:42 376 --a------ C:\WINDOWS\ODBC.INI
2008-02-15 23:40 . 2008-02-15 23:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-15 23:35 . 2008-02-15 23:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-15 23:34 . 2008-02-15 23:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-15 23:32 . 2008-02-15 23:32 <DIR> d-------- C:\Program Files\Disc2Phone
2008-02-15 23:26 . 2008-02-15 23:26 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-15 23:24 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Teleca
2008-02-15 23:23 . 2008-02-15 23:23 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-02-15 23:23 . 2008-02-15 23:24 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-15 23:23 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-15 23:23 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-15 23:22 . 2008-02-15 23:23 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-15 23:21 . 2008-02-15 23:21 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-02-15 23:21 . 2008-02-15 23:21 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-02-15 22:51 . 2008-02-15 22:51 <DIR> d-------- C:\Program Files\Real
2008-02-15 22:51 . 2008-02-15 22:51 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-15 22:51 . 2008-02-15 22:51 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-14 13:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-14 13:27 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-13 21:14 . 2008-02-13 21:14 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-02-13 21:13 . 2008-02-26 14:43 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-13 17:24 . 2008-02-13 17:25 81 --a------ C:\WINDOWS\WB.ini
2008-02-13 06:07 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-02-13 06:07 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-13 06:07 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-02-13 03:22 . 2008-02-13 03:22 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2008-02-12 20:13 . 2008-02-12 20:13 <DIR> d-------- C:\N360_BACKUP
2008-02-12 20:11 . 2008-02-12 20:11 16 --a------ C:\WINDOWS\system32\coh.cache
2008-02-12 17:46 . 2008-02-13 18:10 <DIR> d-------- C:\Program Files\Norton 360
2008-02-12 17:40 . 2008-02-12 22:09 <DIR> d-------- C:\Program Files\Symantec
2008-02-12 17:40 . 2008-02-12 22:09 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-12 17:40 . 2008-02-12 22:09 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-12 17:40 . 2008-02-12 22:09 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-12 17:40 . 2008-02-12 22:09 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-12 17:39 . 2008-02-28 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 17:38 . 2008-02-28 10:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 17:35 . 2008-02-12 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-12 16:08 . 2008-02-26 16:31 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\LimeWire
2008-02-12 01:24 . 2008-02-12 01:24 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{404C1499-24DB-49AC-BF11-F0AD2C046836}
2008-02-11 23:30 . 2008-02-11 23:28 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 23:30 . 2008-02-11 23:30 3,439 --a------ C:\WINDOWS\unins000.dat
2008-02-11 23:26 . 2008-02-27 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 23:02 . 2008-02-11 23:02 <DIR> d-------- C:\Documents and Settings\Digital\Application Data\Nero
2008-02-11 23:02 . 2008-02-11 23:02 <DIR> d-------- C:\Documents and Settings\Digital\Application Data\Grisoft
2008-02-11 22:55 . 2008-02-11 22:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 22:13 . 2008-02-11 22:14 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-02-11 20:40 . 2008-02-11 20:43 <DIR> d-------- C:\Program Files\SopCast
2008-02-11 20:26 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-02-11 20:17 . 2008-02-12 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 19:28 . 2008-02-11 19:28 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-11 19:14 . 2008-02-11 19:14 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-11 19:10 . 2008-02-11 19:10 <DIR> d-------- C:\Program Files\Say the Time
2008-02-11 19:03 . 2008-02-28 10:27 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-02-11 19:02 . 2004-08-04 04:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 18:52 . 2008-02-11 18:58 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-02-11 18:52 . 2008-02-11 18:52 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\URSoft
2008-02-11 18:52 . 2008-02-28 10:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 18:51 . 2008-02-11 18:51 <DIR> d-------- C:\Program Files\VSO
2008-02-11 18:51 . 2008-02-26 13:36 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Vso
2008-02-11 18:51 . 2008-02-11 18:51 47,360 --a------ C:\Documents and Settings\Rob\Application Data\pcouffin.sys
2008-02-11 18:44 . 2008-02-11 18:44 <DIR> d-------- C:\Program Files\Winamp
2008-02-11 18:44 . 2008-02-19 22:05 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Winamp
2008-02-11 18:31 . 2008-02-25 23:03 69 --a------ C:\WINDOWS\NeroDigital.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 22:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-11 18:51 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-11 16:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-10 13:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 13:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 13:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 02:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 23:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-08 16:50 418120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 22:51 185896]
"Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" [2007-09-19 22:10 2916528]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-02-25 19:13 2283120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"1Atardock TrayMonitor"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Say the Time.lnk - C:\Program Files\Say the Time\SayTime.exe [2007-05-18 04:00:00 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-02-11 18:09 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragTaskBar]
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 1422632 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Program Files\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-21 14:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-02-22 21:42 3537968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SpeedBit Video Accelerator\sbbotdi.sys [2008-02-25 19:13]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start []
S2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setupx.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 10:30:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Say the Time\SayTimeMain.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-02-28 10:34:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 10:34:06
ComboFix2.txt 2008-02-28 10:22:56
ComboFix3.txt 2008-02-28 00:46:22
.
2008-02-16 08:19:57 --- E O F ---

Ta.
Reputation Points: 10
Solved Threads: 0
Light Poster
digital11 is offline Offline
38 posts
since Feb 2008
Permalink
Feb 28th, 2008
0

Re: andt.sys & indt2.sys HELP!!

Hi digital11,

Let's try this one more time - I hate to say it, but I missed one. This particular infection often has some rootkit-type stealthing attributes that try to hide its components. I wish I could say I missed a hidden one, but that's not the case... LOL!

Anyhoo, I'd like to do one more CFScript. I changed it a bit and it should get the remaining baddies. In addition, I'd like to look for a couple associated baddies that have not shown themselves.


-- Please DELETE your copy of ComboFix and download a fresh one to your Desktop
-- Please Download this updated CFScript to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe to start ComboFix

-- Let Combofix run as before and post me that log.
-- I'd also like to see a fresh HijackThis Log from after this CFScript step.

With any luck, that ought to do the trick!

Cheers
PP
Last edited by PhilliePhan; Feb 28th, 2008 at 4:18 pm. Reason: The Usual...
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: !!SOMETHING'S UP (hijackthis log included)
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Computers been pretty slow lately





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC