|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| General Computer Security Get Help With System Security - This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the Virus/Trojan/Spyware Help forum, or the "First Steps" link at the top right of each page. |
 |
|
|
LinkBack | Thread Tools |
03-23-2008, 11:10 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 5
OS: Windows Vista 64bit
|
Random sounds - perfs.exe/ Indt2.sys/ andt.sys/ routing.exe
For some time now I have been experiencing random sounds on my computer (they are very rare - once a few days). After googling it, I found out that its perfs.exe which is responsible for it. I have McAffee, which detected many times "a file change" with
Indt2.sys and andt.sys, so I googled that as well, and it seems that all these files are connected. Routing.exe seems to be a separate one. I tried to remove them all before with Regrun (before knowing about this forum). It removed perfs.exe/ Indt2.sys/ andt.sys temporarily (they re-appeared the next day). When I tried to remove routing.exe, Windows didn't even run properly after re-starting (all I was getting was a black screen with a mouse icon), so I had to restore the system... I have followed your preliminary removal instructions. Not without a few problems, since I run Vista 64bit (e.g. Panda did not work). Pasting/attaching the dss logs... Hope to hear from you soon... |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-23-2008, 11:11 PM
|
#2 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 5
OS: Windows Vista 64bit
|
Re: Random sounds - perfs.exe/ Indt2.sys/ andt.sys/ routing.exe
Deckard's System Scanner v20071014.68
Run by Jaga on 2008-03-24 05:02:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Jaga.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:02, on 2008-03-24 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Program Files (x86)\Kontiki\KHost.exe C:\Program Files (x86)\Gadu-Gadu\gg.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\SiteAdvisor\6253\SiteAdv.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Jaga\Desktop\dss.exe C:\PROGRA~2\TRENDM~1\HIJACK~1\Jaga.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=C:\WINDOWS\EXPLORER.EXE F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O1 - Hosts: 75.126.173.162 domainameshome.com O1 - Hosts: 75.126.173.162 Verzeichnen.de O1 - Hosts: 12.170.116.90 perfumerose.com O1 - Hosts: 75.126.173.162 key.us O1 - Hosts: 82.98.86.179 moe3p2.com O1 - Hosts: 82.98.86.179 hfkhh.cn O1 - Hosts: 12.170.116.90 senorsalsa.com O1 - Hosts: 82.98.86.179 revweb.org O1 - Hosts: 82.98.86.179 o-wii.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files (x86)\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files (x86)\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6253\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KService - Kontiki Inc. - C:\Program Files (x86)\Kontiki\KService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 64-bit 64-bit (mi-raysat_3dsMax2008_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_64server.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\SysWOW64\perfs.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\SysWOW64\routing.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SessionLauncher - Unknown owner - C:\Users\Jaga\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\SiteAdvisor\6253\SAService.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe -- End of file - 15505 bytes -- Files created between 2008-02-24 and 2008-03-24 ----------------------------- 2008-03-24 04:57:46 0 d-------- C:\Users\All Users\TEMP 2008-03-24 04:57:41 0 d-------- C:\Program Files (x86)\SpywareBlaster 2008-03-24 00:37:20 53107 --a------ C:\Windows\system32\adcklog.dat 2008-03-23 21:36:54 0 d-------- C:\Program Files (x86)\Belarc 2008-03-23 02:52:47 0 d-------- C:\Users\Jaga\Pavark 2008-03-23 02:19:54 68096 --a------ C:\Windows\system32\zip.exe 2008-03-23 02:19:54 98816 --a------ C:\Windows\system32\sed.exe 2008-03-23 02:19:54 80412 --a------ C:\Windows\system32\grep.exe 2008-03-23 02:19:54 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-23 01:56:12 0 d-------- C:\VundoFix Backups 2008-03-23 01:51:47 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-03-23 01:51:16 2004 --a------ C:\Windows\system32\tmp.reg 2008-03-23 01:50:39 25600 --a------ C:\Windows\system32\WS2Fix.exe 2008-03-23 01:50:39 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-03-23 01:50:39 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-03-23 01:50:39 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-03-23 01:50:38 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-03-23 01:50:38 51200 --a------ C:\Windows\system32\dumphive.exe 2008-03-23 01:18:23 0 d-------- C:\Program Files (x86)\Yahoo! 2008-03-23 01:18:09 0 d-------- C:\Program Files (x86)\CCleaner 2008-03-23 01:14:33 0 d-------- C:\Users\All Users\Lavasoft 2008-03-23 01:14:33 0 d-------- C:\Program Files (x86)\Lavasoft 2008-03-23 01:00:28 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-03-23 00:58:06 0 d-------- C:\Windows\Internet Logs 2008-03-23 00:31:01 0 d-------- C:\Program Files (x86)\Trend Micro 2008-03-22 11:31:14 45056 --a------ C:\Windows\system32\Indt2.sys <Not Verified; b; > 2008-03-22 11:31:13 276992 --a------ C:\Windows\system32\andt.sys 2008-03-21 01:41:16 2 -rahs-o-t C:\Windows\winstart.bat 2008-03-21 00:39:17 0 d-------- C:\Program Files (x86)\Greatis 2008-03-20 20:58:24 0 d-------- C:\$WINDOWS.~LS 2008-03-20 20:53:52 0 d-------- C:\$WINDOWS.~BT 2008-03-20 15:55:08 0 d-------- C:\Program Files (x86)\thomson 2008-03-19 05:28:03 0 d-------- C:\Program Files (x86)\EPSON Print CD 2008-03-13 17:34:05 0 d-------- C:\Users\All Users\Sonic 2008-03-13 17:32:59 0 d-------- C:\Program Files (x86)\Perfect Uninstaller 2008-03-13 17:24:52 0 d-------- C:\Users\All Users\Roxio 2008-03-13 17:21:10 0 d-------- C:\Program Files (x86)\Common Files\PX Storage Engine 2008-03-13 17:21:09 0 d-------- C:\Program Files (x86)\Common Files\Sonic Shared 2008-03-13 17:19:49 0 d-------- C:\Program Files (x86)\Common Files\Roxio Shared 2008-03-13 17:18:52 0 d-------- C:\Program Files (x86)\Roxio 2008-03-13 17:16:15 0 d-------- C:\Windows\system32\URTTEMP 2008-03-13 17:13:08 0 d-------- C:\Users\All Users\FLEXnet 2008-03-13 15:57:46 0 d-------- C:\Program Files (x86)\Ubisoft 2008-03-13 15:07:58 0 d-------- C:\Program Files (x86)\Common Files\LightScribe 2008-03-13 15:03:03 0 d-------- C:\Program Files (x86)\Nero 2008-03-13 15:03:03 0 d-------- C:\Program Files (x86)\Common Files\Ahead 2008-03-13 06:02:52 0 d-------- C:\Users\All Users\ALM 2008-03-13 04:04:41 0 d-------- C:\Windows\system32\spool 2008-03-13 03:54:13 0 d-------- C:\Program Files (x86)\Common Files\Macrovision Shared 2008-03-06 19:20:30 0 d-------- C:\Program Files (x86)\SmartDraw 2008 2008-03-06 18:32:03 24576 --a------ C:\Windows\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application> 2008-03-06 18:32:03 81920 --a------ C:\Windows\system32\ZDPN50.DLL <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-03-06 18:32:02 15872 --a------ C:\Windows\system32\InsDrvZD64.DLL <Not Verified; ; InsDrvZD Dynamic Link Library> 2008-03-06 18:32:02 28672 --a------ C:\Windows\system32\InsDrvZD.dll <Not Verified; ; InsDrvZD Dynamic Link Library> 2008-03-06 17:51:31 0 d-------- C:\Program Files (x86)\SmartDraw 2007 2008-03-06 13:44:07 200704 --a------ C:\Windows\system32\UpdateDriver.exe <Not Verified; ; UpdateDriver Application> 2008-03-04 22:08:34 0 d-------- C:\Program Files (x86)\DAMN NFO Viewer 2008-03-04 22:02:53 0 d-------- C:\Program Files (x86)\DCPFLICS 2008-03-04 17:24:06 0 d-------- C:\Program Files (x86)\Microsoft Silverlight 2008-03-03 17:13:11 0 d-------- C:\Program Files (x86)\FastStone Capture 2008-02-25 12:14:24 0 d-------- C:\Program Files (x86)\omniformat 2008-02-25 12:13:29 47616 --a------ C:\Windows\system32\pdf995mon64.dll 2008-02-25 12:13:29 0 d-------- C:\Users\All Users\pdf995 2008-02-25 12:13:26 0 d-------- C:\Program Files (x86)\pdf995 2008-02-25 12:11:42 0 d-------- C:\omniformat 2008-02-25 11:15:21 0 d-------- C:\3dsmax9 2008-02-25 11:04:54 0 d-------- C:\3dsmax7 2008-02-25 04:46:27 0 d-------- C:\Users\All Users\Adobe Systems 2008-02-25 04:09:56 0 d-------- C:\Program Files (x86)\QuickTime 2008-02-25 03  07 0 d-------- C:\Program Files (x86)\PowerISO2008-02-24 21:05:02 0 d-------- C:\Program Files (x86)\Cool MP3 Splitter 2008-02-24 19:05:47 0 d-------- C:\Program Files (x86)\No Right Click 2008-02-24 02:16:30 0 d-------- C:\Program Files (x86)\Common Files\Real -- Find3M Report --------------------------------------------------------------- 2008-03-24 04:31:33 0 d-------- C:\Users\Jaga\AppData\Roaming\Skype 2008-03-24 04:30:19 0 d-------- C:\Users\Jaga\AppData\Roaming\skypePM 2008-03-24 04:29:58 0 d-------- C:\Program Files (x86)\McAfee 2008-03-23 20:24:06 0 d-------- C:\Program Files (x86)\Mozilla Thunderbird 2008-03-23 01:13:55 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2008-03-23 00:57:20 0 d-------- C:\Users\Jaga\AppData\Roaming\uTorrent 2008-03-21 09:26:58 0 d-------- C:\Program Files (x86)\Kontiki 2008-03-21 02:23:15 0 d-------- C:\Users\Jaga\AppData\Roaming\RegRun 2008-03-20 22:31:53 0 d-------- C:\Users\Jaga\AppData\Roaming\McAfee 2008-03-20 16:21:34 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2008-03-19 20:09:00 3350 --ahs---- C:\Windows\system32\KGyGaAvL.sys 2008-03-19 19:51:04 0 d-------- C:\Users\Jaga\AppData\Roaming\Adobe 2008-03-19 19:50:50 0 d-------- C:\Program Files (x86)\Common Files\Adobe 2008-03-19 19:38:05 0 d-------- C:\Program Files (x86)\NCH Swift Sound 2008-03-19 19:36:49 0 d-------- C:\Program Files (x86)\Common Files 2008-03-19 19:36:26 0 d-------- C:\Users\Jaga\AppData\Roaming\Real 2008-03-19 19:35:15 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware 2008-03-18 18:55:06 4072 --a------ C:\Users\Jaga\AppData\Roaming\wklnhst.dat 2008-03-16 16:14:00 0 d-------- C:\Program Files (x86)\Java 2008-03-13 21:25:58 0 d-------- C:\Users\Jaga\AppData\Roaming\Roxio 2008-03-13 15:15:54 0 d-------- C:\Users\Jaga\AppData\Roaming\Ahead 2008-03-12 05:07:07 0 d-------- C:\Program Files (x86)\Windows Mail 2008-03-12 00:29:10 0 d-------- C:\Users\Jaga\AppData\Roaming\Macromedia 2008-03-10 18:56:51 0 d-------- C:\Program Files (x86)\Common Files\Autodesk Shared 2008-03-09 18:00:13 0 d-------- C:\Program Files (x86)\Common Files\Webroot Shared 2008-02-28 21:18:49 0 d-------- C:\Users\Jaga\AppData\Roaming\dvdcss 2008-02-25 12:25:08 0 d-------- C:\Users\Jaga\AppData\Roaming\pdf995 2008-02-25 04:59:10 0 d-------- C:\Program Files (x86)\Google 2008-02-23 23:01:36 32256 --a------ C:\Windows\system32\routing.exe 2008-02-22 13:05:58 0 d-------- C:\Program Files (x86)\PFConfig 2008-02-20 23:45:18 0 d-------- C:\Users\Jaga\AppData\Roaming\LimeWire 2008-02-18 16:40:03 0 d-------- C:\Program Files (x86)\EssentialPIM Pro 2008-02-18 16:39:53 0 d-------- C:\Users\Jaga\AppData\Roaming\EssentialPIM Pro 2008-02-18 16:29:44 0 d-------- C:\Program Files (x86)\Firebird 2008-02-13 01:09:09 31049 --a------ C:\Users\Jaga\AppData\Roaming\UserTile.png 2008-02-13 01:09:09 0 d-------- C:\Users\Jaga\AppData\Roaming\PeerNetworking 2008-02-11 22:27:29 0 d-------- C:\Program Files (x86)\Calendarscope 2008-02-10 23:23:39 0 d-------- C:\Users\Jaga\AppData\Roaming\EPSON 2008-02-10 21:02:40 0 d-------- C:\Users\Jaga\AppData\Roaming\Duality Software 2008-02-10 21:00:53 0 d-------- C:\Program Files (x86)\Organizer 2008-02-10 20:51:13 0 d-------- C:\Users\Jaga\AppData\Roaming\Konrad Papala 2008-02-10 18:26:37 0 d-------- C:\Program Files (x86)\Agenda Mx 2005 2008-02-10 18:18:41 0 d-------- C:\Program Files (x86)\Scalogic 2008-02-10 17:02:38 0 d-------- C:\Program Files (x86)\Easy Schedule Maker 2008-02-10 17:00:19 0 d-------- C:\Program Files (x86)\ClockIt 2008-02-10 16:18:16 0 d-------- C:\Users\Jaga\AppData\Roaming\SmartDraw 2008-02-10 15:47:16 0 d-------- C:\Program Files (x86)\Microsoft FrontPage 2008-02-10 15:46:01 0 d-------- C:\Users\Jaga\AppData\Roaming\Microsoft Web Folders 2008-02-08 13:17:16 1061 --a------ C:\Windows\mozver.dat 2008-02-08 13:10:53 0 d-------- C:\Users\Jaga\AppData\Roaming\SUPERAntiSpyware.com 2008-02-05 01:23:20 0 d-------- C:\Users\Jaga\AppData\Roaming\vlc 2008-02-04 21:16:10 0 d-------- C:\Program Files (x86)\VideoLAN 2008-02-04 16:30:26 0 d-------- C:\Users\Jaga\AppData\Roaming\Template 2008-02-04 03:52:18 0 d-------- C:\Program Files (x86)\Autodesk 2008-02-03 00:48:03 0 d-------- C:\Program Files (x86)\Windows Sidebar 2008-02-03 00:48:03 0 d-------- C:\Program Files (x86)\Windows Calendar 2008-02-03 00:48:01 0 d-------- C:\Program Files (x86)\Windows Photo Gallery 2008-02-03 00:48:01 0 d-------- C:\Program Files (x86)\Windows Defender 2008-02-02 22:25:16 0 d-------- C:\Program Files (x86)\SiteAdvisor 2008-02-02 00:12:02 0 d-------- C:\Users\Jaga\AppData\Roaming\FastStone 2008-02-01 19:53:43 0 d-------- C:\Program Files (x86)\NAPI-PROJEKT 2008-02-01 15 43 0 d-------- C:\Users\Jaga\AppData\Roaming\SiteAdvisor2008-02-01 14:39:21 0 d-------- C:\Program Files (x86)\Common Files\McAfee 2008-02-01 14:38:53 0 d-------- C:\Program Files (x86)\McAfee.com 2008-01-30 18:00:59 56 -r-hs---- C:\Windows\system32\B3912A2091.sys 2008-01-30 17:58:00 0 d-------- C:\Program Files (x86)\Corel 2008-01-30 17:58:00 0 d-------- C:\Program Files (x86)\Common Files\Corel 2008-01-30 17:11:02 0 d-------- C:\Users\Jaga\AppData\Roaming\Corel 2008-01-30 02:47:59 0 d-------- C:\Program Files (x86)\Common Files\Java 2008-01-30 02:47:53 0 d-------- C:\Users\Jaga\AppData\Roaming\Google 2008-01-30 00:13:34 0 d-------- C:\Program Files (x86)\ffdshow 2008-01-30 00:09:39 0 d-------- C:\Program Files (x86)\AVIcodec 2008-01-29 18:50:31 0 d-------- C:\Users\Jaga\AppData\Roaming\CyberLink 2008-01-29 16:05:23 0 d-------- C:\Program Files (x86)\Channel4 2008-01-29 02:00:11 0 d-------- C:\Program Files (x86)\PC Drivers HeadQuarters 2008-01-29 00:56:53 0 d-------- C:\Users\Jaga\AppData\Roaming\Talkback 2008-01-29 00:56:43 0 d-------- C:\Users\Jaga\AppData\Roaming\Mozilla 2008-01-29 00:56:42 0 d-------- C:\Users\Jaga\AppData\Roaming\Thunderbird 2008-01-29 00:45:50 0 d-------- C:\Program Files (x86)\Microsoft Works 2008-01-29 00:37:40 0 d-------- C:\Users\Jaga\AppData\Roaming\Autodesk 2008-01-28 23:50:57 0 d-------- C:\Program Files (x86)\turbo squid tentacles 2008-01-28 23:21:55 0 d-------- C:\Program Files (x86)\IncrediMail 2008-01-28 22:36:33 0 d-------- C:\Users\Jaga\AppData\Roaming\Apple Computer 2008-01-28 22:35:37 0 d-------- C:\Program Files (x86)\iTunes 2008-01-28 22:35:27 0 d-------- C:\Program Files (x86)\iPod 2008-01-28 22:34:56 0 d-------- C:\Program Files (x86)\Bonjour 2008-01-28 22:26:45 0 d-------- C:\Users\Jaga\AppData\Roaming\Webroot 2008-01-28 22:26:43 0 d-------- C:\Program Files (x86)\Webroot 2008-01-28 22:18:30 0 d-------- C:\Program Files (x86)\Apple Software Update 2008-01-28 22:16:54 0 d-------- C:\Users\Jaga\AppData\Roaming\Gadu-Gadu 2008-01-28 21:45:29 0 d-------- C:\Program Files (x86)\Gadu-Gadu 2008-01-28 21:45:12 0 d-------- C:\Program Files (x86)\AutoCAD Architecture 2008 2008-01-28 21:36:38 0 d-------- C:\Program Files (x86)\Common Files\InstallShield 2008-01-28 21:28:26 0 d-------- C:\Program Files (x86)\Skype 2008-01-28 21:28:24 0 d-------- C:\Program Files (x86)\Common Files\Skype 2008-01-28 21:23:34 0 d-------- C:\Users\Jaga\AppData\Roaming\eMule 2008-01-28 21:23:34 0 d-------- C:\Program Files (x86)\eMule 2008-01-28 21:14:54 0 d-------- C:\Users\Jaga\AppData\Roaming\Winamp 2008-01-28 21:13:58 0 d-------- C:\Program Files (x86)\Winamp 2008-01-28 20:56:00 0 --a------ C:\Windows\ativpsrm.bin 2008-01-28 20:55:31 0 d-------- C:\Program Files (x86)\Windows Doctor 2008-01-28 20:49:04 0 d-------- C:\Program Files (x86)\CyberLink 2008-01-28 20:43:46 0 d-------- C:\Program Files (x86)\MSXML 4.0 2008-01-28 20:36:01 0 d-------- C:\Program Files (x86)\Common Files\Adobe Systems Shared 2008-01-28 20:27:30 0 d-------- C:\Users\Jaga\AppData\Roaming\ACD Systems 2008-01-28 20:26:29 0 d-------- C:\Program Files (x86)\Common Files\ACD Systems 2008-01-28 20:26:11 0 d-------- C:\Program Files (x86)\ACD Systems 2008-01-28 19:37:31 0 d-------- C:\Program Files (x86)\Kaspersky Lab 2008-01-28 18:57:50 0 d-------- C:\Program Files (x86)\uTorrent 2008-01-28 18:55:40 0 --a------ C:\Windows\nsreg.dat 2008-01-28 18:33:21 174 --ahs---- C:\Program Files (x86)\desktop.ini 2008-01-28 17:51:18 0 d-------- C:\Program Files (x86)\MagicISO 2008-01-28 17:42:42 0 d-------- C:\Users\Jaga\AppData\Roaming\WinRAR 2008-01-28 17:39:03 0 d-------- C:\Program Files (x86)\EPSON 2008-01-28 17:20:59 0 d-------- C:\Users\Jaga\AppData\Roaming\InstallShield 2008-01-28 17:08:17 0 d-------- C:\Users\Jaga\AppData\Roaming\Identities 2008-01-28 14:45:48 0 -rahs---- C:\MSDOS.SYS 2008-01-28 14:45:48 0 -rahs---- C:\IO.SYS 2008-01-28 14:45:48 0 --a------ C:\CONFIG.SYS 2008-01-28 14:45:48 0 --a------ C:\AUTOEXEC.BAT 2008-01-27 14:19:24 7680 --a------ C:\Windows\system32\ff_vfw.dll 2008-01-01 00:00:00 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; > -- Registry Dump --------------------------------------------------------------- -- End of Deckard's System Scanner: finished at 2008-03-24 05:02:26 ------------ |
|
|
|
|
03-23-2008, 11:26 PM
|
#4 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Posts: 4,581
OS: Vista
|
Re: Random sounds - perfs.exe/ Indt2.sys/ andt.sys/ routing.exe
Hi,
Please post your logs in the HijackThis forum. http://www.techsupportforum.com/secu...this-log-help/ An analyst will try to assist you.
__________________
UNITE and ASAP since 2006  If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
03-23-2008, 11:38 PM
|
#6 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Posts: 4,581
OS: Vista
|
Re: Random sounds - perfs.exe/ Indt2.sys/ andt.sys/ routing.exe
Great. No need to apologize.
You may need to wait for a while as the HJT forum is very busy.
__________________
UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
| Thread Tools | |
|
|
