Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Unknown Dev Brings LibreOffice to Windows 10 via the Microsoft Store

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

New Computer, New Problems :/

Started by Poen , Oct 20 2009 02:25 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 Poen

Poen

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:06:22 PM

Posted 20 October 2009 - 02:25 PM

I post here because I'm not quite sure what is going on with my computer. Something is conflicting with my search indexer and causing it to crash multiple times. This of course, happens when I am using it (I suppose) when I'm using something like Windows Photo Gallery or Nero, but not always. error diaglogue says that esent.dll is the cause of SearchIndexer.exe. Anyway, I'll upload the hjt log, and if you don't think it's some kind of malware or something, I'll move my query to a different area. Thanks!

PS-It seems HJT has detected quite a few errors, but I won't do anything until I get a reply from you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:30 PM, on 10/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files (x86)\Bitvise WinSSHD\WinsshdActStateCheck.exe"
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 8.0] "C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link Explorer - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://s0.2mdn.net
O15 - ESC Trusted Zone: http://js.adsonar.com
O15 - ESC Trusted Zone: http://servedby.advertising.com
O15 - ESC Trusted Zone: http://uac.advertising.com
O15 - ESC Trusted Zone: http://o.aolcdn.com
O15 - ESC Trusted Zone: http://rmd.atdmt.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://at.atwola.com
O15 - ESC Trusted Zone: http://cdn.at.atwola.com
O15 - ESC Trusted Zone: http://launcher.champions-online.com
O15 - ESC Trusted Zone: http://www.champions-online.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://blogs.battlefield.ea.com
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://www.gowindowslive.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://edge.quantserve.com
O15 - ESC Trusted Zone: http://an.tacoda.net
O15 - ESC Trusted Zone: http://anrtx.tacoda.net
O15 - ESC Trusted Zone: http://m.webtrends.com
O15 - ESC Trusted Zone: http://client.winamp.com
O15 - ESC Trusted Zone: http://media.winamp.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E49047E-A6B1-48AB-83EE-F89B5A2ABD23}: Domain = thedeathstar
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E49047E-A6B1-48AB-83EE-F89B5A2ABD23}: NameServer = 68.105.28.11,68.105.29.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFC24E37-37A2-4155-8D80-C39D08F5F9E8}: NameServer = 68.5.28.11,68.5.29.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E49047E-A6B1-48AB-83EE-F89B5A2ABD23}: Domain = thedeathstar
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E49047E-A6B1-48AB-83EE-F89B5A2ABD23}: NameServer = 68.105.28.11,68.105.29.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{5E49047E-A6B1-48AB-83EE-F89B5A2ABD23}: Domain = thedeathstar
O17 - HKLM\System\CS2\Services\Tcpip\..\{5E49047E-A6B1-48AB-83EE-F89B5A2ABD23}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: @%systemroot%\system32\dfssvc.exe,-101 (Dfs) - Unknown owner - C:\Windows\system32\dfssvc.exe (file missing)
O23 - Service: @dfsrress.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSRs.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - C:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5007 (NfsService) - Unknown owner - C:\Windows\system32\nfssvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%windir%\system32\srm.dll,-3022 (SrmReports) - Unknown owner - C:\Windows\system32\srmhost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WinSSHD - Bitvise - C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11187 bytes

BC AdBot (Login to Remove)

 

#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 30 October 2009 - 08:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 Poen

Poen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:06:22 PM

Posted 01 November 2009 - 06:10 PM

As I said in the last post something is causing my windows search indexer to fair.

Root kit revealer doesn't work for 64 bit operating systems. I don't imagine a lot of the common viruses and trojans can work on a 64 bit os. The program would have to be really complex in order to work on both platforms.

anyway here is my logs


DDS (Ver_09-10-26.01) - NTFSX64
Run by Administrator at 15:03:57.99 on Sun 11/01/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Server® 2008 Standard 6.0.6002.2.1252.1.1033.18.6134.3813 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k TabletInputServiceGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k WebClientGroup
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\DFSRs.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Windows\system32\RSoPProv.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmptrap.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost -k srmsvcs
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\svchost.exe -k tapisrv
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\dfssvc.exe
C:\Windows\system32\nfsclnt.exe
C:\Windows\system32\nfssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\iashost.exe
C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Administrator\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = res://iesetup.dll/HardAdmin.htm
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mWinlogon: Userinit=userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files (x86)\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Aim6] "c:\program files (x86)\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [WinSSHD Activation State Checker] "c:\program files (x86)\bitvise winsshd\WinsshdActStateCheck.exe"
mRun: [Symantec Backup Exec System Recovery 8.0] "c:\program files (x86)\symantec\backup exec system recovery\agent\VProTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: ShowSuperHidden = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files (x86)\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files (x86)\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\bulk image downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: Sothink SWF Catcher - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {5E49047E-A6B1-48AB-83EE-F89B5A2ABD23} = 68.105.28.11,68.105.29.11
TCP: {EFC24E37-37A2-4155-8D80-C39D08F5F9E8} = 68.5.28.11,68.5.29.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli RASSFM
mASetup: {A509B1A7-37EF-4b3f-8CFC-4F3A74704073} - %systemroot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin
mASetup: {A509B1A8-37EF-4b3f-8CFC-4F3A74704073} - %systemroot%\system32\rundll32.exe iesetup.dll,IEHardenUser
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\wk7w8ugo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/?r409=1256116731
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox 3.5 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Datascrn;Datascrn;c:\windows\system32\drivers\datascrn.sys [2009-8-19 80856]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 173096]
R0 Quota;Quota;c:\windows\system32\drivers\quota.sys [2009-8-19 162280]
R1 DfsDriver;DFS Namespace Server Filter Driver;c:\windows\system32\drivers\dfs.sys [2008-1-19 45112]
R2 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files (x86)\symantec\backup exec system recovery\agent\VProSvc.exe [2008-2-2 4388192]
R2 FCRegSvc;Microsoft Fibre Channel Platform Registration Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-18 27648]
R2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2009-8-19 62976]
R2 NfsService;Server for NFS;c:\windows\system32\nfssvc.exe [2009-8-19 31744]
R2 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-18 19968]
R2 RSoPProv;Resultant Set of Policy Provider;c:\windows\system32\rsopprov.exe [2009-8-19 91648]
R2 SrmSvc;File Server Resource Manager;c:\windows\system32\svchost -k srmsvcs --> c:\windows\system32\svchost -k srmsvcs [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-21 239648]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-12 27136]
R3 msnfsflt;Server for NFS Filesystem Filter;c:\windows\system32\drivers\msnfsflt.sys [2009-8-19 30208]
R3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2009-8-19 252416]
R3 NfsServer;Server for NFS Driver;c:\windows\system32\drivers\nfssvr.sys [2009-8-19 646144]
R3 Portmap;Server for NFS Open RPC (ONCRPC) Portmapper;c:\windows\system32\drivers\portmap.sys [2008-1-19 56832]
R3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2009-8-19 89600]
R3 SymSnapService;SymSnapService;c:\program files (x86)\symantec\backup exec system recovery\shared\drivers\SymSnapServicex64.exe [2008-1-30 2539000]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2008-1-19 273408]
S0 sacdrv;sacdrv;c:\windows\system32\drivers\sacdrv.sys [2008-1-19 103992]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2008-1-18 8704]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-19 89920]
S3 sacsvr;Special Administration Console Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-18 27648]
S3 SrmReports;File Server Storage Reports Manager;c:\windows\system32\srmhost.exe [2009-8-19 64512]
S4 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbda.sys [2008-1-19 429568]
S4 ioatdma;Intel® QuickData Technology Device;c:\windows\system32\drivers\qd260x64.sys [2008-1-19 35328]
S4 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2008-1-19 35784]
S4 storvsp;Microsoft Virtual Disk Server Driver;c:\windows\system32\drivers\storvsp.sys [2008-1-19 109512]
S4 Vid;Virtualization Infrastructure Driver;c:\windows\system32\drivers\Vid.sys [2008-1-19 197576]
S4 vmbus;VMBus;c:\windows\system32\drivers\vmbus.sys [2008-1-19 201672]

=============== Created Last 30 ================

2009-10-28 02:17:41 10626560 ----a-w- c:\windows\syswow64\wmp.dll
2009-10-28 02:17:40 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 02:17:40 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-10-28 02:17:39 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-10-28 02:17:38 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-28 00:53:17 0 d-----w- C:\Shelly
2009-10-26 20:52:41 0 d-sh--w- c:\programdata\SecuROM
2009-10-26 20:42:21 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-10-20 18:24:11 171136 --sha-r- C:\LHLDR
2009-10-20 18:12:49 9216 ----a-w- c:\windows\system32\antiwpa.dll
2009-10-20 17:13:47 0 d-----w- c:\users\admini~1\appdata\roaming\Symantec
2009-10-20 17:12:24 18224 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-20 17:12:24 124208 ----a-w- c:\windows\system32\GEARAspi64.dll
2009-10-20 17:12:24 109360 ----a-w- c:\windows\syswow64\GEARAspi.dll
2009-10-20 17:12:23 45104 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-10-20 17:12:23 20528 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-10-20 17:12:23 165424 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-10-20 17:12:23 151656 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-10-20 17:12:11 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2009-10-20 17:12:09 0 d-----w- c:\programdata\Symantec
2009-10-20 17:12:09 0 d-----w- c:\program files (x86)\Symantec
2009-10-20 08:00:56 0 d-----w- C:\regedit
2009-10-16 10:03:54 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-16 10:03:46 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-12 10:24:20 36110 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-10-12 10:24:20 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpowerAMP Music Converter.bmp
2009-10-12 05:34:13 131072 ----a-w- c:\windows\syswow64\SpoonUninstall.exe
2009-10-12 05:34:09 0 d-----w- c:\program files (x86)\Illustrate
2009-10-05 03:21:55 34064 ----a-w- c:\windows\syswow64\lhacm.acm
2009-10-05 03:21:53 0 d-----w- c:\program files (x86)\Teamspeak2_RC2
2009-10-04 20:00:10 0 d-----w- c:\program files (x86)\MSDN
2009-10-04 19:51:11 0 d-----w- c:\program files\Microsoft SDKs
2009-10-04 19:50:55 0 d-----w- c:\program files\Business Objects
2009-10-04 19:50:25 172 ----a-w- c:\windows\ODBC.INI
2009-10-04 19:50:02 0 d-----w- c:\program files (x86)\Business Objects
2009-10-04 19:47:50 0 d-----w- c:\program files\Microsoft SQL Server
2009-10-04 19:47:47 0 d-----w- c:\program files (x86)\Microsoft SQL Server
2009-10-04 19:47:38 0 d-----w- c:\program files\Microsoft Device Emulator
2009-10-04 19:47:38 0 d-----w- c:\program files (x86)\Microsoft Device Emulator
2009-10-04 19:47:14 0 d-----w- c:\program files (x86)\Windows Mobile 5.0 SDK R2
2009-10-04 19:46:54 0 d-----w- c:\program files (x86)\Microsoft Synchronization Services
2009-10-04 19:46:54 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2009-10-04 19:43:33 0 d-----w- c:\programdata\PreEmptive Solutions
2009-10-04 19:41:32 0 d-----w- c:\windows\syswow64\1033
2009-10-04 19:40:34 0 d-----w- c:\program files (x86)\HTML Help Workshop
2009-10-04 19:40:34 0 d-----w- c:\program files (x86)\common files\Merge Modules
2009-10-04 19:40:34 0 d-----w- c:\program files (x86)\CE Remote Tools
2009-10-04 19:39:41 0 d-----w- c:\program files (x86)\Microsoft Web Designer Tools
2009-10-04 19:38:39 0 d-----w- c:\windows\system32\1033
2009-10-04 19:38:39 0 d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-03 15:27:27 0 d-----w- c:\program files (x86)\wxPython2.8 Docs and Demos
2009-10-03 14:24:48 0 d-----w- c:\users\administrator\.idlerc
2009-10-03 14:23:33 0 d-----w- C:\Python26
2009-10-03 03:07:26 2764288 ----a-w- c:\windows\system32\python26.dll
2009-10-02 23:07:40 238960 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-11-01 03:36:40 63611 ----a-w- c:\programdata\nvModes.dat
2009-09-28 03:21:01 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-09-28 03:21:01 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-28 03:21:01 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-14 09:45:26 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:09:22 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-09-04 11:54:24 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\syswow64\msasn1.dll
2009-08-30 10:17:29 188968 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2009-08-29 02:42:33 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-08-27 15:52:52 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2009-08-27 13:43:42 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-08-27 12:54:55 1032192 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 12:40:58 834048 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 12:40:51 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 12:39:41 3599872 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 12:39:10 6079488 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 12:39:08 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-08-27 10:27:34 180736 ----a-w- c:\windows\syswow64\ieui.dll
2009-08-27 07:13:35 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2009-08-23 06:05:44 424624 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-23 06:05:44 418480 ----a-w- c:\windows\syswow64\wrap_oal.dll
2009-08-23 06:05:44 138472 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-23 06:05:44 115432 ----a-w- c:\windows\syswow64\OpenAL32.dll
2009-08-22 08:25:01 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-08-22 08:25:01 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2009-08-22 08:25:01 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2009-08-22 08:25:01 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2009-08-21 10:51:46 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-08-21 10:51:46 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-08-21 10:51:46 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-08-21 10:51:46 145184 ----a-w- c:\windows\syswow64\java.exe
2009-08-19 21:30:42 94208 ----a-w- c:\windows\ScUnin.exe
2009-08-19 21:30:42 34693 ----a-w- c:\windows\scunin.dat
2009-08-19 11:31:40 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-18 06:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-17 09:39:50 3778080 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 09:39:46 1685024 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 09:39:34 4548128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 09:39:34 3747360 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 09:39:34 1649184 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 09:39:32 882208 ----a-w- c:\windows\system32\nvsvc64.dll
2009-08-17 09:39:32 82464 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 09:39:32 5412384 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 09:39:32 5209632 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 09:39:32 383008 ----a-w- c:\windows\system32\nvvsvc.exe
2009-08-17 09:39:32 289824 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 09:39:32 16561184 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-14 20:36:18 70936 ----a-w- c:\windows\syswow64\PhysXLoader.dll
2009-08-14 16:04:45 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:04:45 143360 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 14:10:25 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:10:22 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:10:21 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:10:21 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:10:20 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:10:19 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:10:19 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:20 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-11 19:35:14 541216 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-07 02:24:09 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-08-07 02:23:52 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-08-07 02:23:06 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-07 02:23:06 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-08-07 01:59:43 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 01:59:12 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-08-07 01:59:07 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 01:44:46 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-08-07 01:44:40 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-08-04 12:47:29 4698168 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-01-19 14:16:23 174 --sha-w- c:\program files\desktop.ini
2008-01-19 14:16:23 174 --sha-w- c:\program files (x86)\desktop.ini
2008-01-19 14:02:16 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2008-01-19 14:02:16 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2008-01-19 14:02:16 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2008-01-19 14:02:16 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-19 13:54:05 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:04:17.25 ===============

Attached Files


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 01 November 2009 - 06:36 PM

Hi Poen,

Root kit revealer doesn't work for 64 bit operating systems.


Yes, I'm afraid I was using a scripted response which includes RootReveal.

You're right that very little malware exists for the 64 bit so it is likely not a malware problem.

The esent.dll issue seems to be related to Visual Basic and the problem is likely to be there. If so I would need to refer you to another forum here.

However, we can take a look at the PC with the minimal amount of tools we have.

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
That should give us a good idea of where this thread is heading :(
Posted Image
m0le is a proud member of UNITE

#5 Poen

Poen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:06:22 PM

Posted 02 November 2009 - 05:01 PM

System Restore Interface not present. I guess I could try looking through my services and enabling it.

How would visual basic conflict with server 2008? I know it fiddles with some services, but I've ran the same build on my other computers with no problems. But if that's it, then you've saved me a lot of anguish.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 02 November 2009 - 07:17 PM

Searchindexer.exe appears to have a history of crashing. This may be unrelated to the esent.dll error but have a look at this thread

I can confirm that you do not have malware.

Good luck finding the problem, Poen. :(
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 07 November 2009 - 11:00 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·