Error when running GMER

Status
Not open for further replies.
joshuamays

joshuamays

Posts: 137   +0
Im in the process of running through the 8step. When double clicking to run GMER.exe (in this instance it has been renamed to k6r9q9ok.exe) i get an error message. It reads:

C:\Windows\system32\config\system: The system cannot find the file specified.

I am able to click the "OK" box on the error message and proceed with the scan. When the scan has completed there is no visible text in the GMER dialogue box to save to a report.

I've disconnected from the internet as well as disabled my antivirus. Not sure what else i could have that might be blocking script... if that is the case.
 
You can try either of these things:

Uncheck Devices and see if the scan progresses.
or
Try running the scan in Safe Mode.

If it still doesn't work, please go on with the other programs and we'll try to work around it or find another program if needed.
 
Its doing the same thing. The program still runs the scan. Service, Registry, Files, C:\, ADS are the only boxes that are checkable. I dont even have the option the check/uncheck devices. ive tried running in safemode. tried downloading a second time thnking something went wrong along the way.

the process cannot access the file because its being used by another process. at the end of the scan it says GMER hasnt found any system modification.
 
8 steps done (unable to save GMER log) PC#2 btw

From what I could tell GMER did scan successfully, but I was unable to figure out a way to get the script to show up.

was having some issues with my keyboard earlier. thought I might have had a nasty keylogger or something (turns out was a faulty driver). hopefully the initial mbam quick scan cleaned house of things. Heres the logs. thx ;)
 

Attachments

  • Attach.txt
    9.3 KB · Views: 0
  • DDS.txt
    15.2 KB · Views: 2
  • MBAM.txt
    32 KB · Views: 1
Sorry, I lost you for a day!

The system was full of MyWebSearch and other malware. Please do the following: I didn't realize you had Windows 7 and it looks like it's 64bit:
  • Download OTL from either of the links below and save it to your desktop.
    Link 1
    Link 2
  • Double click the OTL icon to run it.
    OTL_Icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===============================
Run Eset NOD32 Online AntiVirus Scanner HERE
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Leave those logs in your next reply. I'll have some script for you to run.

Stay away for the Fun Web Products site- for things like Smileys, screen savers, 3D cursors and other junk! It all comes with adware and spyware!

These may give me enough info without GMER. I just noticed you are running Windows 7- I don't think GMER will work on that OS yet.
 
only 1 report was created from OTL

OTL logfile created on: 6/21/2010 12:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\MastaJ\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 83.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 713.77 Gb Free Space | 76.63% Space Free | Partition Type: NTFS
Drive D: | 110.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASTAJ-PC
Current User Name: MastaJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\MastaJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)
PRC - C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)
PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\Winstep\WsxService.exe (Winstep Software Technologies)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Users\MastaJ\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ()
PRC - C:\Program Files (x86)\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe (Microsoft Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\MastaJ\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (Winstep Xtreme Service) -- C:\Program Files (x86)\Winstep\WsxService.exe (Winstep Software Technologies)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (CSC) -- C:\Windows\CSC [2010/04/26 13:45:20 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (Lycosa) -- C:\Windows\SysWOW64\Lycosa.cpl (Razer Inc.)
 
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 6D 42 F1 82 E5 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [googletalk] C:\Users\MastaJ\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKCU..\Run: [nvccsve.exe] C:\Users\MastaJ\AppData\Local\Temp\82943.exe (Trend Micro Inc)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/29 01:55:44 | 000,000,052 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 12:04:52 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\MastaJ\Desktop\OTL.exe
[2010/06/20 18:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2010/06/20 18:11:14 | 000,093,696 | ---- | C] (Razer Inc.) -- C:\Windows\SysNative\Lycosa.cpl
[2010/06/20 18:11:13 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Lycosa.cpl
[2010/06/20 18:11:13 | 000,020,352 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysNative\drivers\Lycosa.sys
[2010/06/20 18:11:13 | 000,007,552 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\vHidDev.sys
[2010/06/19 18:32:44 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\Desktop\3.0.1.8874 US PTR Installer
[2010/06/19 18:20:12 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\3.0.1.8874 US PTR Installer
[2010/06/18 06:03:49 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Local\ElevatedDiagnostics
[2010/06/17 22:24:07 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\Malwarebytes
[2010/06/17 22:23:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/17 22:23:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/17 22:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/17 22:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/17 16:48:50 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\Uniblue
[2010/06/17 16:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/06/16 09:54:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/15 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/06/15 23:40:53 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\NVIDIA
[2010/06/15 22:49:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/15 22:43:07 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\Documents\BioWare
[2010/06/15 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010/06/15 22:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/06/15 22:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/06/15 22:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/06/15 22:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2010/06/15 22:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/06/15 11:12:32 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Local\Adobe
[2010/06/13 00:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/06/13 00:11:06 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\DAEMON Tools Lite
[2010/06/13 00:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/06/11 20:30:46 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/11 17:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pcsx2
[2010/06/11 12:50:46 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\Ashampoo
[2010/06/11 12:40:16 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Local\ashampoo
[2010/06/11 12:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010/06/11 12:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2010/06/11 12:21:20 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\dvdcss
[2010/06/09 18:23:20 | 000,085,504 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\DeathAdder64.cpl
[2010/06/09 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2010/06/09 18:22:43 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\InstallShield
[2010/06/09 17:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WoWCatBeta
[2010/06/09 11:06:54 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 11:06:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/09 11:06:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 11:06:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/09 09:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/06/09 09:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/06/09 09:47:12 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\uTorrent
[2010/06/08 23:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboPascal-7.0
[2010/06/08 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Local\DOSBox
[2010/06/08 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2010/05/27 08:29:34 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\Documents\StarCraft II Beta
[2010/05/27 08:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II Beta
[2010/05/25 08:47:44 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\vlc
[2010/05/25 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/05/24 19:14:51 | 000,000,000 | R--D | C] -- C:\Users\MastaJ\Documents\Movies
[2010/05/23 14:48:42 | 000,000,000 | ---D | C] -- C:\danicurs
[2010/05/23 13:15:48 | 000,000,000 | R--D | C] -- C:\Users\MastaJ\Desktop\maxDTop
[2010/05/23 07:57:21 | 000,000,000 | R--D | C] -- C:\Users\MastaJ\Documents\Axialis Librarian
[2010/05/23 07:57:21 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Roaming\Axialis
[2010/05/23 07:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axialis
[2010/05/23 07:57:09 | 000,000,000 | ---D | C] -- C:\Users\MastaJ\AppData\Local\Axialis
[2010/05/23 05:40:04 | 001,347,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2010/05/23 05:40:04 | 000,798,208 | ---- | C] (Winstep Software Technologies) -- C:\Windows\SysWow64\NextControls.ocx
[2010/05/23 05:40:04 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2010/05/23 05:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winstep

========== Files - Modified Within 30 Days ==========

[2010/06/21 12:09:18 | 003,407,872 | -HS- | M] () -- C:\Users\MastaJ\ntuser.dat
[2010/06/21 12:04:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\MastaJ\Desktop\OTL.exe
[2010/06/21 08:57:10 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/21 08:57:10 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/21 08:57:10 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/21 08:52:03 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/06/21 08:52:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 08:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 08:51:53 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/20 22:22:05 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/20 22:22:05 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/20 18:16:43 | 001,010,486 | -H-- | M] () -- C:\Users\MastaJ\AppData\Local\IconCache.db
[2010/06/17 19:01:19 | 000,001,084 | ---- | M] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/06/17 18:57:35 | 000,001,079 | ---- | M] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/06/17 15:57:17 | 000,474,866 | ---- | M] () -- C:\Users\MastaJ\Documents\Dragon Guide.rtf
[2010/06/15 22:56:35 | 350,550,211 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/15 20:46:36 | 3990,626,303 | ---- | M] () -- C:\Users\MastaJ\Desktop\sr-dgnage.iso
[2010/06/13 00:11:53 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/06/12 16:43:34 | 000,000,577 | ---- | M] () -- C:\Users\MastaJ\Documents\Todolist1.rtf
[2010/06/11 12:40:15 | 000,001,211 | ---- | M] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2010/06/11 12:40:15 | 000,001,187 | ---- | M] () -- C:\Program Files (x86)\Ashampoo Burning Studio 6 FREE.lnk
[2010/06/10 09:14:30 | 000,311,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/09 09:55:27 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\PeerGuardian.lnk
[2010/06/09 09:47:44 | 000,000,963 | ---- | M] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/06/09 09:47:44 | 000,000,939 | ---- | M] () -- C:\Program Files (x86)\µTorrent.lnk
[2010/06/08 23:10:50 | 000,001,914 | ---- | M] () -- C:\Program Files (x86)\DOSBox 0.74.lnk
[2010/05/27 09:27:15 | 000,000,719 | ---- | M] () -- C:\Users\MastaJ\AppData\Roaming\myMPQ.ini
[2010/05/27 00:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/26 23:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 21:42:01 | 000,001,060 | ---- | M] () -- C:\Users\MastaJ\Documents\SC2 Beta Keys.rtf
[2010/05/26 21:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 20:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/23 05:40:07 | 000,001,041 | ---- | M] () -- C:\Users\MastaJ\Documents\Winstep.lnk
 
========== Files Created - No Company Name ==========

[2010/06/18 11:09:49 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Startup.cpl
[2010/06/17 19:01:19 | 000,001,084 | ---- | C] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/06/17 17:08:40 | 000,001,079 | ---- | C] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/06/17 15:57:17 | 000,474,866 | ---- | C] () -- C:\Users\MastaJ\Documents\Dragon Guide.rtf
[2010/06/15 22:49:41 | 350,550,211 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/15 17:16:18 | 3990,626,303 | ---- | C] () -- C:\Users\MastaJ\Desktop\sr-dgnage.iso
[2010/06/13 00:11:53 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/06/12 16:43:34 | 000,000,577 | ---- | C] () -- C:\Users\MastaJ\Documents\Todolist1.rtf
[2010/06/11 12:40:15 | 000,001,211 | ---- | C] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2010/06/11 12:40:15 | 000,001,187 | ---- | C] () -- C:\Program Files (x86)\Ashampoo Burning Studio 6 FREE.lnk
[2010/06/09 17:06:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010/06/09 09:50:07 | 000,000,903 | ---- | C] () -- C:\Program Files (x86)\PeerGuardian.lnk
[2010/06/09 09:47:44 | 000,000,963 | ---- | C] () -- C:\Users\MastaJ\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/06/09 09:47:44 | 000,000,939 | ---- | C] () -- C:\Program Files (x86)\µTorrent.lnk
[2010/06/08 23:10:50 | 000,001,914 | ---- | C] () -- C:\Program Files (x86)\DOSBox 0.74.lnk
[2010/05/27 03:42:45 | 000,000,719 | ---- | C] () -- C:\Users\MastaJ\AppData\Roaming\myMPQ.ini
[2010/05/26 21:42:01 | 000,001,060 | ---- | C] () -- C:\Users\MastaJ\Documents\SC2 Beta Keys.rtf
[2010/05/23 05:40:07 | 000,001,041 | ---- | C] () -- C:\Users\MastaJ\Documents\Winstep.lnk
[2010/04/26 14:31:04 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/06/11 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\Ashampoo
[2010/05/23 13:21:42 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\Axialis
[2010/05/28 22:19:24 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\BitComet
[2010/06/13 00:16:03 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\DAEMON Tools Lite
[2010/06/02 19:04:21 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\GetRightToGo
[2010/05/06 22:18:15 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\TigerPlayer
[2010/06/17 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\Uniblue
[2010/06/21 12:08:34 | 000,000,000 | ---D | M] -- C:\Users\MastaJ\AppData\Roaming\uTorrent
[2009/07/13 22:08:49 | 000,023,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
Heres the the ESET results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
Josh, if you have no objection, I'm going to ask Broni if he can help with your thread. We've had family illness that has kept me off the computer and I have gotten way behind. My apology for the delay.
 
Status
Not open for further replies.

Similar threads

A
Emotet phishing campaign masquerading as W-9 tax form
Replies
2
Views
441
Hodor
Hodor
midian182
Microsoft accidentally sent Windows 11 upgrade offers to unsupported devices
Replies
6
Views
684
ZedRM
ZedRM
M
Microsoft Office works on one admin account but not another on same machine
Replies
2
Views
3K
mdavis501a
M

Latest posts

Back