Calnestitccher
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Calnestitccher
-
-
I fallowed your instructions except to do a fresh DDS log, I do not know what that is. Thank you for your fast reply. How ever, before I posted your reply and a few restarts, I may not know what I did but I deleted some things I didn't think should be in the hijackthis log. (after I checked many of the things it found that I did not know what they were. ) The computer is running smoothly now as it should but fun mods didn't go away, neither the aspca reminder thing. After your reply I fallowed your instructions except the DDS thing. Could you tell me what that is? I shall post the other logs after you reply. Also, Malwarebytes didn't find any malicious malware even after fallowing all your instructions. Thank you.
-
My computer is over heating and there are many (missing) files in my hijackthis log which I don't know what they are. Also I removed (or think I removed) funmods but not aspca we care whatever the name is. I included my log file of hijack this since malwarebytes didn't find anything. I doubt it is not the fan because my cpu is running at 50 to 100% sometimes. Also included the Attach and DDS as requested. Thank you.
-
My computer is over heating and there are many (missing) files in my hijackthis log which I don't know what they are. Also I removed (or think I removed) funmods but not aspca we care whatever the name is. I included my log file of hijack this since malwarebytes didn't find anything. I doubt it is not the fan because my cpu is running at 50 to 100% sometimes. I came here because the hijack this site said I could post my log file here. If I made a mistake, I apologize in advance. Thank you.
My computer is over heating (cpu at 50 to 100%)
in Resolved Malware Removal Logs
Posted
Never mind, I found it on my computer all along. Here they are-
aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 14:29:57
-----------------------------
14:29:57.276 OS Version: Windows x64 6.1.7601 Service Pack 1
14:29:57.276 Number of processors: 2 586 0x170A
14:29:57.276 ComputerName: CALNESTITCHER UserName: Calnestitcher
14:30:00.037 Initialize success
14:32:01.165 AVAST engine defs: 12062800
14:32:28.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:32:28.184 Disk 0 Vendor: WDC_WD5000BEVT-60ZAT1 02.01A02 Size: 476940MB BusType: 11
14:32:28.184 Disk 0 MBR read successfully
14:32:28.199 Disk 0 MBR scan
14:32:28.199 Disk 0 Windows 7 default MBR code
14:32:28.199 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462621 MB offset 63
14:32:28.262 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14315 MB offset 947449856
14:32:28.324 Disk 0 scanning C:\Windows\system32\drivers
14:32:46.373 Service scanning
14:33:24.609 Modules scanning
14:33:24.625 Disk 0 trace - called modules:
14:33:24.671 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8005e1b2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:33:24.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064d1060]
14:33:24.703 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80064d0a10]
14:33:24.703 5 hpdskflt.sys[fffff88001dc0189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005f44680]
14:33:24.718 \Driver\atapi[0xfffffa8005f23440] -> IRP_MJ_CREATE -> 0xfffffa8005e1b2c0
14:33:27.542 AVAST engine scan C:\Windows
14:33:30.693 AVAST engine scan C:\Windows\system32
14:38:49.419 AVAST engine scan C:\Windows\system32\drivers
14:39:11.992 AVAST engine scan C:\Users\Calnestitcher
14:41:59.428 AVAST engine scan C:\ProgramData
14:42:34.418 Scan finished successfully
14:43:02.327 Disk 0 MBR has been saved successfully to "C:\Users\Calnestitcher\Desktop\MBR.dat"
14:43:02.327 The log file has been saved successfully to "C:\Users\Calnestitcher\Desktop\aswMBR.txt"
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Calnestitcher at 15:26:00 on 2012-06-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6111.4819 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATICDA.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9194649F-7143-4308-90C1-D6A35B0E354E} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Google Update] "C:\Users\Calnestitcher\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_S645E.tmp" /EF "HKCU"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{497ED35F-BA08-41A9-8BBB-5B05B3CF7B28} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF86821E-9D52-4F29-ADEC-2AC0BEAD7200} : DhcpNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9194649F-7143-4308-90C1-D6A35B0E354E} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-19 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120627.001\IDSviA64.sys [2012-6-28 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\AESTSr64.exe [2012-6-18 89600]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-6-20 138232]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-17 1153368]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-6-15 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-6-15 487280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-22 138912]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-13 257224]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-28 00:48:24 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-06-28 00:48:24 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-06-28 00:48:24 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2012-06-28 00:48:24 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-06-28 00:48:24 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-06-28 00:48:13 -------- d-----w- C:\ProgramData\EPSON
2012-06-28 00:45:39 -------- d-----w- C:\Program Files\EPSON
2012-06-28 00:45:21 101376 ----a-w- C:\Windows\System32\esxcwiad.dll
2012-06-28 00:45:21 -------- d-----w- C:\Program Files (x86)\epson
2012-06-27 01:55:21 -------- d-----w- C:\Windows\JMCR_DIR
2012-06-27 01:55:11 109568 ----a-w- C:\Windows\SysWow64\JmCrIcon.dll
2012-06-27 01:55:11 109568 ----a-w- C:\Windows\System32\JmCrIcon.dll
2012-06-27 01:51:24 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\ElevatedDiagnostics
2012-06-27 00:04:19 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-06-24 23:25:42 142120 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
2012-06-24 23:25:21 -------- d-----w- C:\Program Files (x86)\SafeNet Sentinel
2012-06-24 23:25:19 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2012-06-24 23:23:58 -------- d-----w- C:\Windows\Downloaded Installations
2012-06-24 23:22:56 -------- d-----w- C:\Program Files\NewTek
2012-06-22 11:37:09 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 11:36:42 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 11:36:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 11:36:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 04:28:22 -------- d-----w- C:\Program Files\Paint.NET
2012-06-21 04:27:43 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Paint.NET
2012-06-21 03:20:54 -------- d--h--w- C:\ProgramData\Common Files
2012-06-21 03:20:35 -------- d-----w- C:\Program Files (x86)\GRETECH
2012-06-20 18:05:15 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-06-20 16:37:30 -------- d-----w- C:\Users\Calnestitcher\Tracing
2012-06-20 16:36:00 737912 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\srtsp64.sys
2012-06-20 16:36:00 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\SymDS64.sys
2012-06-20 16:36:00 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symnets.sys
2012-06-20 16:36:00 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\srtspx64.sys
2012-06-20 16:36:00 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\Ironx64.sys
2012-06-20 16:36:00 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\ccSetx64.sys
2012-06-20 16:36:00 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\SymEFA64.sys
2012-06-20 16:35:53 -------- d-----w- C:\Windows\System32\drivers\N360x64\0602010.005
2012-06-19 16:06:27 -------- d-----w- C:\Windows\en
2012-06-19 16:03:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-06-19 16:00:47 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-19 16:00:14 -------- d-----w- C:\Windows\PCHEALTH
2012-06-19 15:57:48 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-06-19 15:54:51 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d83468991cd4e3308\bingbarsetup.exe
2012-06-19 15:54:32 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d082e09d1cd4e3307\MeshBetaRemover.exe
2012-06-19 15:54:23 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9ecdaa81cd4e3306\DSETUP.dll
2012-06-19 15:54:23 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9ecdaa81cd4e3306\DXSETUP.exe
2012-06-19 15:54:23 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9ecdaa81cd4e3306\dsetup32.dll
2012-06-19 15:54:16 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c542813d1cd4e3305\DSETUP.dll
2012-06-19 15:54:16 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c542813d1cd4e3305\DXSETUP.exe
2012-06-19 15:54:16 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c542813d1cd4e3305\dsetup32.dll
2012-06-19 15:54:08 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf2078d11cd4e3304\Silverlight.4.0.exe
2012-06-19 15:53:21 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Windows Live
2012-06-19 15:53:19 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-06-19 01:09:19 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-06-19 00:41:02 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2012-06-19 00:41:02 431104 ----a-w- C:\Windows\System32\AESTEC64.dll
2012-06-19 00:41:02 165888 ----a-w- C:\Windows\System32\AESTAC64.dll
2012-06-19 00:41:00 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2012-06-19 00:41:00 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-06-19 00:41:00 442368 ----a-w- C:\Windows\sttray64.exe
2012-06-19 00:41:00 3562496 ----a-w- C:\Windows\System32\stlang64.dll
2012-06-19 00:41:00 12147200 ----a-w- C:\Windows\System32\idtcpl64.cpl
2012-06-19 00:40:59 -------- d-----w- C:\Windows\System32\SRSLabs
2012-06-19 00:40:21 486400 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-06-19 00:40:21 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2012-06-19 00:40:21 1430528 ----a-w- C:\Windows\System32\stapo64.dll
2012-06-19 00:40:20 595456 ------w- C:\Windows\System32\stapi64.dll
2012-06-19 00:40:20 206848 ----a-w- C:\Windows\System32\st646207.dll
2012-06-19 00:40:10 -------- d-----w- C:\Program Files\IDT
2012-06-18 05:11:43 -------- d-----w- C:\Users\Calnestitcher\AppData\Roaming\Malwarebytes
2012-06-18 05:11:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-18 05:11:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-18 05:11:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-18 04:43:04 30760 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-18 04:43:04 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-06-18 04:43:04 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-06-18 04:42:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-18 04:42:34 -------- d-----w- C:\Program Files\Symantec
2012-06-18 04:42:34 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-06-18 04:41:36 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-06-18 04:41:34 -------- d-----w- C:\ProgramData\Symantec
2012-06-18 04:41:34 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-06-18 04:41:33 -------- d-----w- C:\ProgramData\Norton
2012-06-18 04:41:12 -------- d-----w- C:\ProgramData\NortonInstaller
2012-06-18 04:41:12 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-06-18 03:09:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-18 03:09:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-18 02:49:53 -------- d-----w- C:\Users\Calnestitcher\AppData\Roaming\BucksBee Loyalty Plugin - 100884.rs for Chrome
2012-06-18 02:49:27 -------- d-----w- C:\Program Files (x86)\OApps
2012-06-18 01:49:20 49152 ----a-r- C:\Users\Calnestitcher\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe
2012-06-18 01:44:06 49152 ----a-r- C:\Users\Calnestitcher\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe
2012-06-17 18:32:08 -------- d-----w- C:\Users\Calnestitcher\AppData\Roaming\Blender Foundation
2012-06-17 18:30:55 -------- d-----w- C:\Users\Calnestitcher\.thumbnails
2012-06-17 18:30:25 -------- d-----w- C:\Program Files\Blender Foundation
2012-06-17 16:53:18 49152 ----a-r- C:\Users\Calnestitcher\AppData\Roaming\Microsoft\Installer\{FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}\NewShortcut1_FD1E17BC29564AD7B937D23F06F1A5E8.exe
2012-06-17 09:16:09 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-06-17 09:15:52 -------- d-----w- C:\Users\Calnestitcher\AppData\Roaming\DAEMON Tools Lite
2012-06-17 09:15:48 -------- d-----w- C:\Users\Calnestitcher\AppData\Roaming\OpenCandy
2012-06-17 09:15:48 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-06-17 09:14:28 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-06-17 09:12:49 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2012-06-17 06:51:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2012-06-17 06:47:12 -------- d-----w- C:\Windows\SysWow64\directx
2012-06-17 06:39:37 1391104 ----a-w- C:\apploc.msi
2012-06-16 19:29:18 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Apple Computer
2012-06-16 19:28:16 -------- d-----w- C:\Program Files\iPod
2012-06-16 19:28:15 -------- d-----w- C:\Program Files\iTunes
2012-06-16 19:28:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-16 19:27:37 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Apple
2012-06-16 19:27:07 -------- d-----w- C:\Program Files\Bonjour
2012-06-16 19:27:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-15 22:55:33 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
2012-06-15 22:53:29 642928 ------w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2012-06-15 22:53:29 -------- d-----w- C:\Users\Calnestitcher\AppData\Roaming\WTablet
2012-06-15 22:53:28 749936 ------w- C:\Windows\System32\Pen_Touch_Tablet.dll
2012-06-15 22:53:19 -------- d-----w- C:\Program Files (x86)\TabletPlugins
2012-06-15 22:52:43 18288 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys
2012-06-15 22:52:38 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
2012-06-15 22:52:03 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
2012-06-15 22:52:00 506736 ------w- C:\Windows\SysWow64\Wintab32.dll
2012-06-15 22:51:58 600432 ------w- C:\Windows\System32\Wintab32.dll
2012-06-15 22:51:57 650096 ------w- C:\Windows\SysWow64\Pen_Tablet.dll
2012-06-15 22:51:55 756592 ------w- C:\Windows\System32\Pen_Tablet.dll
2012-06-15 22:51:39 -------- d-----w- C:\Program Files\Tablet
2012-06-14 22:13:18 -------- d-----w- C:\Program Files (x86)\Pixologic
2012-06-14 22:11:43 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Downloaded Installations
2012-06-14 20:22:12 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-06-14 20:22:09 -------- d-----w- C:\Program Files (x86)\HP
2012-06-14 19:49:09 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-14 19:49:08 -------- d-----w- C:\Windows\System32\Wat
2012-06-14 19:30:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-06-14 19:18:50 -------- d-----w- C:\Windows\System32\SPReview
2012-06-14 19:17:51 -------- d-----w- C:\Windows\System32\EventProviders
2012-06-14 19:16:06 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-06-14 19:16:06 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-06-14 19:14:59 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-14 19:13:59 82944 ----a-w- C:\Windows\SysWow64\thumbcache.dll
2012-06-14 19:12:59 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-06-14 19:12:44 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-06-14 19:12:44 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-06-14 19:12:44 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-06-14 19:12:12 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-06-14 19:12:12 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-06-14 19:12:10 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-06-14 18:51:52 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-06-14 18:51:51 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-06-14 18:51:51 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-06-14 02:15:25 -------- d-----w- C:\Windows\System32\appmgmt
2012-06-14 00:35:18 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-14 00:35:18 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-14 00:35:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-14 00:35:18 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-14 00:35:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-14 00:35:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-14 00:35:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-13 21:13:29 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Google
2012-06-13 21:13:15 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Deployment
2012-06-13 21:13:15 -------- d-----w- C:\Users\Calnestitcher\AppData\Local\Apps
2012-06-13 21:09:21 -------- d-----w- C:\Program Files\Synaptics
2012-06-13 19:26:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 19:26:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 18:24:57 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-06-13 18:23:57 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-13 18:22:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-06-13 18:22:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-06-13 18:22:33 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-06-13 18:22:33 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-06-13 18:22:33 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-06-13 18:22:32 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-06-13 18:20:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 18:19:48 642944 ----a-w- C:\Windows\System32\winload.efi
2012-06-13 18:18:53 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-06-13 18:14:09 -------- d-----w- C:\Windows\Panther
2012-06-13 18:07:34 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-13 18:07:34 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-13 18:03:55 -------- d-----w- C:\Windows.old
2012-06-13 17:55:21 -------- d-sh--w- C:\Windows\Installer
2012-06-13 17:55:09 637544 ----a-w- C:\Windows\System32\nvuninst.exe
2012-06-13 17:53:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-13 17:53:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-13 17:53:43 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-06-13 17:53:43 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2012-06-13 17:53:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-13 17:50:57 -------- d-sh--w- C:\Recovery
2012-06-13 14:34:00 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3CE4D1F-AEF6-409B-BCF9-CBBB00415932}\mpengine.dll
2012-06-13 14:34:00 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
==================== Find3M ====================
.
2012-06-14 19:30:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-06-14 19:30:59 85504 ----a-w- C:\Windows\System32\iesetup.dll
2012-06-14 19:30:59 76800 ----a-w- C:\Windows\System32\tdc.ocx
2012-06-14 19:30:59 49664 ----a-w- C:\Windows\System32\imgutil.dll
2012-06-14 19:30:59 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2012-06-14 19:30:59 448512 ----a-w- C:\Windows\System32\html.iec
2012-06-14 19:30:59 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2012-06-14 19:30:59 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-14 19:30:59 135168 ----a-w- C:\Windows\System32\IEAdvpack.dll
2012-06-14 19:30:59 111616 ----a-w- C:\Windows\System32\iesysprep.dll
2012-06-14 19:30:58 603648 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-14 19:30:58 165888 ----a-w- C:\Windows\System32\iexpress.exe
2012-06-14 19:30:58 160256 ----a-w- C:\Windows\System32\wextract.exe
2012-06-14 19:24:05 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-14 19:24:04 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-25 19:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 19:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 15:27:30.63 ===============
mbam
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.28.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Calnestitcher :: CALNESTITCHER [administrator]
6/28/2012 2:20:34 PM
mbam-log-2012-06-28 (14-20-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202280
Time elapsed: 3 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Sorry for the mistake earlier.