GPU usage is through the roof, I believe I have a BitCoin Miner trojan

DyHaglar · July 3, 2013

I have over 90% usage and very high temperatures while idle. I really need some help to identify and solve the issue.

Psychotic · July 3, 2013

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

DyHaglar · July 3, 2013

I have all of the logs ready. You would like me to paste their contents as a reply, correct?

Psychotic · July 3, 2013

correct

DyHaglar · July 3, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 10.21.2

Run by Lucas at 3:48:18 on 2013-07-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.5914 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

"C:\Users\Lucas\AppData\Local\Temp\svchost.exe" -o http://p.9d3e622df914d8de7f747b7b8b143c52.com -O r3:r3 -l 1

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe] C:\Users\Lucas\AppData\Roaming\Adobe\color.vbe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{53057F99-F1D5-4EBF-B2C7-C54D880ED774} : DHCPNameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{E8C79C70-4888-413D-82D3-95E075744554} : DHCPNameServer = 10.0.0.2 10.0.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-22 82560]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-22 42624]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-22 22128]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-6-29 9216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-3 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-3 701512]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-14 144368]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-1-22 27792]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-22 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-14 169048]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-6 138912]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-1-22 65152]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-1-22 88832]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130604.001\IDSviA64.sys [2013-6-4 513184]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-3 25928]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-10-30 13368]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-22 565352]

R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-14 493656]

R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-14 1139800]

R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-14 224416]

R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-14 433752]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-22 2206352]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-14 49152]

S3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [2009-8-10 28984]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-07-03 06:17:53 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Malwarebytes

2013-07-03 06:17:43 -------- d-----w- C:\ProgramData\Malwarebytes

2013-07-03 06:17:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-03 06:17:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-03 06:00:31 -------- d-----w- C:\Users\Lucas\AppData\Local\AMD

2013-07-03 06:00:13 -------- d-----w- C:\Users\Lucas\AppData\Local\ATI

2013-07-03 05:59:22 0 ----a-w- C:\Windows\ativpsrm.bin

2013-07-03 05:57:38 -------- d-----w- C:\ProgramData\AMD

2013-07-03 05:57:37 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-07-03 05:57:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-07-03 05:57:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-07-03 05:56:00 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-07-03 05:55:58 -------- d-----w- C:\Program Files\ATI

2013-07-03 05:55:41 -------- d-----w- C:\Program Files\ATI Technologies

2013-07-03 05:54:54 -------- d-----w- C:\AMD

2013-07-03 05:52:48 -------- d-----w- C:\Program Files (x86)\MSI Afterburner

2013-07-02 07:21:10 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24A780D0-9B76-47B5-8F36-59CDF8B60068}\mpengine.dll

2013-07-01 18:04:30 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2013-07-01 18:04:24 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2013-06-29 18:13:56 -------- d-----w- C:\Users\Lucas\AppData\Roaming\LolClient

2013-06-29 16:40:40 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Awesomium

2013-06-29 16:39:47 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2013-06-29 16:39:31 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios

2013-06-29 02:05:04 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2013-06-29 02:05:03 -------- d-----w- C:\Riot Games

2013-06-29 02:03:50 -------- d-----w- C:\Users\Lucas\AppData\Local\PMB Files

2013-06-29 02:03:49 -------- d-----w- C:\ProgramData\PMB Files

2013-06-29 02:03:21 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Riot Games

2013-06-29 00:00:08 -------- d-----w- C:\Users\Lucas\AppData\Local\WarThunder

2013-06-29 00:00:08 -------- d-----w- C:\ProgramData\WarThunder

2013-06-29 00:00:01 -------- d-----w- C:\Program Files (x86)\War Thunder

2013-06-24 09:01:35 -------- d-----w- C:\Users\Lucas\AppData\Roaming\TortoiseSVN

2013-06-24 08:53:00 -------- d-----w- C:\Users\Lucas\AppData\Local\TSVNCache

2013-06-24 08:50:49 -------- d-----w- C:\Program Files\TortoiseSVN

2013-06-24 08:50:49 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays

2013-06-24 08:50:49 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays

2013-06-15 02:13:25 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys

2013-06-15 02:13:25 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys

2013-06-15 02:13:25 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys

2013-06-15 02:13:25 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys

2013-06-15 02:13:25 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys

2013-06-15 02:13:25 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys

2013-06-15 02:13:25 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys

2013-06-15 02:13:25 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys

2013-06-15 02:13:14 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028

2013-06-14 03:38:47 -------- d-----w- C:\Users\Lucas\AppData\Roaming\.minecraft

2013-06-12 05:56:59 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-06-10 17:01:26 -------- d-----w- C:\ProgramData\Package Cache

2013-06-05 00:00:21 -------- d-----w- C:\Users\Lucas\AppData\Local\Warframe

.

==================== Find3M ====================

.

2013-07-03 05:29:25 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-07-03 05:29:25 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-06-19 21:09:04 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-06-19 02:45:25 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-06-05 22:06:33 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-16 14:37:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe

2013-04-16 14:37:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe

2013-04-16 14:37:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe

2013-04-16 14:37:12 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe

2013-04-14 23:04:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-14 23:04:38 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 10:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

============= FINISH: 3:48:48.67 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/28/2013 6:17:23 PM

System Uptime: 7/3/2013 3:37:57 AM (0 hours ago)

.

Motherboard: AMD Corporation | | 970A-D3

Processor: AMD FX-4100 Quad-Core Processor | CPU 1 | 3600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 288.342 GiB free.

D: is CDROM (CDFS)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP148: 7/2/2013 9:21:17 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

RP149: 7/2/2013 9:21:38 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

RP150: 7/3/2013 3:00:51 AM - Removed Battlefield 2

.

==== Installed Programs ======================

.

Ace of Spades

Adobe Flash Player 11 Plugin

Alien Swarm

AMD Accelerated Video Transcoding

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Application Profiles

Arma 2

Arma 2: Operation Arrowhead

Arma 2: Operation Arrowhead - Dedicated Server

Assassin's Creed II

Battlefield 1942™

BattlEye for OA Uninstall

BioShock

Blacklight: Retribution

Call of Duty: World at War

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Cave Story+

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chivalry: Medieval Warfare

Company of Heroes

Company of Heroes (New Steam Version)

Company of Heroes 2

Company of Heroes: Tales of Valor

Counter-Strike: Global Offensive

Counter-Strike: Source

Cry of Fear

Darksiders

Day of Defeat: Source

DayZ Commander

Dead Island

Dead Pixels

Dead Space™ 2

Dedicated Server

Dolby Axon - 1.5.0.1

Dota 2

Dungeon Defenders

Eastern Front

Empire: Total War

Etron USB3.0 Host Controller

Far Cry

Far Cry 2

Far Cry 3

Garry's Mod

Google Chrome

Google Update Helper

Half-Life

Half-Life 2

Half-Life 2: Deathmatch

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life Dedicated Server Update Tool

Hearts of Iron III

Heroes & Generals

Hi-Rez Studios Authenticate and Update Service

Hitman: Blood Money

Insurgency: Modern Infantry Combat

Java 7 Update 21

Java Auto Updater

Junk Mail filter update

Killing Floor

League of Legends

Legend of Grimrock

LogMeIn Hamachi

Magicka

Making History: The Calm & The Storm

Malwarebytes Anti-Malware version 1.75.0.1300

Medieval II Total War

Medieval II Total War : Kingdoms : Americas

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

Men of War: Assault Squad

Metro 2033

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 4.0

Mortal Online

Mount & Blade: Warband

Mount & Blade: With Fire and Sword

MSI Afterburner 2.2.5

MSVCRT

Norton Internet Security

NVIDIA PhysX

Oblivion mod manager 1.1.12

ON_OFF Charge B12.0308.1

OpenOffice.org 3.4.1

Operation Flashpoint: Dragon Rising

Operation Flashpoint: Dragon Rising Mission Editor

Origin

Pando Media Booster

Path of Exile

PAYDAY: The Heist

PlanetSide 2

Platform

Play withSIX

Portal

Portal 2

PunkBuster Services

Quake Live Mozilla Plugin

Qualcomm Atheros Client Installation Program

Realm of the Mad God

Realtek Ethernet Controller Driver

Red Orchestra 2: Heroes of Stalingrad

Red Orchestra 2: Heroes of Stalingrad - Single Player

S.T.A.L.K.E.R.: Call of Pripyat

Saints Row: The Third

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

Sid Meier's Civilization V

Skype™ 6.3

Sleeping Dogs™

Smite

Sniper Elite V2

Source Multiplayer Dedicated Server

Source SDK Base 2007

Star Wars: Knights of the Old Republic

Steam

Stronghold

Stronghold 2

Stronghold 3

Stronghold Crusader + Extreme

Stronghold Kingdoms

Stronghold Legends

Super Meat Boy

System Requirements Lab CYRI

Team Fortress 2

TeamSpeak 3 Client

Terraria

The Basement Collection

The Binding of Isaac

The Elder Scrolls III: Morrowind

The Elder Scrolls IV: Oblivion

The Ultimate DOOM

The War Z

Titan Quest

Tom Clancy's Rainbow Six: Vegas 2

TortoiseSVN 1.8.0.24401 (64 bit)

UE3Redist

Unity Web Player

Unofficial Oblivion Patch v3.4.3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Uplay

Ventrilo Client for Windows x64

VIA Platform Device Manager

War Thunder Launcher 1.0.1.246

Warframe

Warhammer 40,000 Space Marine

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Wings of Prey

WinRAR 4.20 (32-bit)

World of Tanks

World of Warcraft

Wrye Bash

.

==== Event Viewer Messages From Past Week ========

.

7/3/2013 3:39:07 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

7/3/2013 12:47:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/3/2013 12:47:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/3/2013 12:47:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/3/2013 12:47:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/3/2013 12:47:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/3/2013 12:45:29 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/3/2013 12:45:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr Wanarpv6

7/2/2013 10:44:52 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

7/1/2013 1:04:31 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/1/2013 1:04:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

7/1/2013 1:04:31 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-03 03:54:52

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST31000524AS rev.JC4B 931.51GB

Running: mnhgpcu9.exe; Driver: C:\Users\Lucas\AppData\Local\Temp\kwtdykow.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543e43867

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543e43867 (not active ControlSet)

---- EOF - GMER 2.1 ----

Psychotic · July 3, 2013

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

The logs can be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Zip any and all of these logs and attach the file to your next reply.

DyHaglar · July 3, 2013

Here is the zip

mbam-log-2013-07-03 (01-18-42).zip

Psychotic · July 3, 2013

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

DyHaglar · July 3, 2013

I am unable to end the process ccsvchst.exe, a Symantec process I believe is associated with Norton. Is it ok to run CF?

Psychotic · July 3, 2013

If your Antivirus Program is disabled, proceed.

DyHaglar · July 3, 2013

ComboFix 13-07-02.03 - Lucas 07/03/2013 7:30.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.5771 [GMT -5:00]

Running from: c:\users\Lucas\Downloads\ComboFix.exe

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

.

((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 )))))))))))))))))))))))))))))))

.

2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\users\Lucas\AppData\Roaming\Malwarebytes

2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\programdata\Malwarebytes

2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-07-03 06:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Local\AMD

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Roaming\ATI

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Local\ATI

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\programdata\ATI

2013-07-03 05:59 . 2013-07-03 05:59 0 ----a-w- c:\windows\ativpsrm.bin

2013-07-03 05:57 . 2013-07-03 05:59 -------- d-----w- c:\programdata\AMD

2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files (x86)\AMD AVT

2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files\Common Files\ATI Technologies

2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2013-07-03 05:56 . 2013-07-03 05:56 -------- d-----w- c:\program files (x86)\ATI Technologies

2013-07-03 05:55 . 2013-07-03 05:55 -------- d-----w- c:\program files\ATI

2013-07-03 05:55 . 2013-07-03 05:57 -------- d-----w- c:\program files\ATI Technologies

2013-07-03 05:54 . 2013-07-03 05:54 -------- d-----w- C:\AMD

2013-07-03 05:52 . 2013-07-03 09:12 -------- d-----w- c:\program files (x86)\MSI Afterburner

2013-07-02 07:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24A780D0-9B76-47B5-8F36-59CDF8B60068}\mpengine.dll

2013-07-01 18:04 . 2009-03-18 23:35 33856 ---ha-w- c:\windows\system32\hamachi.sys

2013-07-01 18:04 . 2013-07-03 12:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-06-29 18:13 . 2013-06-29 18:13 -------- d-----w- c:\users\Lucas\AppData\Roaming\LolClient

2013-06-29 16:40 . 2013-06-29 16:40 -------- d-----w- c:\users\Lucas\AppData\Roaming\Awesomium

2013-06-29 16:39 . 2013-06-29 16:39 -------- d-----w- c:\programdata\Hi-Rez Studios

2013-06-29 16:39 . 2013-06-29 16:39 -------- d-----w- c:\program files (x86)\Hi-Rez Studios

2013-06-29 02:05 . 2013-06-29 02:05 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2013-06-29 02:05 . 2013-06-29 02:05 -------- d-----w- C:\Riot Games

2013-06-29 02:03 . 2013-07-03 05:27 -------- d-----w- c:\users\Lucas\AppData\Local\PMB Files

2013-06-29 02:03 . 2013-07-03 05:27 -------- d-----w- c:\programdata\PMB Files

2013-06-29 02:03 . 2013-06-29 02:03 -------- d-----w- c:\users\Lucas\AppData\Roaming\Riot Games

2013-06-29 00:00 . 2013-06-29 00:00 -------- d-----w- c:\users\Lucas\AppData\Local\WarThunder

2013-06-29 00:00 . 2013-06-29 00:00 -------- d-----w- c:\programdata\WarThunder

2013-06-29 00:00 . 2013-06-29 01:45 -------- d-----w- c:\program files (x86)\War Thunder

2013-06-24 09:01 . 2013-06-24 09:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\TortoiseSVN

2013-06-24 08:53 . 2013-07-03 12:38 -------- d-----w- c:\users\Lucas\AppData\Local\TSVNCache

2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files\TortoiseSVN

2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays

2013-06-14 03:38 . 2013-06-18 02:12 -------- d-----w- c:\users\Lucas\AppData\Roaming\.minecraft

2013-06-12 05:56 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-06-10 17:01 . 2013-06-10 17:01 -------- d-----w- c:\programdata\Package Cache

2013-06-05 00:00 . 2013-06-19 03:24 -------- d-----w- c:\users\Lucas\AppData\Local\Warframe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-03 05:29 . 2013-01-29 02:20 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-07-03 05:29 . 2013-01-29 02:18 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-06-19 21:09 . 2013-01-29 02:18 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-06-05 22:06 . 2013-01-29 02:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-05-02 07:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 14:37 . 2013-04-16 14:37 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe

2013-04-16 14:37 . 2013-04-16 14:37 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe

2013-04-16 14:37 . 2013-04-16 14:37 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe

2013-04-16 14:37 . 2013-04-16 14:37 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe

2013-04-14 23:04 . 2013-02-05 21:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-14 23:04 . 2013-02-05 21:17 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-13 05:49 . 2013-05-14 22:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-14 22:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-14 22:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-14 22:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-14 22:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-14 22:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 21:07 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-14 22:17 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-14 22:17 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-14 22:17 3153920 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]