I got a virus from a toolbar which i think came from k-lite codec pack.
it redirects my new tab to kl.startnow .com
I formatted my harddrive and reinstalled windows 7, ran several anti virus and spyware programs and nothing was found from any.
This virus is only seen while using chrome with a tab popping, firefox and ie are fine. However i do know it is slowing down my pc a lot and blocking programs from running
DDS log
I have notice that a few accounts are saying that im attempting to log in on different computers aswell. also music has randomly started playing
it redirects my new tab to kl.startnow .com
I formatted my harddrive and reinstalled windows 7, ran several anti virus and spyware programs and nothing was found from any.
This virus is only seen while using chrome with a tab popping, firefox and ie are fine. However i do know it is slowing down my pc a lot and blocking programs from running
DDS log
Quote:
|
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 Run by brandon at 18:42:15 on 2013-03-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16365.13843 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Gigabyte\ET6\GUI.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\SmartTechnology\Software\ProfilerU.exe C:\Program Files\SmartTechnology\Software\SaiMfd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Origin\Origin.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe C:\ProgramData\Razer\SwitchBlade\RzSBHelper.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\ProgramData\Razer\SwitchBlade\DeathStalker\Razer\1068AAE3-6299-4086-A7F6-0600F5F1D1E5\RzHome.exe C:\Program Files (x86)\Razer\SwitchBlade\RzDKManager.exe C:\Program Files (x86)\Razer\SwitchBlade\RzAppManager.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wuauclt.exe C:\Users\brandon\Documents\OpenHardwareMonitor\OpenHardwareMonitor.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ mWinlogon: Userinit = userinit.exe BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned> BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAZERF~1.LNK - C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAZERS~1.LNK - C:\ProgramData\Razer\SwitchBlade\RzSBHelper.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 64.71.255.204 64.71.255.198 TCP: Interfaces\{88FF9B98-9E72-4A0C-B82C-538742E0B98E} : DHCPNameServer = 64.71.255.204 64.71.255.198 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ihsq2qsh.default\ FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll FF - ExtSQL: 2013-03-09 11:37; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF - ExtSQL: 2013-03-09 15:26; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-3-9 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-3-9 1129120] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-3-9 21616] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-1 1388120] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-3-9 167072] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130308.001\IDSviA64.sys [2013-3-8 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-3-9 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-3-9 405624] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-3-9 1243024] R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2013-3-9 68136] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-3-9 138272] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008] R3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-9 138912] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104] R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-3-9 30528] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-9 565352] R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2012-11-7 22016] R3 rzhnet;Razer USA Ltd. External Display Driver;C:\Windows\System32\drivers\rzhnet.sys [2012-11-7 13312] R3 rzudd;RazerEx Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-7 113664] R3 SaiK1708;SaiK1708;C:\Windows\System32\drivers\SaiK1708.sys [2012-9-20 180544] R3 SaiU1708;SaiU1708;C:\Windows\System32\drivers\SaiU1708.sys [2012-9-20 47168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2013-3-9 25640] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-3-9 160256] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-9 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-9 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-9 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-9 1255736] . =============== Created Last 30 ================ . 2013-03-10 01:20:10 -------- d-----w- C:\Users\brandon\AppData\Local\CrashDumps 2013-03-10 00:24:05 -------- d-----w- C:\Users\brandon\AppData\Local\Samsung 2013-03-10 00:24:04 -------- d-----w- C:\Users\brandon\AppData\Roaming\Samsung 2013-03-10 00:12:05 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2013-03-10 00:11:38 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll 2013-03-10 00:10:28 -------- d-----w- C:\ProgramData\Samsung 2013-03-10 00:10:28 -------- d-----w- C:\Program Files (x86)\Samsung 2013-03-10 00:03:58 -------- d-----w- C:\Users\brandon\AppData\Local\Downloaded Installations 2013-03-09 23:57:30 -------- d-----w- C:\Users\brandon\AppData\Local\Macromedia 2013-03-09 22:53:49 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys 2013-03-09 22:53:48 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\srtsp64.sys 2013-03-09 22:53:48 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys 2013-03-09 22:53:48 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\srtspx64.sys 2013-03-09 22:53:48 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys 2013-03-09 22:53:48 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys 2013-03-09 22:53:48 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys 2013-03-09 22:53:35 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309010.00E 2013-03-09 20:46:27 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2013-03-09 20:44:59 393576 ----a-w- C:\Windows\System32\xactengine2_6.dll 2013-03-09 20:32:32 -------- d-----w- C:\Users\brandon\AppData\Local\Google 2013-03-09 20:29:05 -------- d-----w- C:\Users\brandon\AppData\Local\Mozilla 2013-03-09 20:05:17 -------- d-----w- C:\Users\brandon\AppData\Roaming\Rainmeter 2013-03-09 20:02:28 -------- d-----w- C:\Program Files\Rainmeter 2013-03-09 19:52:30 -------- d-----w- C:\ProgramData\EA Logs 2013-03-09 19:25:09 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{242BB35E-121E-48CD-8A7D-0273DB343883}\gapaengine.dll 2013-03-09 19:25:05 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFE85D4D-CBED-465D-B2A0-8933F3D3BA29}\mpengine.dll 2013-03-09 19:22:12 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-03-09 19:22:06 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-03-09 19:20:37 -------- d-----w- C:\Users\brandon\AppData\Local\SmartTechnology 2013-03-09 19:18:27 -------- d-----w- C:\ProgramData\SmartTechnology 2013-03-09 19:18:23 -------- d-----w- C:\Program Files\SmartTechnology 2013-03-09 19:17:46 -------- d-sh--w- C:\Users\brandon\AppData\Roaming\Common 2013-03-09 19:17:42 -------- d-----w- C:\Users\brandon\AppData\Roaming\DisplayFusion 2013-03-09 19:17:19 -------- d-----w- C:\ProgramData\Binary Fortress Software 2013-03-09 19:16:51 -------- d-----w- C:\Program Files (x86)\DisplayFusion 2013-03-09 19:16:36 -------- d-----w- C:\Users\brandon\AppData\Local\Programs 2013-03-09 19:08:18 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-09 19:08:18 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-09 18:48:58 -------- d-----r- C:\Program Files (x86)\Skype 2013-03-09 18:48:26 25640 ----a-w- C:\Windows\etdrv.sys 2013-03-09 18:39:12 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2013-03-09 18:39:12 -------- d-----w- C:\Program Files (x86)\Diablo III 2013-03-09 18:39:12 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2013-03-09 18:36:26 -------- d-----w- C:\Users\brandon\AppData\Roaming\Synaptics 2013-03-09 18:36:16 -------- d-----w- C:\Program Files\Synaptics 2013-03-09 18:32:47 -------- d-----w- C:\Users\brandon\AppData\Local\Razer 2013-03-09 18:31:04 30528 ----a-w- C:\Windows\GVTDrv64.sys 2013-03-09 18:30:42 25640 ----a-w- C:\Windows\gdrv.sys 2013-03-09 18:05:42 -------- d-----w- C:\ProgramData\Battle.net 2013-03-09 18:01:03 -------- d-----w- C:\Users\brandon\AppData\Roaming\Origin 2013-03-09 18:01:03 -------- d-----w- C:\Program Files (x86)\Origin Games 2013-03-09 18:00:56 -------- d-----w- C:\Users\brandon\AppData\Local\Origin 2013-03-09 18:00:10 -------- d-----w- C:\ProgramData\Origin 2013-03-09 18:00:09 -------- d-----w- C:\ProgramData\Electronic Arts 2013-03-09 17:59:55 -------- d-----w- C:\Program Files (x86)\Origin 2013-03-09 17:48:55 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor 2013-03-09 17:48:55 -------- d-----w- C:\Windows\System32\wbem\Framework\root 2013-03-09 17:48:55 -------- d-----w- C:\Windows\System32\wbem\Framework 2013-03-09 17:47:57 -------- d-----w- C:\Users\brandon\AppData\Local\AMD 2013-03-09 17:47:06 -------- d-----w- C:\Users\brandon\AppData\Local\ATI 2013-03-09 17:45:59 0 ----a-w- C:\Windows\ativpsrm.bin 2013-03-09 17:43:11 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-03-09 17:43:08 -------- d-----w- C:\Program Files\AMD 2013-03-09 17:43:08 -------- d-----w- C:\Program Files (x86)\AMD 2013-03-09 17:43:05 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-03-09 17:43:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2013-03-09 17:43:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2013-03-09 17:42:15 -------- d-----w- C:\ProgramData\AMD 2013-03-09 17:41:42 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-03-09 17:41:27 -------- d-----w- C:\Program Files\ATI Technologies 2013-03-09 17:41:25 -------- d-----w- C:\Program Files\ATI 2013-03-09 17:40:55 -------- d-----w- C:\AMD 2013-03-09 16:52:32 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-09 16:52:32 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-09 16:40:02 96768 ----a-w- C:\Windows\System32\fsutil.exe 2013-03-09 16:40:02 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2013-03-09 16:40:02 2565632 ----a-w- C:\Windows\System32\esent.dll 2013-03-09 16:40:02 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2013-03-09 16:40:01 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2013-03-09 16:40:01 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2013-03-09 16:40:01 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-03-09 16:40:01 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2013-03-09 16:40:01 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2013-03-09 16:40:01 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2013-03-09 16:39:59 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-03-09 16:39:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-03-09 16:39:59 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-03-09 16:39:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-03-09 16:39:59 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-03-09 16:39:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-03-09 16:39:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-03-09 08:22:28 -------- d-----w- C:\Windows\Panther 2013-03-09 06:37:54 -------- d-----w- C:\Windows\SysWow64\Wat 2013-03-09 06:37:54 -------- d-----w- C:\Windows\System32\Wat 2013-03-09 06:14:19 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-03-09 06:14:19 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-03-09 06:14:19 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-03-09 06:14:19 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-03-09 06:00:58 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-03-09 06:00:58 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-03-09 06:00:58 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-03-09 06:00:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-03-09 06:00:58 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-03-09 06:00:58 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-03-09 06:00:09 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-03-09 06:00:09 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-03-09 06:00:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-03-09 06:00:08 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-03-09 06:00:08 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-03-09 06:00:08 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-03-09 06:00:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-03-09 05:58:50 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2013-03-09 05:56:49 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-03-09 05:56:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-03-09 05:56:49 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-03-09 05:56:49 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-03-09 05:56:49 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-03-09 05:54:59 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2013-03-09 05:53:58 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-03-09 05:50:35 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-03-09 05:47:42 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-03-09 05:46:21 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2013-03-09 05:46:21 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2013-03-09 05:45:49 67072 ----a-w- C:\Windows\splwow64.exe 2013-03-09 05:45:49 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2013-03-09 05:43:48 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-03-09 05:43:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-03-09 05:43:48 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-03-09 05:41:42 -------- d-----w- C:\Intel 2013-03-09 05:40:14 31272 ----a-w- C:\Windows\System32\AppleChargerSrv.exe 2013-03-09 05:40:14 21616 ----a-w- C:\Windows\System32\drivers\AppleCharger.sys 2013-03-09 05:40:13 -------- d-----w- C:\Program Files\GIGABYTE 2013-03-09 05:40:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-03-09 05:39:55 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-03-09 05:39:54 -------- d-----w- C:\Program Files (x86)\Etron Technology 2013-03-09 05:39:30 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-03-09 05:39:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-03-09 05:37:45 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2013-03-09 05:37:44 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2013-03-09 05:37:44 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2013-03-09 05:33:30 -------- d-----w- C:\Windows\System32\drivers\NISx64 2013-03-09 05:33:29 -------- d-----w- C:\ProgramData\Norton 2013-03-09 05:33:29 -------- d-----w- C:\Program Files (x86)\Norton Internet Security 2013-03-09 05:32:51 -------- d-sh--w- C:\Windows\Installer 2013-03-09 05:32:25 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2013-03-09 05:32:19 -------- d-----w- C:\ProgramData\NortonInstaller 2013-03-09 05:32:07 -------- d-----w- C:\Program Files (x86)\Gigabyte 2013-03-09 05:31:57 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2013-03-09 05:31:57 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2013-03-09 05:31:57 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe 2013-03-09 05:31:57 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2013-03-09 05:31:57 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2013-03-09 05:31:57 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2013-03-09 05:31:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2013-03-09 05:31:57 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2013-03-09 05:31:57 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2013-02-22 10:47:38 48128 ----a-w- C:\Windows\SysWow64\RzAPISwitchBlade.dll . ==================== Find3M ==================== . 2013-03-09 20:46:03 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-03-09 20:45:56 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-03-09 20:45:53 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-03-09 16:59:30 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-02-05 22:52:54 90112 ----a-w- C:\Windows\MAMCityDownload.ocx 2013-02-01 13:43:00 52640 ----a-w- C:\Windows\System32\drivers\SaiBus.sys 2013-02-01 13:43:00 25120 ----a-w- C:\Windows\System32\drivers\SaiMini.sys 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-25 07:40:26 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll 2013-01-25 07:40:26 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll 2013-01-25 07:40:26 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll 2013-01-25 07:40:26 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll 2013-01-25 06:19:46 54272 ----a-w- C:\Windows\SysWow64\RzIME.dll 2013-01-25 06:19:46 38400 ----a-w- C:\Windows\SysWow64\RzSelect.dll 2013-01-25 06:19:46 2555904 ----a-w- C:\Windows\SysWow64\QQPYEngine.dll 2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-12-19 20:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe 2012-12-19 20:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-12-19 20:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-12-19 20:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-12-19 20:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-12-19 20:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll 2012-12-19 20:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-12-19 20:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-12-19 20:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll 2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll 2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll . ============= FINISH: 18:42:44.36 =============== |
I have notice that a few accounts are saying that im attempting to log in on different computers aswell. also music has randomly started playing