PDA

View Full Version : I think I am infected?



Leprkon
2012-05-11, 03:39
I am not sure if I am infected or not, but occasionally I get redirected to other pages when I do a search or open a web page. I let my cousin on my laptop last weekend and he turned off my antivirus so that he could play a game and he forgot to turn it back on...so maybe I got infected?

I've ran spybot twice, once normally, and once in safe mode. I've also tried a system restore, however I still get the redirect problem occasionally. I've also tried a system restore and ran my virus scanner multiple times.

so here, is my log! Thanks in advance! Appreciate it guys!

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tsurug at 18:57:48 on 2012-05-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.1193 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tsurug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Google Update] "C:\Users\Tsurug\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\Users\Tsurug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{66DB0E74-F152-4077-B96C-CDE57C9FC865} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{66DB0E74-F152-4077-B96C-CDE57C9FC865}\55451477962756C6563737023556475707 : DhcpNameServer = 129.107.45.80 129.107.62.80 129.107.31.80
TCP: Interfaces\{66DB0E74-F152-4077-B96C-CDE57C9FC865}\A41637F6E6 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-9-4 189984]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-4-21 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-4-21 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-24 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-22 257696]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-24 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-4-21 332272]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2012-4-21 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-4-21 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2012-4-21 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2012-4-21 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-4-21 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2012-4-21 91432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2012-4-21 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2012-4-21 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2012-4-21 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-10 23:09:25 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-05-10 02:07:27 -------- d-sh--w- C:\found.000
2012-05-08 05:41:22 -------- d-----w- C:\Program Files (x86)\UnH Solutions
2012-05-08 05:34:04 -------- d-----w- C:\Users\Tsurug\AppData\Roaming\FlashGet
2012-05-08 05:33:58 -------- d-----w- C:\Program Files (x86)\FlashGet
2012-05-06 22:14:01 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-05-06 22:14:01 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-05-06 22:11:41 -------- d-----w- C:\Program Files (x86)\Diablo II
2012-05-06 20:12:02 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-05-06 00:58:44 -------- d-----w- C:\Users\Tsurug\AppData\Local\Western Digital
2012-05-05 20:28:36 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-05-05 20:28:34 -------- d-----w- C:\Program Files (x86)\Steam
2012-05-05 20:17:23 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2388D29-B686-4EAF-9122-DCEF5433F4F2}\mpengine.dll
2012-05-05 20:04:58 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-05 19:56:02 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-05-05 16:48:21 -------- d-----w- C:\Program Files (x86)\Black Box
2012-05-05 16:10:26 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 04:07:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-04 04:07:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-04 02:06:01 -------- d-----w- C:\Users\Tsurug\AppData\Roaming\Malwarebytes
2012-05-04 02:05:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-05-04 02:05:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-04 02:05:48 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-04 02:05:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 02:10:32 -------- d-----w- C:\pebuilder3110a
2012-04-29 19:22:02 -------- d-----w- C:\Users\Tsurug\AppData\Local\APN
2012-04-29 04:52:03 -------- d-----w- C:\Program Files (x86)\GOG.com
2012-04-29 04:08:48 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-29 04:07:44 -------- d-----w- C:\Users\Tsurug\AppData\Roaming\uTorrent
2012-04-29 03:48:46 -------- d-----w- C:\Users\Tsurug\AppData\Roaming\GameRanger
2012-04-25 08:01:59 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-25 08:01:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-25 08:01:53 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-24 22:17:50 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-04-24 22:17:50 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-04-24 22:17:01 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-04-24 22:17:01 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-04-24 22:16:57 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-04-24 22:16:57 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-04-24 22:15:08 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-04-24 10:20:00 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-23 03:55:20 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-23 03:54:53 -------- d-----w- C:\Windows\PCHEALTH
2012-04-23 03:53:15 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-23 03:52:40 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-23 03:51:58 -------- d-----w- C:\Users\Tsurug\AppData\Local\Microsoft Help
2012-04-23 03:05:17 -------- d-----w- C:\ProgramData\Giraffic
2012-04-23 03:05:17 -------- d-----w- C:\Program Files (x86)\Giraffic
2012-04-23 03:04:59 -------- d-----w- C:\Program Files (x86)\Veoh Networks
2012-04-23 03:03:23 -------- d-----w- C:\ProgramData\IBUpdaterService
2012-04-23 02:29:00 -------- d-----w- C:\Users\Tsurug\AppData\Local\ArcSoft
2012-04-23 02:28:58 -------- d-----w- C:\ProgramData\ArcSoft
2012-04-23 02:12:14 -------- d-----r- C:\Program Files (x86)\Skype
2012-04-22 05:39:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 05:39:51 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-22 03:40:43 -------- d-----w- C:\Users\Tsurug\AppData\Local\Adobe
2012-04-22 00:37:44 -------- d-----w- C:\Users\Tsurug\AppData\Roaming\ESET
2012-04-22 00:37:44 -------- d-----w- C:\Users\Tsurug\AppData\Local\ESET
2012-04-22 00:35:13 -------- d-----w- C:\Program Files\ESET
2012-04-22 00:32:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-22 00:32:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-21 14:31:52 -------- d-----w- C:\Windows\System32\SPReview
2012-04-21 14:16:58 -------- d-----w- C:\Windows\System32\EventProviders
2012-04-21 12:59:59 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-04-21 12:58:59 78848 ----a-w- C:\Windows\System32\tabcal.exe
2012-04-21 12:57:30 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-04-21 12:41:43 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-04-21 12:41:43 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-04-21 12:41:43 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2012-04-21 12:33:09 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-21 12:33:09 -------- d-----w- C:\Windows\System32\Wat
2012-04-21 07:57:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-21 07:57:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-21 07:57:27 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-21 07:57:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-21 07:57:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-21 07:57:27 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-21 07:57:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-21 07:56:07 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-04-21 07:56:07 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-04-21 07:56:00 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-04-21 07:54:54 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-04-21 07:52:09 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-21 07:52:09 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-21 07:12:18 -------- d-----w- C:\Users\Tsurug\AppData\Local\Deployment
2012-04-21 07:12:18 -------- d-----w- C:\Users\Tsurug\AppData\Local\Apps
2012-04-21 07:05:31 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-21 07:00:29 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-04-21 07:00:29 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-04-21 07:00:29 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-04-21 07:00:28 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-04-21 07:00:28 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-04-21 07:00:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-21 06:54:19 -------- d-----w- C:\Users\Tsurug\AppData\Local\Broadcom
2012-04-21 06:29:14 -------- d-----w- C:\ProgramData\Norton
2012-04-21 06:29:06 -------- d-----w- C:\ProgramData\NortonInstaller
2012-04-21 06:26:31 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-04-21 06:26:31 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-04-21 06:26:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-21 06:25:47 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-04-21 06:25:32 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-04-21 06:24:52 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\761a72251cd1f87\DSETUP.dll
2012-04-21 06:24:52 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\761a72251cd1f87\DXSETUP.exe
2012-04-21 06:24:52 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\761a72251cd1f87\dsetup32.dll
2012-04-21 06:24:23 140779848 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc600A.tmp
2012-04-21 06:24:21 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-21 06:24:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-21 06:24:16 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-04-21 06:16:56 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2012-04-21 06:16:35 98304 ----a-w- C:\Windows\SysWow64\VESWinlogon.dll
2012-04-21 06:14:48 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-21 06:14:41 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2012-04-21 06:13:55 -------- d-----w- C:\Users\Tsurug\AppData\Roaming\DAEMON Tools Pro
2012-04-21 06:13:52 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2012-04-21 06:13:04 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-04-21 06:10:49 -------- d-----w- C:\Program Files\Roxio
2012-04-21 06:10:46 -------- d-----w- C:\ProgramData\Uninstall
2012-04-21 06:10:32 -------- d-----w- C:\Program Files (x86)\Roxio
2012-04-21 06:09:51 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-04-21 06:09:51 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-04-21 06:09:50 133616 ------w- C:\Windows\SysWow64\pxafs.dll
2012-04-21 06:09:14 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-04-21 06:07:30 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-04-21 06:07:30 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2012-04-21 06:07:28 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2012-04-21 06:07:28 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2012-04-21 06:07:25 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-21 06:07:25 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-21 06:07:25 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-21 06:07:25 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-21 06:07:24 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-21 06:05:58 -------- d--h--w- C:\Windows\msdownld.tmp
2012-04-21 06:05:50 -------- d-----w- C:\Windows\SysWow64\directx
2012-04-21 06:02:22 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-04-21 06:02:22 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-04-21 06:02:22 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-04-21 05:58:05 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-04-21 05:57:38 114688 ----a-w- C:\Program Files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-04-21 05:57:36 114688 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-04-21 05:54:22 -------- d-----w- C:\Program Files (x86)\Seagate
2012-04-21 05:46:56 -------- d-----w- C:\Program Files\PlayReady
2012-04-21 05:45:05 -------- d---a-w- C:\Nobu_Icon
2012-04-21 05:37:38 411368 ----a-w- C:\Windows\SysWow64\deploytk.dll
2012-04-21 05:37:19 455680 ----a-w- C:\Windows\System32\deploytk.dll
2012-04-21 05:30:35 -------- d-----w- C:\ProgramData\Partner
2012-04-21 05:29:44 -------- d-----w- C:\Program Files (x86)\Sony
2012-04-21 05:29:29 -------- d-----w- C:\Windows\Sonysys
2012-04-21 05:27:47 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-21 05:26:51 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-04-21 05:26:51 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-04-21 05:26:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-04-21 05:26:51 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-04-21 05:26:51 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-04-21 05:26:51 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-04-21 05:26:50 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-04-21 05:01:21 -------- d-----w- C:\Users\Tsurug\AppData\Local\Google
2012-04-21 05:01:05 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-21 05:00:56 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-21 05:00:56 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-21 05:00:56 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-21 05:00:56 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-21 05:00:01 -------- d-----w- C:\Users\Tsurug\AppData\Local\ATI
2012-04-21 04:16:16 -------- d-----w- C:\Program Files\Sony
2012-04-21 04:14:55 2048 ----a-w- C:\Windows\System32\drivers\en-US\usbrpm.sys.mui
.
==================== Find3M ====================
.
2012-04-21 19:18:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-21 19:18:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-21 04:14:42 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-04-21 04:14:38 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-04-21 04:14:38 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-04-21 04:14:34 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-04-21 04:14:32 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-04-21 04:14:29 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 18:59:12.83 ===============

Blade81
2012-05-18, 18:14
Hello,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please uninstall the programs listed above (in red). Post fresh DDS logs when done.