Hello, I scanned my machine twice with VIPRE Av but did not find any infection, so i am assuming my machine is not infected below are the logs for same. attach : . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 20-08-2012 11:22:46 AM System Uptime: 28-12-2012 12:09:19 PM (3 hours ago) . Motherboard: Dell Inc. | | 0M5DCD Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 1581/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 228 GiB total, 171.387 GiB free. D: is FIXED (NTFS) - 228 GiB total, 199.47 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_04F51028&REV_06\4&213E82F8&0&00E4 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_04F51028&REV_06\4&213E82F8&0&00E4 Service: RTL8167 . ==== System Restore Points =================== . RP71: 12-12-2012 02:20:01 PM - Scheduled Checkpoint RP72: 20-12-2012 12:00:02 AM - Scheduled Checkpoint RP73: 24-12-2012 03:15:11 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) BioAPI Framework Conexant HD Audio Custom CutePDF Writer 3.0 D3DX10 Dell Backup and Recovery Manager Dell Client System Update Dell Data Protection | Access Dell Data Protection | Access | Drivers Dell Data Protection | Access | Middleware Dell Edoc Viewer DellAccess EMBASSY Security Center FileAlyzer 2 Gemalto GFI Business Agent Google Chrome Google Update Helper Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Intel® Identity Protection Technology 1.2.22.0 Intel® Management Engine Components Intel® Processor Graphics ITSupport247-DPMA Java 6 Update 3 Java 6 Update 33 Java 6 Update 37 Junk Mail filter update Kingsoft Office 2012 (8.1.0.3036) LogMeIn Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP1 English Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft XML Parser Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 Parser and SDK MSXML 4.0 SP3 Parser (KB2721691) NTRU TCG Software Stack OpenOffice.org 2.3 Pandion PC-CCID Preboot Manager Private Information Manager Realtek Ethernet Controller All-In-One Windows Driver SAAZ Remote Console NOC Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Spark 2.6.3.12555 SPBA 5.9 tools-linux tools-windows Trusted Drive Manager Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Upek Touchchip Fingerprint Reader VMware Player Wave Infrastructure Installer Wave Support Software Installer Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver WinZip . ==== Event Viewer Messages From Past Week ======== . 28-12-2012 12:09:31 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully. 27-12-2012 05:42:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 26-12-2012 08:24:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 26-12-2012 08:22:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 26-12-2012 08:22:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {285E95B2-ACD5-4405-8D24-2D73E65DD047} 26-12-2012 08:22:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 26-12-2012 08:22:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 26-12-2012 08:22:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 26-12-2012 08:22:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 26-12-2012 08:22:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 26-12-2012 08:21:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 26-12-2012 08:21:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 26-12-2012 08:21:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 26-12-2012 08:21:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 24-12-2012 08:24:08 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again. 21-12-2012 03:21:19 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again. 02-07-2013 04:21:41 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. 01-07-2013 11:13:50 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -25747198 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.21:123) is working properly. 01-07-2013 06:14:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SBAMSvc service. 01-07-2013 06:13:19 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -25747198 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.22:123) is working properly. 01-07-2013 06:02:21 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -25747198 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.17:123) is working properly. 01-07-2013 04:25:32 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP LaserJet required for printer !!10.10.10.10!HR_diana_Printer is unknown. Contact the administrator to install the driver before you log in again. 01-07-2013 03:59:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SAAZDPMACTL service. 01-07-2013 03:57:02 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -25747198 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123) is working properly. . ==== End Of File =========================== DDS : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37 Run by Birendra at 15:53:44 on 2012-12-28 Microsoft Windows 7 Professional 6.1.7601.1.1252.91.1033.18.3993.2082 [GMT 5.5:30] . AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe C:\PROGRA~2\SAAZOD\SAAZDPMACTL.exe C:\PROGRA~2\SAAZOD\SAAZScheduler.exe C:\PROGRA~2\SAAZOD\SAAZWatchDog.exe C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\SysWOW64\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\PROGRA~2\SAAZOD\zSCC\zinccm64.exe C:\PROGRA~2\SAAZOD\zSCC\zCCM.exe C:\Program Files (x86)\Spark\Spark.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\PROGRA~2\SAAZOD\zRealTime\rtHlpDk.exe C:\PROGRA~2\SAAZOD\zRealTime\rtdrHlpDk.exe C:\Program Files (x86)\Pandion\Application\pandion.exe C:\Windows\system32\mmc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.in/ mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Pandion.lnk - C:\Program Files (x86)\Pandion\Application\pandion.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SC_ZAC~1.LNK - C:\Program Files (x86)\SAAZOD\zSCC\zAccEvt.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: DisableCAD = dword:1 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: %windir%\system32\vsocklib.dll DPF: {3591A50E-18FD-42BC-8D10-6C93BDAF2DA0} - hxxps://control.itsupport247.net/components/SG20o.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972 TCP: NameServer = 10.10.10.10 4.2.2.2 TCP: Interfaces\{D1881DF5-BDF8-40A2-B7AD-D848A92B1397} : DHCPNameServer = 10.10.10.10 4.2.2.2 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Authentication Packages = msv1_0 wvauth x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-DPF: {03D19749-C5FA-4CCC-99AB-00AB2AF45ACD} - hxxps://secure.logmein.com/activex/x64/RACtrl.cab?rnd=2659824698 x64-DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/x64/RACtrl.cab?rnd=2659824698 x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Birendra\AppData\Roaming\Mozilla\Firefox\Profiles\9ugya2ja.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-12-6 70296] R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-8-20 57976] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 375728] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 15928] R2 SAAZappr;SAAZ RMM Agent Presence-PR;C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe [2012-6-26 85296] R2 SAAZapsc;SAAZ RMM Agent Presence-SC;C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe [2012-6-26 85296] R2 SAAZDPMACTL;SAAZDPMACTL;C:\PROGRA~2\SAAZOD\SAAZDPMACTL.exe [2012-11-27 89392] R2 SAAZScheduler;SAAZScheduler;C:\PROGRA~2\SAAZOD\SAAZScheduler.exe [2012-11-8 85296] R2 SAAZWatchDog;SAAZWatchDog;C:\PROGRA~2\SAAZOD\SAAZWatchDog.exe [2012-11-27 89392] R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-8-1 82872] R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe [2012-10-16 175496] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-10 2594584] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-11 317440] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576] S2 SAAZServerPlus;SAAZServerPlus;C:\PROGRA~2\SAAZOD\SAAZServerPlus.exe [2012-6-26 85296] S2 SBAMSvc;VIPRE Business;C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe [2012-10-16 3675976] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-11 685672] S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-10-15 86816] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-22 1255736] S4 SAAZRemoteSupport;SAAZRemoteSupport;C:\PROGRA~2\SAAZOD\SAAZRemoteSupport.exe [2012-11-27 81200] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] S4 ZEvtSVC;ZEvtSVC;C:\PROGRA~2\SAAZOD\zSCC\zEvtSVC.exe [2012-6-26 232752] . =============== File Associations =============== . FileExt: .vbe: VBEFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2] FileExt: .vbs: VBSFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2] FileExt: .js: JSFile=C:\Windows\System32\CScript.exe "%1" %* [default=Open2] FileExt: .jse: JSEFile=C:\Windows\System32\CScript.exe "%1" %* [default=Open2] FileExt: .wsf: WSFFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2] . =============== Created Last 30 ================ . 2013-07-01 16:57:10 -------- d-----w- C:\Users\Birendra\AppData\Local\{1EC7D20C-EC09-4010-850F-018D50A879BB} 2012-12-28 06:40:29 -------- d-----w- C:\Users\Birendra\AppData\Local\{0D4C7B8B-A95F-41D1-B809-D7F81E55E263} 2012-12-27 07:22:51 -------- d-----w- C:\Users\Birendra\AppData\Local\{F22A7E37-2C27-4D19-9087-6F834AB5F0EB} 2012-12-26 09:39:00 -------- d-----w- C:\Users\Birendra\AppData\Roaming\Malwarebytes 2012-12-26 09:38:27 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-26 06:30:42 -------- d-----w- C:\Users\Birendra\AppData\Local\{1D62D1E4-D376-4791-8F8B-238C1C391D62} 2012-12-25 13:06:45 -------- d-----w- C:\ApplicationLog 2012-12-24 15:04:45 -------- d-----w- C:\Users\Birendra\AppData\Local\{D01019D2-C992-4F28-814A-0C0385B870CA} 2012-12-23 21:45:26 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EDDA760-8C85-42B2-AF7A-A2CF17FB28DA}\mpengine.dll 2012-12-21 07:05:34 -------- d-----w- C:\Users\Birendra\AppData\Local\{80FF600B-81D0-477C-82EF-5250C992C03A} 2012-12-20 19:05:08 -------- d-----w- C:\Users\Birendra\AppData\Local\{5ADEA29C-7CD8-40D5-9CC8-86D6B3B3382D} 2012-12-20 07:04:55 -------- d-----w- C:\Users\Birendra\AppData\Local\{159CD0AF-B209-457E-A20E-37C0A3FDA100} 2012-12-19 18:34:16 -------- d-----w- C:\Users\Birendra\AppData\Local\{2E15194C-B412-4E04-B8B7-A1A484CD529B} 2012-12-19 06:34:03 -------- d-----w- C:\Users\Birendra\AppData\Local\{A4569A80-F55E-432F-A5ED-97EFE09B0B7C} 2012-12-18 06:27:45 -------- d-----w- C:\Users\Birendra\AppData\Local\{CF9D7D42-8F1A-4645-A09E-EB052EF83B17} 2012-12-17 18:27:32 -------- d-----w- C:\Users\Birendra\AppData\Local\{724B0744-99A9-4CD8-A522-52D1C829C028} 2012-12-17 06:27:07 -------- d-----w- C:\Users\Birendra\AppData\Local\{30AF4EA5-0E50-4D72-90E6-187243FF78BC} 2012-12-15 05:58:59 -------- d-----w- C:\Users\Birendra\AppData\Local\{27288E10-0339-4B0B-9943-910E5118C33D} 2012-12-14 17:58:43 -------- d-----w- C:\Users\Birendra\AppData\Local\{E1711131-CF61-4DA5-8BEC-3AAA4A8C5D28} 2012-12-14 05:58:31 -------- d-----w- C:\Users\Birendra\AppData\Local\{E0561777-CEF3-4252-BEEF-921CCF4E1FA5} 2012-12-13 06:05:12 -------- d-----w- C:\Users\Birendra\AppData\Local\{B3A212D8-1C6F-4C1D-B297-3E4BFCAF57A1} 2012-12-12 05:19:24 -------- d-----w- C:\Users\Birendra\AppData\Local\{A990CF78-FF49-4A61-A95C-71F35498B38D} 2012-12-11 21:33:04 87152 ----a-w- C:\Windows\System32\cpwmon64.dll 2012-12-11 21:33:03 -------- d-----w- C:\Program Files (x86)\Acro Software 2012-12-11 21:32:20 -------- d-----w- C:\Program Files (x86)\GPLGS 2012-12-11 17:19:12 -------- d-----w- C:\Users\Birendra\AppData\Local\{570FEF04-FB8E-4747-9BF1-010AABBD16D4} 2012-12-11 05:18:46 -------- d-----w- C:\Users\Birendra\AppData\Local\{C261890B-68C2-4B10-B82A-EF3D9F5DD81A} 2012-12-10 17:18:34 -------- d-----w- C:\Users\Birendra\AppData\Local\{0C7900F2-CB52-4EF7-9637-D89D9B6543D6} 2012-12-10 07:42:57 -------- d-----w- C:\Users\Birendra\AppData\Local\Kingsoft 2012-12-10 05:18:21 -------- d-----w- C:\Users\Birendra\AppData\Local\{06D9A0E0-BA61-4850-A41E-7F6B6AAEC24C} 2012-12-08 05:45:15 -------- d-----w- C:\Users\Birendra\AppData\Local\{6827684E-1FAD-45FB-9B41-B6521F323E41} 2012-12-07 22:04:50 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-12-07 22:04:49 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-12-07 21:16:09 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-12-07 17:44:50 -------- d-----w- C:\Users\Birendra\AppData\Local\{98D77511-55B3-41C5-864E-F1CBB86C7BC1} 2012-12-07 13:19:16 -------- d-----w- C:\Users\Birendra\AppData\Roaming\Kingsoft 2012-12-07 13:19:15 -------- d-----w- C:\ProgramData\Kingsoft 2012-12-07 13:19:11 -------- d-----w- C:\Program Files (x86)\Kingsoft 2012-12-07 05:44:37 -------- d-----w- C:\Users\Birendra\AppData\Local\{DD4B4EF3-B0C9-42EA-BE59-CA866E1CE0F7} 2012-12-06 06:24:32 67224 ----a-w- C:\Windows\System32\vsocklib.dll 2012-12-06 06:24:32 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll 2012-12-06 06:24:31 70296 ----a-w- C:\Windows\System32\drivers\vsock.sys 2012-12-06 06:24:25 67224 ----a-w- C:\Windows\System32\drivers\vmx86.sys 2012-12-06 06:24:24 32920 ----a-w- C:\Windows\System32\drivers\VMkbd.sys 2012-12-06 06:23:59 357016 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe 2012-12-06 06:23:55 435864 ----a-w- C:\Windows\SysWow64\vmnat.exe 2012-12-06 06:23:55 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys 2012-12-06 06:23:50 933528 ----a-w- C:\Windows\System32\vnetlib64.dll 2012-12-06 06:23:13 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys 2012-12-06 06:22:27 -------- d-----w- C:\Program Files\Common Files\VMware 2012-12-06 06:22:12 -------- d-----w- C:\Program Files (x86)\VMware 2012-12-06 06:22:12 -------- d-----w- C:\Program Files (x86)\Common Files\VMware 2012-12-06 05:38:22 -------- d-----w- C:\Users\Birendra\AppData\Local\{A122BA12-4DAE-4F95-A156-C9DDF71E3285} 2012-12-05 05:25:42 -------- d-----w- C:\Users\Birendra\AppData\Local\{D7655103-CE4F-45C0-BF2C-EE047CAAF7D2} 2012-12-04 17:25:29 -------- d-----w- C:\Users\Birendra\AppData\Local\{8C630FE7-5089-44BA-8C48-866F5E8EF4F8} 2012-12-04 05:25:16 -------- d-----w- C:\Users\Birendra\AppData\Local\{C682325B-7F6A-4BD4-AB1E-AC263B5AE2AC} 2012-12-03 05:14:30 -------- d-----w- C:\Users\Birendra\AppData\Local\{3619048C-AECD-40B6-B0E2-72A3CDBA309D} 2012-12-01 06:05:31 -------- d-----w- C:\Users\Birendra\AppData\Local\{D75BC3B3-0DAF-437C-9AFC-334304C18608} 2012-11-30 18:05:05 -------- d-----w- C:\Users\Birendra\AppData\Local\{29F95BA2-894F-47F1-96D0-D929D03FB675} 2012-11-30 06:04:53 -------- d-----w- C:\Users\Birendra\AppData\Local\{C18B13D5-6AF6-4293-B57F-B55183A062EE} 2012-11-29 05:42:40 -------- d-----w- C:\Users\Birendra\AppData\Local\{E4C65896-A715-43B9-84F2-75CF8D4B412E} . ==================== Find3M ==================== . 2012-12-24 12:39:42 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys 2012-11-12 12:49:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-12 12:49:02 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-10 11:57:45 83880 ----a-w- C:\Windows\System32\LMIinit.dll 2012-11-07 20:40:55 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-11-07 20:40:55 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-11-07 12:11:49 290816 ----a-w- C:\Windows\SysWow64\WINHTTP5.DLL 2012-11-07 12:11:49 102912 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL 2012-11-07 11:58:24 74 ----a-w- C:\MSXML3.bat 2012-11-07 06:46:23 203976 ----a-w- C:\Windows\System32\RICHTX32.OCX 2012-11-05 15:03:06 106496 ----a-w- C:\Program Files (x86)\AgntUninstallPID.exe 2012-10-31 21:04:10 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll 2012-10-31 21:04:10 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys 2012-10-31 21:04:08 48792 ----a-w- C:\Windows\System32\vnetinst.dll 2012-10-31 21:04:08 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys 2012-10-31 21:04:08 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys 2012-10-31 19:32:08 353280 ----a-w- C:\Windows\SysWow64\vmnc.dll 2012-10-29 11:25:43 12868626 ----a-w- C:\ContinuumMalwareByteTest.exe 2012-10-24 08:47:10 85104 ----a-w- C:\Windows\System32\drivers\vmci.sys 2012-10-16 09:33:12 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe 2012-10-15 15:31:36 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys 2012-10-11 11:45:06 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 15:53:59.59 =============== Please advise....
