Computer flood router-firewall

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

RioSif

Thread Starter
Joined
Jan 21, 2013
Messages
5
Hello,
my computer is on a network with a zywall router/fw. The internet was stopping from time to time and i checked the routers logs and saw flooding for lan to wan that was stopping when i disconnect my computer from the network so it's me causing the problem.
I run malware bytes antimalware but found nothing.
What should i do next?
PS i'll post logs from hijack this, gmer and dds as soon as i have access to that pc again.
Thanks
 

RioSif

Thread Starter
Joined
Jan 21, 2013
Messages
5
Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:35:27, on 22/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Avaya\IP Office\Phone Manager\SPServer.exe
C:\Users\RioSif.NIKOLOUZOSSA\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: EvernoteClipper.lnk = C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: PhoneManager.lnk = C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
O9 - Extra button: &#931;&#965;&#957;&#948;&#949;&#948;&#949;&#956;&#941;&#957;&#949;&#962; &&#963;&#951;&#956;&#949;&#953;&#974;&#963;&#949;&#953;&#962; &#964;&#959;&#965; OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &#931;&#965;&#957;&#948;&#949;&#948;&#949;&#956;&#941;&#957;&#949;&#962; &&#963;&#951;&#956;&#949;&#953;&#974;&#963;&#949;&#953;&#962; &#964;&#959;&#965; OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://tallos.homeip.net:8085/RtspVaPgDec.cab
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://tallos.homeip.net:8082/RtspVaPgDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NIKOLOUZOSSA.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C1CD185-6B2C-4DBF-BF15-7CBFAF2FA7B9}: NameServer = 192.168.0.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{552D88B7-B137-4B77-88CF-4EE374520873}: NameServer = 192.168.0.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{F383DC3C-BFBD-421F-AB9B-B11DC28A2D1F}: NameServer = 192.168.0.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NIKOLOUZOSSA.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NIKOLOUZOSSA.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Management Console Agent (AntiVir Security Management Center Agent) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
O23 - Service: Avira FireWall (AntiVirFireWallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fasy FMU service (fmuservice) - Unknown owner - C:\Windows\SysWOW64\FMUSRV32.exe
O23 - Service: &#933;&#960;&#951;&#961;&#949;&#963;&#943;&#945; Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: &#933;&#960;&#951;&#961;&#949;&#963;&#943;&#945; Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: &#933;&#960;&#951;&#961;&#949;&#963;&#943;&#945; iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Windows\SysWOW64\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16589 bytes
 

RioSif

Thread Starter
Joined
Jan 21, 2013
Messages
5
DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by RioSif at 15:35:43 on 2013-01-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1253.30.1033.18.3967.2123 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\FMUSRV32.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Windows\SysWOW64\srvany.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Windows\KMService.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\SysWOW64\NMSAccessU.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe
C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Windows Server\Bin\Launchpad.exe
C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avaya\IP Office\Phone Manager\SPServer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uProxyServer = 192.168.0.3:8080
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\RIOSIF~1.NIK\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHONEM~1.LNK - C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4.0 - C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://tallos.homeip.net:8085/RtspVaPgDec.cab
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://tallos.homeip.net:8082/RtspVaPgDec.cab
TCP: Interfaces\{3C1CD185-6B2C-4DBF-BF15-7CBFAF2FA7B9} : NameServer = 192.168.0.4
TCP: Interfaces\{552D88B7-B137-4B77-88CF-4EE374520873} : NameServer = 192.168.0.4
TCP: Interfaces\{F383DC3C-BFBD-421F-AB9B-B11DC28A2D1F} : NameServer = 192.168.0.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar_x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar_x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [LastApp] C:\Program Files (x86)\LastPass\lastapp_x64.exe
x64-Run: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Launchpad] C:\Program Files (x86)\Windows Server\Bin\Launchpad.exe -autostart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\Firefox\Profiles\vrn7dnue.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\Firefox\Profiles\vrn7dnue.default\extensions\[email protected]\plugins\npLMI64.dll
FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\Firefox\Profiles\vrn7dnue.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\RioSif\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RioSif\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-20 12:03; {35379F86-8CCB-4724-AE33-4278DE266C70}; C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader
FF - ExtSQL: 2012-12-27 12:16; [email protected]otcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-9-25 155272]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-8-30 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-8-30 15920]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-28 56208]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2012-9-25 1093256]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-9-25 228488]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2012-9-25 166024]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-9-27 70256]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-1-15 140936]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-1-15 27760]
R1 oxpar;OX16PCI95x Parallel port driver;C:\Windows\System32\drivers\oxpar.sys [2007-1-24 158208]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-9-25 3696632]
R2 AntiVir Security Management Center Agent;Avira Management Console Agent;C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [2013-1-14 1087745]
R2 AntiVirFireWallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2013-1-15 619472]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-1-15 375760]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-15 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-15 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-1-15 465360]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-1-15 98848]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
R2 fmuservice;Fasy FMU service;C:\Windows\SysWOW64\FMUSRV32.exe [2006-5-8 69632]
R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-12-1 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-29 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-29 682344]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-9-28 145448]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-11-2 41568]
R2 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-4 3467768]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-9-25 367200]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-1-15 114168]
R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-3-2 63872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-29 24176]
R3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2012-10-12 16376]
R3 stdriver;SoundTap Filter Driver v6.05.00;C:\Windows\System32\drivers\stdriverx64.sys [2012-10-13 32536]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-10-5 1207808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-12-28 31800]
S3 SQ931;USB 2.0 Video Camera;C:\Windows\System32\drivers\Capt931a.sys [2012-10-9 606528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2010-5-20 2143600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S4 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2011-9-22 374304]
S4 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2011-9-22 292384]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-21 10:38:34 -------- d-----w- C:\Windows\pss
2013-01-21 09:23:30 -------- d-----w- C:\Program Files (x86)\EPSON
2013-01-19 14:56:57 -------- d-----w- C:\_PoliFix
2013-01-19 13:21:00 -------- d-----w- C:\Program Files (x86)\Runtime Software
2013-01-17 09:00:32 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\ERGA
2013-01-15 20:30:57 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai
2013-01-15 18:45:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C2C9E52-1CAA-43FD-9E79-D89B2D9EDD8E}\mpengine.dll
2013-01-15 17:34:41 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Avira
2013-01-15 17:28:38 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-01-15 17:28:38 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-01-15 17:28:38 140936 ----a-w- C:\Windows\System32\drivers\avfwot.sys
2013-01-15 17:28:38 114168 ----a-w- C:\Windows\System32\drivers\avfwim.sys
2013-01-14 09:03:43 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\VMware
2013-01-10 08:21:17 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-10 08:21:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-10 08:21:08 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-10 08:21:07 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-10 08:21:07 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-10 08:21:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-10 08:21:05 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-10 08:21:05 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-10 08:21:04 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-10 08:21:04 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-05 09:37:29 -------- d-----w- C:\ProgramData\NikolouzosSA
2013-01-03 04:48:01 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Apple
2012-12-31 08:30:06 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Macromedia
2012-12-29 14:17:32 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Malwarebytes
2012-12-29 14:11:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-29 14:11:25 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-29 14:11:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-29 14:11:17 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Programs
2012-12-28 17:07:25 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass
2012-12-28 16:49:27 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\VS Revo Group
2012-12-28 16:49:18 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-12-28 16:49:15 -------- d-----w- C:\Program Files\VS Revo Group
2012-12-27 18:06:26 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Mozilla
2012-12-27 17:48:22 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Opera
2012-12-27 17:21:21 -------- d-----w- C:\Program Files (x86)\Avira
2012-12-27 17:21:19 -------- d-----w- C:\ProgramData\Avira
2012-12-27 17:04:02 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Microsoft_Corporation
2012-12-27 17:00:55 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\VirtualStore
2012-12-27 17:00:48 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Devolutions
2012-12-27 17:00:38 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Evernote
2012-12-27 17:00:36 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\sohoclient
2012-12-27 17:00:34 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\LogMeIn
2012-12-27 17:00:34 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Google
2012-12-27 17:00:33 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\ESET
2012-12-27 17:00:31 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Adobe
2012-12-27 17:00:00 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Temp
2012-12-27 17:00:00 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Microsoft
2012-12-27 16:55:28 90112 ----a-r- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Microsoft\Installer\{48948338-3777-41EB-AB05-DF48D3A59591}\_201B7430BD9D_4134_876F_9A35A86F3F8E.exe
2012-12-27 16:55:28 61440 ----a-r- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Microsoft\Installer\{5D652EC3-8AC0-41E7-B337-162BC7B01148}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe
2012-12-27 16:11:25 -------- d-----w- C:\Program Files\Windows Server
.
==================== Find3M ====================
.
2013-01-10 09:53:24 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 09:53:24 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-15 12:39:16 245248 ----a-w- C:\Windows\System32\tspi2w_64.tsp
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-03 05:12:12 159232 ----a-w- C:\Windows\System32\drivers\ser2pl64.sys
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 13:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-11-02 13:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-11-02 13:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-11-02 13:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-11-02 13:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-11-02 13:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 01:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 01:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 15:36:28,93 ===============
 

RioSif

Thread Starter
Joined
Jan 21, 2013
Messages
5
ATTACH Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25/8/2012 12:04:32
System Uptime: 22/1/2013 15:19:05 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N68-VM
Processor: AMD Phenom(tm) 8450 Triple-Core Processor | AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 32,236 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 70,028 GiB free.
E: is FIXED (NTFS) - 126 GiB total, 4,485 GiB free.
F: is FIXED (NTFS) - 106 GiB total, 7,811 GiB free.
G: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP111: 18/1/2013 23:59:55 - Installed Evernote v. 4.6.1
RP112: 19/1/2013 16:57:27 - PoliFix_2.0.6
RP113: 21/1/2013 11:22:56 - Installed EPSON APD4 Sample&Manual
RP114: 22/1/2013 10:05:33 - Removed Cool & Quiet
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Acrobat X Pro - English, Fran&#951;ais, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.6
Adobe Widget Browser
Adobe® Content Viewer
Akamai NetSession Interface
AlgoDriver Ver 4.2.0 (Ethernet Support with Security & batch print & printer names call)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
ATEUS XAPI - server 1.13Q
AusLogics Emergency Recovery
Avira Management Console Agent
Avira Professional Security
Beyond Compare Version 3.3.5
bl
Bonjour
BurnAware Professional 5.0.1
C-Media PCI Audio Device
CCleaner
CPUID CPU-Z 1.61.5
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Defraggler
DEMOSTHeNES Speech Composer 1.2
DEVLink
Doxillion Document Converter
Driver Genius Professional Edition 2007
EPSON APD4 Sample&Manual
Evernote v. 4.5.8
Express Gate
Fasy FMU Drivers 1.4.2
Fasy FMU Drivers FMU Drivers 2.0.4
FlashFXP v4.2
GetDataBack for FAT
GNU Aspell 0.50-3
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HEADRFM-2010
High-Definition Video Playback
iCloud
IETester v0.4.12 (remove only)
Intel Entry Storage System
IP Office User Suite
iTunes
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
JDownloader 0.9
K-Lite Codec Pack 9.2.0 (64-bit)
K-Lite Mega Codec Pack 9.2.4
LastPass(uninstall only)
LogMeIn
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Corporation
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Greek) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Greek) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Greek) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Greek) 2010
Microsoft Office Language Pack 2010 - Greek/&#917;&#955;&#955;&#951;&#957;&#953;&#954;&#940;
Microsoft Office O MUI (Greek) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Greek) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Greek) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Greek) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Greek) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Greek) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Greek) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared 32-bit MUI (Greek) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Greek) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Greek) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Greek) 2010
Microsoft Office X MUI (Greek) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Nero 11
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects Basic
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
Netop Remote Control Guest
nLite 1.4.9.1
Nmap 6.01
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
OpenAL
Opera 12.12
Oracle VM VirtualBox 4.2.0
Orbit Downloader
PC Probe II
PCManager UNI
PDF Settings CS6
ph
PhoneManager
PL-2303 Vista Driver Installer
Platform
PVSonyDll
QuickTime
RecordPad Sound Recorder
Remote Desktop Manager
Retrospect Express HD 2.1
Revo Uninstaller Pro 2.5.9
RTC Client API v1.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SeePassword
Sentinel Protection Installer 7.6.5
SoftConsole
SoundTap Streaming Audio Recorder
swMSM
SyncBackPro
TAPI
TeamViewer 8
TNod User & Password Finder
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
True Image 2013
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
USB 2.0 Rainbow Webcam
VIA &#916;&#953;&#945;&#967;&#949;&#953;&#961;&#953;&#963;&#964;&#942;&#962; &#931;&#965;&#963;&#954;&#949;&#965;&#974;&#957; &#928;&#955;&#945;&#964;&#966;&#972;&#961;&#956;&#945;&#962;
VMware vCenter Converter Standalone
VMware vSphere Client 4.1
VMware Workstation
Welcome App (Start-up experience)
Windows Small Business Server 2011 Connector
WinPcap 4.1.2
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
22/1/2013 15:29:53, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
22/1/2013 15:22:10, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
22/1/2013 15:20:08, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
22/1/2013 15:19:26, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain NIKOLOUZOSSA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
22/1/2013 12:48:36, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
21/1/2013 16:42:49, Error: bowser [8003] - The master browser has received a server announcement from the computer DOMSERVER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8320FF8F-863C-4045-83AE-84D00C895044}. The master browser is stopping or an election is being forced.
21/1/2013 12:05:31, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
21/1/2013 11:07:05, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
19/1/2013 17:00:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
19/1/2013 16:59:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
19/1/2013 16:59:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
19/1/2013 16:58:15, Error: Service Control Manager [7034] - The Sentinel Security Runtime service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:15, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:15, Error: Service Control Manager [7031] - The Windows Server Download Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/1/2013 16:58:15, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
19/1/2013 16:58:15, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/1/2013 16:58:15, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/1/2013 16:58:14, Error: Service Control Manager [7034] - The Retrospect Express HD Launcher service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:14, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:14, Error: Service Control Manager [7031] - The Windows Server Connector Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/1/2013 16:58:14, Error: Service Control Manager [7031] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/1/2013 16:58:13, Error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:12, Error: Service Control Manager [7034] - The Sentinel Protection Server service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:12, Error: Service Control Manager [7034] - The Sentinel Keys Server service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:12, Error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:12, Error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:11, Error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:11, Error: Service Control Manager [7034] - The Fasy FMU service service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:11, Error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/1/2013 16:58:10, Error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:10, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:10, Error: Service Control Manager [7034] - The Avira Management Console Agent service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:10, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
19/1/2013 16:58:09, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:09, Error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 16:58:04, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
19/1/2013 01:45:33, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort5.
16/1/2013 11:04:39, Error: Service Control Manager [7031] - The Avira FireWall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
15/1/2013 19:37:01, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on J: cannot be read.
15/1/2013 18:42:45, Error: NetBT [4321] - The name "NIKOLOUZOSSA :1d" could not be registered on the interface with IP address 192.168.0.80. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
15/1/2013 18:42:10, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The service has returned a service-specific error code.
15/1/2013 18:42:08, Error: Service Control Manager [7024] -
.
==== End Of File ===========================
 

RioSif

Thread Starter
Joined
Jan 21, 2013
Messages
5
GMER Log:

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-22 16:27:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 WDC_WD3200AAKS-00SBA0 rev.12.01B01 298,09GB
Running: e1o17cuj.exe; Driver: C:\Users\RIOSIF~1.NIK\AppData\Local\Temp\ufdiqpob.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
.text ... * 9
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
.text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
.text ... * 9
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
.text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
.text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000729113b0 2 bytes [91, 72]
.text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000729113c0 2 bytes [91, 72]
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000007291153e 2 bytes [91, 72]
.text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000072911553 2 bytes [91, 72]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
.text ... * 9
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
.text ... * 9
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
.text ... * 9
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
.text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
.text ... * 9
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]

---- Threads - GMER 2.0 ----

Thread C:\Windows\system32\svchost.exe [1620:1768] 000007fefa4335c0
Thread C:\Windows\system32\svchost.exe [1620:4212] 000007fefa435600
Thread C:\Windows\system32\svchost.exe [1620:4744] 000007feefe82940
Thread C:\Windows\system32\svchost.exe [1620:780] 000007fef6722a40
Thread C:\Windows\system32\svchost.exe [1620:3048] 000007fef6722888
Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:1868] 0000000074ee7587
Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:1972] 00000000740134ea
Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:2592] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:2596] 0000000077212e25
Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:4964] 0000000077213e45
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2256] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:3064] 0000000074ee7587
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2568] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2424] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2328] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2432] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:3012] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2852] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2908] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2244] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:1504] 0000000077212e25
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2228] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2292] 00000000740a29e1
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:5772] 0000000077213e45
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:7120] 0000000077213e45
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:3964] 0000000077213e45
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:5828] 0000000077213e45
Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:6104] 0000000077213e45
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3620] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3680] 0000000077212e25
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3708] 0000000074ee7587
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3712] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3308] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3332] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:5744] 0000000077213e45
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3836] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3844] 0000000077212e25
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3872] 0000000074ee7587
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3876] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3848] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:4036] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:4084] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:4088] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:2368] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3180] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3192] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3200] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3204] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3160] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3208] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:6820] 0000000077213e45
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4028] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4044] 0000000077212e25
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4068] 0000000074ee7587
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4072] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3104] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3124] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3136] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3128] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3156] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4040] 000000007429345e
Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3056] 0000000077213e45
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1620] 000007fefc8d0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2560] 00000000771b0000
Library ? (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2756] 000007fef6b10000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [3976] 0000000180000000

---- Registry - GMER 2.0 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BE3DFA1-E9C1-4FB5-5AF7-F7E22C0BC32D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BE3DFA1-E9C1-4FB5-5AF7-F7E22C0BC32D}@jaikpgfebnjdaglmeneo 0x64 0x62 0x64 0x65 ...

---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top