1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer flood router-firewall

Discussion in 'Virus & Other Malware Removal' started by RioSif, Jan 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. RioSif

    RioSif Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    5
    Hello,
    my computer is on a network with a zywall router/fw. The internet was stopping from time to time and i checked the routers logs and saw flooding for lan to wan that was stopping when i disconnect my computer from the network so it's me causing the problem.
    I run malware bytes antimalware but found nothing.
    What should i do next?
    PS i'll post logs from hijack this, gmer and dds as soon as i have access to that pc again.
    Thanks
     
  2. RioSif

    RioSif Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    5
    Hijack This Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:35:27, on 22/1/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
    C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
    C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files (x86)\Avaya\IP Office\Phone Manager\SPServer.exe
    C:\Users\RioSif.NIKOLOUZOSSA\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.3:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe"
    O4 - Startup: EvernoteClipper.lnk = C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: PhoneManager.lnk = C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: LastPass - file://C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
    O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
    O9 - Extra button: &#931;&#965;&#957;&#948;&#949;&#948;&#949;&#956;&#941;&#957;&#949;&#962; &&#963;&#951;&#956;&#949;&#953;&#974;&#963;&#949;&#953;&#962; &#964;&#959;&#965; OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &#931;&#965;&#957;&#948;&#949;&#948;&#949;&#956;&#941;&#957;&#949;&#962; &&#963;&#951;&#956;&#949;&#953;&#974;&#963;&#949;&#953;&#962; &#964;&#959;&#965; OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204 (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://tallos.homeip.net:8085/RtspVaPgDec.cab
    O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://tallos.homeip.net:8082/RtspVaPgDec.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NIKOLOUZOSSA.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C1CD185-6B2C-4DBF-BF15-7CBFAF2FA7B9}: NameServer = 192.168.0.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{552D88B7-B137-4B77-88CF-4EE374520873}: NameServer = 192.168.0.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F383DC3C-BFBD-421F-AB9B-B11DC28A2D1F}: NameServer = 192.168.0.4
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NIKOLOUZOSSA.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NIKOLOUZOSSA.local
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira Management Console Agent (AntiVir Security Management Center Agent) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
    O23 - Service: Avira FireWall (AntiVirFireWallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
    O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Fasy FMU service (fmuservice) - Unknown owner - C:\Windows\SysWOW64\FMUSRV32.exe
    O23 - Service: &#933;&#960;&#951;&#961;&#949;&#963;&#943;&#945; Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: &#933;&#960;&#951;&#961;&#949;&#963;&#943;&#945; Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: &#933;&#960;&#951;&#961;&#949;&#963;&#943;&#945; iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMSAccess - Unknown owner - C:\Windows\SysWOW64\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
    O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
    O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
    O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16589 bytes
     
  3. RioSif

    RioSif Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    5
    DDS Log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by RioSif at 15:35:43 on 2013-01-22
    Microsoft Windows 7 Ultimate 6.1.7601.1.1253.30.1033.18.3967.2123 [GMT 2:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ASUS.SYS\config\DVMExportService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\FMUSRV32.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Windows\SysWOW64\srvany.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Windows\KMService.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Windows\SysWOW64\NMSAccessU.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe
    C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
    C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
    C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
    C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
    C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files\Windows Server\Bin\Launchpad.exe
    C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
    C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
    C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avaya\IP Office\Phone Manager\SPServer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.orbitdownloader.com
    uProxyServer = 192.168.0.3:8080
    BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [AdobeBridge] <no file>
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\Users\RIOSIF~1.NIK\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHONEM~1.LNK - C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Add to Evernote 4.0 - C:\Users\RioSif\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: LastPass - C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - C:\Users\RioSif.NIKOLOUZOSSA\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
    LSP: %windir%\system32\vsocklib.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://tallos.homeip.net:8085/RtspVaPgDec.cab
    DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://tallos.homeip.net:8082/RtspVaPgDec.cab
    TCP: Interfaces\{3C1CD185-6B2C-4DBF-BF15-7CBFAF2FA7B9} : NameServer = 192.168.0.4
    TCP: Interfaces\{552D88B7-B137-4B77-88CF-4EE374520873} : NameServer = 192.168.0.4
    TCP: Interfaces\{F383DC3C-BFBD-421F-AB9B-B11DC28A2D1F} : NameServer = 192.168.0.4
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar_x64.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar_x64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [LastApp] C:\Program Files (x86)\LastPass\lastapp_x64.exe
    x64-Run: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [Launchpad] C:\Program Files (x86)\Windows Server\Bin\Launchpad.exe -autostart
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass\LPToolbar_x64.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\Firefox\Profiles\vrn7dnue.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
    FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\Firefox\Profiles\vrn7dnue.default\extensions\[email protected]\plugins\npLMI64.dll
    FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\Firefox\Profiles\vrn7dnue.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\RioSif\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\RioSif\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-20 12:03; {35379F86-8CCB-4724-AE33-4278DE266C70}; C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader
    FF - ExtSQL: 2012-12-27 12:16; [email protected]otcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-9-25 155272]
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-8-30 72240]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-8-30 15920]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-28 56208]
    R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2012-9-25 1093256]
    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-9-25 228488]
    R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2012-9-25 166024]
    R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-9-27 70256]
    R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-1-15 140936]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-1-15 27760]
    R1 oxpar;OX16PCI95x Parallel port driver;C:\Windows\System32\drivers\oxpar.sys [2007-1-24 158208]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-9-25 3696632]
    R2 AntiVir Security Management Center Agent;Avira Management Console Agent;C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [2013-1-14 1087745]
    R2 AntiVirFireWallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2013-1-15 619472]
    R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-1-15 375760]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-15 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-15 110032]
    R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-1-15 465360]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-1-15 98848]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
    R2 fmuservice;Fasy FMU service;C:\Windows\SysWOW64\FMUSRV32.exe [2006-5-8 69632]
    R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
    R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-12-1 72216]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-29 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-29 682344]
    R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-9-28 145448]
    R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-11-2 41568]
    R2 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-4 3467768]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
    R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536]
    R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
    R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
    R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
    R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-9-25 367200]
    R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-1-15 114168]
    R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-3-2 63872]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-29 24176]
    R3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2012-10-12 16376]
    R3 stdriver;SoundTap Filter Driver v6.05.00;C:\Windows\System32\drivers\stdriverx64.sys [2012-10-13 32536]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-10-5 1207808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-12-28 31800]
    S3 SQ931;USB 2.0 Video Camera;C:\Windows\System32\drivers\Capt931a.sys [2012-10-9 606528]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]
    S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2010-5-20 2143600]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-25 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S4 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2011-9-22 374304]
    S4 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2011-9-22 292384]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-21 10:38:34 -------- d-----w- C:\Windows\pss
    2013-01-21 09:23:30 -------- d-----w- C:\Program Files (x86)\EPSON
    2013-01-19 14:56:57 -------- d-----w- C:\_PoliFix
    2013-01-19 13:21:00 -------- d-----w- C:\Program Files (x86)\Runtime Software
    2013-01-17 09:00:32 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\ERGA
    2013-01-15 20:30:57 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai
    2013-01-15 18:45:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C2C9E52-1CAA-43FD-9E79-D89B2D9EDD8E}\mpengine.dll
    2013-01-15 17:34:41 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Avira
    2013-01-15 17:28:38 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-01-15 17:28:38 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2013-01-15 17:28:38 140936 ----a-w- C:\Windows\System32\drivers\avfwot.sys
    2013-01-15 17:28:38 114168 ----a-w- C:\Windows\System32\drivers\avfwim.sys
    2013-01-14 09:03:43 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\VMware
    2013-01-10 08:21:17 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-10 08:21:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-10 08:21:08 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-10 08:21:07 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-10 08:21:07 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-10 08:21:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-10 08:21:05 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-10 08:21:05 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-10 08:21:04 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-10 08:21:04 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-05 09:37:29 -------- d-----w- C:\ProgramData\NikolouzosSA
    2013-01-03 04:48:01 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Apple
    2012-12-31 08:30:06 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Macromedia
    2012-12-29 14:17:32 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Malwarebytes
    2012-12-29 14:11:26 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-29 14:11:25 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-29 14:11:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-29 14:11:17 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Programs
    2012-12-28 17:07:25 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\LastPass
    2012-12-28 16:49:27 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\VS Revo Group
    2012-12-28 16:49:18 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2012-12-28 16:49:15 -------- d-----w- C:\Program Files\VS Revo Group
    2012-12-27 18:06:26 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Mozilla
    2012-12-27 17:48:22 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Opera
    2012-12-27 17:21:21 -------- d-----w- C:\Program Files (x86)\Avira
    2012-12-27 17:21:19 -------- d-----w- C:\ProgramData\Avira
    2012-12-27 17:04:02 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Microsoft_Corporation
    2012-12-27 17:00:55 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\VirtualStore
    2012-12-27 17:00:48 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Devolutions
    2012-12-27 17:00:38 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Evernote
    2012-12-27 17:00:36 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\sohoclient
    2012-12-27 17:00:34 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\LogMeIn
    2012-12-27 17:00:34 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Google
    2012-12-27 17:00:33 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\ESET
    2012-12-27 17:00:31 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Adobe
    2012-12-27 17:00:00 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Temp
    2012-12-27 17:00:00 -------- d-----w- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Microsoft
    2012-12-27 16:55:28 90112 ----a-r- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Microsoft\Installer\{48948338-3777-41EB-AB05-DF48D3A59591}\_201B7430BD9D_4134_876F_9A35A86F3F8E.exe
    2012-12-27 16:55:28 61440 ----a-r- C:\Users\RioSif.NIKOLOUZOSSA\AppData\Roaming\Microsoft\Installer\{5D652EC3-8AC0-41E7-B337-162BC7B01148}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe
    2012-12-27 16:11:25 -------- d-----w- C:\Program Files\Windows Server
    .
    ==================== Find3M ====================
    .
    2013-01-10 09:53:24 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 09:53:24 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-15 12:39:16 245248 ----a-w- C:\Windows\System32\tspi2w_64.tsp
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-12-03 05:12:12 159232 ----a-w- C:\Windows\System32\drivers\ser2pl64.sys
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 13:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
    2012-11-02 13:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll
    2012-11-02 13:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll
    2012-11-02 13:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
    2012-11-02 13:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
    2012-11-02 13:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-25 01:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 01:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 15:36:28,93 ===============
     
  4. RioSif

    RioSif Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    5
    ATTACH Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25/8/2012 12:04:32
    System Uptime: 22/1/2013 15:19:05 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M2N68-VM
    Processor: AMD Phenom(tm) 8450 Triple-Core Processor | AM2 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 32,236 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 70,028 GiB free.
    E: is FIXED (NTFS) - 126 GiB total, 4,485 GiB free.
    F: is FIXED (NTFS) - 106 GiB total, 7,811 GiB free.
    G: is CDROM ()
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VirtualBox Host-Only Ethernet Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Oracle Corporation
    Name: VirtualBox Host-Only Ethernet Adapter
    PNP Device ID: ROOT\NET\0000
    Service: VBoxNetAdp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter
    .
    ==== System Restore Points ===================
    .
    RP111: 18/1/2013 23:59:55 - Installed Evernote v. 4.6.1
    RP112: 19/1/2013 16:57:27 - PoliFix_2.0.6
    RP113: 21/1/2013 11:22:56 - Installed EPSON APD4 Sample&Manual
    RP114: 22/1/2013 10:05:33 - Removed Cool & Quiet
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe Acrobat X Pro - English, Fran&#951;ais, Deutsch
    Adobe AIR
    Adobe Creative Suite 6 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    Adobe Widget Browser
    AdobeĀ® Content Viewer
    Akamai NetSession Interface
    AlgoDriver Ver 4.2.0 (Ethernet Support with Security & batch print & printer names call)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUSUpdate
    ATEUS XAPI - server 1.13Q
    AusLogics Emergency Recovery
    Avira Management Console Agent
    Avira Professional Security
    Beyond Compare Version 3.3.5
    bl
    Bonjour
    BurnAware Professional 5.0.1
    C-Media PCI Audio Device
    CCleaner
    CPUID CPU-Z 1.61.5
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Defraggler
    DEMOSTHeNES Speech Composer 1.2
    DEVLink
    Doxillion Document Converter
    Driver Genius Professional Edition 2007
    EPSON APD4 Sample&Manual
    Evernote v. 4.5.8
    Express Gate
    Fasy FMU Drivers 1.4.2
    Fasy FMU Drivers FMU Drivers 2.0.4
    FlashFXP v4.2
    GetDataBack for FAT
    GNU Aspell 0.50-3
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HEADRFM-2010
    High-Definition Video Playback
    iCloud
    IETester v0.4.12 (remove only)
    Intel Entry Storage System
    IP Office User Suite
    iTunes
    Java 7 Update 7 (64-bit)
    Java 7 Update 9
    Java Auto Updater
    JDownloader 0.9
    K-Lite Codec Pack 9.2.0 (64-bit)
    K-Lite Mega Codec Pack 9.2.4
    LastPass(uninstall only)
    LogMeIn
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Corporation
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (Greek) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (Greek) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (Greek) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office InfoPath MUI (Greek) 2010
    Microsoft Office Language Pack 2010 - Greek/&#917;&#955;&#955;&#951;&#957;&#953;&#954;&#940;
    Microsoft Office O MUI (Greek) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (Greek) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (Greek) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (Greek) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Greek) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Greek) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (Greek) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (Greek) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Greek) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer MUI (Greek) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (Greek) 2010
    Microsoft Office X MUI (Greek) 2010
    Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Nero 11
    Nero 11 Disc Menus Basic
    Nero 11 Effects Basic
    Nero 11 Image Samples
    Nero 11 Kwik Themes Basic
    Nero 11 PiP Effects Basic
    Nero Audio Pack 1
    Nero BackItUp 11
    Nero BackItUp 11 Help (CHM)
    Nero Backup Drivers
    Nero Burning ROM 11
    Nero Burning ROM 11 Help (CHM)
    Nero ControlCenter 11
    Nero ControlCenter 11 Help (CHM)
    Nero Core Components 11
    Nero CoverDesigner 11
    Nero CoverDesigner 11 Help (CHM)
    Nero Express 11
    Nero Express 11 Help (CHM)
    Nero Kwik Media
    Nero Kwik Media Help (CHM)
    Nero Recode 11
    Nero Recode 11 Help (CHM)
    Nero RescueAgent 11
    Nero RescueAgent 11 Help (CHM)
    Nero SharedVideoCodecs
    Nero SoundTrax 11
    Nero SoundTrax 11 Help (CHM)
    Nero Update
    Nero Video 11
    Nero Video 11 Help (CHM)
    Nero WaveEditor 11
    Nero WaveEditor 11 Help (CHM)
    nero.prerequisites.msi
    Netop Remote Control Guest
    nLite 1.4.9.1
    Nmap 6.01
    Notepad++
    NVIDIA Display Control Panel
    NVIDIA Drivers
    OpenAL
    Opera 12.12
    Oracle VM VirtualBox 4.2.0
    Orbit Downloader
    PC Probe II
    PCManager UNI
    PDF Settings CS6
    ph
    PhoneManager
    PL-2303 Vista Driver Installer
    Platform
    PVSonyDll
    QuickTime
    RecordPad Sound Recorder
    Remote Desktop Manager
    Retrospect Express HD 2.1
    Revo Uninstaller Pro 2.5.9
    RTC Client API v1.2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    SeePassword
    Sentinel Protection Installer 7.6.5
    SoftConsole
    SoundTap Streaming Audio Recorder
    swMSM
    SyncBackPro
    TAPI
    TeamViewer 8
    TNod User & Password Finder
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    True Image 2013
    Unlocker 1.9.1
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    USB 2.0 Rainbow Webcam
    VIA &#916;&#953;&#945;&#967;&#949;&#953;&#961;&#953;&#963;&#964;&#942;&#962; &#931;&#965;&#963;&#954;&#949;&#965;&#974;&#957; &#928;&#955;&#945;&#964;&#966;&#972;&#961;&#956;&#945;&#962;
    VMware vCenter Converter Standalone
    VMware vSphere Client 4.1
    VMware Workstation
    Welcome App (Start-up experience)
    Windows Small Business Server 2011 Connector
    WinPcap 4.1.2
    WinRAR 4.20 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    22/1/2013 15:29:53, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    22/1/2013 15:22:10, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    22/1/2013 15:20:08, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
    22/1/2013 15:19:26, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain NIKOLOUZOSSA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    22/1/2013 12:48:36, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
    21/1/2013 16:42:49, Error: bowser [8003] - The master browser has received a server announcement from the computer DOMSERVER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8320FF8F-863C-4045-83AE-84D00C895044}. The master browser is stopping or an election is being forced.
    21/1/2013 12:05:31, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    21/1/2013 11:07:05, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
    19/1/2013 17:00:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    19/1/2013 16:59:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
    19/1/2013 16:59:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    19/1/2013 16:58:15, Error: Service Control Manager [7034] - The Sentinel Security Runtime service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:15, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:15, Error: Service Control Manager [7031] - The Windows Server Download Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19/1/2013 16:58:15, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    19/1/2013 16:58:15, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19/1/2013 16:58:15, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19/1/2013 16:58:14, Error: Service Control Manager [7034] - The Retrospect Express HD Launcher service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:14, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:14, Error: Service Control Manager [7031] - The Windows Server Connector Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19/1/2013 16:58:14, Error: Service Control Manager [7031] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19/1/2013 16:58:13, Error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:12, Error: Service Control Manager [7034] - The Sentinel Protection Server service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:12, Error: Service Control Manager [7034] - The Sentinel Keys Server service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:12, Error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:12, Error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:11, Error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:11, Error: Service Control Manager [7034] - The Fasy FMU service service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:11, Error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19/1/2013 16:58:10, Error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:10, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:10, Error: Service Control Manager [7034] - The Avira Management Console Agent service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:10, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    19/1/2013 16:58:09, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:09, Error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 16:58:04, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    19/1/2013 01:45:33, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort5.
    16/1/2013 11:04:39, Error: Service Control Manager [7031] - The Avira FireWall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    15/1/2013 19:37:01, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on J: cannot be read.
    15/1/2013 18:42:45, Error: NetBT [4321] - The name "NIKOLOUZOSSA :1d" could not be registered on the interface with IP address 192.168.0.80. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
    15/1/2013 18:42:10, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The service has returned a service-specific error code.
    15/1/2013 18:42:08, Error: Service Control Manager [7024] -
    .
    ==== End Of File ===========================
     
  5. RioSif

    RioSif Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    5
    GMER Log:

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-22 16:27:55
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 WDC_WD3200AAKS-00SBA0 rev.12.01B01 298,09GB
    Running: e1o17cuj.exe; Driver: C:\Users\RIOSIF~1.NIK\AppData\Local\Temp\ufdiqpob.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
    .text C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
    .text C:\Program Files (x86)\Intel Entry Storage System\retrospect\retrorun.exe[2928] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
    .text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000729113b0 2 bytes [91, 72]
    .text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000729113c0 2 bytes [91, 72]
    .text ... * 20
    .text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000007291153e 2 bytes [91, 72]
    .text C:\Windows\SysWOW64\vmnat.exe[2624] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000072911553 2 bytes [91, 72]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
    .text ... * 9
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
    .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
    .text ... * 9
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
    .text ... * 9
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
    .text C:\Users\RioSif.NIKOLOUZOSSA\AppData\Local\Akamai\netsession_win.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077191401 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077191419 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077191431 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007719144a 2 bytes [19, 77]
    .text ... * 9
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771914dd 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771914f5 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007719150d 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077191525 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007719153d 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077191555 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007719156d 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077191585 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007719159d 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771915b5 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771915cd 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771916b2 2 bytes [19, 77]
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771916bd 2 bytes [19, 77]

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\system32\svchost.exe [1620:1768] 000007fefa4335c0
    Thread C:\Windows\system32\svchost.exe [1620:4212] 000007fefa435600
    Thread C:\Windows\system32\svchost.exe [1620:4744] 000007feefe82940
    Thread C:\Windows\system32\svchost.exe [1620:780] 000007fef6722a40
    Thread C:\Windows\system32\svchost.exe [1620:3048] 000007fef6722888
    Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:1868] 0000000074ee7587
    Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:1972] 00000000740134ea
    Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:2592] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:2596] 0000000077212e25
    Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [1852:4964] 0000000077213e45
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2256] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:3064] 0000000074ee7587
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2568] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2424] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2328] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2432] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:3012] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2852] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2908] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2244] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:1504] 0000000077212e25
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2228] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:2292] 00000000740a29e1
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:5772] 0000000077213e45
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:7120] 0000000077213e45
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:3964] 0000000077213e45
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:5828] 0000000077213e45
    Thread C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [1492:6104] 0000000077213e45
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3620] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3680] 0000000077212e25
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3708] 0000000074ee7587
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3712] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3308] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:3332] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [3088:5744] 0000000077213e45
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3836] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3844] 0000000077212e25
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3872] 0000000074ee7587
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3876] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3848] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:4036] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:4084] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:4088] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:2368] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3180] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3192] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3200] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3204] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3160] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:3208] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3720:6820] 0000000077213e45
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4028] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4044] 0000000077212e25
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4068] 0000000074ee7587
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4072] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3104] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3124] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3136] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3128] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3156] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:4040] 000000007429345e
    Thread C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [3884:3056] 0000000077213e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1620] 000007fefc8d0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2560] 00000000771b0000
    Library ? (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2756] 000007fef6b10000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [3976] 0000000180000000

    ---- Registry - GMER 2.0 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BE3DFA1-E9C1-4FB5-5AF7-F7E22C0BC32D}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BE3DFA1-E9C1-4FB5-5AF7-F7E22C0BC32D}@jaikpgfebnjdaglmeneo 0x64 0x62 0x64 0x65 ...

    ---- EOF - GMER 2.0 ----
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086344

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice