Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blocked outgoing ICMP packet (ICMP type 3)

Started by SirLanceLang , Sep 16 2011 09:56 AM

  • Please log in to reply

#1
SirLanceLang
Posted 16 September 2011 - 09:56 AM

SirLanceLang

    New Member

  • Member
  • Pip
  • 1 posts
The 192.168.1.150 is a computer in my network with a static IP.
My problem is that the log in my router says the following ( and it doesnt stop)

[INFO]

Fri Sep 16 17:51:52 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 115.165.231.83



[INFO]

Fri Sep 16 17:51:52 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 183.29.251.55



[INFO]

Fri Sep 16 17:51:51 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 78.88.53.147



[INFO]

Fri Sep 16 17:51:50 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 115.139.108.66



[INFO]

Fri Sep 16 17:51:50 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 123.164.81.57



[INFO]

Fri Sep 16 17:51:50 2011

Blocked incoming UDP packet from 119.42.80.214:16243 to 86.52.128.124:24445



[INFO]

Fri Sep 16 17:51:49 2011

Allowed configuration authentication by IP address 192.168.1.150



[INFO]

Fri Sep 16 17:51:49 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 123.165.116.168



[INFO]

Fri Sep 16 17:51:48 2011

Blocked incoming UDP packet from 119.42.80.214:16243 to 86.52.128.124:24445



[INFO]

Fri Sep 16 17:51:46 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 115.165.231.83



[INFO]

Fri Sep 16 17:51:46 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 183.29.251.55



[INFO]

Fri Sep 16 17:51:45 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 78.88.53.147



[INFO]

Fri Sep 16 17:51:44 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 115.139.108.66



[INFO]

Fri Sep 16 17:51:43 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 123.165.116.168



[INFO]

Fri Sep 16 17:51:40 2011

Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.150 to 115.165.231.83

OTL logfile created on: 16-09-2011 17:41:23 - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Jesper\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Denmark | Language: DAN | Date Format: dd-MM-yyyy

7,98 Gb Total Physical Memory | 4,42 Gb Available Physical Memory | 55,41% Memory free
15,97 Gb Paging File | 11,64 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,46 Gb Total Space | 91,83 Gb Free Space | 32,86% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 60,83 Gb Free Space | 13,06% Space Free | Partition Type: NTFS

Computer Name: STATIO | User Name: Jesper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-09-16 16:17:56 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Jesper\Desktop\OTL.exe
PRC - [2011-09-09 13:49:57 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-08-18 08:24:21 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011-08-02 15:40:15 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2011-04-22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011-01-18 23:39:04 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-11-17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010-03-11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009-07-27 12:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2002-08-21 00:05:54 | 001,290,240 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe


========== Modules (No Company Name) ==========

MOD - [2011-09-09 13:49:54 | 014,407,976 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
MOD - [2011-09-09 13:49:52 | 000,190,248 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
MOD - [2011-09-09 13:49:50 | 000,091,432 | ---- | M] () -- D:\Games\Steam\bin\avutil-50.dll
MOD - [2011-09-09 13:49:48 | 000,155,432 | ---- | M] () -- D:\Games\Steam\bin\avformat-52.dll
MOD - [2011-09-09 13:49:46 | 000,914,216 | ---- | M] () -- D:\Games\Steam\bin\avcodec-52.dll
MOD - [2007-03-13 17:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007-02-28 19:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-08-05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011-08-05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011-08-05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011-07-28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-06-13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2011-04-27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011-04-27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011-03-15 15:18:32 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011-03-15 15:18:22 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010-12-13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010-11-20 15:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-07-14 03:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2011-09-09 13:49:57 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-05-03 16:05:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-04-22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011-01-18 23:39:04 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-11-20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010-11-20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010-11-20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009-07-27 12:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007-05-31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-08-31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-08-01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011-07-29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-07-29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-07-28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-06-09 11:14:26 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011-06-07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-05-10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-04-27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-08 17:02:44 | 000,066,160 | ---- | M] (Giga-Byte Technology CO., LTD.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys -- (VirtDiskBus)
DRV:64bit: - [2011-01-23 00:10:45 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011-01-19 18:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011-01-13 13:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010-11-20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010-11-20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010-11-20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-11-19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010-09-21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010-09-15 15:14:40 | 000,021,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICTDrv.sys -- (ICTDrv)
DRV:64bit: - [2010-08-18 01:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel® Watchdog Timer Driver (Intel® WDT)
DRV:64bit: - [2010-06-09 11:00:14 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®
DRV:64bit: - [2010-05-06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010-05-05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010-05-05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010-05-05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010-05-05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010-05-05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010-05-05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010-05-05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010-05-05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010-05-05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010-05-05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010-05-05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010-05-05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010-05-05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010-03-30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010-02-23 00:39:37 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010-02-22 15:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009-12-29 09:51:00 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2009-12-18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009-10-22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009-10-22 16:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009-08-09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-02-17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007-09-06 21:53:00 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV - [2011-03-21 14:12:25 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011-01-18 19:49:06 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 31 4E 12 0D B4 CA 01 [binary data]
IE - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010-09-01 20:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesper\AppData\Roaming\Mozilla\Extensions
[2010-09-01 20:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesper\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011-07-08 09:45:42 | 000,000,000 | ---D | M] (Map status indicator) -- D:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011-09-14 16:17:44 | 000,001,180 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 date.dk
O1 - Hosts: 78.47.251.150 easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.com # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.com # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.org # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.org # misleading site
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2802764958-1188859540-3516169876-1001..\Run: [Steam] d:\games\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} https://www.sparnord...e-prod-1.30.cab (ActiveX sikkerhedssoftware Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus....vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.dans...B/e-Safekey.cab (e-Safekey)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E57B48-5F23-4902-8631-C098471101EF}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C26C8992-6E07-4D39-91CB-1B74B836E878}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C26C8992-6E07-4D39-91CB-1B74B836E878}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011-09-16 16:59:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jesper\Desktop\aswMBR.exe
[2011-09-16 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Roaming\Malwarebytes
[2011-09-16 16:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-09-16 16:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-09-16 16:42:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-09-16 16:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-09-16 16:42:17 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jesper\Desktop\mbam-setup-1.51.2.1300.exe
[2011-09-16 16:41:12 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jesper\Desktop\ATF_Cleaner.exe
[2011-09-16 16:17:56 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Jesper\Desktop\OTL.exe
[2011-09-16 16:04:06 | 000,000,000 | ---D | C] -- C:\Users\Jesper\Desktop\New folder
[2011-09-16 15:57:29 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Jesper\Desktop\fsbl.exe
[2011-09-16 12:51:17 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{7335014B-DC57-4677-B1AC-12E45C3F5B62}
[2011-09-16 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{938BE819-A064-4D69-A14C-F96ACDFB2D9A}
[2011-09-15 14:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{D4802A51-53B0-467A-B211-042A8C6480F1}
[2011-09-15 14:53:42 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{4AA74A25-3D27-4A9E-92BF-8CA08C48EFBC}
[2011-09-14 16:17:24 | 002,346,248 | ---- | C] (EasyAntiCheat Solutions) -- C:\Users\Jesper\Desktop\EasyAntiCheat.exe
[2011-09-14 14:37:59 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{9573EC07-248E-40C4-B1F0-0C56DF17EDA2}
[2011-09-14 14:37:47 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{BDD45872-E3D3-422A-9552-1F4BA9631C69}
[2011-09-12 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{F90516F0-9AF3-46E5-81B5-DEA4AA44261F}
[2011-09-12 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{2674ED42-CEB3-4906-B498-F6DCFB59BC8A}
[2011-09-12 10:19:14 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{B1F3834E-9447-4AD4-A5AC-5DD37931E80A}
[2011-09-12 10:19:03 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{B7F87040-05FD-4271-A326-476F2A1DEB5F}
[2011-09-11 14:55:10 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{CDC99345-8770-4C1D-8A05-FD340DEC131E}
[2011-09-11 14:54:59 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{FC6DB4F9-FE75-4BE2-9592-246F565200A8}
[2011-09-10 15:22:55 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{7C78F8AF-4ECD-4885-BA40-199B5CC0F429}
[2011-09-10 15:22:44 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{2FCD9C29-81B4-4A4A-B991-8A9AAED0952D}
[2011-09-09 10:13:57 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{62E24663-1170-4353-9F62-BF5C38CB4122}
[2011-09-09 10:13:46 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{E0E281F0-4FF7-4331-94EF-138184A1AE7B}
[2011-09-07 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{3E1D9AE8-D885-4993-8366-95EE3BD203D7}
[2011-09-07 15:06:38 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{A4297A14-1560-4D11-8D90-64D375BEAC75}
[2011-09-07 01:36:34 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{B20F2637-8818-4D8D-BEFD-32EF6AA19E59}
[2011-09-07 01:36:22 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{C10C9F30-2B0C-42AD-A87B-AD7B5D15520A}
[2011-09-06 13:35:57 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{BB4698B4-9EE9-4A71-90AC-6639559AAF4C}
[2011-09-06 13:35:46 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{F14A506A-E96C-4AED-BB33-3E660F700EAD}
[2011-09-06 01:35:22 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{986A9EE3-A946-4FF5-951A-8017FD740F00}
[2011-09-06 01:35:11 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{AECBE729-FC7A-4AF6-AAB5-EC8DD62D7A3C}
[2011-09-05 13:34:56 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{7DF7A3E4-A186-4F25-885F-29BEFF117B99}
[2011-09-05 13:34:45 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{23044B0E-1B70-4317-91DF-B865430B0F8C}
[2011-09-04 11:53:02 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{190778B4-3D9A-49B3-B3C8-E71BD86E893F}
[2011-09-04 11:52:51 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{C9328AF4-883D-4C1D-B839-4523E204CC2B}
[2011-09-02 14:06:45 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{0CCA2E86-215F-4380-9D1C-819D03335013}
[2011-09-02 14:06:34 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{8048D301-9380-40CA-9661-9B6C7378AFCF}
[2011-09-01 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{4DD2F12A-3A12-46F9-9B9C-ECF3A7788C5A}
[2011-09-01 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{FDE499A6-A65D-4123-9BE5-651BD5DC97EB}
[2011-08-31 14:05:59 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{F7F6B1A8-7F90-4B5D-A332-3787C612FF49}
[2011-08-31 14:05:48 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{D2ADF71D-C892-4D71-99BC-2537EA371BFC}
[2011-08-29 22:18:30 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{28673ACB-0C81-48A3-B35D-3788A5CE8315}
[2011-08-29 22:18:19 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{7D4E5D97-CA8E-471E-9378-1BCA3EC0A594}
[2011-08-29 10:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{00851EBA-C2CC-431F-95AE-25ADE30BA727}
[2011-08-29 10:17:55 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{9DF38BD4-7EA1-4C15-8F41-903814AC22DE}
[2011-08-25 17:05:01 | 000,000,000 | ---D | C] -- D:\Data\Documents\Command and Conquer 4
[2011-08-25 16:23:15 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Roaming\Command and Conquer 4
[2011-08-25 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\Electronic_Arts_Inc
[2011-08-25 11:55:26 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{EC481276-6210-4809-B29C-1E8675D0D17D}
[2011-08-25 11:55:15 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{19A6F7D2-FAB1-43F4-BFEE-F6AF8485C4C4}
[2011-08-24 22:01:02 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{49B568DB-D698-426E-A2F9-742F9127C14A}
[2011-08-24 10:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011-08-24 10:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011-08-24 10:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011-08-24 10:00:37 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{F7915469-A643-4D14-AFFE-5F2DB6E90438}
[2011-08-24 10:00:25 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{75D73672-DBE1-4A12-AC2B-D8A0F4D4FC04}
[2011-08-22 18:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-08-22 18:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011-08-22 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011-08-22 17:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{F01985FA-491A-4D3E-BC0E-C7F34C360B1F}
[2011-08-22 17:06:47 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{EC4A8BB3-F761-484D-BD2F-0272C5C0ABBC}
[2011-08-19 15:29:01 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{DDE3EB57-5535-4D69-B7B4-A294B923625A}
[2011-08-19 15:28:50 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{8C13EB8B-EACF-4362-92FB-A1C20AF9C4A6}
[2011-08-18 22:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{56959171-43A5-4F82-9714-5C3BFAA6F722}
[2011-08-18 22:25:44 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{B383EF31-4192-433C-B5E0-229D8A834E9D}
[2011-08-18 10:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{C8652F67-44AC-4C38-8586-997D6E888550}
[2011-08-18 10:25:20 | 000,000,000 | ---D | C] -- C:\Users\Jesper\AppData\Local\{D5E25BC7-966F-438E-814A-2A606417850E}
[2010-12-14 12:34:27 | 000,463,520 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2010-12-14 12:34:27 | 000,330,400 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2010-12-14 12:34:27 | 000,031,392 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
[2010-05-05 20:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010-05-05 20:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2010-02-23 00:39:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jesper\AppData\Roaming\pcouffin.sys
[2009-05-07 16:32:42 | 010,282,042 | ---- | C] (http://www.ojosoft.com ) -- C:\Users\Jesper\AppData\Roaming\total-video-converter.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-09-16 17:41:00 | 000,000,512 | ---- | M] () -- C:\Users\Jesper\Desktop\MBR.dat
[2011-09-16 17:36:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-09-16 16:59:23 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jesper\Desktop\aswMBR.exe
[2011-09-16 16:55:15 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-09-16 16:55:15 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-09-16 16:48:35 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-09-16 16:47:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-09-16 16:47:51 | 2134,302,719 | -HS- | M] () -- C:\hiberfil.sys
[2011-09-16 16:47:18 | 000,061,160 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011-09-16 16:47:18 | 000,061,160 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011-09-16 16:47:18 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011-09-16 16:42:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-09-16 16:42:28 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jesper\Desktop\mbam-setup-1.51.2.1300.exe
[2011-09-16 16:41:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jesper\Desktop\ATF_Cleaner.exe
[2011-09-16 16:17:56 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Jesper\Desktop\OTL.exe
[2011-09-16 15:57:29 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Jesper\Desktop\fsbl.exe
[2011-09-14 22:27:48 | 000,002,012 | -H-- | M] () -- D:\Data\Documents\Default.rdp
[2011-09-14 16:17:40 | 002,346,248 | ---- | M] (EasyAntiCheat Solutions) -- C:\Users\Jesper\Desktop\EasyAntiCheat.exe
[2011-09-11 22:31:44 | 000,274,329 | ---- | M] () -- C:\Users\Jesper\Desktop\45.jpg
[2011-09-11 22:30:33 | 000,039,909 | ---- | M] () -- C:\Users\Jesper\Desktop\18.jpg
[2011-09-11 20:24:56 | 000,100,446 | ---- | M] () -- C:\Users\Jesper\Desktop\23529_384060602594_554772594_4392187_1598836_n.jpg
[2011-09-11 20:24:40 | 000,061,837 | ---- | M] () -- C:\Users\Jesper\Desktop\23529_384064262594_554772594_4392498_7194536_n.jpg
[2011-09-01 22:45:15 | 000,007,654 | ---- | M] () -- C:\Users\Jesper\AppData\Local\Resmon.ResmonCfg
[2011-08-31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-08-25 23:19:38 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011-08-25 23:19:38 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-08-25 23:17:08 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011-08-24 10:46:18 | 000,327,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-08-24 10:20:09 | 000,006,214 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011-08-24 10:04:05 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2011-08-24 09:51:56 | 736,608,906 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-08-22 21:11:42 | 000,978,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-08-22 21:11:42 | 000,789,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-08-22 21:11:42 | 000,172,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-08-22 21:10:53 | 000,958,656 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-08-18 08:24:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-09-16 17:41:00 | 000,000,512 | ---- | C] () -- C:\Users\Jesper\Desktop\MBR.dat
[2011-09-16 16:42:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-09-11 22:30:30 | 000,274,329 | ---- | C] () -- C:\Users\Jesper\Desktop\45.jpg
[2011-09-11 22:30:20 | 000,039,909 | ---- | C] () -- C:\Users\Jesper\Desktop\18.jpg
[2011-09-11 20:25:04 | 000,100,446 | ---- | C] () -- C:\Users\Jesper\Desktop\23529_384060602594_554772594_4392187_1598836_n.jpg
[2011-09-11 20:24:45 | 000,061,837 | ---- | C] () -- C:\Users\Jesper\Desktop\23529_384064262594_554772594_4392498_7194536_n.jpg
[2011-09-07 19:49:02 | 000,131,072 | ---- | C] () -- C:\Users\Jesper\Desktop\RemoteDll.exe
[2011-09-07 19:49:02 | 000,019,456 | ---- | C] () -- C:\Users\Jesper\Desktop\CoHMH.dll
[2011-09-07 19:04:16 | 000,013,312 | ---- | C] () -- C:\Users\Jesper\Desktop\Patcher.exe
[2011-08-24 15:49:30 | 004,700,160 | ---- | C] () -- C:\Users\Jesper\Desktop\cd110511.iso
[2011-08-24 10:04:05 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011-08-22 18:30:36 | 004,194,304 | ---- | C] () -- C:\p67aud43.f5
[2011-07-17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-03-18 22:50:54 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011-03-17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-12-14 12:34:27 | 000,401,056 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2010-12-14 12:34:27 | 000,128,672 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2010-12-14 11:59:46 | 000,148,195 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2010-10-05 14:17:12 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010-09-28 23:59:45 | 000,000,012 | ---- | C] () -- C:\Users\Jesper\AppData\Roaming\yopgrf.dat
[2010-07-13 19:53:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-07-08 21:05:50 | 000,007,654 | ---- | C] () -- C:\Users\Jesper\AppData\Local\Resmon.ResmonCfg
[2010-06-18 17:34:25 | 000,006,214 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-06-18 17:34:25 | 000,000,008 | RHS- | C] () -- C:\ProgramData\D6BAE88FA6.sys
[2010-05-05 21:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010-05-05 20:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010-05-05 20:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010-05-05 20:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010-05-05 20:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010-03-19 17:37:47 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-03-19 17:37:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-03-19 17:37:46 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010-02-23 20:09:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010-02-23 10:25:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-02-23 01:14:05 | 000,958,656 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-02-23 01:09:19 | 000,041,984 | ---- | C] () -- C:\Users\Jesper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-23 00:56:27 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010-02-23 00:56:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010-02-23 00:40:01 | 000,001,173 | ---- | C] () -- C:\Users\Jesper\AppData\Roaming\vso_ts_preview.xml
[2010-02-23 00:39:37 | 000,099,384 | ---- | C] () -- C:\Users\Jesper\AppData\Roaming\inst.exe
[2010-02-23 00:39:37 | 000,007,859 | ---- | C] () -- C:\Users\Jesper\AppData\Roaming\pcouffin.cat
[2010-02-23 00:39:37 | 000,001,167 | ---- | C] () -- C:\Users\Jesper\AppData\Roaming\pcouffin.inf
[2010-02-23 00:12:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-07-27 12:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-06-04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009-05-27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

========== LOP Check ==========

[2011-08-25 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\Command and Conquer 4
[2010-04-05 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\Digiarty
[2010-05-02 19:55:18 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\GARMIN
[2010-06-17 01:03:40 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\ImgBurn
[2010-04-06 12:53:19 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\Moyea
[2010-08-22 12:33:45 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\Peter Souza IV
[2011-03-24 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\Telerik
[2010-09-01 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\TomTom
[2011-02-20 20:15:29 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\Vso
[2011-03-31 13:03:46 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\wargaming.net
[2010-11-11 23:52:04 | 000,000,000 | ---D | M] -- C:\Users\Jesper\AppData\Roaming\WNR
[2011-08-22 18:07:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 17 September 2011 - 12:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ICMP type 3 is Destination Unreachable which means the PC is responding to a packet it received from the outside world. Probably it is reacting to an attempt to reach a port that is not open. Some bots or bot controllers looking for PCs to attack perhaps.

Seems strange that you are blocking outgoing ICMP but apparently allowing unsolicited incoming traffic. I think you need to tighten up your firewall/router.

We can run some tests on the PC if you want to but it looks clean to me.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP