Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help me ! cannot open the programs.


  • This topic is locked This topic is locked

#1
Hadzrin Aqmal

Hadzrin Aqmal

    New Member

  • Member
  • Pip
  • 7 posts
I dont know what happened with my laptop.
I got a bit shock when I cant open my program such as Picasa, Open office and even microsoft office word.
A pop up will occur said that such : "open office 3.3 has stopped working, and it tell about the data execution prevention has closed the open office" . and same goes to picasa and office word.

is there anything ways can overcome this problems?
please help me ok :)

Edited by Hadzrin Aqmal, 19 November 2011 - 05:01 AM.

  • 0

Advertisements


#2
Hadzrin Aqmal

Hadzrin Aqmal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 20/11/2011 11:53:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ewanie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

1013.69 Mb Total Physical Memory | 125.69 Mb Available Physical Memory | 12.40% Memory free
2.24 Gb Paging File | 0.90 Gb Available in Paging File | 40.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.06 Gb Total Space | 110.01 Gb Free Space | 62.13% Space Free | Partition Type: NTFS
Drive G: | 29.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: EWANIE-PC | User Name: ewanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 11:53:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ewanie\Downloads\OTL (1).exe
PRC - [2011/11/10 18:07:27 | 000,192,512 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
PRC - [2011/07/31 18:05:43 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/10/07 04:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/11 05:14:54 | 000,335,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/03/11 05:14:54 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/03/08 02:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/02/23 08:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/23 08:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/02/23 08:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2008/02/16 02:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/02/16 02:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/02/16 02:56:50 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/16 18:46:08 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/10 07:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/15 04:57:36 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/12/13 23:32:00 | 004,243,232 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2007/12/12 03:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/12/06 01:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/27 01:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/22 03:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/11/02 10:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/02 10:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/09/11 15:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 11:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 11:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/07/25 03:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/19 06:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 18:07:27 | 000,192,512 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MOD - [2011/11/08 11:02:56 | 000,420,920 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/08 11:02:55 | 003,702,840 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/08 11:01:20 | 000,122,952 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/08 11:01:19 | 000,222,280 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/08 11:01:17 | 001,746,504 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2011/11/08 07:44:56 | 008,593,056 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
MOD - [2010/10/05 01:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\zlib.dll
MOD - [2010/10/05 01:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010/10/05 01:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\DockShellHook.dll
MOD - [2009/07/02 17:43:28 | 000,159,744 | ---- | M] () -- C:\Program Files\Maxis Broadband\SMSPlugin.dll
MOD - [2009/03/11 16:42:14 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2009/03/11 16:40:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2009/03/11 16:39:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2009/03/11 16:38:18 | 000,098,304 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2009/03/11 16:36:36 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MOD - [2009/03/11 16:34:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MOD - [2009/03/11 16:33:32 | 000,176,128 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2009/03/11 16:17:14 | 000,864,256 | ---- | M] () -- C:\Program Files\Maxis Broadband\NDISAPI.dll
MOD - [2009/03/10 20:08:16 | 000,155,648 | R--- | M] () -- C:\Program Files\Maxis Broadband\DetectDev.dll
MOD - [2009/03/10 20:08:16 | 000,061,440 | R--- | M] () -- C:\Program Files\Maxis Broadband\XCodec.dll
MOD - [2009/03/10 20:08:16 | 000,061,440 | R--- | M] () -- C:\Program Files\Maxis Broadband\DeviceOperate.dll
MOD - [2009/03/10 20:08:14 | 000,561,152 | R--- | M] () -- C:\Program Files\Maxis Broadband\atcomm.dll
MOD - [2008/11/08 10:52:10 | 000,090,112 | R--- | M] () -- C:\Program Files\Maxis Broadband\FileManager.dll
MOD - [2008/11/08 10:52:08 | 000,014,848 | R--- | M] () -- C:\Program Files\Maxis Broadband\isaputrace.dll
MOD - [2008/02/05 08:08:45 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/12/21 20:06:58 | 002,969,600 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\SonicStage Effect Plugins\Sony Limiter Plugin.dll
MOD - [2007/04/05 04:14:06 | 000,344,064 | ---- | M] () -- C:\Windows\System32\SSMSIppCustom.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/21 08:17:45 | 000,732,672 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/03/11 05:14:54 | 000,229,376 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/03/05 11:58:30 | 000,141,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/05 11:56:42 | 000,423,776 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/05 11:54:50 | 000,182,112 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/04 04:27:14 | 000,165,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/02/16 02:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/02/16 02:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/02/16 02:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/02/16 02:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:46:08 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/10 07:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/12 03:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/12/06 01:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/28 17:08:02 | 000,151,552 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 17:02:20 | 000,122,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 16:43:44 | 000,135,168 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/27 01:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/08 00:35:40 | 000,447,816 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/09/11 15:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 11:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/07/25 03:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/19 06:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/02/17 20:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/30 11:57:52 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/06 08:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/12/14 12:03:35 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/14 08:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/12/03 03:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 21:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 21:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 21:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 21:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 21:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/06 08:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 16:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ewanie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 18:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/21 14:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ewanie\AppData\Roaming\Mozilla\Extensions
[2011/07/24 17:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/08 15:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Bouncy Mouse = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.0.1_0\
CHR - Extension: Dead Frontier = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
CHR - Extension: Foursquare for chrome = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\haoobafgmgfodlcibfojjpdengcifnen\1.0.0.1_0\
CHR - Extension: Rainbow Theme = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohdhhgpngghdfhjbcnbgnglhncoapnc\1.0_0\
CHR - Extension: ChatVibes Facebook Video Chat! = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddljohkbhegmdbfgmpjimeneejbdibf\1.0.8_0\
CHR - Extension: Earbits Radio = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkjffcdjblaipglnmhanakilfbniihj\1.0.1_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.6_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\ewanie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Yahoo Messengger] C:\Windows\system32\SCVVHSOT.exe File not found
O4 - Startup: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21095519-1237-4E64-A25B-50158B5AE502}: NameServer = 58.71.136.10 58.71.132.10
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/21 07:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{01907089-f199-11e0-b23f-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{01907089-f199-11e0-b23f-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{036fdef2-0770-11e1-bf34-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{036fdef2-0770-11e1-bf34-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b6ed1bb-0a57-11e1-8e72-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6ed1bb-0a57-11e1-8e72-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b6ed1c3-0a57-11e1-8e72-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6ed1c3-0a57-11e1-8e72-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b6ed1cb-0a57-11e1-8e72-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6ed1cb-0a57-11e1-8e72-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5916c968-0bab-11e1-898c-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{5916c968-0bab-11e1-898c-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5f904b62-0b81-11e1-943e-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{5f904b62-0b81-11e1-943e-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5f904b6d-0b81-11e1-943e-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{5f904b6d-0b81-11e1-943e-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7e242947-dc50-11e0-8c54-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{7e242947-dc50-11e0-8c54-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7e24295c-dc50-11e0-8c54-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{7e24295c-dc50-11e0-8c54-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8b2bf129-eddb-11e0-87b2-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{8b2bf129-eddb-11e0-87b2-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8da7941c-e84a-11e0-bb30-001e101fc33c}\Shell - "" = AutoRun
O33 - MountPoints2\{8da7941c-e84a-11e0-bb30-001e101fc33c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8da79426-e84a-11e0-bb30-001e101ff8c4}\Shell - "" = AutoRun
O33 - MountPoints2\{8da79426-e84a-11e0-bb30-001e101ff8c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8da7943c-e84a-11e0-bb30-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{8da7943c-e84a-11e0-bb30-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a6a132e2-f6e0-11e0-9a5a-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a132e2-f6e0-11e0-9a5a-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{abcc9e4f-ca54-11e0-9465-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{abcc9e4f-ca54-11e0-9465-001a80f6ffdf}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{abcc9e7e-ca54-11e0-9465-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{abcc9e7e-ca54-11e0-9465-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b861bc05-f4d3-11e0-83f9-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{b861bc05-f4d3-11e0-83f9-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bec080f8-08f2-11e1-bece-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{bec080f8-08f2-11e1-bece-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d04d5c0e-d092-11e0-82e0-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{d04d5c0e-d092-11e0-82e0-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1bccaab-0df5-11e1-8017-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bccaab-0df5-11e1-8017-001a80f6ffdf}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f32cc677-d501-11e0-b7b9-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f32cc677-d501-11e0-b7b9-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f62b4d2e-ca4d-11e0-a012-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f62b4d2e-ca4d-11e0-a012-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f62b4d37-ca4d-11e0-a012-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f62b4d37-ca4d-11e0-a012-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f62b4d3f-ca4d-11e0-a012-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f62b4d3f-ca4d-11e0-a012-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fad1926c-0f3f-11e1-86e0-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{fad1926c-0f3f-11e1-86e0-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/19 18:20:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/11 14:08:02 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\sushi game
[2011/11/11 14:05:47 | 000,000,000 | R--D | C] -- C:\Users\ewanie\Documents\Diner Dash 2
[2011/11/11 14:03:57 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\Angry Birds
[2011/11/11 02:25:54 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\PlayFirst
[2011/11/11 02:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2011/11/11 02:21:37 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\Rovio
[2011/11/10 18:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis Broadband
[2011/11/10 18:07:48 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011/11/10 18:07:48 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011/11/10 18:07:48 | 000,103,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys
[2011/11/10 18:07:48 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011/11/10 18:07:48 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011/11/09 22:27:17 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\mlk
[2011/11/04 05:55:12 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\Uniblue
[2011/11/04 05:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/11/01 01:09:09 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Local\Facebook
[2011/10/31 20:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft
[2011/07/30 18:10:15 | 000,501,576 | ---- | C] (Yahoo! Inc.) -- C:\Users\ewanie\AppData\Local\msgr9us.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 11:46:13 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/20 11:43:13 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/11/20 11:43:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 11:43:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 11:42:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 11:42:49 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 02:10:50 | 000,029,631 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/20 02:06:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/19 23:29:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/19 23:28:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/11/19 22:35:07 | 000,667,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/19 22:35:07 | 000,133,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/19 20:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/11/19 18:22:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/11/11 14:09:45 | 000,078,336 | ---- | M] () -- C:\Users\ewanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 22:31:08 | 000,203,776 | -H-- | M] () -- C:\Users\ewanie\Documents\photothumb.db
[2011/11/08 22:52:49 | 002,048,931 | ---- | M] () -- C:\Users\ewanie\Documents\m.zip
[2011/11/08 02:10:37 | 000,001,680 | ---- | M] () -- C:\Users\ewanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/19 18:21:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/11/19 13:41:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/08 02:10:37 | 000,001,680 | ---- | C] () -- C:\Users\ewanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2011/11/05 20:50:48 | 000,203,776 | -H-- | C] () -- C:\Users\ewanie\Documents\photothumb.db
[2011/11/04 05:55:14 | 000,000,258 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/11/01 23:24:05 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/01 23:23:58 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/07/31 03:36:38 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/31 03:36:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/24 17:46:57 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/07/21 10:12:01 | 000,078,336 | ---- | C] () -- C:\Users\ewanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/21 08:59:18 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/21 08:50:45 | 000,001,356 | ---- | C] () -- C:\Users\ewanie\AppData\Local\d3d9caps.dat
[2011/07/21 08:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2011/07/21 08:28:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008/02/05 08:09:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2008/02/05 08:09:00 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/05 08:08:45 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,428,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,667,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,133,484 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/21 16:10:09 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\InterVideo
[2011/09/13 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\KompoZer
[2011/07/24 17:39:45 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\OpenOffice.org
[2011/08/17 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\PhotoScape
[2011/11/11 02:25:54 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\PlayFirst
[2011/11/11 02:21:37 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\Rovio
[2011/07/24 17:55:38 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\Stardock
[2011/07/27 09:27:52 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\TigerPlayer
[2011/11/04 05:55:12 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\Uniblue
[2011/11/20 12:04:17 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\uTorrent
[2011/08/06 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\WindSolutions
[2011/10/09 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\YoudaGames
[2011/11/20 11:46:13 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/11/19 23:28:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/11/19 23:29:07 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/11/20 02:11:06 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/20 11:43:13 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
  • 0

#3
Hadzrin Aqmal

Hadzrin Aqmal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL Extras logfile created on: 20/11/2011 11:53:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ewanie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

1013.69 Mb Total Physical Memory | 125.69 Mb Available Physical Memory | 12.40% Memory free
2.24 Gb Paging File | 0.90 Gb Available in Paging File | 40.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.06 Gb Total Space | 110.01 Gb Free Space | 62.13% Space Free | Partition Type: NTFS
Drive G: | 29.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: EWANIE-PC | User Name: ewanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3885349237-2032763224-3641379520-1003]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1846B2A1-C2E1-4113-8F36-D3CAD5D18CA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18F73558-CCAA-476E-ABD5-8FEF4728325C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2833177B-94E0-4132-B34B-60FE2AFF47C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{4006BAEE-8370-41C3-89EF-5F9FEA8DE8E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56BDA2E3-AC5D-474F-A4D0-45099F23EFB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{58DA3F5A-23AF-4C13-84F2-6F012CFF630D}" = rport=138 | protocol=17 | dir=out | app=system |
"{61F12092-7C34-404D-88BB-B69661D67484}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6976EF18-B3F0-42F0-8626-34709F2FB756}" = rport=137 | protocol=17 | dir=out | app=system |
"{71B32308-75C7-4F1B-8F6D-5149B7A2D126}" = lport=138 | protocol=17 | dir=in | app=system |
"{739F865A-8051-48DD-A61C-AB2EFA5BAE80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83D91BE3-5414-47AB-821C-C2847DB432C8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D3E9F5C-4E1C-4963-BF54-206F4B3B7FB3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B106C92A-FB6E-4C35-A98D-C95B4CD85504}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C34C5D43-283D-4F33-A0CF-7D1681E6336D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C3DBC6B0-FDB4-4652-BB3F-E57DBF7C075D}" = rport=139 | protocol=6 | dir=out | app=system |
"{CBCE2622-838F-4825-9CF7-D030511A53BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{CE5A79D0-B0C7-461B-9576-F9CA6F6A3D38}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC16633F-15D4-40DA-B3DB-F17758B9B5DF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DCF68E53-642A-443B-BAFE-A06408009044}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E1EB4EC7-1007-424F-86D9-921100B0D636}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7D859C9-3B5C-45E1-A47C-57593F57EB68}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A85C424-3280-4A04-B706-BD5F663A8F1D}" = protocol=58 | dir=in | [email protected],-28545 |
"{444B9352-D6BD-4A6F-ADBB-881C2980DA96}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4BA886F1-BEFA-4399-9659-85AED72C16D1}" = protocol=58 | dir=out | [email protected],-28546 |
"{61151FFD-19FD-4232-8C8B-2BE61ADD51ED}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6F7BB259-2718-4C89-A479-0A28B6F12316}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{768F81D5-14B5-448F-A280-701945DB7A3C}" = protocol=1 | dir=in | [email protected],-28543 |
"{7F70BDD9-AF97-4C85-BBD5-9FCA933E8E7C}" = protocol=1 | dir=out | [email protected],-28544 |
"{848F5C46-37C4-4004-AD5B-31F25B926519}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{998D472A-54C0-4ECC-B9EF-10E0770E00D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BAFB7F24-365D-44F5-85D8-13D8EE4243D5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C7E351CE-CEF7-41F8-9596-483FDC4B5C15}" = dir=in | app=c:\users\ewanie\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{002B1C9B-02DD-4BD2-9865-E82F98C1FA52}C:\users\ewanie\appdata\local\temp\winorab.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winorab.exe |
"TCP Query User{007D520E-CE76-4A6E-9AC8-D4E641EDE2EC}C:\users\ewanie\appdata\local\temp\gctnw.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\gctnw.exe |
"TCP Query User{026B7A24-6F26-42AA-A586-645D58441565}C:\users\ewanie\appdata\local\temp\winxxebkx.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winxxebkx.exe |
"TCP Query User{055597DC-9FA8-4288-86CA-202B6A5088A3}C:\users\ewanie\appdata\local\temp\bnpn.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\bnpn.exe |
"TCP Query User{0589C260-7572-4DE3-B673-74C8500C94F1}C:\users\ewanie\appdata\local\temp\wincclsh.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wincclsh.exe |
"TCP Query User{05EE446E-131B-42EC-8132-3214B3712461}C:\users\ewanie\appdata\local\temp\winnitps.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winnitps.exe |
"TCP Query User{078EEB9A-62CB-45BC-B3A5-364DC87A87C5}C:\users\ewanie\appdata\local\temp\winwgug.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winwgug.exe |
"TCP Query User{07E66442-E3B3-4865-A8E3-4E208E92882F}C:\users\ewanie\appdata\local\temp\kjkqpr.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\kjkqpr.exe |
"TCP Query User{08BD9E2D-C18D-4F20-8BE8-1ADBD57EBE65}C:\windows\system32\mobsync.exe" = protocol=6 | dir=in | app=c:\windows\system32\mobsync.exe |
"TCP Query User{0960CB3A-17A3-4340-91DF-9AC994537D60}C:\users\ewanie\appdata\local\temp\winmcvp.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmcvp.exe |
"TCP Query User{09A4C06A-AA2E-4C2E-B879-6D76CA19F619}C:\users\ewanie\appdata\local\temp\winxlldga.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winxlldga.exe |
"TCP Query User{0B370911-22E0-4204-947A-D3628CC997E0}C:\users\ewanie\appdata\local\temp\vkgxg.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\vkgxg.exe |
"TCP Query User{0ED6C604-7580-4CB1-91B1-173DFEF69371}C:\users\ewanie\appdata\local\temp\winyeyd.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winyeyd.exe |
"TCP Query User{0FDA0341-7815-4D15-A878-F41076B77F1B}C:\users\ewanie\appdata\local\temp\winnavtq.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winnavtq.exe |
"TCP Query User{0FEAA6B5-CCF2-4941-A056-CE9CF29C5DF2}C:\users\ewanie\appdata\local\temp\wineovhgn.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wineovhgn.exe |
"TCP Query User{134D47A0-F7D3-495F-8CBD-BE4B96B2B716}C:\users\ewanie\appdata\local\temp\winbootyy.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winbootyy.exe |
"TCP Query User{14BFB215-4849-482C-A75A-D1AE6A12E220}C:\program files\sony\prepare your vaio\pyv.exe" = protocol=6 | dir=in | app=c:\program files\sony\prepare your vaio\pyv.exe |
"TCP Query User{18A908A5-52AA-4722-83F3-F82ACB9CDF2F}C:\windows\system32\taskmgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskmgr.exe |
"TCP Query User{194AD0B6-805E-49F4-A81D-F8FC4D86E511}C:\windows\system32\netsh.exe" = protocol=6 | dir=in | app=c:\windows\system32\netsh.exe |
"TCP Query User{1DE874F6-EDEC-4884-A919-92B620CD0ABD}C:\users\ewanie\appdata\local\temp\lhmwa.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\lhmwa.exe |
"TCP Query User{1FA97849-858F-4365-A1E0-9BD0B2F770C8}C:\users\ewanie\appdata\local\temp\winmmsly.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmmsly.exe |
"TCP Query User{211D0876-5D95-4611-91AE-36E362541832}C:\users\ewanie\appdata\local\temp\winpwiwh.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winpwiwh.exe |
"TCP Query User{25820854-F5B4-4F26-9FD1-88C654BC851E}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin |
"TCP Query User{2B9A8CAA-6E22-4442-8B63-A8D38891BD52}C:\users\ewanie\appdata\local\temp\winlkvo.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winlkvo.exe |
"TCP Query User{2CF0D45C-1CDF-4F7A-8745-833AB82E6CE1}C:\users\ewanie\appdata\local\temp\winkewq.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winkewq.exe |
"TCP Query User{2E0B779E-707A-467B-892F-56E05AE5CE77}C:\users\ewanie\appdata\local\temp\rhud.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\rhud.exe |
"TCP Query User{3AB41250-0A57-4BC3-A2A4-16026CE8AFAA}C:\users\ewanie\appdata\local\temp\wincvclwk.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wincvclwk.exe |
"TCP Query User{3CC2E48B-72B4-4A84-BBE8-627C193974D9}C:\windows\system32\igfxtray.exe" = protocol=6 | dir=in | app=c:\windows\system32\igfxtray.exe |
"TCP Query User{3DFC36D0-F0FA-458C-AB68-0AD48B486F45}C:\users\ewanie\appdata\local\temp\winsadjay.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winsadjay.exe |
"TCP Query User{43E6404E-464F-4B1C-9BC1-283471F3A1E2}C:\program files\sony\network utility\lanutil.exe" = protocol=6 | dir=in | app=c:\program files\sony\network utility\lanutil.exe |
"TCP Query User{4579D32C-EDE2-4185-9AF6-CCCE9BD4D49C}C:\program files\stardock\objectdockfree\objectdock.exe" = protocol=6 | dir=in | app=c:\program files\stardock\objectdockfree\objectdock.exe |
"TCP Query User{45889A83-BDBA-4269-BB3A-851C543E733C}C:\users\ewanie\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{45CE76ED-A358-4BD2-8C9D-83ED1E647723}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"TCP Query User{46C8114D-2FD6-4A73-A427-FE621B1F5933}C:\program files\maxis broadband\maxis broadband.exe" = protocol=6 | dir=in | app=c:\program files\maxis broadband\maxis broadband.exe |
"TCP Query User{486AE1D4-8DA1-411B-A8E6-AF9470915C13}I:\music.exe" = protocol=6 | dir=in | app=i:\music.exe |
"TCP Query User{4B4C7E64-C243-49DA-90DD-4E4AE0897FC8}C:\users\ewanie\appdata\local\temp\winmqcpr.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmqcpr.exe |
"TCP Query User{4DF6BE4C-579E-4BD6-B436-B4E12C02D0C1}C:\users\ewanie\appdata\local\temp\winymtvb.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winymtvb.exe |
"TCP Query User{50E84207-6A4C-4C89-87F1-1FE8F57CD729}C:\users\ewanie\appdata\local\temp\qvfb.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\qvfb.exe |
"TCP Query User{55621035-963F-433E-A00D-7EF624B922AB}C:\users\ewanie\appdata\local\temp\winucci.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winucci.exe |
"TCP Query User{56240729-BA3C-4538-8AA7-047EB5658EB1}C:\users\ewanie\appdata\local\facebook\update\facebookupdate.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\facebook\update\facebookupdate.exe |
"TCP Query User{564B9725-534C-4F32-81E4-06B252EB6878}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"TCP Query User{5941F712-2A65-4AD4-B8E9-813AA9F2C371}C:\users\ewanie\appdata\local\temp\winhahwro.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winhahwro.exe |
"TCP Query User{5E9827D9-F33F-44B9-AA38-AF7987A8993C}H:\music.exe" = protocol=6 | dir=in | app=h:\music.exe |
"TCP Query User{618084CF-2E2E-4DB2-9F95-9FCC2045DD72}C:\program files\maxis broadband\maxis broadband.exe" = protocol=6 | dir=in | app=c:\program files\maxis broadband\maxis broadband.exe |
"TCP Query User{64BB1E7A-42C8-4D40-A856-1A068656AB99}C:\users\ewanie\appdata\local\temp\winpnoxy.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winpnoxy.exe |
"TCP Query User{68BD322E-301B-407C-BAB7-19FCE368F969}C:\users\ewanie\appdata\local\temp\wingoplh.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wingoplh.exe |
"TCP Query User{6A1F9F30-3FDB-4C2C-AAE9-FEDDE21A0DC9}C:\users\ewanie\appdata\local\temp\yjoi.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\yjoi.exe |
"TCP Query User{6BF4A930-9C7D-4CC0-A3D6-1BB6707D1DA6}C:\users\ewanie\appdata\local\temp\dlwsip.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\dlwsip.exe |
"TCP Query User{6F9A809D-86B0-4FE9-83B0-183C47269EBE}C:\users\ewanie\appdata\local\temp\winxsoxyn.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winxsoxyn.exe |
"TCP Query User{71326173-D82F-438E-BF31-0FE3A1EF06BD}C:\users\ewanie\appdata\local\temp\winijlei.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winijlei.exe |
"TCP Query User{71C5487B-8FB9-4D5C-A094-8DFE3BE106D8}C:\program files\sony\vaio wallpaper setting tool\vwset.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio wallpaper setting tool\vwset.exe |
"TCP Query User{793784E9-5D99-4C10-9DDC-16B2E55281FF}C:\users\ewanie\appdata\local\temp\winyuhdf.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winyuhdf.exe |
"TCP Query User{7A388CA0-3A43-474C-8756-A54D62C2B726}C:\users\ewanie\appdata\local\temp\winjyjxai.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjyjxai.exe |
"TCP Query User{7CDA0079-8893-4E61-BC3F-4876D00509A5}C:\users\ewanie\appdata\local\temp\winjjxms.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjjxms.exe |
"TCP Query User{7EC50F80-CFFB-437D-9DA3-53F5859FE68D}C:\users\ewanie\appdata\local\temp\winvxstu.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winvxstu.exe |
"TCP Query User{88C4E745-2314-4292-9B10-EC9D98C9D43C}C:\windows\system32\hkcmd.exe" = protocol=6 | dir=in | app=c:\windows\system32\hkcmd.exe |
"TCP Query User{894E85E2-29E4-4921-91E7-FDBD5044C3C2}C:\windows\ehome\ehmsas.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehmsas.exe |
"TCP Query User{8A865A58-5515-4C51-8EF9-747101FAD546}C:\users\ewanie\appdata\local\temp\ystxt.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\ystxt.exe |
"TCP Query User{8B5A5A42-5F49-46DE-A77A-B29495CF9BB2}C:\users\ewanie\appdata\local\temp\winynqny.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winynqny.exe |
"TCP Query User{8C568CCE-6604-4FB6-82C6-CDF2F72D8A65}C:\program files\sony\vaio update 3\vaioupdt.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio update 3\vaioupdt.exe |
"TCP Query User{8C9915F4-EC2B-4F57-A4F3-D878DE660DCC}H:\sounds.exe" = protocol=6 | dir=in | app=h:\sounds.exe |
"TCP Query User{8CF7F59B-E48C-4F17-A2D1-6253C833CCCE}C:\users\ewanie\appdata\local\temp\hsci.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\hsci.exe |
"TCP Query User{8D6DDF81-27BB-42C1-89AC-195F571B04DD}C:\users\ewanie\appdata\local\temp\dpuo.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\dpuo.exe |
"TCP Query User{8E880761-43E4-4679-9DBA-E1DA47E3BA33}C:\users\ewanie\appdata\local\temp\winycojuq.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winycojuq.exe |
"TCP Query User{8F65BC02-3837-4E98-9B50-F07F606D0D8E}C:\users\ewanie\appdata\local\temp\qldi.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\qldi.exe |
"TCP Query User{9315917A-948E-4677-AF79-1B4D0F379A53}C:\program files\apoint\apoint.exe" = protocol=6 | dir=in | app=c:\program files\apoint\apoint.exe |
"TCP Query User{9470DA9A-9FC9-4BD9-902B-78F988200D10}C:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe" = protocol=6 | dir=in | app=c:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe |
"TCP Query User{94C557A8-F72B-45FD-AED5-7C309B805DA1}C:\users\ewanie\appdata\local\temp\winhhfh.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winhhfh.exe |
"TCP Query User{9B45C4CE-2B10-4974-A473-A0F9B5CA370B}C:\users\ewanie\appdata\local\temp\tvuyx.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\tvuyx.exe |
"TCP Query User{9EB9F82D-FEA8-4B54-A92F-DDBB3E9C327D}C:\users\ewanie\appdata\local\temp\winrmgul.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winrmgul.exe |
"TCP Query User{9F6D05D3-34CA-463A-B503-5ED0FBF49424}C:\users\ewanie\appdata\local\temp\winennx.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winennx.exe |
"TCP Query User{A0AC3B94-A3A8-4F77-981E-768DEBF12EC9}C:\users\ewanie\appdata\local\temp\wincnwvd.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wincnwvd.exe |
"TCP Query User{A1134EFE-1C72-45CB-AD6C-75D602ED3BA7}C:\users\ewanie\appdata\local\temp\winjcidg.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjcidg.exe |
"TCP Query User{A1D7D716-4C4A-4172-A855-79DD00C36E8E}C:\users\ewanie\appdata\local\temp\rkowmy.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\rkowmy.exe |
"TCP Query User{A9C5A98C-38A7-4163-9D3B-632FE577B1F9}C:\users\ewanie\appdata\local\temp\winwehukq.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winwehukq.exe |
"TCP Query User{AA4D4DA7-1981-45D8-9AD9-8C9844AF3893}C:\users\ewanie\appdata\local\temp\winowmy.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winowmy.exe |
"TCP Query User{AB176BE6-4943-44D1-9B67-A022056AEF20}C:\users\ewanie\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\google\update\googleupdate.exe |
"TCP Query User{ABAED87A-40B5-4B70-B742-728A246395CA}C:\users\ewanie\appdata\local\temp\ccwcm.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\ccwcm.exe |
"TCP Query User{AD0412EF-26C7-47D6-B610-7C6370DDA357}C:\windows\ehome\ehtray.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehtray.exe |
"TCP Query User{AE75260C-E35D-4DCD-9F67-21DD26C3EF37}C:\users\ewanie\appdata\local\temp\winlneip.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winlneip.exe |
"TCP Query User{AEA75748-4B65-486F-B5B1-971DFD816C36}C:\users\ewanie\appdata\local\temp\vcml.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\vcml.exe |
"TCP Query User{AFA5057A-E4E0-4E16-B3DF-605301D0DEE8}C:\users\ewanie\appdata\local\temp\winyrgeq.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winyrgeq.exe |
"TCP Query User{B3118242-9E13-47D0-871A-044D313C5A56}C:\users\ewanie\appdata\local\temp\wingoaf.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wingoaf.exe |
"TCP Query User{B3533A12-B3EB-4A05-AF60-783ED883AD27}C:\users\ewanie\appdata\local\temp\cgjonn.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\cgjonn.exe |
"TCP Query User{B451BE78-4ADA-442D-9D00-01236E4AAECE}C:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe" = protocol=6 | dir=in | app=c:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe |
"TCP Query User{B651062E-D860-436C-8FAB-679AD4E96A17}C:\users\ewanie\appdata\local\temp\winjjoceu.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjjoceu.exe |
"TCP Query User{B6D36F6A-5AB6-449C-B70A-78E2D1FB97C9}C:\program files\mcafee\virusscan\mcvsshld.exe" = protocol=6 | dir=in | app=c:\program files\mcafee\virusscan\mcvsshld.exe |
"TCP Query User{BDFC7821-234F-40EA-A663-DBBE1C9934B3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BE939F51-9B62-4DFD-9533-DDCD68333649}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
"TCP Query User{C15AB151-14AA-4196-9830-7ABC7C0C48D7}C:\users\ewanie\appdata\local\temp\ddgl.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\ddgl.exe |
"TCP Query User{C1658E99-8BFB-4A4C-BD02-228D6578E4DF}C:\users\ewanie\appdata\local\temp\bgkw.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\bgkw.exe |
"TCP Query User{C194AAE6-1E6B-4657-A196-298077D091D0}C:\users\ewanie\appdata\local\temp\winmkmqr.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmkmqr.exe |
"TCP Query User{C48F2760-C633-4E82-B700-9D244732AE94}C:\users\ewanie\appdata\local\temp\windvsxh.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\windvsxh.exe |
"TCP Query User{C9B94725-97CA-43EB-9FE7-7175151FA178}C:\users\ewanie\appdata\local\temp\kagfn.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\kagfn.exe |
"TCP Query User{CB93E3AC-3D0C-4762-B391-D02BA56ADE32}C:\program files\mcafee.com\agent\mcagent.exe" = protocol=6 | dir=in | app=c:\program files\mcafee.com\agent\mcagent.exe |
"TCP Query User{CC9F25BC-F06B-4199-8A69-6EED41ACE516}C:\users\ewanie\appdata\local\temp\efhbyc.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\efhbyc.exe |
"TCP Query User{CD2DA2F9-6856-470E-8226-E5C38970BC96}C:\program files\openoffice.org 3\program\soffice.exe" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.exe |
"TCP Query User{CDAE602C-3F9D-4D7A-8FCA-AD857BBED7F3}C:\windows\microsoft.net\framework\v2.0.50727\ngen.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ngen.exe |
"TCP Query User{CE66FD0B-57AA-40AD-9A98-72D27C4CCD57}C:\users\ewanie\appdata\local\temp\winfstrbk.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winfstrbk.exe |
"TCP Query User{D0BD6FDB-D4D2-4067-A1C8-27B6C841EDD7}C:\users\ewanie\appdata\local\temp\winljilgj.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winljilgj.exe |
"TCP Query User{D3EC1861-832B-44FE-B2FF-3D2A14538374}C:\users\ewanie\appdata\local\temp\gccvk.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\gccvk.exe |
"TCP Query User{D4D42626-CFE5-4C74-BA99-177E82680B4E}C:\program files\apoint\apntex.exe" = protocol=6 | dir=in | app=c:\program files\apoint\apntex.exe |
"TCP Query User{D580608D-888D-411E-8BC7-28EEC85972C3}C:\users\ewanie\appdata\local\temp\dvay.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\dvay.exe |
"TCP Query User{D63188BC-C2E1-40A7-8334-590081EE7063}C:\users\ewanie\appdata\local\temp\winelifw.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winelifw.exe |
"TCP Query User{D851A4F9-8361-4376-9C50-03EBAAB42DB1}C:\users\ewanie\appdata\local\temp\wingsmkml.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wingsmkml.exe |
"TCP Query User{E0ED9EF7-69D4-4DE3-B0D3-8FF04393582D}C:\users\ewanie\appdata\local\temp\winwkem.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winwkem.exe |
"TCP Query User{E16A190E-C77B-4E53-8D03-A06B53738E6E}C:\users\ewanie\appdata\local\temp\xwok.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\xwok.exe |
"TCP Query User{E62CCA66-DF23-4854-A812-81E22D65567A}C:\users\ewanie\appdata\local\temp\winunitcn.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winunitcn.exe |
"TCP Query User{E6D255B5-1E2E-4705-BCDF-4FA932A2C4E3}C:\users\ewanie\appdata\local\temp\winllqk.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winllqk.exe |
"TCP Query User{E8C74087-5CE4-4913-9C55-50177F850731}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{EAAEF287-D606-4B58-8A54-E59BDE28E1D3}C:\users\ewanie\appdata\local\temp\wfpih.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\wfpih.exe |
"TCP Query User{EC763458-D540-4842-B090-2511885FE557}C:\program files\apoint\apoint.exe" = protocol=6 | dir=in | app=c:\program files\apoint\apoint.exe |
"TCP Query User{F33BBE90-8DAC-49D5-9B4A-A7E716A0B8B3}C:\users\ewanie\appdata\local\temp\qwcdch.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\qwcdch.exe |
"TCP Query User{F3973009-01FF-41AC-8D49-DCB3AF7089EC}C:\users\ewanie\appdata\local\temp\winhusal.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winhusal.exe |
"TCP Query User{F6961A7E-302C-44AB-A9CA-4E4778E64361}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{F99741D5-EE16-47E1-A220-0FC3F9D2C7DB}C:\users\ewanie\appdata\local\temp\gmyjx.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\gmyjx.exe |
"TCP Query User{FB2BF1BA-1A44-4FBF-B638-1CD791966998}C:\program files\sony\network utility\lanutil.exe" = protocol=6 | dir=in | app=c:\program files\sony\network utility\lanutil.exe |
"TCP Query User{FC078542-AD19-49BA-A2EC-EF696867A397}C:\users\ewanie\appdata\local\temp\enhrs.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\enhrs.exe |
"TCP Query User{FE4DF9DF-BE93-497E-BCF1-78A559D10D81}C:\users\ewanie\appdata\local\temp\sddoe.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\sddoe.exe |
"TCP Query User{FEA12824-22B7-472F-9F7E-462FA94EB794}C:\users\ewanie\appdata\local\temp\winaigmhu.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winaigmhu.exe |
"TCP Query User{FF160059-2B4A-40E2-938F-D15F3817E2C4}C:\users\ewanie\appdata\local\temp\winfyoa.exe" = protocol=6 | dir=in | app=c:\users\ewanie\appdata\local\temp\winfyoa.exe |
"UDP Query User{051B8955-5E43-4830-B19E-8EEABFBF0C7F}C:\users\ewanie\appdata\local\temp\wincclsh.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wincclsh.exe |
"UDP Query User{06259494-C808-49A9-886E-1C247C402257}C:\users\ewanie\appdata\local\temp\winlkvo.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winlkvo.exe |
"UDP Query User{07C4D04F-14AD-48B5-B435-DD4777C8FA76}C:\program files\sony\network utility\lanutil.exe" = protocol=17 | dir=in | app=c:\program files\sony\network utility\lanutil.exe |
"UDP Query User{08D93148-1587-4E70-86CD-629DF4033B8A}C:\program files\maxis broadband\maxis broadband.exe" = protocol=17 | dir=in | app=c:\program files\maxis broadband\maxis broadband.exe |
"UDP Query User{0A43B5CF-4B63-41B0-95E6-551D3CFDE219}C:\users\ewanie\appdata\local\facebook\update\facebookupdate.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\facebook\update\facebookupdate.exe |
"UDP Query User{0BD8C2E4-16F8-429A-B02E-2BE542921003}C:\program files\apoint\apoint.exe" = protocol=17 | dir=in | app=c:\program files\apoint\apoint.exe |
"UDP Query User{0E2C9ACA-0F6A-440D-B313-EE4A18DA7CC4}C:\users\ewanie\appdata\local\temp\winwkem.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winwkem.exe |
"UDP Query User{0FC42D30-FE8E-42F5-86F8-A004A42E5D2D}C:\program files\sony\vaio wallpaper setting tool\vwset.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio wallpaper setting tool\vwset.exe |
"UDP Query User{10102AAB-703E-44F9-AE18-3C3A213A4D6C}C:\users\ewanie\appdata\local\temp\winpwiwh.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winpwiwh.exe |
"UDP Query User{131B03E6-2242-46AB-B9D2-48C90756317B}C:\users\ewanie\appdata\local\temp\kjkqpr.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\kjkqpr.exe |
"UDP Query User{18FC4EA6-4DA7-4002-A343-29E9E99916BA}C:\users\ewanie\appdata\local\temp\winjjoceu.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjjoceu.exe |
"UDP Query User{1A33E578-75F2-4E10-939A-8C868AF461DE}C:\users\ewanie\appdata\local\temp\tvuyx.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\tvuyx.exe |
"UDP Query User{1B20EBE3-26CB-4E72-9927-070B9AFCB8AA}C:\users\ewanie\appdata\local\temp\yjoi.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\yjoi.exe |
"UDP Query User{1B3BEB98-2DFB-4744-8F85-33C65A3A3E5A}C:\users\ewanie\appdata\local\temp\winhusal.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winhusal.exe |
"UDP Query User{1FCAB14E-2E27-4D67-BDE9-112A46EC7F8A}C:\users\ewanie\appdata\local\temp\winlneip.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winlneip.exe |
"UDP Query User{20504F36-B3F6-4E81-8CFA-7AD34CCC5C18}C:\users\ewanie\appdata\local\temp\wincvclwk.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wincvclwk.exe |
"UDP Query User{223A534A-4682-46CC-9E1B-880394BAA433}C:\users\ewanie\appdata\local\temp\winllqk.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winllqk.exe |
"UDP Query User{23F0725E-86A8-4FFB-8152-265F9EC7EF1E}C:\program files\maxis broadband\maxis broadband.exe" = protocol=17 | dir=in | app=c:\program files\maxis broadband\maxis broadband.exe |
"UDP Query User{24A40B53-5A18-494B-AD38-268EFFA1D45F}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"UDP Query User{2503A975-365B-4B3B-9AD9-A06EBBBBEA69}C:\users\ewanie\appdata\local\temp\winbootyy.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winbootyy.exe |
"UDP Query User{25D154A4-ED93-47B9-AAF8-6ABADC8869BB}C:\users\ewanie\appdata\local\temp\qvfb.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\qvfb.exe |
"UDP Query User{2A279DB7-85CC-43E2-99C3-6586D454B560}C:\users\ewanie\appdata\local\temp\winkewq.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winkewq.exe |
"UDP Query User{2A8B7143-96BC-4331-B7E2-62D48F7094AC}C:\users\ewanie\appdata\local\temp\winucci.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winucci.exe |
"UDP Query User{2D7CD405-3C41-4EB8-9081-5529C7454E66}C:\program files\mcafee\virusscan\mcvsshld.exe" = protocol=17 | dir=in | app=c:\program files\mcafee\virusscan\mcvsshld.exe |
"UDP Query User{2D9B0EDB-85D1-41F0-97AF-63E3A9A3AD1E}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |
"UDP Query User{3070356C-6995-49A9-8C0F-4EC7F86425C1}C:\users\ewanie\appdata\local\temp\winxxebkx.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winxxebkx.exe |
"UDP Query User{3091DBAA-48FB-421D-911E-492F0B3B85B7}C:\users\ewanie\appdata\local\temp\gmyjx.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\gmyjx.exe |
"UDP Query User{32528F24-CB82-4885-93FB-DEE0CD195A5C}C:\users\ewanie\appdata\local\temp\winfstrbk.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winfstrbk.exe |
"UDP Query User{3856520F-4BBF-4059-988A-ADBB3F4FC664}C:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe" = protocol=17 | dir=in | app=c:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe |
"UDP Query User{3DF7F6E5-8781-4D55-BBB7-D256FEC870B5}C:\users\ewanie\appdata\local\temp\wingoplh.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wingoplh.exe |
"UDP Query User{3E96B80C-D095-4DD6-B3F6-80DC4583D570}C:\windows\system32\netsh.exe" = protocol=17 | dir=in | app=c:\windows\system32\netsh.exe |
"UDP Query User{3F3812D5-6CD1-4753-B35F-7F8B962A69F4}C:\users\ewanie\appdata\local\temp\bgkw.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\bgkw.exe |
"UDP Query User{41FE92C6-E8EB-4BD3-BB02-549C91851D33}C:\users\ewanie\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{494F81E1-2D0F-431D-AAFD-EE2C7174FB0B}C:\users\ewanie\appdata\local\temp\hsci.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\hsci.exe |
"UDP Query User{4B9650E8-7D6D-4DA4-9524-593351435C1C}C:\users\ewanie\appdata\local\temp\efhbyc.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\efhbyc.exe |
"UDP Query User{4F4D11B3-481F-4D39-BFAD-AD3B453CFCD6}C:\users\ewanie\appdata\local\temp\qldi.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\qldi.exe |
"UDP Query User{52494B2F-6029-42A3-8600-13C74026EF7F}C:\users\ewanie\appdata\local\temp\winjcidg.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjcidg.exe |
"UDP Query User{52C90B49-9DEB-4EA6-A35E-18DEE2FD8BB4}C:\users\ewanie\appdata\local\temp\gctnw.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\gctnw.exe |
"UDP Query User{565EF4AB-581A-42B0-B2C0-9D1E6713E622}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{57FD7B92-6AE4-4B7E-9F86-FF1E0EAB6F27}C:\users\ewanie\appdata\local\temp\winorab.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winorab.exe |
"UDP Query User{593C1055-73D4-4873-A7E8-2AE73BA1E779}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{5A255FF3-DD04-435B-A784-23659A2261FA}C:\users\ewanie\appdata\local\temp\winrmgul.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winrmgul.exe |
"UDP Query User{5B1D0B02-CA54-4B4D-9D6C-CB6652CCAB12}C:\users\ewanie\appdata\local\temp\dlwsip.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\dlwsip.exe |
"UDP Query User{5BC50A5E-D152-490B-8C92-A8CF9268357E}C:\users\ewanie\appdata\local\temp\winijlei.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winijlei.exe |
"UDP Query User{5D981A34-F414-4C1A-828C-D9DF4EFC29F3}C:\windows\microsoft.net\framework\v2.0.50727\ngen.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ngen.exe |
"UDP Query User{5E3D818F-4F4A-4E48-AD50-10955B5ED2F9}C:\users\ewanie\appdata\local\temp\enhrs.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\enhrs.exe |
"UDP Query User{60355E25-FB9A-47A4-93C4-2B470C984586}C:\program files\sony\prepare your vaio\pyv.exe" = protocol=17 | dir=in | app=c:\program files\sony\prepare your vaio\pyv.exe |
"UDP Query User{61FF397D-8339-42AD-8367-935491ADF26F}C:\users\ewanie\appdata\local\temp\dpuo.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\dpuo.exe |
"UDP Query User{6489EB8A-6098-4BB2-BFF8-148121EB99A1}C:\program files\openoffice.org 3\program\soffice.exe" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.exe |
"UDP Query User{66942BBA-FBA2-4C06-BEBF-FCB823FF02C6}C:\program files\sony\network utility\lanutil.exe" = protocol=17 | dir=in | app=c:\program files\sony\network utility\lanutil.exe |
"UDP Query User{6909C380-B561-471D-8401-E0C8D39CB0D0}C:\users\ewanie\appdata\local\temp\winycojuq.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winycojuq.exe |
"UDP Query User{69A9A193-7570-4B6D-BBEC-6029DFCDD77D}C:\users\ewanie\appdata\local\temp\windvsxh.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\windvsxh.exe |
"UDP Query User{6D0F23A7-FF31-4A04-A352-282AF2FBDD10}H:\sounds.exe" = protocol=17 | dir=in | app=h:\sounds.exe |
"UDP Query User{783B6A21-6398-4CA9-8DE5-98E38D9FBDB7}C:\users\ewanie\appdata\local\temp\winymtvb.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winymtvb.exe |
"UDP Query User{7887EF43-05A6-4150-A9C9-BC7A7C3E3CE4}C:\users\ewanie\appdata\local\temp\wingsmkml.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wingsmkml.exe |
"UDP Query User{7A372559-74D2-4D8A-A148-C9B9F75CCEDA}C:\users\ewanie\appdata\local\temp\winyrgeq.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winyrgeq.exe |
"UDP Query User{807FF827-DB6A-48E8-B8D5-0222320AE692}C:\users\ewanie\appdata\local\temp\winyeyd.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winyeyd.exe |
"UDP Query User{81A6B690-C2A1-4604-8E01-628A459EF091}C:\users\ewanie\appdata\local\temp\winennx.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winennx.exe |
"UDP Query User{85B6C61C-49CE-47A6-9635-7E2871EF2E23}C:\users\ewanie\appdata\local\temp\winnavtq.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winnavtq.exe |
"UDP Query User{879068D5-EA6D-40FD-9740-236764BBED3D}C:\users\ewanie\appdata\local\temp\dvay.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\dvay.exe |
"UDP Query User{88B7987B-26DE-4AA2-8F75-F8BBD30F1A6C}C:\users\ewanie\appdata\local\temp\vcml.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\vcml.exe |
"UDP Query User{89E0D369-CAF3-4FA8-9107-71AB9A77A4F6}C:\users\ewanie\appdata\local\temp\winhhfh.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winhhfh.exe |
"UDP Query User{8AD8CBC0-A482-495D-8244-D64F41570445}C:\users\ewanie\appdata\local\temp\winmcvp.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmcvp.exe |
"UDP Query User{8C35EC9B-2BEF-4971-9DC5-7EBD6D8B1513}C:\users\ewanie\appdata\local\temp\lhmwa.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\lhmwa.exe |
"UDP Query User{8CF5C3CA-392E-454A-BC31-946F035AD9C3}C:\users\ewanie\appdata\local\temp\cgjonn.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\cgjonn.exe |
"UDP Query User{8D5E2F75-52BA-4D7E-893A-B51D94F4AFF8}C:\windows\ehome\ehmsas.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehmsas.exe |
"UDP Query User{8E700707-33DC-47FE-9186-BC748B35E1C6}C:\users\ewanie\appdata\local\temp\winnitps.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winnitps.exe |
"UDP Query User{8EBC15C0-A284-4C9D-91AE-5985D012DFED}C:\users\ewanie\appdata\local\temp\winowmy.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winowmy.exe |
"UDP Query User{90B9B62A-969D-4520-A7BC-B0F17F0FCFB3}C:\users\ewanie\appdata\local\temp\wfpih.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wfpih.exe |
"UDP Query User{9346E913-ABF9-4071-B7A6-2E78B7E774D6}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"UDP Query User{93FBCFDA-6D2C-4536-B4FD-4728ACACA7E5}C:\users\ewanie\appdata\local\temp\sddoe.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\sddoe.exe |
"UDP Query User{99F28409-D3CF-4754-A921-2355C40E367E}C:\users\ewanie\appdata\local\temp\winynqny.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winynqny.exe |
"UDP Query User{9BB36D7E-F5C0-4846-BFAA-7F83239C2A0B}C:\windows\ehome\ehtray.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehtray.exe |
"UDP Query User{9F962162-685C-46B3-9F4C-FC93885E8688}C:\users\ewanie\appdata\local\temp\winjyjxai.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjyjxai.exe |
"UDP Query User{A0EFCF05-B623-45F1-8036-844179AE581F}C:\users\ewanie\appdata\local\temp\qwcdch.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\qwcdch.exe |
"UDP Query User{A2E14AB7-7ED6-4C66-861C-2741B06C274A}C:\users\ewanie\appdata\local\temp\winpnoxy.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winpnoxy.exe |
"UDP Query User{A321488D-FFAC-47B9-BEE8-835394EF2938}C:\users\ewanie\appdata\local\temp\winfyoa.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winfyoa.exe |
"UDP Query User{A4B4467B-E2BE-4334-88E7-8ED71A91DF12}C:\users\ewanie\appdata\local\temp\wineovhgn.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wineovhgn.exe |
"UDP Query User{A83AF39B-2083-42D2-82CC-9691C0BA540A}C:\users\ewanie\appdata\local\temp\winjjxms.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winjjxms.exe |
"UDP Query User{A8481F24-4C16-453A-B1AA-0464E62D4579}C:\program files\apoint\apntex.exe" = protocol=17 | dir=in | app=c:\program files\apoint\apntex.exe |
"UDP Query User{ABD2BF8B-766F-4BC2-8920-5396E3FF3182}C:\users\ewanie\appdata\local\temp\winmkmqr.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmkmqr.exe |
"UDP Query User{AE5954AC-C7FB-47A4-835C-C4704EB2682B}C:\users\ewanie\appdata\local\temp\rhud.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\rhud.exe |
"UDP Query User{AECA2DB6-A21D-455C-82BB-7B86104333CA}C:\users\ewanie\appdata\local\temp\kagfn.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\kagfn.exe |
"UDP Query User{B44B3625-E4BA-43F7-BDBE-A155E24AB56A}C:\program files\mcafee.com\agent\mcagent.exe" = protocol=17 | dir=in | app=c:\program files\mcafee.com\agent\mcagent.exe |
"UDP Query User{B4D250F7-51DD-4DC1-88D1-4D42740CE9C8}C:\users\ewanie\appdata\local\temp\winwehukq.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winwehukq.exe |
"UDP Query User{B4E698D2-F7F4-4797-9EEC-67DAEA7CD219}C:\users\ewanie\appdata\local\temp\winunitcn.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winunitcn.exe |
"UDP Query User{B98CEE4F-4108-4ECE-93EE-AE076DCD4898}C:\windows\system32\mobsync.exe" = protocol=17 | dir=in | app=c:\windows\system32\mobsync.exe |
"UDP Query User{BC03A618-79C0-43C4-AABD-102540430476}C:\users\ewanie\appdata\local\temp\gccvk.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\gccvk.exe |
"UDP Query User{BC8D140B-967D-48BF-B1C5-62A597DA126F}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin |
"UDP Query User{BD026D2C-8F85-4999-B05B-AD2FB93FC71A}C:\users\ewanie\appdata\local\temp\xwok.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\xwok.exe |
"UDP Query User{BF362179-B001-42FF-87AC-16028F5B2EFB}C:\users\ewanie\appdata\local\temp\winvxstu.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winvxstu.exe |
"UDP Query User{BF7769B2-A0F7-4065-8CBB-701DED526175}C:\users\ewanie\appdata\local\temp\winhahwro.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winhahwro.exe |
"UDP Query User{C1777712-A1C4-49F7-A8E5-4542ACA2A11D}H:\music.exe" = protocol=17 | dir=in | app=h:\music.exe |
"UDP Query User{C44289CA-E16E-4A14-BACB-AFF3CEF173A6}C:\users\ewanie\appdata\local\temp\winelifw.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winelifw.exe |
"UDP Query User{C6255CFE-A1EB-4388-85E3-612B883119D1}I:\music.exe" = protocol=17 | dir=in | app=i:\music.exe |
"UDP Query User{C8894BC8-2284-40A8-AB45-38643D585653}C:\users\ewanie\appdata\local\temp\bnpn.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\bnpn.exe |
"UDP Query User{CA5C539E-3ADD-467F-A48D-F70C3E5A2989}C:\users\ewanie\appdata\local\temp\ddgl.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\ddgl.exe |
"UDP Query User{CB0C88E0-168A-4D55-AEDF-6B4EEF931AA3}C:\users\ewanie\appdata\local\temp\winaigmhu.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winaigmhu.exe |
"UDP Query User{CC67C72A-EBFA-4A78-B47B-BFC92D6CF538}C:\users\ewanie\appdata\local\temp\winmqcpr.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmqcpr.exe |
"UDP Query User{CCA692CE-4ECE-48E5-9CB0-E3D3A269024B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{CD51A677-F9B0-4F94-8B9D-AA5F8243F3A8}C:\program files\sony\vaio update 3\vaioupdt.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio update 3\vaioupdt.exe |
"UDP Query User{D05E08DC-0623-4B1D-9FE3-7FE9C202D1D5}C:\users\ewanie\appdata\local\temp\vkgxg.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\vkgxg.exe |
"UDP Query User{D13389BC-5586-436C-A544-E915F222113B}C:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe" = protocol=17 | dir=in | app=c:\program files\sony\sonicstage mastering studio\audio filter\ssmsfilter.exe |
"UDP Query User{D2CD7038-5E4A-4DEE-AEA6-C2F71D7F80B8}C:\users\ewanie\appdata\local\temp\wincnwvd.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wincnwvd.exe |
"UDP Query User{D3BF27A8-528F-4F71-AFAB-09AB9F36ADA0}C:\users\ewanie\appdata\local\temp\winljilgj.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winljilgj.exe |
"UDP Query User{D5D6BF41-E8DD-4120-8A37-A233BF5C88B7}C:\windows\system32\hkcmd.exe" = protocol=17 | dir=in | app=c:\windows\system32\hkcmd.exe |
"UDP Query User{D65DCF5B-5AA2-4337-8ACF-D40575B4136B}C:\users\ewanie\appdata\local\temp\winmmsly.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winmmsly.exe |
"UDP Query User{D96323AA-1841-420A-AC0E-34E42B119132}C:\users\ewanie\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\google\update\googleupdate.exe |
"UDP Query User{D978142D-4765-49C4-8BB3-9325487215DB}C:\users\ewanie\appdata\local\temp\ccwcm.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\ccwcm.exe |
"UDP Query User{DBE38C86-508A-41D6-BBFB-786182899F89}C:\users\ewanie\appdata\local\temp\winyuhdf.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winyuhdf.exe |
"UDP Query User{DDD6D712-E557-4CDA-91A0-6575DF2D827B}C:\users\ewanie\appdata\local\temp\ystxt.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\ystxt.exe |
"UDP Query User{DE0BCEC1-B134-4B30-88D8-A6BCE4C3D458}C:\windows\system32\igfxtray.exe" = protocol=17 | dir=in | app=c:\windows\system32\igfxtray.exe |
"UDP Query User{DF17298F-E24D-4697-9A63-77617C0E8214}C:\program files\apoint\apoint.exe" = protocol=17 | dir=in | app=c:\program files\apoint\apoint.exe |
"UDP Query User{E09AB06F-D654-4F08-80BC-FF8C102A2B0A}C:\windows\system32\taskmgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskmgr.exe |
"UDP Query User{E49EFB6A-EE23-4BBA-BACC-13A4ACFF814D}C:\users\ewanie\appdata\local\temp\wingoaf.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\wingoaf.exe |
"UDP Query User{E600B0CA-4B35-484E-BBB0-A51197BFE639}C:\users\ewanie\appdata\local\temp\winxlldga.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winxlldga.exe |
"UDP Query User{E911D784-50E6-4CE4-AA2C-35A10C36E067}C:\users\ewanie\appdata\local\temp\winwgug.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winwgug.exe |
"UDP Query User{EA33C351-81A2-4392-B19F-F97743F3B9F6}C:\users\ewanie\appdata\local\temp\winsadjay.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winsadjay.exe |
"UDP Query User{F2341E61-E7C5-4F0A-9EBB-80C97F7CEFB4}C:\users\ewanie\appdata\local\temp\winxsoxyn.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\winxsoxyn.exe |
"UDP Query User{FE0EE244-1FC2-4635-AB96-FA99A26C3674}C:\program files\stardock\objectdockfree\objectdock.exe" = protocol=17 | dir=in | app=c:\program files\stardock\objectdockfree\objectdock.exe |
"UDP Query User{FEC3D0C8-2852-446E-8C22-B91B1BAD70B2}C:\users\ewanie\appdata\local\temp\rkowmy.exe" = protocol=17 | dir=in | app=c:\users\ewanie\appdata\local\temp\rkowmy.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{963B65F9-89C7-48BB-8E40-E7583DEC7C8D}" = SonicStage Mastering Studio
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA171A69-F942-40DA-AE3A-EA91026A1CAE}" = VAIO Manual
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"Maxis Broadband" = Maxis Broadband
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"ObjectDock Free" = ObjectDock Free
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROHYBRIDR" = 2007 Microsoft Office system
"RealAlt_is1" = Real Alternative 2.0.2
"Shock Desktop 3D v0.5" = Shock Desktop 3D v0.5
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/11/2011 3:08:25 AM | Computer Name = ewanie-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 16/11/2011 12:26:59 PM | Computer Name = ewanie-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 16/11/2011 12:28:21 PM | Computer Name = ewanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/11/2011 12:32:01 PM | Computer Name = ewanie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 16/11/2011 1:50:19 PM | Computer Name = ewanie-PC | Source = Perflib | ID = 1010
Description =

Error - 16/11/2011 1:50:22 PM | Computer Name = ewanie-PC | Source = Perflib | ID = 1008
Description =

Error - 17/11/2011 3:18:16 AM | Computer Name = ewanie-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 17/11/2011 3:19:26 AM | Computer Name = ewanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/11/2011 5:29:06 AM | Computer Name = ewanie-PC | Source = Google Update | ID = 20
Description =

Error - 17/11/2011 5:31:27 AM | Computer Name = ewanie-PC | Source = Application Error | ID = 1000
Description = Faulting application AngryBirds.exe, version 0.0.0.0, time stamp 0x4d234498,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000001, process id 0x76bc, application start time 0x01cca50bad8909c3.

[ System Events ]
Error - 3/9/2011 6:02:57 AM | Computer Name = ewanie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/9/2011 6:04:15 AM | Computer Name = ewanie-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/9/2011 6:18:41 AM | Computer Name = ewanie-PC | Source = bowser | ID = 8003
Description =

Error - 4/9/2011 8:41:56 PM | Computer Name = ewanie-PC | Source = DCOM | ID = 10010
Description =

Error - 4/9/2011 10:53:56 PM | Computer Name = ewanie-PC | Source = HTTP | ID = 15016
Description =

Error - 4/9/2011 10:55:30 PM | Computer Name = ewanie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/9/2011 10:56:57 PM | Computer Name = ewanie-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:54:52 PM on 5/9/2011 was unexpected.

Error - 5/9/2011 10:57:01 PM | Computer Name = ewanie-PC | Source = HTTP | ID = 15016
Description =

Error - 6/9/2011 3:13:08 AM | Computer Name = ewanie-PC | Source = HTTP | ID = 15016
Description =

Error - 6/9/2011 3:14:47 AM | Computer Name = ewanie-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#4
Hadzrin Aqmal

Hadzrin Aqmal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I dont know what is the code above telling. T.T
just copy all the thing from the OTL quickscan.
I hope it will help
thank.
  • 0

#5
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Hadzrin Aqmal! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Hadzrin Aqmal only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your logs and I will post back soon.
  • 0

#6
Hadzrin Aqmal

Hadzrin Aqmal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank for your feedback buddy.I'm really appreciate it much. :')
ok I will follow what will you asking to do.
For now, let me tell a bit my current problems,

>My firewall frequently turn off after I shut down my computer,
and I turn on it back when I boot this laptop. (most after I boot the laptop, i will turn on the firewall)

>the security centre always told me that my system have a multiple security problem,
it is about a malware?

>and my antivirus program also can't be opened. I dont know why
and same goes to my microsoft office, picasa3 and open office.
message about "data execution prevention" always pop up out.

>before this I already download a uniblue pc 2012 , just want to speed up my pc but I dont expect this problems will occur. and now i have deleted (uninstall) it.

thank for hearing my problems. :)
  • 0

#7
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan).


Step 2

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.
    • Double-click on the file USBVaccine.zip located on your desktop.
    • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
    • Follow the steps on screen to install the program on your computer.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Step 3

Please uninstall these programs via Control Panel > Add/Remove Programs (if present):

  • Java™ 6 Update 3
  • Adobe Flash Player 9 ActiveX
  • Adobe Reader 8.2.0
  • µTorrent

I recommend you remove your P2P program, µTorrent. They are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.


Step 4

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    O4 - HKCU..\Run: [Yahoo Messengger] C:\Windows\system32\SCVVHSOT.exe File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A
    @Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} 
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    
    :Reg 
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{002B1C9B-02DD-4BD2-9865-E82F98C1FA52}C:\users\ewanie\appdata\local\temp\winorab.exe"=-
    "TCP Query User{007D520E-CE76-4A6E-9AC8-D4E641EDE2EC}C:\users\ewanie\appdata\local\temp\gctnw.exe"=-
    "TCP Query User{026B7A24-6F26-42AA-A586-645D58441565}C:\users\ewanie\appdata\local\temp\winxxebkx.exe"=-
    "TCP Query User{055597DC-9FA8-4288-86CA-202B6A5088A3}C:\users\ewanie\appdata\local\temp\bnpn.exe"=-
    "TCP Query User{0589C260-7572-4DE3-B673-74C8500C94F1}C:\users\ewanie\appdata\local\temp\wincclsh.exe"=-
    "TCP Query User{05EE446E-131B-42EC-8132-3214B3712461}C:\users\ewanie\appdata\local\temp\winnitps.exe"=-
    "TCP Query User{078EEB9A-62CB-45BC-B3A5-364DC87A87C5}C:\users\ewanie\appdata\local\temp\winwgug.exe"=-
    "TCP Query User{07E66442-E3B3-4865-A8E3-4E208E92882F}C:\users\ewanie\appdata\local\temp\kjkqpr.exe"=-
    "TCP Query User{0960CB3A-17A3-4340-91DF-9AC994537D60}C:\users\ewanie\appdata\local\temp\winmcvp.exe"=-
    "TCP Query User{09A4C06A-AA2E-4C2E-B879-6D76CA19F619}C:\users\ewanie\appdata\local\temp\winxlldga.exe"=-
    "TCP Query User{0B370911-22E0-4204-947A-D3628CC997E0}C:\users\ewanie\appdata\local\temp\vkgxg.exe"=-
    "TCP Query User{0ED6C604-7580-4CB1-91B1-173DFEF69371}C:\users\ewanie\appdata\local\temp\winyeyd.exe"=-
    "TCP Query User{0FDA0341-7815-4D15-A878-F41076B77F1B}C:\users\ewanie\appdata\local\temp\winnavtq.exe"=-
    "TCP Query User{0FEAA6B5-CCF2-4941-A056-CE9CF29C5DF2}C:\users\ewanie\appdata\local\temp\wineovhgn.exe"=-
    "TCP Query User{134D47A0-F7D3-495F-8CBD-BE4B96B2B716}C:\users\ewanie\appdata\local\temp\winbootyy.exe"=-
    "TCP Query User{1DE874F6-EDEC-4884-A919-92B620CD0ABD}C:\users\ewanie\appdata\local\temp\lhmwa.exe"=-
    "TCP Query User{1FA97849-858F-4365-A1E0-9BD0B2F770C8}C:\users\ewanie\appdata\local\temp\winmmsly.exe"=-
    "TCP Query User{211D0876-5D95-4611-91AE-36E362541832}C:\users\ewanie\appdata\local\temp\winpwiwh.exe"=-
    "TCP Query User{2B9A8CAA-6E22-4442-8B63-A8D38891BD52}C:\users\ewanie\appdata\local\temp\winlkvo.exe"=-
    "TCP Query User{2CF0D45C-1CDF-4F7A-8745-833AB82E6CE1}C:\users\ewanie\appdata\local\temp\winkewq.exe"=-
    "TCP Query User{2E0B779E-707A-467B-892F-56E05AE5CE77}C:\users\ewanie\appdata\local\temp\rhud.exe"=-
    "TCP Query User{3AB41250-0A57-4BC3-A2A4-16026CE8AFAA}C:\users\ewanie\appdata\local\temp\wincvclwk.exe"=-
    "TCP Query User{3DFC36D0-F0FA-458C-AB68-0AD48B486F45}C:\users\ewanie\appdata\local\temp\winsadjay.exe"=-
    "TCP Query User{486AE1D4-8DA1-411B-A8E6-AF9470915C13}I:\music.exe"=-
    "TCP Query User{4B4C7E64-C243-49DA-90DD-4E4AE0897FC8}C:\users\ewanie\appdata\local\temp\winmqcpr.exe"=-
    "TCP Query User{4DF6BE4C-579E-4BD6-B436-B4E12C02D0C1}C:\users\ewanie\appdata\local\temp\winymtvb.exe"=-
    "TCP Query User{50E84207-6A4C-4C89-87F1-1FE8F57CD729}C:\users\ewanie\appdata\local\temp\qvfb.exe"=-
    "TCP Query User{55621035-963F-433E-A00D-7EF624B922AB}C:\users\ewanie\appdata\local\temp\winucci.exe"=-
    "TCP Query User{5941F712-2A65-4AD4-B8E9-813AA9F2C371}C:\users\ewanie\appdata\local\temp\winhahwro.exe"=-
    "TCP Query User{5E9827D9-F33F-44B9-AA38-AF7987A8993C}H:\music.exe"=-
    "TCP Query User{64BB1E7A-42C8-4D40-A856-1A068656AB99}C:\users\ewanie\appdata\local\temp\winpnoxy.exe"=-
    "TCP Query User{68BD322E-301B-407C-BAB7-19FCE368F969}C:\users\ewanie\appdata\local\temp\wingoplh.exe"=-
    "TCP Query User{6A1F9F30-3FDB-4C2C-AAE9-FEDDE21A0DC9}C:\users\ewanie\appdata\local\temp\yjoi.exe"=-
    "TCP Query User{6BF4A930-9C7D-4CC0-A3D6-1BB6707D1DA6}C:\users\ewanie\appdata\local\temp\dlwsip.exe"=-
    "TCP Query User{6F9A809D-86B0-4FE9-83B0-183C47269EBE}C:\users\ewanie\appdata\local\temp\winxsoxyn.exe"=-
    "TCP Query User{71326173-D82F-438E-BF31-0FE3A1EF06BD}C:\users\ewanie\appdata\local\temp\winijlei.exe"=-
    "TCP Query User{793784E9-5D99-4C10-9DDC-16B2E55281FF}C:\users\ewanie\appdata\local\temp\winyuhdf.exe"=-
    "TCP Query User{7A388CA0-3A43-474C-8756-A54D62C2B726}C:\users\ewanie\appdata\local\temp\winjyjxai.exe"=-
    "TCP Query User{7CDA0079-8893-4E61-BC3F-4876D00509A5}C:\users\ewanie\appdata\local\temp\winjjxms.exe"=-
    "TCP Query User{7EC50F80-CFFB-437D-9DA3-53F5859FE68D}C:\users\ewanie\appdata\local\temp\winvxstu.exe"=-
    "TCP Query User{8A865A58-5515-4C51-8EF9-747101FAD546}C:\users\ewanie\appdata\local\temp\ystxt.exe"=-
    "TCP Query User{8B5A5A42-5F49-46DE-A77A-B29495CF9BB2}C:\users\ewanie\appdata\local\temp\winynqny.exe"=-
    "TCP Query User{8CF7F59B-E48C-4F17-A2D1-6253C833CCCE}C:\users\ewanie\appdata\local\temp\hsci.exe"=-
    "TCP Query User{8D6DDF81-27BB-42C1-89AC-195F571B04DD}C:\users\ewanie\appdata\local\temp\dpuo.exe"=-
    "TCP Query User{8E880761-43E4-4679-9DBA-E1DA47E3BA33}C:\users\ewanie\appdata\local\temp\winycojuq.exe"=-
    "TCP Query User{8F65BC02-3837-4E98-9B50-F07F606D0D8E}C:\users\ewanie\appdata\local\temp\qldi.exe"=-
    "TCP Query User{94C557A8-F72B-45FD-AED5-7C309B805DA1}C:\users\ewanie\appdata\local\temp\winhhfh.exe"=-
    "TCP Query User{9B45C4CE-2B10-4974-A473-A0F9B5CA370B}C:\users\ewanie\appdata\local\temp\tvuyx.exe"=-
    "TCP Query User{9EB9F82D-FEA8-4B54-A92F-DDBB3E9C327D}C:\users\ewanie\appdata\local\temp\winrmgul.exe"=-
    "TCP Query User{9F6D05D3-34CA-463A-B503-5ED0FBF49424}C:\users\ewanie\appdata\local\temp\winennx.exe"=-
    "TCP Query User{A0AC3B94-A3A8-4F77-981E-768DEBF12EC9}C:\users\ewanie\appdata\local\temp\wincnwvd.exe"=-
    "TCP Query User{A1134EFE-1C72-45CB-AD6C-75D602ED3BA7}C:\users\ewanie\appdata\local\temp\winjcidg.exe"=-
    "TCP Query User{A1D7D716-4C4A-4172-A855-79DD00C36E8E}C:\users\ewanie\appdata\local\temp\rkowmy.exe"=-
    "TCP Query User{A9C5A98C-38A7-4163-9D3B-632FE577B1F9}C:\users\ewanie\appdata\local\temp\winwehukq.exe"=-
    "TCP Query User{AA4D4DA7-1981-45D8-9AD9-8C9844AF3893}C:\users\ewanie\appdata\local\temp\winowmy.exe"=-
    "TCP Query User{ABAED87A-40B5-4B70-B742-728A246395CA}C:\users\ewanie\appdata\local\temp\ccwcm.exe"=-
    "TCP Query User{AE75260C-E35D-4DCD-9F67-21DD26C3EF37}C:\users\ewanie\appdata\local\temp\winlneip.exe"=-
    "TCP Query User{AEA75748-4B65-486F-B5B1-971DFD816C36}C:\users\ewanie\appdata\local\temp\vcml.exe"=-
    "TCP Query User{AFA5057A-E4E0-4E16-B3DF-605301D0DEE8}C:\users\ewanie\appdata\local\temp\winyrgeq.exe"=-
    "TCP Query User{B3118242-9E13-47D0-871A-044D313C5A56}C:\users\ewanie\appdata\local\temp\wingoaf.exe"=-
    "TCP Query User{B3533A12-B3EB-4A05-AF60-783ED883AD27}C:\users\ewanie\appdata\local\temp\cgjonn.exe"=-
    "TCP Query User{B651062E-D860-436C-8FAB-679AD4E96A17}C:\users\ewanie\appdata\local\temp\winjjoceu.exe"=-
    "TCP Query User{C15AB151-14AA-4196-9830-7ABC7C0C48D7}C:\users\ewanie\appdata\local\temp\ddgl.exe"=-
    "TCP Query User{C1658E99-8BFB-4A4C-BD02-228D6578E4DF}C:\users\ewanie\appdata\local\temp\bgkw.exe"=-
    "TCP Query User{C194AAE6-1E6B-4657-A196-298077D091D0}C:\users\ewanie\appdata\local\temp\winmkmqr.exe”=-
    "TCP Query User{C48F2760-C633-4E82-B700-9D244732AE94}C:\users\ewanie\appdata\local\temp\windvsxh.exe"=-
    "TCP Query User{C9B94725-97CA-43EB-9FE7-7175151FA178}C:\users\ewanie\appdata\local\temp\kagfn.exe"=-
    "TCP Query User{CC9F25BC-F06B-4199-8A69-6EED41ACE516}C:\users\ewanie\appdata\local\temp\efhbyc.exe"=-
    "TCP Query User{CE66FD0B-57AA-40AD-9A98-72D27C4CCD57}C:\users\ewanie\appdata\local\temp\winfstrbk.exe"=-
    "TCP Query User{D0BD6FDB-D4D2-4067-A1C8-27B6C841EDD7}C:\users\ewanie\appdata\local\temp\winljilgj.exe"=-
    "TCP Query User{D3EC1861-832B-44FE-B2FF-3D2A14538374}C:\users\ewanie\appdata\local\temp\gccvk.exe"=-
    "TCP Query User{D580608D-888D-411E-8BC7-28EEC85972C3}C:\users\ewanie\appdata\local\temp\dvay.exe"=-
    "TCP Query User{D63188BC-C2E1-40A7-8334-590081EE7063}C:\users\ewanie\appdata\local\temp\winelifw.exe"=-
    "TCP Query User{D851A4F9-8361-4376-9C50-03EBAAB42DB1}C:\users\ewanie\appdata\local\temp\wingsmkml.exe"=-
    "TCP Query User{E0ED9EF7-69D4-4DE3-B0D3-8FF04393582D}C:\users\ewanie\appdata\local\temp\winwkem.exe"=-
    "TCP Query User{E16A190E-C77B-4E53-8D03-A06B53738E6E}C:\users\ewanie\appdata\local\temp\xwok.exe"=-
    "TCP Query User{E62CCA66-DF23-4854-A812-81E22D65567A}C:\users\ewanie\appdata\local\temp\winunitcn.exe"=-
    "TCP Query User{E6D255B5-1E2E-4705-BCDF-4FA932A2C4E3}C:\users\ewanie\appdata\local\temp\winllqk.exe"=-
    "TCP Query User{EAAEF287-D606-4B58-8A54-E59BDE28E1D3}C:\users\ewanie\appdata\local\temp\wfpih.exe"=-
    "TCP Query User{F33BBE90-8DAC-49D5-9B4A-A7E716A0B8B3}C:\users\ewanie\appdata\local\temp\qwcdch.exe"=-
    "TCP Query User{F3973009-01FF-41AC-8D49-DCB3AF7089EC}C:\users\ewanie\appdata\local\temp\winhusal.exe"=-
    "TCP Query User{F99741D5-EE16-47E1-A220-0FC3F9D2C7DB}C:\users\ewanie\appdata\local\temp\gmyjx.exe"=-
    "TCP Query User{FC078542-AD19-49BA-A2EC-EF696867A397}C:\users\ewanie\appdata\local\temp\enhrs.exe"=-
    "TCP Query User{FE4DF9DF-BE93-497E-BCF1-78A559D10D81}C:\users\ewanie\appdata\local\temp\sddoe.exe"=-
    "TCP Query User{FEA12824-22B7-472F-9F7E-462FA94EB794}C:\users\ewanie\appdata\local\temp\winaigmhu.exe"=-
    "TCP Query User{FF160059-2B4A-40E2-938F-D15F3817E2C4}C:\users\ewanie\appdata\local\temp\winfyoa.exe"=-
    "UDP Query User{051B8955-5E43-4830-B19E-8EEABFBF0C7F}C:\users\ewanie\appdata\local\temp\wincclsh.exe"=-
    "UDP Query User{06259494-C808-49A9-886E-1C247C402257}C:\users\ewanie\appdata\local\temp\winlkvo.exe"=-
    "UDP Query User{0E2C9ACA-0F6A-440D-B313-EE4A18DA7CC4}C:\users\ewanie\appdata\local\temp\winwkem.exe"=-
    "UDP Query User{10102AAB-703E-44F9-AE18-3C3A213A4D6C}C:\users\ewanie\appdata\local\temp\winpwiwh.exe"=-
    "UDP Query User{131B03E6-2242-46AB-B9D2-48C90756317B}C:\users\ewanie\appdata\local\temp\kjkqpr.exe"=-
    "UDP Query User{18FC4EA6-4DA7-4002-A343-29E9E99916BA}C:\users\ewanie\appdata\local\temp\winjjoceu.exe"=-
    "UDP Query User{1A33E578-75F2-4E10-939A-8C868AF461DE}C:\users\ewanie\appdata\local\temp\tvuyx.exe"=-
    "UDP Query User{1B20EBE3-26CB-4E72-9927-070B9AFCB8AA}C:\users\ewanie\appdata\local\temp\yjoi.exe"=-
    "UDP Query User{1B3BEB98-2DFB-4744-8F85-33C65A3A3E5A}C:\users\ewanie\appdata\local\temp\winhusal.exe"=-
    "UDP Query User{1FCAB14E-2E27-4D67-BDE9-112A46EC7F8A}C:\users\ewanie\appdata\local\temp\winlneip.exe"=-
    "UDP Query User{20504F36-B3F6-4E81-8CFA-7AD34CCC5C18}C:\users\ewanie\appdata\local\temp\wincvclwk.exe"=-
    "UDP Query User{223A534A-4682-46CC-9E1B-880394BAA433}C:\users\ewanie\appdata\local\temp\winllqk.exe"=-
    "UDP Query User{2503A975-365B-4B3B-9AD9-A06EBBBBEA69}C:\users\ewanie\appdata\local\temp\winbootyy.exe"=-
    "UDP Query User{25D154A4-ED93-47B9-AAF8-6ABADC8869BB}C:\users\ewanie\appdata\local\temp\qvfb.exe"=-
    "UDP Query User{2A279DB7-85CC-43E2-99C3-6586D454B560}C:\users\ewanie\appdata\local\temp\winkewq.exe"=-
    "UDP Query User{2A8B7143-96BC-4331-B7E2-62D48F7094AC}C:\users\ewanie\appdata\local\temp\winucci.exe"=-
    "UDP Query User{3070356C-6995-49A9-8C0F-4EC7F86425C1}C:\users\ewanie\appdata\local\temp\winxxebkx.exe"=-
    "UDP Query User{3091DBAA-48FB-421D-911E-492F0B3B85B7}C:\users\ewanie\appdata\local\temp\gmyjx.exe"=-
    "UDP Query User{32528F24-CB82-4885-93FB-DEE0CD195A5C}C:\users\ewanie\appdata\local\temp\winfstrbk.exe"=-
    "UDP Query User{3DF7F6E5-8781-4D55-BBB7-D256FEC870B5}C:\users\ewanie\appdata\local\temp\wingoplh.exe"=-
    "UDP Query User{3F3812D5-6CD1-4753-B35F-7F8B962A69F4}C:\users\ewanie\appdata\local\temp\bgkw.exe"=-
    "UDP Query User{494F81E1-2D0F-431D-AAFD-EE2C7174FB0B}C:\users\ewanie\appdata\local\temp\hsci.exe"=-
    "UDP Query User{4B9650E8-7D6D-4DA4-9524-593351435C1C}C:\users\ewanie\appdata\local\temp\efhbyc.exe"=-
    "UDP Query User{4F4D11B3-481F-4D39-BFAD-AD3B453CFCD6}C:\users\ewanie\appdata\local\temp\qldi.exe"=- 
    "UDP Query User{52494B2F-6029-42A3-8600-13C74026EF7F}C:\users\ewanie\appdata\local\temp\winjcidg.exe"=-
    "UDP Query User{52C90B49-9DEB-4EA6-A35E-18DEE2FD8BB4}C:\users\ewanie\appdata\local\temp\gctnw.exe"=-
    "UDP Query User{57FD7B92-6AE4-4B7E-9F86-FF1E0EAB6F27}C:\users\ewanie\appdata\local\temp\winorab.exe"=-
    "UDP Query User{5A255FF3-DD04-435B-A784-23659A2261FA}C:\users\ewanie\appdata\local\temp\winrmgul.exe"=-
    "UDP Query User{5B1D0B02-CA54-4B4D-9D6C-CB6652CCAB12}C:\users\ewanie\appdata\local\temp\dlwsip.exe"=-
    "UDP Query User{5BC50A5E-D152-490B-8C92-A8CF9268357E}C:\users\ewanie\appdata\local\temp\winijlei.exe"=-
    "UDP Query User{5E3D818F-4F4A-4E48-AD50-10955B5ED2F9}C:\users\ewanie\appdata\local\temp\enhrs.exe"=-
    "UDP Query User{61FF397D-8339-42AD-8367-935491ADF26F}C:\users\ewanie\appdata\local\temp\dpuo.exe"=-
    "UDP Query User{6909C380-B561-471D-8401-E0C8D39CB0D0}C:\users\ewanie\appdata\local\temp\winycojuq.exe"=-
    "UDP Query User{69A9A193-7570-4B6D-BBEC-6029DFCDD77D}C:\users\ewanie\appdata\local\temp\windvsxh.exe"=-
    "UDP Query User{783B6A21-6398-4CA9-8DE5-98E38D9FBDB7}C:\users\ewanie\appdata\local\temp\winymtvb.exe"=-
    "UDP Query User{7887EF43-05A6-4150-A9C9-BC7A7C3E3CE4}C:\users\ewanie\appdata\local\temp\wingsmkml.exe"=-
    "UDP Query User{7A372559-74D2-4D8A-A148-C9B9F75CCEDA}C:\users\ewanie\appdata\local\temp\winyrgeq.exe"=-
    "UDP Query User{807FF827-DB6A-48E8-B8D5-0222320AE692}C:\users\ewanie\appdata\local\temp\winyeyd.exe"=-
    "UDP Query User{81A6B690-C2A1-4604-8E01-628A459EF091}C:\users\ewanie\appdata\local\temp\winennx.exe"=-
    "UDP Query User{85B6C61C-49CE-47A6-9635-7E2871EF2E23}C:\users\ewanie\appdata\local\temp\winnavtq.exe"=-
    "UDP Query User{879068D5-EA6D-40FD-9740-236764BBED3D}C:\users\ewanie\appdata\local\temp\dvay.exe"=-
    "UDP Query User{88B7987B-26DE-4AA2-8F75-F8BBD30F1A6C}C:\users\ewanie\appdata\local\temp\vcml.exe"=-
    "UDP Query User{89E0D369-CAF3-4FA8-9107-71AB9A77A4F6}C:\users\ewanie\appdata\local\temp\winhhfh.exe"=-
    "UDP Query User{8AD8CBC0-A482-495D-8244-D64F41570445}C:\users\ewanie\appdata\local\temp\winmcvp.exe"=-
    "UDP Query User{8C35EC9B-2BEF-4971-9DC5-7EBD6D8B1513}C:\users\ewanie\appdata\local\temp\lhmwa.exe"=-
    "UDP Query User{8CF5C3CA-392E-454A-BC31-946F035AD9C3}C:\users\ewanie\appdata\local\temp\cgjonn.exe"=-
    "UDP Query User{8E700707-33DC-47FE-9186-BC748B35E1C6}C:\users\ewanie\appdata\local\temp\winnitps.exe"=-
    "UDP Query User{8EBC15C0-A284-4C9D-91AE-5985D012DFED}C:\users\ewanie\appdata\local\temp\winowmy.exe"=-
    "UDP Query User{90B9B62A-969D-4520-A7BC-B0F17F0FCFB3}C:\users\ewanie\appdata\local\temp\wfpih.exe"=-
    "UDP Query User{93FBCFDA-6D2C-4536-B4FD-4728ACACA7E5}C:\users\ewanie\appdata\local\temp\sddoe.exe"=-
    "UDP Query User{99F28409-D3CF-4754-A921-2355C40E367E}C:\users\ewanie\appdata\local\temp\winynqny.exe"=-
    "UDP Query User{9F962162-685C-46B3-9F4C-FC93885E8688}C:\users\ewanie\appdata\local\temp\winjyjxai.exe"=-
    "UDP Query User{A0EFCF05-B623-45F1-8036-844179AE581F}C:\users\ewanie\appdata\local\temp\qwcdch.exe"=-
    "UDP Query User{A2E14AB7-7ED6-4C66-861C-2741B06C274A}C:\users\ewanie\appdata\local\temp\winpnoxy.exe"=-
    "UDP Query User{A321488D-FFAC-47B9-BEE8-835394EF2938}C:\users\ewanie\appdata\local\temp\winfyoa.exe"=-
    "UDP Query User{A4B4467B-E2BE-4334-88E7-8ED71A91DF12}C:\users\ewanie\appdata\local\temp\wineovhgn.exe"=-
    "UDP Query User{A83AF39B-2083-42D2-82CC-9691C0BA540A}C:\users\ewanie\appdata\local\temp\winjjxms.exe"=-
    "UDP Query User{ABD2BF8B-766F-4BC2-8920-5396E3FF3182}C:\users\ewanie\appdata\local\temp\winmkmqr.exe"=-
    "UDP Query User{AE5954AC-C7FB-47A4-835C-C4704EB2682B}C:\users\ewanie\appdata\local\temp\rhud.exe"=-
    "UDP Query User{AECA2DB6-A21D-455C-82BB-7B86104333CA}C:\users\ewanie\appdata\local\temp\kagfn.exe"=-
    "UDP Query User{B4D250F7-51DD-4DC1-88D1-4D42740CE9C8}C:\users\ewanie\appdata\local\temp\winwehukq.exe"=-
    "UDP Query User{B4E698D2-F7F4-4797-9EEC-67DAEA7CD219}C:\users\ewanie\appdata\local\temp\winunitcn.exe"=-
    "UDP Query User{BC03A618-79C0-43C4-AABD-102540430476}C:\users\ewanie\appdata\local\temp\gccvk.exe"=-
    "UDP Query User{BD026D2C-8F85-4999-B05B-AD2FB93FC71A}C:\users\ewanie\appdata\local\temp\xwok.exe"=-
    "UDP Query User{BF362179-B001-42FF-87AC-16028F5B2EFB}C:\users\ewanie\appdata\local\temp\winvxstu.exe"=-
    "UDP Query User{BF7769B2-A0F7-4065-8CBB-701DED526175}C:\users\ewanie\appdata\local\temp\winhahwro.exe"=-
    "UDP Query User{C1777712-A1C4-49F7-A8E5-4542ACA2A11D}H:\music.exe"=-
    "UDP Query User{C44289CA-E16E-4A14-BACB-AFF3CEF173A6}C:\users\ewanie\appdata\local\temp\winelifw.exe"=-
    "UDP Query User{C6255CFE-A1EB-4388-85E3-612B883119D1}I:\music.exe"=-
    "UDP Query User{C8894BC8-2284-40A8-AB45-38643D585653}C:\users\ewanie\appdata\local\temp\bnpn.exe"=-
    "UDP Query User{CA5C539E-3ADD-467F-A48D-F70C3E5A2989}C:\users\ewanie\appdata\local\temp\ddgl.exe"=-
    "UDP Query User{CB0C88E0-168A-4D55-AEDF-6B4EEF931AA3}C:\users\ewanie\appdata\local\temp\winaigmhu.exe"=-
    "UDP Query User{CC67C72A-EBFA-4A78-B47B-BFC92D6CF538}C:\users\ewanie\appdata\local\temp\winmqcpr.exe"=-
    "UDP Query User{D05E08DC-0623-4B1D-9FE3-7FE9C202D1D5}C:\users\ewanie\appdata\local\temp\vkgxg.exe"=-
    "UDP Query User{D2CD7038-5E4A-4DEE-AEA6-C2F71D7F80B8}C:\users\ewanie\appdata\local\temp\wincnwvd.exe"=-
    "UDP Query User{D3BF27A8-528F-4F71-AFAB-09AB9F36ADA0}C:\users\ewanie\appdata\local\temp\winljilgj.exe"=-
    "UDP Query User{D65DCF5B-5AA2-4337-8ACF-D40575B4136B}C:\users\ewanie\appdata\local\temp\winmmsly.exe"=-
    "UDP Query User{D978142D-4765-49C4-8BB3-9325487215DB}C:\users\ewanie\appdata\local\temp\ccwcm.exe"=-
    "UDP Query User{DBE38C86-508A-41D6-BBFB-786182899F89}C:\users\ewanie\appdata\local\temp\winyuhdf.exe"=-
    "UDP Query User{DDD6D712-E557-4CDA-91A0-6575DF2D827B}C:\users\ewanie\appdata\local\temp\ystxt.exe"=-
    "UDP Query User{E49EFB6A-EE23-4BBA-BACC-13A4ACFF814D}C:\users\ewanie\appdata\local\temp\wingoaf.exe"=-
    "UDP Query User{E600B0CA-4B35-484E-BBB0-A51197BFE639}C:\users\ewanie\appdata\local\temp\winxlldga.exe"=-
    "UDP Query User{E911D784-50E6-4CE4-AA2C-35A10C36E067}C:\users\ewanie\appdata\local\temp\winwgug.exe"=-
    "UDP Query User{EA33C351-81A2-4392-B19F-F97743F3B9F6}C:\users\ewanie\appdata\local\temp\winsadjay.exe"=-
    "UDP Query User{F2341E61-E7C5-4F0A-9EBB-80C97F7CEFB4}C:\users\ewanie\appdata\local\temp\winxsoxyn.exe"=-
    "UDP Query User{FEC3D0C8-2852-446E-8C22-B91B1BAD70B2}C:\users\ewanie\appdata\local\temp\rkowmy.exe"=-
     
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 5

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If aswMBR asks to download definitions and conduct a scan, allow it to do so.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Things I want to see in your next reply

  • exehelperlog.txt
  • OTL Fix Log
  • OTL.txt
  • aswMBR.txt

  • 0

#8
Hadzrin Aqmal

Hadzrin Aqmal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
for step 1:

exeHelper by Raktor
Build 20100414
Run at 18:24:13 on 11/22/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--




for step 4:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo Messengger not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:517B507A .
Unable to delete ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} .
File/Folder C:\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{002B1C9B-02DD-4BD2-9865-E82F98C1FA52}C:\users\ewanie\appdata\local\temp\winorab.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{007D520E-CE76-4A6E-9AC8-D4E641EDE2EC}C:\users\ewanie\appdata\local\temp\gctnw.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{026B7A24-6F26-42AA-A586-645D58441565}C:\users\ewanie\appdata\local\temp\winxxebkx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{055597DC-9FA8-4288-86CA-202B6A5088A3}C:\users\ewanie\appdata\local\temp\bnpn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0589C260-7572-4DE3-B673-74C8500C94F1}C:\users\ewanie\appdata\local\temp\wincclsh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{05EE446E-131B-42EC-8132-3214B3712461}C:\users\ewanie\appdata\local\temp\winnitps.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{078EEB9A-62CB-45BC-B3A5-364DC87A87C5}C:\users\ewanie\appdata\local\temp\winwgug.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{07E66442-E3B3-4865-A8E3-4E208E92882F}C:\users\ewanie\appdata\local\temp\kjkqpr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0960CB3A-17A3-4340-91DF-9AC994537D60}C:\users\ewanie\appdata\local\temp\winmcvp.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{09A4C06A-AA2E-4C2E-B879-6D76CA19F619}C:\users\ewanie\appdata\local\temp\winxlldga.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0B370911-22E0-4204-947A-D3628CC997E0}C:\users\ewanie\appdata\local\temp\vkgxg.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0ED6C604-7580-4CB1-91B1-173DFEF69371}C:\users\ewanie\appdata\local\temp\winyeyd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0FDA0341-7815-4D15-A878-F41076B77F1B}C:\users\ewanie\appdata\local\temp\winnavtq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0FEAA6B5-CCF2-4941-A056-CE9CF29C5DF2}C:\users\ewanie\appdata\local\temp\wineovhgn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{134D47A0-F7D3-495F-8CBD-BE4B96B2B716}C:\users\ewanie\appdata\local\temp\winbootyy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1DE874F6-EDEC-4884-A919-92B620CD0ABD}C:\users\ewanie\appdata\local\temp\lhmwa.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1FA97849-858F-4365-A1E0-9BD0B2F770C8}C:\users\ewanie\appdata\local\temp\winmmsly.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{211D0876-5D95-4611-91AE-36E362541832}C:\users\ewanie\appdata\local\temp\winpwiwh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2B9A8CAA-6E22-4442-8B63-A8D38891BD52}C:\users\ewanie\appdata\local\temp\winlkvo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2CF0D45C-1CDF-4F7A-8745-833AB82E6CE1}C:\users\ewanie\appdata\local\temp\winkewq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2E0B779E-707A-467B-892F-56E05AE5CE77}C:\users\ewanie\appdata\local\temp\rhud.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3AB41250-0A57-4BC3-A2A4-16026CE8AFAA}C:\users\ewanie\appdata\local\temp\wincvclwk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3DFC36D0-F0FA-458C-AB68-0AD48B486F45}C:\users\ewanie\appdata\local\temp\winsadjay.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{486AE1D4-8DA1-411B-A8E6-AF9470915C13}I:\music.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4B4C7E64-C243-49DA-90DD-4E4AE0897FC8}C:\users\ewanie\appdata\local\temp\winmqcpr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4DF6BE4C-579E-4BD6-B436-B4E12C02D0C1}C:\users\ewanie\appdata\local\temp\winymtvb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50E84207-6A4C-4C89-87F1-1FE8F57CD729}C:\users\ewanie\appdata\local\temp\qvfb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{55621035-963F-433E-A00D-7EF624B922AB}C:\users\ewanie\appdata\local\temp\winucci.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5941F712-2A65-4AD4-B8E9-813AA9F2C371}C:\users\ewanie\appdata\local\temp\winhahwro.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5E9827D9-F33F-44B9-AA38-AF7987A8993C}H:\music.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{64BB1E7A-42C8-4D40-A856-1A068656AB99}C:\users\ewanie\appdata\local\temp\winpnoxy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{68BD322E-301B-407C-BAB7-19FCE368F969}C:\users\ewanie\appdata\local\temp\wingoplh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6A1F9F30-3FDB-4C2C-AAE9-FEDDE21A0DC9}C:\users\ewanie\appdata\local\temp\yjoi.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6BF4A930-9C7D-4CC0-A3D6-1BB6707D1DA6}C:\users\ewanie\appdata\local\temp\dlwsip.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6F9A809D-86B0-4FE9-83B0-183C47269EBE}C:\users\ewanie\appdata\local\temp\winxsoxyn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{71326173-D82F-438E-BF31-0FE3A1EF06BD}C:\users\ewanie\appdata\local\temp\winijlei.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{793784E9-5D99-4C10-9DDC-16B2E55281FF}C:\users\ewanie\appdata\local\temp\winyuhdf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7A388CA0-3A43-474C-8756-A54D62C2B726}C:\users\ewanie\appdata\local\temp\winjyjxai.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7CDA0079-8893-4E61-BC3F-4876D00509A5}C:\users\ewanie\appdata\local\temp\winjjxms.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7EC50F80-CFFB-437D-9DA3-53F5859FE68D}C:\users\ewanie\appdata\local\temp\winvxstu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8A865A58-5515-4C51-8EF9-747101FAD546}C:\users\ewanie\appdata\local\temp\ystxt.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8B5A5A42-5F49-46DE-A77A-B29495CF9BB2}C:\users\ewanie\appdata\local\temp\winynqny.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8CF7F59B-E48C-4F17-A2D1-6253C833CCCE}C:\users\ewanie\appdata\local\temp\hsci.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8D6DDF81-27BB-42C1-89AC-195F571B04DD}C:\users\ewanie\appdata\local\temp\dpuo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8E880761-43E4-4679-9DBA-E1DA47E3BA33}C:\users\ewanie\appdata\local\temp\winycojuq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8F65BC02-3837-4E98-9B50-F07F606D0D8E}C:\users\ewanie\appdata\local\temp\qldi.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{94C557A8-F72B-45FD-AED5-7C309B805DA1}C:\users\ewanie\appdata\local\temp\winhhfh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B45C4CE-2B10-4974-A473-A0F9B5CA370B}C:\users\ewanie\appdata\local\temp\tvuyx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9EB9F82D-FEA8-4B54-A92F-DDBB3E9C327D}C:\users\ewanie\appdata\local\temp\winrmgul.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9F6D05D3-34CA-463A-B503-5ED0FBF49424}C:\users\ewanie\appdata\local\temp\winennx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A0AC3B94-A3A8-4F77-981E-768DEBF12EC9}C:\users\ewanie\appdata\local\temp\wincnwvd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A1134EFE-1C72-45CB-AD6C-75D602ED3BA7}C:\users\ewanie\appdata\local\temp\winjcidg.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A1D7D716-4C4A-4172-A855-79DD00C36E8E}C:\users\ewanie\appdata\local\temp\rkowmy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A9C5A98C-38A7-4163-9D3B-632FE577B1F9}C:\users\ewanie\appdata\local\temp\winwehukq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AA4D4DA7-1981-45D8-9AD9-8C9844AF3893}C:\users\ewanie\appdata\local\temp\winowmy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ABAED87A-40B5-4B70-B742-728A246395CA}C:\users\ewanie\appdata\local\temp\ccwcm.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AE75260C-E35D-4DCD-9F67-21DD26C3EF37}C:\users\ewanie\appdata\local\temp\winlneip.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AEA75748-4B65-486F-B5B1-971DFD816C36}C:\users\ewanie\appdata\local\temp\vcml.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AFA5057A-E4E0-4E16-B3DF-605301D0DEE8}C:\users\ewanie\appdata\local\temp\winyrgeq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B3118242-9E13-47D0-871A-044D313C5A56}C:\users\ewanie\appdata\local\temp\wingoaf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B3533A12-B3EB-4A05-AF60-783ED883AD27}C:\users\ewanie\appdata\local\temp\cgjonn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B651062E-D860-436C-8FAB-679AD4E96A17}C:\users\ewanie\appdata\local\temp\winjjoceu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C15AB151-14AA-4196-9830-7ABC7C0C48D7}C:\users\ewanie\appdata\local\temp\ddgl.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C1658E99-8BFB-4A4C-BD02-228D6578E4DF}C:\users\ewanie\appdata\local\temp\bgkw.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C48F2760-C633-4E82-B700-9D244732AE94}C:\users\ewanie\appdata\local\temp\windvsxh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C9B94725-97CA-43EB-9FE7-7175151FA178}C:\users\ewanie\appdata\local\temp\kagfn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CC9F25BC-F06B-4199-8A69-6EED41ACE516}C:\users\ewanie\appdata\local\temp\efhbyc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CE66FD0B-57AA-40AD-9A98-72D27C4CCD57}C:\users\ewanie\appdata\local\temp\winfstrbk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D0BD6FDB-D4D2-4067-A1C8-27B6C841EDD7}C:\users\ewanie\appdata\local\temp\winljilgj.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D3EC1861-832B-44FE-B2FF-3D2A14538374}C:\users\ewanie\appdata\local\temp\gccvk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D580608D-888D-411E-8BC7-28EEC85972C3}C:\users\ewanie\appdata\local\temp\dvay.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D63188BC-C2E1-40A7-8334-590081EE7063}C:\users\ewanie\appdata\local\temp\winelifw.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D851A4F9-8361-4376-9C50-03EBAAB42DB1}C:\users\ewanie\appdata\local\temp\wingsmkml.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E0ED9EF7-69D4-4DE3-B0D3-8FF04393582D}C:\users\ewanie\appdata\local\temp\winwkem.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E16A190E-C77B-4E53-8D03-A06B53738E6E}C:\users\ewanie\appdata\local\temp\xwok.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E62CCA66-DF23-4854-A812-81E22D65567A}C:\users\ewanie\appdata\local\temp\winunitcn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E6D255B5-1E2E-4705-BCDF-4FA932A2C4E3}C:\users\ewanie\appdata\local\temp\winllqk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EAAEF287-D606-4B58-8A54-E59BDE28E1D3}C:\users\ewanie\appdata\local\temp\wfpih.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F33BBE90-8DAC-49D5-9B4A-A7E716A0B8B3}C:\users\ewanie\appdata\local\temp\qwcdch.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F3973009-01FF-41AC-8D49-DCB3AF7089EC}C:\users\ewanie\appdata\local\temp\winhusal.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F99741D5-EE16-47E1-A220-0FC3F9D2C7DB}C:\users\ewanie\appdata\local\temp\gmyjx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FC078542-AD19-49BA-A2EC-EF696867A397}C:\users\ewanie\appdata\local\temp\enhrs.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FE4DF9DF-BE93-497E-BCF1-78A559D10D81}C:\users\ewanie\appdata\local\temp\sddoe.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FEA12824-22B7-472F-9F7E-462FA94EB794}C:\users\ewanie\appdata\local\temp\winaigmhu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FF160059-2B4A-40E2-938F-D15F3817E2C4}C:\users\ewanie\appdata\local\temp\winfyoa.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{051B8955-5E43-4830-B19E-8EEABFBF0C7F}C:\users\ewanie\appdata\local\temp\wincclsh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{06259494-C808-49A9-886E-1C247C402257}C:\users\ewanie\appdata\local\temp\winlkvo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0E2C9ACA-0F6A-440D-B313-EE4A18DA7CC4}C:\users\ewanie\appdata\local\temp\winwkem.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{10102AAB-703E-44F9-AE18-3C3A213A4D6C}C:\users\ewanie\appdata\local\temp\winpwiwh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{131B03E6-2242-46AB-B9D2-48C90756317B}C:\users\ewanie\appdata\local\temp\kjkqpr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{18FC4EA6-4DA7-4002-A343-29E9E99916BA}C:\users\ewanie\appdata\local\temp\winjjoceu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1A33E578-75F2-4E10-939A-8C868AF461DE}C:\users\ewanie\appdata\local\temp\tvuyx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B20EBE3-26CB-4E72-9927-070B9AFCB8AA}C:\users\ewanie\appdata\local\temp\yjoi.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B3BEB98-2DFB-4744-8F85-33C65A3A3E5A}C:\users\ewanie\appdata\local\temp\winhusal.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1FCAB14E-2E27-4D67-BDE9-112A46EC7F8A}C:\users\ewanie\appdata\local\temp\winlneip.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{20504F36-B3F6-4E81-8CFA-7AD34CCC5C18}C:\users\ewanie\appdata\local\temp\wincvclwk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{223A534A-4682-46CC-9E1B-880394BAA433}C:\users\ewanie\appdata\local\temp\winllqk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2503A975-365B-4B3B-9AD9-A06EBBBBEA69}C:\users\ewanie\appdata\local\temp\winbootyy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25D154A4-ED93-47B9-AAF8-6ABADC8869BB}C:\users\ewanie\appdata\local\temp\qvfb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2A279DB7-85CC-43E2-99C3-6586D454B560}C:\users\ewanie\appdata\local\temp\winkewq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2A8B7143-96BC-4331-B7E2-62D48F7094AC}C:\users\ewanie\appdata\local\temp\winucci.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3070356C-6995-49A9-8C0F-4EC7F86425C1}C:\users\ewanie\appdata\local\temp\winxxebkx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3091DBAA-48FB-421D-911E-492F0B3B85B7}C:\users\ewanie\appdata\local\temp\gmyjx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{32528F24-CB82-4885-93FB-DEE0CD195A5C}C:\users\ewanie\appdata\local\temp\winfstrbk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3DF7F6E5-8781-4D55-BBB7-D256FEC870B5}C:\users\ewanie\appdata\local\temp\wingoplh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3F3812D5-6CD1-4753-B35F-7F8B962A69F4}C:\users\ewanie\appdata\local\temp\bgkw.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{494F81E1-2D0F-431D-AAFD-EE2C7174FB0B}C:\users\ewanie\appdata\local\temp\hsci.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4B9650E8-7D6D-4DA4-9524-593351435C1C}C:\users\ewanie\appdata\local\temp\efhbyc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4F4D11B3-481F-4D39-BFAD-AD3B453CFCD6}C:\users\ewanie\appdata\local\temp\qldi.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{52494B2F-6029-42A3-8600-13C74026EF7F}C:\users\ewanie\appdata\local\temp\winjcidg.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{52C90B49-9DEB-4EA6-A35E-18DEE2FD8BB4}C:\users\ewanie\appdata\local\temp\gctnw.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{57FD7B92-6AE4-4B7E-9F86-FF1E0EAB6F27}C:\users\ewanie\appdata\local\temp\winorab.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5A255FF3-DD04-435B-A784-23659A2261FA}C:\users\ewanie\appdata\local\temp\winrmgul.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5B1D0B02-CA54-4B4D-9D6C-CB6652CCAB12}C:\users\ewanie\appdata\local\temp\dlwsip.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5BC50A5E-D152-490B-8C92-A8CF9268357E}C:\users\ewanie\appdata\local\temp\winijlei.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5E3D818F-4F4A-4E48-AD50-10955B5ED2F9}C:\users\ewanie\appdata\local\temp\enhrs.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{61FF397D-8339-42AD-8367-935491ADF26F}C:\users\ewanie\appdata\local\temp\dpuo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6909C380-B561-471D-8401-E0C8D39CB0D0}C:\users\ewanie\appdata\local\temp\winycojuq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{69A9A193-7570-4B6D-BBEC-6029DFCDD77D}C:\users\ewanie\appdata\local\temp\windvsxh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{783B6A21-6398-4CA9-8DE5-98E38D9FBDB7}C:\users\ewanie\appdata\local\temp\winymtvb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7887EF43-05A6-4150-A9C9-BC7A7C3E3CE4}C:\users\ewanie\appdata\local\temp\wingsmkml.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A372559-74D2-4D8A-A148-C9B9F75CCEDA}C:\users\ewanie\appdata\local\temp\winyrgeq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{807FF827-DB6A-48E8-B8D5-0222320AE692}C:\users\ewanie\appdata\local\temp\winyeyd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{81A6B690-C2A1-4604-8E01-628A459EF091}C:\users\ewanie\appdata\local\temp\winennx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{85B6C61C-49CE-47A6-9635-7E2871EF2E23}C:\users\ewanie\appdata\local\temp\winnavtq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{879068D5-EA6D-40FD-9740-236764BBED3D}C:\users\ewanie\appdata\local\temp\dvay.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{88B7987B-26DE-4AA2-8F75-F8BBD30F1A6C}C:\users\ewanie\appdata\local\temp\vcml.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{89E0D369-CAF3-4FA8-9107-71AB9A77A4F6}C:\users\ewanie\appdata\local\temp\winhhfh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8AD8CBC0-A482-495D-8244-D64F41570445}C:\users\ewanie\appdata\local\temp\winmcvp.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8C35EC9B-2BEF-4971-9DC5-7EBD6D8B1513}C:\users\ewanie\appdata\local\temp\lhmwa.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8CF5C3CA-392E-454A-BC31-946F035AD9C3}C:\users\ewanie\appdata\local\temp\cgjonn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E700707-33DC-47FE-9186-BC748B35E1C6}C:\users\ewanie\appdata\local\temp\winnitps.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8EBC15C0-A284-4C9D-91AE-5985D012DFED}C:\users\ewanie\appdata\local\temp\winowmy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{90B9B62A-969D-4520-A7BC-B0F17F0FCFB3}C:\users\ewanie\appdata\local\temp\wfpih.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{93FBCFDA-6D2C-4536-B4FD-4728ACACA7E5}C:\users\ewanie\appdata\local\temp\sddoe.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{99F28409-D3CF-4754-A921-2355C40E367E}C:\users\ewanie\appdata\local\temp\winynqny.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9F962162-685C-46B3-9F4C-FC93885E8688}C:\users\ewanie\appdata\local\temp\winjyjxai.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A0EFCF05-B623-45F1-8036-844179AE581F}C:\users\ewanie\appdata\local\temp\qwcdch.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A2E14AB7-7ED6-4C66-861C-2741B06C274A}C:\users\ewanie\appdata\local\temp\winpnoxy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A321488D-FFAC-47B9-BEE8-835394EF2938}C:\users\ewanie\appdata\local\temp\winfyoa.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A4B4467B-E2BE-4334-88E7-8ED71A91DF12}C:\users\ewanie\appdata\local\temp\wineovhgn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A83AF39B-2083-42D2-82CC-9691C0BA540A}C:\users\ewanie\appdata\local\temp\winjjxms.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ABD2BF8B-766F-4BC2-8920-5396E3FF3182}C:\users\ewanie\appdata\local\temp\winmkmqr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AE5954AC-C7FB-47A4-835C-C4704EB2682B}C:\users\ewanie\appdata\local\temp\rhud.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AECA2DB6-A21D-455C-82BB-7B86104333CA}C:\users\ewanie\appdata\local\temp\kagfn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B4D250F7-51DD-4DC1-88D1-4D42740CE9C8}C:\users\ewanie\appdata\local\temp\winwehukq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B4E698D2-F7F4-4797-9EEC-67DAEA7CD219}C:\users\ewanie\appdata\local\temp\winunitcn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC03A618-79C0-43C4-AABD-102540430476}C:\users\ewanie\appdata\local\temp\gccvk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BD026D2C-8F85-4999-B05B-AD2FB93FC71A}C:\users\ewanie\appdata\local\temp\xwok.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BF362179-B001-42FF-87AC-16028F5B2EFB}C:\users\ewanie\appdata\local\temp\winvxstu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BF7769B2-A0F7-4065-8CBB-701DED526175}C:\users\ewanie\appdata\local\temp\winhahwro.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C1777712-A1C4-49F7-A8E5-4542ACA2A11D}H:\music.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C44289CA-E16E-4A14-BACB-AFF3CEF173A6}C:\users\ewanie\appdata\local\temp\winelifw.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6255CFE-A1EB-4388-85E3-612B883119D1}I:\music.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C8894BC8-2284-40A8-AB45-38643D585653}C:\users\ewanie\appdata\local\temp\bnpn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CA5C539E-3ADD-467F-A48D-F70C3E5A2989}C:\users\ewanie\appdata\local\temp\ddgl.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB0C88E0-168A-4D55-AEDF-6B4EEF931AA3}C:\users\ewanie\appdata\local\temp\winaigmhu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CC67C72A-EBFA-4A78-B47B-BFC92D6CF538}C:\users\ewanie\appdata\local\temp\winmqcpr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D05E08DC-0623-4B1D-9FE3-7FE9C202D1D5}C:\users\ewanie\appdata\local\temp\vkgxg.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D2CD7038-5E4A-4DEE-AEA6-C2F71D7F80B8}C:\users\ewanie\appdata\local\temp\wincnwvd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D3BF27A8-528F-4F71-AFAB-09AB9F36ADA0}C:\users\ewanie\appdata\local\temp\winljilgj.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D65DCF5B-5AA2-4337-8ACF-D40575B4136B}C:\users\ewanie\appdata\local\temp\winmmsly.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D978142D-4765-49C4-8BB3-9325487215DB}C:\users\ewanie\appdata\local\temp\ccwcm.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DBE38C86-508A-41D6-BBFB-786182899F89}C:\users\ewanie\appdata\local\temp\winyuhdf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DDD6D712-E557-4CDA-91A0-6575DF2D827B}C:\users\ewanie\appdata\local\temp\ystxt.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E49EFB6A-EE23-4BBA-BACC-13A4ACFF814D}C:\users\ewanie\appdata\local\temp\wingoaf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E600B0CA-4B35-484E-BBB0-A51197BFE639}C:\users\ewanie\appdata\local\temp\winxlldga.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E911D784-50E6-4CE4-AA2C-35A10C36E067}C:\users\ewanie\appdata\local\temp\winwgug.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EA33C351-81A2-4392-B19F-F97743F3B9F6}C:\users\ewanie\appdata\local\temp\winsadjay.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F2341E61-E7C5-4F0A-9EBB-80C97F7CEFB4}C:\users\ewanie\appdata\local\temp\winxsoxyn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FEC3D0C8-2852-446E-8C22-B91B1BAD70B2}C:\users\ewanie\appdata\local\temp\rkowmy.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ewanie\Downloads\cmd.bat deleted successfully.
C:\Users\ewanie\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ewanie
->Temp folder emptied: 48216 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9392124 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ewanie
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11222011_195806

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_DfpIftdomZhnnUO not found!
File\Folder C:\Windows\temp\mcafee_yxI6WGlUbLEyTZo not found!
File\Folder C:\Windows\temp\mcmsc_HM7WUFhPy2bXH4q not found!
File\Folder C:\Windows\temp\mcmsc_T51iOimoXYhoJ9m not found!
C:\Windows\temp\sqlite_qfwbks9zXw7nO4D moved successfully.
C:\Windows\temp\sqlite_SYKo819HvB6xBZ1 moved successfully.

Registry entries deleted on Reboot...



<>


OTL logfile created on: 22/11/2011 7:43:15 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ewanie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

1013.69 Mb Total Physical Memory | 90.23 Mb Available Physical Memory | 8.90% Memory free
2.24 Gb Paging File | 0.82 Gb Available in Paging File | 36.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.06 Gb Total Space | 111.87 Gb Free Space | 63.18% Space Free | Partition Type: NTFS
Drive G: | 29.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: EWANIE-PC | User Name: ewanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 01:42:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ewanie\Downloads\OTL.exe
PRC - [2011/11/10 18:07:27 | 000,192,512 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
PRC - [2010/10/07 04:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/11 05:14:54 | 000,335,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/03/11 05:14:54 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/03/08 02:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/02/23 08:38:50 | 000,192,512 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/23 08:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/02/23 08:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2008/02/16 02:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/02/16 02:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/02/16 02:56:50 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/16 18:46:08 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/10 07:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/27 08:35:46 | 000,415,584 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
PRC - [2007/12/15 04:57:36 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/12/13 23:32:00 | 004,243,232 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2007/12/12 03:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/12/06 01:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/27 01:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/22 03:38:28 | 000,380,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/11/02 10:12:38 | 000,652,624 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/02 10:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/09/11 15:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 11:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 11:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/07/25 03:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/19 06:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 13:39:54 | 000,420,920 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 13:39:53 | 003,702,840 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 13:38:16 | 000,122,952 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 13:38:15 | 000,222,280 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 13:38:14 | 001,746,504 | ---- | M] () -- C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/10 18:07:27 | 000,192,512 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MOD - [2010/10/05 01:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\zlib.dll
MOD - [2010/10/05 01:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010/10/05 01:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\DockShellHook.dll
MOD - [2009/07/02 17:43:28 | 000,159,744 | ---- | M] () -- C:\Program Files\Maxis Broadband\SMSPlugin.dll
MOD - [2009/03/11 16:42:14 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2009/03/11 16:40:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2009/03/11 16:39:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2009/03/11 16:38:18 | 000,098,304 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2009/03/11 16:36:36 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MOD - [2009/03/11 16:34:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MOD - [2009/03/11 16:33:32 | 000,176,128 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2009/03/11 16:17:14 | 000,864,256 | ---- | M] () -- C:\Program Files\Maxis Broadband\NDISAPI.dll
MOD - [2009/03/10 20:08:16 | 000,155,648 | R--- | M] () -- C:\Program Files\Maxis Broadband\DetectDev.dll
MOD - [2009/03/10 20:08:16 | 000,061,440 | R--- | M] () -- C:\Program Files\Maxis Broadband\XCodec.dll
MOD - [2009/03/10 20:08:16 | 000,061,440 | R--- | M] () -- C:\Program Files\Maxis Broadband\DeviceOperate.dll
MOD - [2009/03/10 20:08:14 | 000,561,152 | R--- | M] () -- C:\Program Files\Maxis Broadband\atcomm.dll
MOD - [2008/11/08 10:52:10 | 000,090,112 | R--- | M] () -- C:\Program Files\Maxis Broadband\FileManager.dll
MOD - [2008/11/08 10:52:08 | 000,014,848 | R--- | M] () -- C:\Program Files\Maxis Broadband\isaputrace.dll
MOD - [2008/02/05 08:08:45 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/12/21 20:06:58 | 002,969,600 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\SonicStage Effect Plugins\Sony Limiter Plugin.dll
MOD - [2007/04/05 04:14:06 | 000,344,064 | ---- | M] () -- C:\Windows\System32\SSMSIppCustom.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/21 08:17:45 | 000,732,672 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/03/11 05:14:54 | 000,229,376 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/03/05 11:58:30 | 000,141,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/05 11:56:42 | 000,423,776 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/05 11:54:50 | 000,182,112 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/04 04:27:14 | 000,165,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/02/16 02:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/02/16 02:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/02/16 02:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/02/16 02:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:46:08 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/10 07:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/12 03:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/12/06 01:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/28 17:08:02 | 000,151,552 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 17:02:20 | 000,122,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 16:43:44 | 000,135,168 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/27 01:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/08 00:35:40 | 000,447,816 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/09/11 15:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 11:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/07/25 03:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/19 06:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/17 20:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/30 11:57:52 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/06 08:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/12/14 12:03:35 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/14 08:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/12/03 03:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 21:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 21:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 21:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 21:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 21:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/06 08:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 16:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
IE - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ewanie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\ewanie\AppData\Roaming\IDM\idmmzcc5

[2011/07/21 14:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ewanie\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Bouncy Mouse = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.0.1_0\
CHR - Extension: Dead Frontier = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
CHR - Extension: Foursquare for chrome = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\haoobafgmgfodlcibfojjpdengcifnen\1.0.0.1_0\
CHR - Extension: Google Theme = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne\1.0.1_0\
CHR - Extension: ChatVibes Facebook Video Chat! = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddljohkbhegmdbfgmpjimeneejbdibf\1.0.8_0\
CHR - Extension: Earbits Radio = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkjffcdjblaipglnmhanakilfbniihj\1.0.2_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\ewanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.8.0_0\

O1 HOSTS File: ([2011/11/22 19:33:20 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003..\Run: [Facebook Update] C:\Users\ewanie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3885349237-2032763224-3641379520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21095519-1237-4E64-A25B-50158B5AE502}: NameServer = 58.71.136.10 58.71.132.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ewanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/21 07:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{01907089-f199-11e0-b23f-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{01907089-f199-11e0-b23f-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{036fdef2-0770-11e1-bf34-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{036fdef2-0770-11e1-bf34-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b6ed1bb-0a57-11e1-8e72-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6ed1bb-0a57-11e1-8e72-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b6ed1c3-0a57-11e1-8e72-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6ed1c3-0a57-11e1-8e72-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b6ed1cb-0a57-11e1-8e72-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6ed1cb-0a57-11e1-8e72-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5916c968-0bab-11e1-898c-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{5916c968-0bab-11e1-898c-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5f904b62-0b81-11e1-943e-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{5f904b62-0b81-11e1-943e-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5f904b6d-0b81-11e1-943e-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{5f904b6d-0b81-11e1-943e-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7e242947-dc50-11e0-8c54-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{7e242947-dc50-11e0-8c54-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7e24295c-dc50-11e0-8c54-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{7e24295c-dc50-11e0-8c54-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8b2bf129-eddb-11e0-87b2-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{8b2bf129-eddb-11e0-87b2-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8da7941c-e84a-11e0-bb30-001e101fc33c}\Shell - "" = AutoRun
O33 - MountPoints2\{8da7941c-e84a-11e0-bb30-001e101fc33c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8da79426-e84a-11e0-bb30-001e101ff8c4}\Shell - "" = AutoRun
O33 - MountPoints2\{8da79426-e84a-11e0-bb30-001e101ff8c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8da7943c-e84a-11e0-bb30-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{8da7943c-e84a-11e0-bb30-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a6a132e2-f6e0-11e0-9a5a-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a132e2-f6e0-11e0-9a5a-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{abcc9e4f-ca54-11e0-9465-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{abcc9e4f-ca54-11e0-9465-001a80f6ffdf}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{abcc9e7e-ca54-11e0-9465-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{abcc9e7e-ca54-11e0-9465-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b861bc05-f4d3-11e0-83f9-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{b861bc05-f4d3-11e0-83f9-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bec080f8-08f2-11e1-bece-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{bec080f8-08f2-11e1-bece-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d04d5c0e-d092-11e0-82e0-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{d04d5c0e-d092-11e0-82e0-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1bccaab-0df5-11e1-8017-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bccaab-0df5-11e1-8017-001a80f6ffdf}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f32cc677-d501-11e0-b7b9-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f32cc677-d501-11e0-b7b9-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f62b4d2e-ca4d-11e0-a012-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f62b4d2e-ca4d-11e0-a012-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f62b4d37-ca4d-11e0-a012-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f62b4d37-ca4d-11e0-a012-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f62b4d3f-ca4d-11e0-a012-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{f62b4d3f-ca4d-11e0-a012-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fad1926c-0f3f-11e1-86e0-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{fad1926c-0f3f-11e1-86e0-001a80f6ffdf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fb2422d9-1375-11e1-82ba-001a80f6ffdf}\Shell - "" = AutoRun
O33 - MountPoints2\{fb2422d9-1375-11e1-82ba-001a80f6ffdf}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/01/24 01:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 19:50:47 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Desktop\untuk geek
[2011/11/22 19:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/11/22 19:04:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/22 18:58:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/22 18:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/11/22 18:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/11/22 02:04:06 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\TOLONG AWEK AKU PONTIANAK DVDRIP.AVI
[2011/11/21 18:03:20 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\DMCache
[2011/11/21 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/11/21 18:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/11/21 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2011/11/21 02:02:31 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\Angry Birds
[2011/11/20 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\Al Hijab 2011 DVDRip
[2011/11/20 21:45:24 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\Malwarebytes
[2011/11/20 21:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/20 21:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/20 21:44:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/20 21:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/20 21:43:39 | 000,000,000 | -H-D | C] -- C:\Users\ewanie\Documents\PICT0926-1.JPG.files
[2011/11/20 21:43:05 | 000,000,000 | -H-D | C] -- C:\Users\ewanie\Documents\jeje.JPG.files
[2011/11/20 12:45:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/11 14:08:02 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\sushi game
[2011/11/11 14:05:47 | 000,000,000 | R--D | C] -- C:\Users\ewanie\Documents\Diner Dash 2
[2011/11/11 02:25:54 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\PlayFirst
[2011/11/11 02:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2011/11/11 02:21:37 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\Rovio
[2011/11/10 18:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis Broadband
[2011/11/10 18:07:48 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011/11/10 18:07:48 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011/11/10 18:07:48 | 000,103,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys
[2011/11/10 18:07:48 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011/11/10 18:07:48 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011/11/09 22:27:17 | 000,000,000 | ---D | C] -- C:\Users\ewanie\Documents\mlk
[2011/11/04 05:55:12 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Roaming\Uniblue
[2011/11/01 01:09:09 | 000,000,000 | ---D | C] -- C:\Users\ewanie\AppData\Local\Facebook
[2011/10/31 20:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft
[2011/07/30 18:10:15 | 000,501,576 | ---- | C] (Yahoo! Inc.) -- C:\Users\ewanie\AppData\Local\msgr9us.exe

========== Files - Modified Within 30 Days ==========

[2011/11/22 19:46:09 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/22 19:36:26 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/11/22 19:36:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 19:36:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 19:36:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 19:36:05 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/22 19:34:55 | 000,030,329 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/22 19:33:20 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/22 19:06:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/22 17:51:23 | 000,667,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/22 17:51:23 | 000,133,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/22 02:29:06 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/21 23:28:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/11/21 01:48:58 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/20 22:34:09 | 000,080,384 | ---- | M] () -- C:\Users\ewanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 17:46:31 | 000,000,000 | ---- | M] () -- C:\114788e
[2011/11/20 12:45:32 | 168,331,553 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/19 20:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/11/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/11/09 22:31:08 | 000,203,776 | -H-- | M] () -- C:\Users\ewanie\Documents\photothumb.db
[2011/11/08 22:52:49 | 002,048,931 | ---- | M] () -- C:\Users\ewanie\Documents\m.zip
[2011/11/08 02:10:37 | 000,001,680 | ---- | M] () -- C:\Users\ewanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

========== Files Created - No Company Name ==========

[2011/11/20 21:41:30 | 000,641,940 | ---- | C] () -- C:\Users\ewanie\Documents\PICT0926-1.JPG
[2011/11/20 21:40:46 | 000,823,639 | ---- | C] () -- C:\Users\ewanie\Documents\jeje.JPG
[2011/11/20 17:46:31 | 000,000,000 | ---- | C] () -- C:\114788e
[2011/11/20 12:45:04 | 168,331,553 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/19 13:41:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/08 02:10:37 | 000,001,680 | ---- | C] () -- C:\Users\ewanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2011/11/05 20:50:48 | 000,203,776 | -H-- | C] () -- C:\Users\ewanie\Documents\photothumb.db
[2011/11/04 05:55:14 | 000,000,258 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/11/01 23:24:05 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/01 23:23:58 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/07/31 03:36:38 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/31 03:36:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/24 17:46:57 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/07/21 10:12:01 | 000,080,384 | ---- | C] () -- C:\Users\ewanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/21 08:59:18 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/21 08:50:45 | 000,001,356 | ---- | C] () -- C:\Users\ewanie\AppData\Local\d3d9caps.dat
[2011/07/21 08:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2011/07/21 08:28:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008/02/05 08:09:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2008/02/05 08:09:00 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/05 08:08:45 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,428,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,667,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,133,484 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/22 18:19:27 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\DMCache
[2011/07/21 16:10:09 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\InterVideo
[2011/09/13 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\KompoZer
[2011/07/24 17:39:45 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\OpenOffice.org
[2011/08/17 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\PhotoScape
[2011/11/11 02:25:54 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\PlayFirst
[2011/11/11 02:21:37 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\Rovio
[2011/07/24 17:55:38 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\Stardock
[2011/07/27 09:27:52 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\TigerPlayer
[2011/11/04 05:55:12 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\Uniblue
[2011/08/06 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\WindSolutions
[2011/10/09 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\ewanie\AppData\Roaming\YoudaGames
[2011/11/22 19:46:09 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/11/21 23:28:04 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003Core.job
[2011/11/22 02:29:06 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3885349237-2032763224-3641379520-1003UA.job
[2011/11/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/11/22 19:35:06 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/22 19:36:26 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job

========== Purity Check ==========



< End of report >



for step 5:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-22 20:09:32
-----------------------------
20:09:32.088 OS Version: Windows 6.0.6001 Service Pack 1
20:09:32.088 Number of processors: 2 586 0xF0D
20:09:32.088 ComputerName: EWANIE-PC UserName: ewanie
20:13:38.994 Initialize success
20:14:57.592 The log file has been saved successfully to "C:\Users\ewanie\Desktop\aswMBR.txt"





I hope this thing will help you to resolve my problems.
thanks again :)
  • 0

#9
Hadzrin Aqmal

Hadzrin Aqmal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
THIS IS FOR STEP 5; sorry for making double post


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-22 23:33:11
-----------------------------
23:33:11.997 OS Version: Windows 6.0.6001 Service Pack 1
23:33:11.997 Number of processors: 2 586 0xF0D
23:33:11.997 ComputerName: EWANIE-PC UserName: ewanie
23:33:18.939 Initialize success
23:43:02.121 AVAST engine defs: 11112200
23:44:03.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:44:04.044 Disk 0 Vendor: FUJITSU_ 0000 Size: 190782MB BusType: 3
23:44:04.044 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
23:44:04.044 Disk 1 Vendor: ( Size: 190782MB BusType: 0
23:44:04.059 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
23:44:04.059 Disk 2 Vendor: ( Size: 190782MB BusType: 0
23:44:04.137 Disk 0 MBR read successfully
23:44:04.137 Disk 0 MBR scan
23:44:04.371 Disk 0 Windows VISTA default MBR code
23:44:04.403 Disk 0 scanning sectors +390719488
23:44:04.605 Disk 0 scanning C:\Windows\system32\drivers
23:44:35.213 Service scanning
23:44:39.549 Modules scanning
23:44:49.783 Disk 0 trace - called modules:
23:44:49.814 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
23:44:49.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c237c0]
23:44:49.814 3 CLASSPNP.SYS[867a2745] -> nt!IofCallDriver -> [0x84ce2b38]
23:44:49.830 5 acpi.sys[806a06a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84ceb030]
23:44:52.872 AVAST engine scan C:\Windows
23:44:59.689 AVAST engine scan C:\Windows\system32
23:46:35.322 File: C:\Windows\system32\hkcmd.exe **INFECTED** Win32:Kukacka
23:46:43.731 File: C:\Windows\system32\igfxpers.exe **INFECTED** Win32:Kukacka
23:46:47.365 File: C:\Windows\system32\igfxtray.exe **INFECTED** Win32:Kukacka
23:46:54.401 File: C:\Windows\system32\java.exe **INFECTED** Win32:Kukacka
23:46:54.541 File: C:\Windows\system32\javaw.exe **INFECTED** Win32:Kukacka
23:46:54.682 File: C:\Windows\system32\javaws.exe **INFECTED** Win32:Kukacka
23:50:20.805 AVAST engine scan C:\Windows\system32\drivers
23:50:51.115 AVAST engine scan C:\Users\ewanie
23:50:52.426 File: C:\Users\ewanie\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe **INFECTED** Win32:Kukacka
23:50:52.582 File: C:\Users\ewanie\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe **INFECTED** Win32:Kukacka
23:50:56.825 File: C:\Users\ewanie\AppData\Local\Facebook\Update\FacebookUpdate.exe **INFECTED** Win32:Kukacka
23:51:02.020 File: C:\Users\ewanie\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe **INFECTED** Win32:Kukacka
23:51:04.297 File: C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\chrome_frame_helper.exe **INFECTED** Win32:Kukacka
23:51:04.469 File: C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\chrome_launcher.exe **INFECTED** Win32:Kukacka
23:51:05.842 File: C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\Installer\setup.exe **INFECTED** Win32:Kukacka
23:51:42.517 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe **INFECTED** Win32:Kukacka
23:51:44.982 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleUpdate.exe **INFECTED** Win32:Kukacka
23:51:47.073 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateBroker.exe **INFECTED** Win32:Kukacka
23:51:47.634 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe **INFECTED** Win32:Kukacka
23:51:52.704 File: C:\Users\ewanie\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.79\GoogleUpdateSetup.exe **INFECTED** Win32:Kukacka
23:51:53.125 File: C:\Users\ewanie\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\15.0.874.121\chrome_updater.exe **INFECTED** Win32:Kukacka
23:51:53.547 File: C:\Users\ewanie\AppData\Local\Google\Update\GoogleUpdate.exe **INFECTED** Win32:Kukacka
23:52:17.664 File: C:\Users\ewanie\AppData\Local\msgr9us.exe **INFECTED** Win32:Kukacka
23:54:13.697 File: C:\Users\ewanie\Documents\Diner Dash 2\assets\screensaver\ssDinerDash2.scr **INFECTED** Win32:Kukacka
23:54:23.151 File: C:\Users\ewanie\Documents\Diner Dash 2\DinerDash2.exe **INFECTED** Win32:Kukacka
23:54:23.447 File: C:\Users\ewanie\Documents\Diner Dash 2\dinerdash2_screensaver.exe **INFECTED** Win32:Kukacka
23:54:25.912 File: C:\Users\ewanie\Documents\Diner Dash 2\Dinner Dash\UNWISE.EXE **INFECTED** Win32:Kukacka
23:54:30.186 File: C:\Users\ewanie\Documents\Diner Dash 2\UNWISE.EXE **INFECTED** Win32:Kukacka
23:55:29.841 File: C:\Users\ewanie\Downloads\chromeinstall-6u29.exe **INFECTED** Win32:Sality
23:55:56.345 File: C:\Users\ewanie\Music\MUSIC-latest\Music.exe **INFECTED** Win32:Sohanad-T [Wrm]
23:55:57.016 File: C:\Users\ewanie\Music\MUSIC-latest\My Music.exe **INFECTED** Win32:Sohanad-T [Wrm]
23:56:15.471 AVAST engine scan C:\ProgramData
23:56:55.126 File: C:\ProgramData\Adobe\Photoshop Elements\6.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe **INFECTED** Win32:Kukacka
00:00:31.233 Disk 0 MBR has been saved successfully to "C:\Users\ewanie\Desktop\MBR.dat"
00:00:31.529 The log file has been saved successfully to "C:\Users\ewanie\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-22 23:33:11
-----------------------------
23:33:11.997 OS Version: Windows 6.0.6001 Service Pack 1
23:33:11.997 Number of processors: 2 586 0xF0D
23:33:11.997 ComputerName: EWANIE-PC UserName: ewanie
23:33:18.939 Initialize success
23:43:02.121 AVAST engine defs: 11112200
23:44:03.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:44:04.044 Disk 0 Vendor: FUJITSU_ 0000 Size: 190782MB BusType: 3
23:44:04.044 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
23:44:04.044 Disk 1 Vendor: ( Size: 190782MB BusType: 0
23:44:04.059 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
23:44:04.059 Disk 2 Vendor: ( Size: 190782MB BusType: 0
23:44:04.137 Disk 0 MBR read successfully
23:44:04.137 Disk 0 MBR scan
23:44:04.371 Disk 0 Windows VISTA default MBR code
23:44:04.403 Disk 0 scanning sectors +390719488
23:44:04.605 Disk 0 scanning C:\Windows\system32\drivers
23:44:35.213 Service scanning
23:44:39.549 Modules scanning
23:44:49.783 Disk 0 trace - called modules:
23:44:49.814 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
23:44:49.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c237c0]
23:44:49.814 3 CLASSPNP.SYS[867a2745] -> nt!IofCallDriver -> [0x84ce2b38]
23:44:49.830 5 acpi.sys[806a06a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84ceb030]
23:44:52.872 AVAST engine scan C:\Windows
23:44:59.689 AVAST engine scan C:\Windows\system32
23:46:35.322 File: C:\Windows\system32\hkcmd.exe **INFECTED** Win32:Kukacka
23:46:43.731 File: C:\Windows\system32\igfxpers.exe **INFECTED** Win32:Kukacka
23:46:47.365 File: C:\Windows\system32\igfxtray.exe **INFECTED** Win32:Kukacka
23:46:54.401 File: C:\Windows\system32\java.exe **INFECTED** Win32:Kukacka
23:46:54.541 File: C:\Windows\system32\javaw.exe **INFECTED** Win32:Kukacka
23:46:54.682 File: C:\Windows\system32\javaws.exe **INFECTED** Win32:Kukacka
23:50:20.805 AVAST engine scan C:\Windows\system32\drivers
23:50:51.115 AVAST engine scan C:\Users\ewanie
23:50:52.426 File: C:\Users\ewanie\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe **INFECTED** Win32:Kukacka
23:50:52.582 File: C:\Users\ewanie\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe **INFECTED** Win32:Kukacka
23:50:56.825 File: C:\Users\ewanie\AppData\Local\Facebook\Update\FacebookUpdate.exe **INFECTED** Win32:Kukacka
23:51:02.020 File: C:\Users\ewanie\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe **INFECTED** Win32:Kukacka
23:51:04.297 File: C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\chrome_frame_helper.exe **INFECTED** Win32:Kukacka
23:51:04.469 File: C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\chrome_launcher.exe **INFECTED** Win32:Kukacka
23:51:05.842 File: C:\Users\ewanie\AppData\Local\Google\Chrome\Application\15.0.874.120\Installer\setup.exe **INFECTED** Win32:Kukacka
23:51:42.517 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe **INFECTED** Win32:Kukacka
23:51:44.982 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleUpdate.exe **INFECTED** Win32:Kukacka
23:51:47.073 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateBroker.exe **INFECTED** Win32:Kukacka
23:51:47.634 File: C:\Users\ewanie\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe **INFECTED** Win32:Kukacka
23:51:52.704 File: C:\Users\ewanie\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.79\GoogleUpdateSetup.exe **INFECTED** Win32:Kukacka
23:51:53.125 File: C:\Users\ewanie\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\15.0.874.121\chrome_updater.exe **INFECTED** Win32:Kukacka
23:51:53.547 File: C:\Users\ewanie\AppData\Local\Google\Update\GoogleUpdate.exe **INFECTED** Win32:Kukacka
23:52:17.664 File: C:\Users\ewanie\AppData\Local\msgr9us.exe **INFECTED** Win32:Kukacka
23:54:13.697 File: C:\Users\ewanie\Documents\Diner Dash 2\assets\screensaver\ssDinerDash2.scr **INFECTED** Win32:Kukacka
23:54:23.151 File: C:\Users\ewanie\Documents\Diner Dash 2\DinerDash2.exe **INFECTED** Win32:Kukacka
23:54:23.447 File: C:\Users\ewanie\Documents\Diner Dash 2\dinerdash2_screensaver.exe **INFECTED** Win32:Kukacka
23:54:25.912 File: C:\Users\ewanie\Documents\Diner Dash 2\Dinner Dash\UNWISE.EXE **INFECTED** Win32:Kukacka
23:54:30.186 File: C:\Users\ewanie\Documents\Diner Dash 2\UNWISE.EXE **INFECTED** Win32:Kukacka
23:55:29.841 File: C:\Users\ewanie\Downloads\chromeinstall-6u29.exe **INFECTED** Win32:Sality
23:55:56.345 File: C:\Users\ewanie\Music\MUSIC-latest\Music.exe **INFECTED** Win32:Sohanad-T [Wrm]
23:55:57.016 File: C:\Users\ewanie\Music\MUSIC-latest\My Music.exe **INFECTED** Win32:Sohanad-T [Wrm]
23:56:15.471 AVAST engine scan C:\ProgramData
23:56:55.126 File: C:\ProgramData\Adobe\Photoshop Elements\6.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe **INFECTED** Win32:Kukacka
00:00:31.233 Disk 0 MBR has been saved successfully to "C:\Users\ewanie\Desktop\MBR.dat"
00:00:31.529 The log file has been saved successfully to "C:\Users\ewanie\Desktop\aswMBR.txt"
00:01:36.852 Scan finished successfully
00:02:47.223 Disk 0 MBR has been saved successfully to "C:\Users\ewanie\Desktop\MBR.dat"
00:02:47.270 The log file has been saved successfully to "C:\Users\ewanie\Desktop\aswMBR.txt"
  • 0

#10
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
You are infected with a highly infectious file infector called Sality. You will need a clean computer to download the tools on and a clean USB stick that we disinfected earlier to transfer the tools over to the infected machine.


Step 1 is performed on the clean machine.


Step 1

Even if you already have any of the following, please download them again, as your versions may be infected.
Note: All of these tools require renaming before you copy then to the infected machine.

  • Download SalityKiller.zip, unzip it, rename SalityKiller.exe to SK.com and save it your USB disk.
  • Download drweb-cureit.exe, rename drweb-cureit.exe to DrW.com and save it your USB disk.
  • Download ComboFix.exe, rename ComboFix.exe to SvcHost.com and save it your USB disk.


The next steps are performed on your infected machine.


Step 2

  • Copy SK.com to your C:\ drive on the infected machine.
  • Copy DrW.com to your desktop on the infected machine.
  • Copy SvcHost.com to your desktop on the infected machine.

Step 3

On the infected machine:
  • Click Start > Run.
  • Type in: c:\SK.com -a -j -k -l c:\SKLog.txt and press enter.
  • A black screen will appear as the scan starts.
  • Once complete, Press any key to continue.
  • Locate SKreport.log, in C:\. Please post the contents of SKreport.log on your next reply after you've run the remaining steps.

Step 4

  • Doubleclick the DrW.com file, then on Start and allow to run the express scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (This in case if we need samples).
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the report to your desktop. The report will be called DrWeb.csv.
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


Step 5

IMPORTANT !!! You need to Save SvcHost.com to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on SvcHost.com & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

  • SKreport.log
  • DrwWeb.csv
  • Combofix.txt

  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP