worm?

I think my computer has a worm. I left my computer on over night to find that my computer space decreased by 2gb. i have system restore disabled. help before this worm eats my computer!

by the way I don't need system restore because I have my system restore disks

bump

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL logfile created on: 1/17/2011 5:44:35 AM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Layth\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.58 Gb Total Space | 10.86 Gb Free Space | 14.96% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive G: | 550.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAYTH-PC | User Name: Layth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/16 22:25:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/12/11 08:28:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 08:28:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/10/15 20:38:51 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/04 01:53:49 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 09:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/07/01 21:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/04/28 19:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2008/04/28 19:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/09 23:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/05/23 17:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/02/13 15:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/02/06 01:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/16 22:25:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
MOD - [2010/04/01 08:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/20 21:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MySQL)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/08/26 09:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/07/01 21:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/04/28 19:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2008/04/28 19:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/23 17:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/02/13 15:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/02/06 01:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/04 16:24:01 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/24 17:18:49 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/20 19:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\Windows\System32\drivers\fslx.sys -- (FSLX)
DRV - [2009/02/13 18:50:34 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/29 10:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/18 19:46:46 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/07/10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/25 11:39:42 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/05/28 13:16:38 | 000,075,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/05/07 15:29:32 | 000,120,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/28 19:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/28 19:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2008/04/28 19:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/04/28 19:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2008/04/28 19:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2008/01/20 21:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 21:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/03 06:19:08 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/07/10 05:25:38 | 000,347,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/06/29 17:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/30 05:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atipcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.035
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.105
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=5F92F0A3-AEF1-43F5-A65D-8B9DC8872571&apn_ptnrs=UF&apn_sauid=E8DADCF0-6EEF-4429-96AF-440C57576BFC&apn_dtid=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components: C:\Program Files\Virtual Firefox\components [2009/11/03 23:16:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2009/11/03 23:16:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 17:06:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/11 23:01:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 08:28:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 08:28:45 | 000,000,000 | ---D | M]

[2010/03/04 19:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Layth\AppData\Roaming\Mozilla\Extensions
[2011/01/16 02:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions
[2010/09/04 16:58:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 13:35:03 | 000,000,000 | ---D | M] () -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/11/05 16:21:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 16:51:57 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\illimitux@illimitux.net
[2010/10/29 17:00:33 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\toolbar@ask.com
[2010/11/05 16:21:28 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\unplug@compunach
[2011/01/17 02:45:04 | 000,002,397 | ---- | M] () -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\searchplugins\askcom.xml
[2010/10/08 06:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 14:01:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/04 17:06:22 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2011/01/11 23:01:07 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/04 20:09:05 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cacaoweb] C:\Users\Layth\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.387.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Layth\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Layth\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/07/05 10:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/05/18 10:59:05 | 000,000,228 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/16 22:25:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
[2011/01/16 10:42:35 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/01/16 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\.minecraft
[2011/01/14 21:33:48 | 000,000,000 | ---D | C] -- C:\Akmin Folder
[2011/01/14 21:26:07 | 000,000,000 | ---D | C] -- C:\RecipeMaker
[2011/01/14 21:26:06 | 000,000,000 | ---D | C] -- C:\Users\Layth\Desktop\Minecraft Recipe Creator
[2011/01/14 21:12:52 | 000,000,000 | ---D | C] -- C:\Users\Layth\Documents\mcregion_v5_server_1.2_01
[2011/01/12 18:05:29 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fable TLC Application Suite
[2011/01/12 18:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fable TLC Application Suite
[2011/01/12 17:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Albion Explorer
[2011/01/12 17:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\FableTLCMod
[2011/01/11 13:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/01/11 13:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/01/11 13:53:15 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/01/11 13:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/01/11 13:53:08 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010/12/30 13:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2010/12/30 13:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6
[2010/12/27 09:33:06 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Local\LogMeIn Hamachi
[2010/12/27 09:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2010/12/27 09:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/12/21 01:31:33 | 000,000,000 | ---D | C] -- C:\Users\Layth\Documents\RSBot
[1 C:\Users\Layth\*.tmp files -> C:\Users\Layth\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 05:46:42 | 000,009,577 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/01/17 05:46:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 05:34:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004106930-1308426128-469573354-1001UA.job
[2011/01/17 04:27:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 04:27:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 23:55:19 | 002,533,826 | ---- | M] () -- C:\Users\Layth\Desktop\World2.rar
[2011/01/16 22:25:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
[2011/01/16 21:46:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/16 16:34:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004106930-1308426128-469573354-1001Core.job
[2011/01/16 10:42:35 | 000,000,524 | ---- | M] () -- C:\Users\Layth\Desktop\Fraps.lnk
[2011/01/14 22:12:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 00:08:48 | 000,003,120 | ---- | M] () -- C:\Windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
[2011/01/12 00:08:48 | 000,003,120 | ---- | M] () -- C:\Windows\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
[2011/01/11 14:20:49 | 000,705,216 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/11 14:20:49 | 000,142,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/11 13:57:14 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/01/11 13:53:15 | 000,002,008 | ---- | M] () -- C:\Users\Layth\Desktop\Fable - The Lost Chapters.lnk
[2011/01/11 10:02:36 | 608,446,464 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 4.iso
[2011/01/11 10:02:36 | 577,296,384 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 1.iso
[2011/01/11 10:02:05 | 485,941,248 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 3.iso
[2011/01/11 10:02:00 | 646,782,976 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 2.iso
[2011/01/08 01:28:11 | 000,000,117 | ---- | M] () -- C:\Users\Layth\jagex_runescape_preferences2.dat
[2011/01/08 01:21:32 | 000,000,046 | ---- | M] () -- C:\Users\Layth\jagex_runescape_preferences.dat
[2010/12/30 13:35:43 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor.lnk
[2010/12/27 09:26:59 | 000,000,804 | ---- | M] () -- C:\Users\Layth\Desktop\HeidiSQL.lnk
[2010/12/21 01:36:49 | 000,000,000 | ---- | M] () -- C:\Users\Layth\AppData\Roaming\RSBot_Accounts.ini
[2010/12/20 21:12:08 | 000,001,062 | ---- | M] () -- C:\Users\Layth\Desktop\Play Roblox.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Users\Layth\*.tmp files -> C:\Users\Layth\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/16 23:53:25 | 002,533,826 | ---- | C] () -- C:\Users\Layth\Desktop\World2.rar
[2011/01/16 10:42:35 | 000,000,524 | ---- | C] () -- C:\Users\Layth\Desktop\Fraps.lnk
[2011/01/12 00:08:48 | 000,003,120 | ---- | C] () -- C:\Windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
[2011/01/12 00:08:48 | 000,003,120 | ---- | C] () -- C:\Windows\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
[2011/01/11 13:57:14 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/01/11 13:53:15 | 000,002,008 | ---- | C] () -- C:\Users\Layth\Desktop\Fable - The Lost Chapters.lnk
[2011/01/05 14:30:33 | 608,446,464 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 4.iso
[2011/01/05 14:30:23 | 577,296,384 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 1.iso
[2011/01/05 14:29:31 | 485,941,248 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 3.iso
[2011/01/05 14:29:12 | 646,782,976 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 2.iso
[2010/12/30 13:35:43 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor.lnk
[2010/12/27 09:26:59 | 000,000,804 | ---- | C] () -- C:\Users\Layth\Desktop\HeidiSQL.lnk
[2010/12/21 01:35:59 | 000,000,000 | ---- | C] () -- C:\Users\Layth\AppData\Roaming\RSBot_Accounts.ini
[2010/12/20 21:12:08 | 000,001,062 | ---- | C] () -- C:\Users\Layth\Desktop\Play Roblox.lnk
[2010/09/28 19:28:27 | 000,000,091 | ---- | C] () -- C:\Users\Layth\AppData\Roaming\RSBot Accounts.ini
[2010/09/06 15:55:18 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/04 16:24:00 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/09/04 16:19:32 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/16 05:40:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/04/07 19:38:06 | 000,202,382 | ---- | C] () -- C:\Users\Layth\AppData\Local\debuggee.mdmp
[2010/03/22 17:12:33 | 000,001,407 | ---- | C] () -- C:\Windows\disney.ini
[2009/11/17 07:47:25 | 000,000,680 | ---- | C] () -- C:\Users\Layth\AppData\Local\d3d9caps.dat
[2009/11/09 03:43:51 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009/11/05 02:54:39 | 000,030,208 | ---- | C] () -- C:\Users\Layth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 01:42:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Unicode (All) ==========
[2010/12/02 08:00:46 | 000,000,000 | ---D | M](C:\Users\Layth\Documents\?? ???) -- C:\Users\Layth\Documents\넥슨 플러그
[2010/12/02 08:00:46 | 000,000,000 | ---D | C](C:\Users\Layth\Documents\?? ???) -- C:\Users\Layth\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E36F5B57

< End of report >

I didn't get the extra.txt but on my 1st scan I did, I did 2 scans because I accidently ran the 1st one from my download folder, but i will post the 1st scan extra.txt anyways.

OTL Extras logfile created on: 1/16/2011 10:26:37 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Layth\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.58 Gb Total Space | 10.16 Gb Free Space | 14.00% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive G: | 550.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAYTH-PC | User Name: Layth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{199786F6-EC2B-4F75-868C-79593D3EF393}" = lport=4000 | protocol=6 | dir=in | name=blizzard |
"{2F7C3500-408E-452F-BE0E-7EA8A7134AA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31D4A356-E975-45F9-BBD1-39BC092DC07F}" = lport=62560 | protocol=6 | dir=in | name=akamai netsession interface |
"{3A4A58B0-FE22-4859-8437-FA17C22C2BB4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DA6DAD5-EF64-4E91-9DDD-083CDD4AF601}" = lport=56736 | protocol=17 | dir=in | name=pando media booster |
"{3E6AD4D2-EC2E-4E41-8514-AAD9987C56F0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3E914C72-4991-4593-A238-711E70CC96A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{445767DB-55A3-4A68-80BC-7028E05A4924}" = lport=56736 | protocol=17 | dir=in | name=pando media booster |
"{5ED3FCF5-C7FB-4FFF-9018-2E3B7BF35E36}" = lport=3306 | protocol=6 | dir=in | name=root |
"{63B0853C-D0CD-4BF0-8112-6927A4BBC152}" = lport=3724 | protocol=6 | dir=in | name=blizzard download |
"{65013923-0D8A-4BE2-B649-7E9A7646031B}" = lport=6113 | protocol=6 | dir=in | name=blizzard |
"{68333D97-1943-4DCC-8F7A-E8C77C763B4A}" = lport=56736 | protocol=6 | dir=in | name=pando media booster |
"{69BC4F93-E38D-41F5-9FD1-D95B4887B857}" = lport=6881 | protocol=6 | dir=in | name=blizzard |
"{77555741-F41C-4B01-B893-30D41C0963ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{782E71F7-DAD6-4750-A122-56BA68E0025A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{809E9809-F7AB-411F-BB1F-3CAAE3A0A886}" = lport=56736 | protocol=6 | dir=in | name=pando media booster |
"{8E22EEA8-AF94-4BAB-A99B-F6C9471012C6}" = lport=6114 | protocol=6 | dir=in | name=blizzard |
"{A34814BD-E6C1-435D-9860-AF5C0428660B}" = lport=6999 | protocol=6 | dir=in | name=blizzard |
"{ADEBC38D-698C-487C-A56D-727FE5E586B8}" = lport=57533 | protocol=17 | dir=in | name=pando media booster |
"{C5F2BF18-CCC3-46EF-9E97-FDDF215FE1A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6AB01C5-948C-4B2E-AA2D-FF935AA42CC4}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{D833B4C7-0A37-4168-A4B3-36FB09F44407}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DD26CAB9-D5EB-4DEA-9B82-7F53E5EC4886}" = lport=57533 | protocol=6 | dir=in | name=pando media booster |
"{F02807CD-6CD9-4C59-B5AA-ED938DBB8A9C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08657A31-76D5-441F-8D6C-5B7A474D800B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0A4E636B-444D-42D0-BAD2-64DDAA3ACC8C}" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\temp\blizzard installer bootstrap - 2edcb003\installer.exe |
"{12CC737E-CC8E-4201-A797-C985B4843831}" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\temp\blizzard installer bootstrap - 2edcb003\installer.exe |
"{190DC311-E631-4BA6-A30A-9D5E8F6C1F2C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"{1B9BBE4F-21CB-4F65-BA87-88FD04AAEF06}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{220D8830-3D42-47D9-B002-2E239B9A985B}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{323B292D-7525-4C5C-B1E1-6C30B0AFB717}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{37B26234-1AF0-402B-A6F6-693DFD655FF3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{37C3ECD8-15D3-48CF-863E-5487002309A7}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{3F424837-3347-437B-9525-405EF1213BEC}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{4806B6DD-B304-47B6-AE89-C0D66AE1E1A8}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"{49748A29-0381-45E6-8D1E-1A7832A9BCB6}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4BE9CD75-40FB-4171-8914-E34F99A111EC}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{50D3C986-96D3-4AFA-BDD3-9D489793F474}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{5AB2FDA7-A3DF-471F-8A6C-145CD595E512}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{61FE43CE-5722-4F9B-9F21-4C5C6AE80604}" = protocol=6 | dir=in | app=c:\users\layth\desktop\mangos\mangosd.exe |
"{631862F4-C2B1-4173-A535-C915852826B9}" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\httpd.exe |
"{671C3AD6-1DAB-43C1-B10D-03E5F81328A5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms_direct.exe |
"{7A1E81D5-EE4D-4F57-BE09-C4382C4D91FF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7D34BC76-5390-4F8F-A68A-05B3C1EE46D1}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{7FA0B620-0E75-4FD0-8F09-CB6B5891F8E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{82217C06-895C-481A-BBAA-804C70E48883}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{96CCF445-E2CE-4C1C-BCA9-7C075224534D}" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire\patcher_cf.exe |
"{9BA424FF-E8F8-461B-99E8-256E21F626E9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9CD74B89-231E-4B30-901E-542B46E060DB}" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"{9F894A12-9C52-41D6-87D5-36CA70BF9089}" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\apache.exe |
"{A3F9444A-255B-4A8A-B7E5-BADED4108624}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{AF933BA6-3CE3-404C-9612-9D0E6D54C9B9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0440636-B374-4BC1-96D2-6C59845B6C15}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B13848C7-3526-424F-A8B9-603664AEE2C6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B4318884-F988-446C-B01E-E555B35926E8}" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire2\cf_g4box.exe |
"{B9BAC13A-2682-48C5-8C28-D9D8C6D89069}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{BF44C59F-2109-4122-AEF1-938D585AF8EA}" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\apache.exe |
"{C2C6301F-E946-4A0C-9C4D-F3B69ED98DAE}" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire2\cf_g4box.exe |
"{C4EC9F24-B2AF-4C38-ACC4-80D907139063}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{C7875915-AE94-492D-9116-7085F3D2E58A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D573B435-EFB8-461B-83F7-DD08419D2335}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{D668FB3B-9456-4350-8606-5BE3F2CCFE81}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D7AEC7E6-375B-4B9D-BD0D-F735CCA13E5F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D94092B5-1C78-4B16-A0CC-10F0865D808C}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{DAC1ADDC-725C-49C0-9D63-5855753273A8}" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"{E8B1DADA-435C-4C59-B560-32347C8FE2CC}" = protocol=17 | dir=in | app=c:\users\layth\desktop\mangos\mangosd.exe |
"{F254A757-0807-4F2B-A535-4AC77BA691A5}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms_direct.exe |
"{FA91C787-71EC-4D2B-A5F5-E849E8851E41}" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\httpd.exe |
"{FCDA7E6C-1938-44C6-8747-B6D7EAFDE0E4}" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire\patcher_cf.exe |
"TCP Query User{06CCDF2C-CE68-43F7-9901-2B91202C95F6}C:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe |
"TCP Query User{098370D2-E284-477D-8000-1C95B21ACBBE}C:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe |
"TCP Query User{0A98896D-23A7-431E-B6DB-B917677EB46C}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"TCP Query User{0B0D4E8A-5E3E-4F3B-B79F-19E2BE6F1D06}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1DBFBEF1-09B5-4037-B1CA-5FE16DE63136}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe |
"TCP Query User{1E1CB47F-49FB-4AD4-935D-4C5003EDD5C6}C:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"TCP Query User{241B4693-684C-45DB-96B6-E1693E2DD4AA}C:\users\layth\downloads\wowclient-downloader.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\wowclient-downloader.exe |
"TCP Query User{24D1B59D-BB29-4D8A-A53B-330018BF62D1}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe |
"TCP Query User{25D696DE-F29D-4B5E-B10F-9E16737FA42D}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{27753330-FB89-4478-B896-F3D7258F7E1A}C:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe |
"TCP Query User{3666CFC2-AB1D-4F0B-A43E-D0778A9B2088}C:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe |
"TCP Query User{3713930F-4CC7-40C7-8773-FA7412C765B1}C:\users\layth\downloads\private server\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-world.exe |
"TCP Query User{38E9ECC7-37D6-43C1-885F-EE243F7970AE}C:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"TCP Query User{4855784A-E06F-458A-9FFB-0B07CBEB8CBF}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{552C8C0F-6B0B-45FE-A9B4-7A029F6BFAC9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{56AD5189-8A2D-436C-B8EB-DD9611B3769A}C:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe |
"TCP Query User{5D118BF6-7C93-46B7-AC34-EDC7AEB1A060}C:\users\public\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"TCP Query User{60DCE796-6019-471F-8492-F01B9083E2DE}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"TCP Query User{701B103E-5591-4720-BCBE-5BFF384AA756}C:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe |
"TCP Query User{7337CCB0-35F9-4DA9-B8A9-92C79B676376}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"TCP Query User{747BCC94-8954-452B-B3A9-D9F4E0C23611}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"TCP Query User{78F98744-2F84-44F4-A65A-FFC54EFBA1A6}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe |
"TCP Query User{7EE2F6DA-C387-425E-90F1-E737DE39FE4D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8FAB0E2C-B38D-4C02-82B0-DB49B050D2A1}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"TCP Query User{9196FA07-4FC2-463E-9464-A425461C4463}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{980354DD-0F15-493D-9F85-00B2982BAA19}C:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe |
"TCP Query User{BEAADB14-551E-4590-98D1-F1AA65E443CC}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe |
"TCP Query User{C3695865-E999-4C06-AF5E-91FFF8376A5A}C:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe |
"TCP Query User{CEF2B56F-03E7-4703-9910-0662FDF8A71C}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"TCP Query User{D48EF89C-8593-4766-8EFC-6C6C8591F069}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D5F0766E-FF70-415C-8E6C-54A434B97F3E}C:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"TCP Query User{D9F3200F-D9CB-4014-B196-0E737D6B9B2F}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"TCP Query User{E360FBC3-C699-4637-BE50-5D35EB6F0C1E}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe |
"TCP Query User{E8384436-4A33-46A0-9EE1-0C37132F34BD}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"TCP Query User{EB739A70-E162-4E28-8192-174972298B8A}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"TCP Query User{F000389C-CBF8-439F-BB88-8C47D7825C3F}C:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe |
"TCP Query User{F32D899E-E90E-487C-AF62-5135955BB1D2}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"TCP Query User{FB0D8466-D542-4B37-ACDD-79666457D97B}C:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe |
"UDP Query User{044E4480-D89C-4AFD-AC6E-08BF24351131}C:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"UDP Query User{09E7F0F8-D38C-4F90-8563-B9EDCF47C2A7}C:\users\layth\downloads\private server\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-world.exe |
"UDP Query User{0AA9826D-89F5-4CC6-9D17-C0EFF4EA5803}C:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe |
"UDP Query User{0B56DFCE-8174-443A-BE60-31AC25C41DA8}C:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe |
"UDP Query User{185A28D7-2120-43FB-BBA5-2A2D608F18AF}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"UDP Query User{21B10019-2224-4110-B69C-A452B4AD82F1}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe |
"UDP Query User{2EB79173-F35E-459C-A44A-B71D52CE2329}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{31ADECBC-4D67-4107-89B1-04FF8A9041A8}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe |
"UDP Query User{3CEE38E3-1E1E-4C6D-90A0-E60245CD5A3C}C:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe |
"UDP Query User{3CFA06CC-6A46-4EAC-89DB-05FDD0F79D61}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{51F1BEC1-6992-4C3D-BA91-4AB22B45A600}C:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe |
"UDP Query User{59D37322-7EB4-4E48-9416-70B2513F10A2}C:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"UDP Query User{6009CAAF-C1EA-4D71-A29D-A6DB16F35D47}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe |
"UDP Query User{61A3117F-DEBA-465C-8A65-055ACF93E6F3}C:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"UDP Query User{61D479C4-459F-4E58-A42C-FF140C9E7262}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"UDP Query User{634C6EA4-1407-4E22-A373-8FBE1581798A}C:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{8542700C-207E-455F-83BF-5E7956AA9FDC}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{97696BAF-70A6-47A9-84CA-61C674103C60}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9AFF9062-ED3C-4290-9633-00790782C03A}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"UDP Query User{AADCD53E-5F42-40C9-931B-FAC2FE6DD1AF}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"UDP Query User{AB923CD2-9052-4372-8CD9-E505EC3C2DF3}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{ABE7C68B-8EB7-42B7-B177-E79F893183CE}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"UDP Query User{B36D8AE2-7C40-4DF3-B582-0A8FDB3E6FE6}C:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe |
"UDP Query User{B9D2AEEC-FFDD-4735-9D40-9082D634CA4C}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"UDP Query User{C591E7EC-5885-454E-9572-DEE2EA0054EE}C:\users\layth\downloads\wowclient-downloader.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\wowclient-downloader.exe |
"UDP Query User{C5F0FC71-9E27-4B72-ACAE-6B68F0F7C111}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"UDP Query User{C9BA414E-9748-4E35-8017-344C5D7B799F}C:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe |
"UDP Query User{CAE7FEED-C5FC-41B8-9710-2786D8B62D88}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{D6F538AC-8471-49BC-8218-528388529211}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe |
"UDP Query User{D84B28BD-AAE0-45B9-9A33-37AD73419708}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"UDP Query User{DD1897DC-A9E0-4C18-BAD9-2EF99D5BA749}C:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe |
"UDP Query User{DE95C3F8-1B6D-4D1F-B57B-EBAE10B214B9}C:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe |
"UDP Query User{E32FE452-C55A-4C4A-9DA7-10C245623BDA}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{E67FD708-2BD7-4A83-8E27-2065548C5807}C:\users\public\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"UDP Query User{E76C3692-94CB-4DB6-870E-2D831F76E067}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E7735DF3-FB4A-44E3-93FD-AC53D158262C}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{ECF0388E-6743-45EB-8B85-8303272844F7}C:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe |
"UDP Query User{F8F05ECC-863E-4493-A13F-5CF2FBA5B8A3}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Software Virtualization Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8487219F-6929-4FC9-B5F7-7D990DD6EECB}" = HP Advisor
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"Fable TLC Application Suite" = Fable TLC Application Suite
"Flash Movie Player" = Flash Movie Player 1.5
"Fraps" = Fraps (remove only)
"GamersFirst LIVE!" = GamersFirst LIVE!
"HeidiSQL_is1" = HeidiSQL 6.0
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (2.0.0.15)" = Mozilla Firefox (2.0.0.15)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MVS" = McAfee Virus and Spyware Protection Service
"PDF Complete" = PDF Complete
"PowerISO" = PowerISO
"PowerShow_is1" = OfficeOne PowerShow 7.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"WampServer 2_is1" = WampServer 2.0
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Layth
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2011 6:57:03 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:05 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:14 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:14 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:17 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 7:00:42 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 7:00:44 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 7:00:51 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 8:32:23 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 8:32:47 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 12/31/2010 8:54:41 AM | Computer Name = Layth-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2011 1:19:24 PM | Computer Name = Layth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:15:33 PM on 1/5/2011 was unexpected.

Error - 1/5/2011 1:19:15 PM | Computer Name = Layth-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 1/5/2011 1:19:28 PM | Computer Name = Layth-PC | Source = HTTP | ID = 15016
Description =

Error - 1/5/2011 1:20:55 PM | Computer Name = Layth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/9/2011 3:15:29 AM | Computer Name = Layth-PC | Source = HTTP | ID = 15016
Description =

Error - 1/9/2011 3:17:05 AM | Computer Name = Layth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/11/2011 3:14:48 PM | Computer Name = Layth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:12:16 PM on 1/11/2011 was unexpected.

Error - 1/11/2011 3:14:52 PM | Computer Name = Layth-PC | Source = HTTP | ID = 15016
Description =

Error - 1/11/2011 3:15:54 PM | Computer Name = Layth-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

bump

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5543

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/17/2011 8:50:08 PM
mbam-log-2011-01-17 (20-50-08).txt

Scan type: Quick scan
Objects scanned: 155501
Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

bump