[Curly_Jones]

When I click on a search link ( Google ) for Yahoo.com - Yahoo mail, I get redirected to >> l.yimg.com << and can not access my mail. I also can not access the Yahoo main page. I downloaded the following from here

GooredFix by jpshortstuff (12.07.09)
Log created at 10:42 on 27/08/2009 (Wes Finlay)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:45 24/01/2009]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [23:54 24/01/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:54 24/01/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [16:43 03/02/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [15:12 27/06/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:49 07/08/2009]

-=E.O.F=-

I hope that this will help me get ride of this problem .
Thank you

[Advertisements]

Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:

Please go to the GMER Rootkit Scanner Download Site.

• Click on the Download EXE button.
• The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
• Take note of the name of the file (please don't change it), and then save it directly to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click on the file you downloaded (Vista users please right-click it and select Run as Administrator). The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity, don't worry.
• Click Ok.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it to a location where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Then:

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Click on any of the links at that website to download ComboFix. At the window that appears, please change the name of the file from ComboFix to svchost. This name is important and must be exactly as I have given it to you here. Once you have changed the name, save the renamed file directly to your desktop.

Return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here for instructions. Installing the recovery console if you're running an XP machine is another critical step. Although these prelimiary steps may seem unnecessary, by following the directions in that guide closely you give ComboFix the best possible chance at a successful run and minimize the likelihood of having serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave

[Transience]

Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:

Please go to the GMER Rootkit Scanner Download Site.

• Click on the Download EXE button.
• The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
• Take note of the name of the file (please don't change it), and then save it directly to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click on the file you downloaded (Vista users please right-click it and select Run as Administrator). The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity, don't worry.
• Click Ok.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it to a location where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Then:

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Click on any of the links at that website to download ComboFix. At the window that appears, please change the name of the file from ComboFix to svchost. This name is important and must be exactly as I have given it to you here. Once you have changed the name, save the renamed file directly to your desktop.

Return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here for instructions. Installing the recovery console if you're running an XP machine is another critical step. Although these prelimiary steps may seem unnecessary, by following the directions in that guide closely you give ComboFix the best possible chance at a successful run and minimize the likelihood of having serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave

[Curly_Jones]

Thank You Dave . . . Thank You . .
I hope that I did everything right . . Below is the log that was requested.
Again . Thanks
Wes



ComboFix 09-09-03.02 - Wes Finlay 09/03/2009 13:53.1.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2730 [GMT -7:00]
Running from: c:\documents and settings\Wes Finlay\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Wes Finlay\My Documents\ZbThumbnail.info
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{007DD97C-36DC-4C25-9B1C-7D22AC483D50}\setup.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-08-28 15:59 . 2009-09-01 15:42 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\AntiMalware
2009-08-28 15:59 . 2009-09-01 15:42 -------- d-----w- c:\program files\AntiMalware
2009-08-27 05:44 . 2009-08-27 05:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-27 05:41 . 2009-08-27 05:42 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-27 05:39 . 2009-08-27 05:39 -------- d-----w- c:\windows\system32\URTTEMP
2009-08-27 05:19 . 2009-08-28 17:08 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\Reg Tool
2009-08-27 05:18 . 2009-08-28 17:08 -------- d-----w- c:\program files\Reg Tool
2009-08-27 00:44 . 2009-09-01 02:50 -------- d-----w- c:\program files\World of Warcraft
2009-08-26 23:08 . 2009-08-26 23:08 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\licenses
2009-08-26 23:08 . 2009-08-28 16:00 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\PCMM2009
2009-08-26 23:07 . 2009-08-28 16:00 -------- d-----w- c:\program files\PC MightyMax 2009
2009-08-26 22:31 . 2009-08-26 22:31 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-26 22:27 . 2009-08-26 22:27 -------- d-----w- c:\program files\Common Files\Skype
2009-08-26 22:27 . 2009-08-26 22:27 -------- d-----r- c:\program files\Skype
2009-08-25 01:40 . 2009-08-26 22:27 -------- d-----w- c:\program files\Skype(2)
2009-08-25 00:54 . 2009-08-26 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment.eed560f0.temp
2009-08-24 20:53 . 2009-08-26 22:27 -------- d-----w- c:\documents and settings\Wes Finlay\.housecall6.6
2009-08-20 01:30 . 2009-08-26 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment.temp
2009-08-12 23:09 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 05:49 . 2009-08-07 05:49 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 05:49 . 2009-08-07 05:49 -------- d-----w- c:\program files\MSBuild
2009-08-07 05:49 . 2009-08-07 05:49 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 05:48 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 05:48 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 05:48 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 05:48 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 05:48 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 05:48 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 05:48 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 20:01 . 2009-01-24 19:47 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\Skype
2009-09-03 17:04 . 2009-01-24 19:48 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\skypePM
2009-09-03 16:12 . 2009-01-25 19:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-03 16:12 . 2009-01-25 19:15 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-02 20:46 . 2009-02-13 00:43 -------- d-----w- c:\program files\Full Tilt Poker
2009-09-01 18:33 . 2009-01-26 20:37 -------- d-----w- c:\program files\DYMO Label
2009-08-31 17:40 . 2009-01-27 17:34 -------- d-----w- c:\program files\PokerStars
2009-08-30 04:35 . 2009-01-24 15:37 53248 -c--a-w- c:\windows\system32\CSVer.dll
2009-08-29 19:08 . 2009-01-24 15:45 -------- d-----w- c:\program files\VIA
2009-08-29 19:06 . 2009-01-24 15:45 1389056 ----a-w- c:\windows\system32\drivers\monfilt.sys
2009-08-29 19:06 . 2009-01-24 15:45 1374464 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2009-08-29 19:06 . 2009-01-24 15:45 331184 ------w- c:\windows\system32\difxapi.dll
2009-08-29 19:04 . 2009-01-25 16:06 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\Download Manager
2009-08-27 00:52 . 2009-02-03 17:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-27 00:44 . 2009-01-24 19:09 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-26 22:30 . 2009-06-22 19:53 -------- d-----w- c:\program files\UltimateBet
2009-08-26 22:30 . 2009-04-12 21:30 -------- d-----w- c:\program files\HighGrow
2009-08-26 22:27 . 2009-01-24 20:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-26 22:27 . 2009-01-24 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-24 18:47 . 2009-02-03 16:41 -------- d-----w- c:\program files\McAfee
2009-08-22 18:08 . 2009-01-25 19:12 -------- d-----w- c:\program files\Logitech
2009-08-17 20:55 . 2009-01-24 15:55 -------- d-----w- c:\program files\ASUS
2009-08-17 20:55 . 2009-01-24 15:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 17:23 . 2009-01-24 06:30 87536 -c--a-w- c:\documents and settings\Wes Finlay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 20:12 . 2009-07-19 22:42 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\NCH Swift Sound
2009-08-06 20:08 . 2009-07-20 20:24 -------- d-----w- c:\program files\Audacity
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:21 . 2009-01-25 21:31 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\n-Track Studio
2009-07-28 20:49 . 2009-07-28 20:15 60704 ----a-w- c:\windows\hpwins03.dat
2009-07-28 20:35 . 2009-01-28 20:35 -------- d-----w- c:\program files\HP
2009-07-25 19:59 . 2009-07-08 21:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-25 19:59 . 2009-07-08 21:33 -------- d-----w- c:\program files\AVS4YOU
2009-07-25 19:33 . 2009-07-08 21:33 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\AVS4YOU
2009-07-20 15:59 . 2009-07-19 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl(2)(2).dll
2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 23:32 . 2009-01-24 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-09 17:53 . 2009-01-30 18:42 -------- d-----w- c:\program files\Canon
2009-07-08 21:33 . 2009-07-08 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 15:12 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-27 15:12 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2009-01-24 06:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc(2)(2).dll
2009-01-24 16:12 . 2009-01-24 16:12 8 --sh--r- c:\windows\system32\87359F989B.sys
2009-01-24 17:00 . 2009-01-24 16:12 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Reg Tool"="c:\program files\Reg Tool\Reg Tool.exe" [2009-07-22 37491976]
"AntiMalware"="c:\program files\AntiMalware\AntiMalware.exe" [2009-08-25 37299464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 10:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [1/24/2009 8:55 AM 8960]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/25/2009 1:50 PM 3712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/3/2009 9:43 AM 210216]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [6/19/2009 10:42 AM 45824]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [6/19/2009 10:42 AM 56960]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/24/2009 8:45 AM 1374464]
S3 cpuz132;cpuz132; [x]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [1/24/2009 8:55 AM 11264]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [1/24/2009 8:55 AM 16640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-03 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-03 18:53]

2009-02-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-03 18:53]

2009-01-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 20:01]

2009-09-03 c:\windows\Tasks\Reg Tool Scan.job
- c:\program files\Reg Tool\Reg Tool.exe [2009-07-22 13:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - c:\documents and settings\Wes Finlay\Application Data\Mozilla\Firefox\Profiles\r6zmxzzu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,8e,07,63,90,3d,
0a,63,11,e2,63,26,f1,3f,c8,ff,68,d5,34,b8,c4,46,23,16,74,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,20,55,60,0d,d8,
1a,06,14,6a,9c,d6,61,af,45,84,18,49,e1,e3,21,ce,4e,b5,c5,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,7b,07,1a,10,9c,
07,f9,f5,ff,7c,85,e0,43,d4,0e,fe,bd,c2,32,f2,7a,b9,6f,cf,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,ad,53,e3,78,c2,
8d,ba,e8,86,8c,21,01,be,91,eb,e7,e9,a0,c6,b6,14,d7,06,cc,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,28,12,32,d4,54,
a7,04,3b,f5,1d,4d,73,a8,13,5c,05,78,f7,8a,2c,0c,68,5d,42,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,51,a8,ea,2f,c0,
37,e2,11,df,20,58,62,78,6b,cf,c8,54,ce,f5,82,22,f0,8b,1b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,40,f1,bf,71,9f,
0b,bf,9e,fb,a7,78,e6,12,2f,9a,ea,e1,e6,6a,d5,00,16,44,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e7,e5,45,34,70,
36,06,08,01,3a,48,fc,e8,04,4a,f1,08,89,68,a7,72,c0,a3,61,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,5c,e0,65,e6,9f,
0b,5f,35,f6,0f,4e,58,98,5b,89,c9,f0,48,15,52,29,42,8a,c5,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9b,69,6f,36,e1,
d4,2c,be,3d,ce,ea,26,2d,45,aa,78,5b,ef,01,f4,53,c8,f8,38,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ff,a4,62,9c,4e,
af,b7,05,2a,b7,cc,b5,b9,7f,41,e7,80,ee,aa,40,a8,d0,df,ca,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,cf,9c,0d,bc,3c,
cb,bc,82,6c,43,2d,1e,aa,22,2f,9c,d6,82,15,32,8a,06,1d,80,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-09-03 13:56
ComboFix-quarantined-files.txt 2009-09-03 20:56

Pre-Run: 405,954,912,256 bytes free
Post-Run: 405,897,297,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

304 --- E O F --- 2009-08-28 05:27

[Curly_Jones]

Hello Dave . .
I think I spoke too soon. I rebooted the computer before checking if the i.yimg.com was fixed and unfortunately it is still there . . I think that I did everything in order but being as new to this as I am, I may have missed something . .
When I try to log into Yahoo.com . . I still get the redirect to l.yimg.com . .

Thank you for taking the time . . perhaps I should try again?

Wes

[Transience]

Still a few things to take care of here:

Please go to Add/Remove Programs in your Control Panel (Programs and Features if you are a Vista user). Select and remove the following if present, don't worry if they aren't:

AntiMalware
RegTool
PC MightyMax 2009

Then exit the control panel. Next:

1. Run a ComboFix script

• Copy the entire contents of the code box below to notepad (Start > Programs > Accessories > Notepad).
• Click on File > Save and name the file CFScript.txt. This name is important and must not be changed.
• Change the Save as Type to All Files.
• Save it directly on your desktop.

KillAll::

File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\87359F989B.sys
c:\windows\Tasks\Reg Tool Scan.job

Folder::
c:\documents and settings\Wes Finlay\Application Data\AntiMalware
c:\program files\AntiMalware
c:\documents and settings\Wes Finlay\Application Data\Reg Tool
c:\program files\Reg Tool
c:\documents and settings\Wes Finlay\Application Data\PCMM2009
c:\program files\PC MightyMax 2009

Driver::
87359F989B

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reg Tool"=-
"AntiMalware"=-

SysRst::

Note: If you are not the topic starter, DO NOT download or run this script as it could cause irreversible damage to your computer.

Please note that the same procedure applies to running ComboFix this time as before - disable your protection programs beforehand, close all other programs, don't interrupt it for any reason etc.



Once the script is saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. This will cause ComboFix to start again. Allow it to complete running, following any prompts. Once the program has completed the log should appear automatically, if it doesn't it can be found at C:\ComboFix.txt. Please post the contents of that log in your next reply.

Cheers,
Dave

[Curly_Jones]

Hello Dave . . I'm sorry but I think I may have done something wrong again . . it is still redirecting to l.yimg.com.

When we get this fixed, please know that I am going to send a contribution. I sincerely appreciate your patience and help

Thanks again . . Wes . .

Below is the log.
===================

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,5c,e0,65,e6,9f,
0b,5f,35,f6,0f,4e,58,98,5b,89,c9,f0,48,15,52,29,42,8a,c5,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9b,69,6f,36,e1,
d4,2c,be,3d,ce,ea,26,2d,45,aa,78,5b,ef,01,f4,53,c8,f8,38,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ff,a4,62,9c,4e,
af,b7,05,2a,b7,cc,b5,b9,7f,41,e7,80,ee,aa,40,a8,d0,df,ca,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,cf,9c,0d,bc,3c,
cb,bc,82,6c,43,2d,1e,aa,22,2f,9c,d6,82,15,32,8a,06,1d,80,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1180)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\devldr32.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PSIService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe
c:\progra~1\McAfee\VIRUSS~1\mcvsmap.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-09-05 12:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 19:44
ComboFix2.txt 2009-09-03 20:56

Pre-Run: 405,619,613,696 bytes free
Post-Run: 405,584,052,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

871 --- E O F --- 2009-08-28 05:27

[Curly_Jones]

Hi again . . .2nd one today . . I feel like an old fool . . arrghghg

Below is the complete log . .

Thanks . . Wes
=======
ComboFix 09-09-03.02 - Wes Finlay 09/05/2009 12:37.1.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2868 [GMT -7:00]
Running from: c:\documents and settings\Wes Finlay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wes Finlay\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\87359F989B.sys"
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
"c:\windows\Tasks\Reg Tool Scan.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Wes Finlay\Application Data\AntiMalware
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-28 08-59-340.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-28 10-07-540.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-28 10-12-130.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-28 12-05-390.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-28 20-46-540.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-29 08-10-500.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-29 12-10-270.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-29 21-22-470.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-29 21-27-200.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-29 21-44-230.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-30 08-42-420.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-30 15-54-300.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-08-31 09-00-440.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-01 08-42-090.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-01 17-42-550.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-01 20-02-070.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-02 08-12-190.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-03 09-13-230.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-03 14-06-090.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-03 14-24-060.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-03 14-50-160.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-03 17-48-220.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Logs\2009-09-04 09-39-390.log
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\Results\Spyware.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\spy_ignore.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file0.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file1.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file10.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file11.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file12.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file13.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file14.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file15.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file17.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file18.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file19.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file2.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file3.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file4.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file5.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file6.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file7.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file8.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\file9.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\filelist.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-1.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-10.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-11.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-12.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-13.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-14.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-2.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-3.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-4.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-5.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-6.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-7.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-8.db
c:\documents and settings\Wes Finlay\Application Data\AntiMalware\SpyQuarantineW\2009-08-28 09-00-220\regb-9.db
c:\documents and settings\Wes Finlay\Application Data\PCMM2009
c:\documents and settings\Wes Finlay\Application Data\Reg Tool
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-26 22-19-160.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-26 22-36-060.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-26 22-57-040.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-27 09-10-180.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-27 13-16-550.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-28 08-51-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-28 08-53-480.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-28 10-00-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-28 10-00-020.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-28 10-07-530.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-28 10-12-130.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-28 20-46-530.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-29 08-10-480.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-29 10-00-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-29 10-00-001.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-29 12-10-270.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-29 21-22-460.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-29 21-27-200.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-30 08-42-410.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-30 10-00-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-30 10-00-001.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-30 15-54-270.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-31 09-00-420.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-31 10-00-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-08-31 10-00-001.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-01 08-42-080.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-01 10-00-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-01 10-00-001.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-01 17-42-530.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-01 20-02-060.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-02 08-12-190.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-02 10-00-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-02 10-00-001.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-03 09-13-220.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-03 10-00-000.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-03 10-00-001.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-03 14-06-090.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-03 14-24-060.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-03 17-48-220.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\Logs\2009-09-04 09-39-380.log
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\PCOBackups\2009-08-26 22-31-28.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-1.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-10.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-100.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-101.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-102.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-103.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-104.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-105.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-106.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-107.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-108.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-109.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-11.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-110.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-111.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-112.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-113.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-114.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-115.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-116.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-117.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-118.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-119.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-12.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-120.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-13.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-14.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-15.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-16.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-17.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-18.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-19.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-2.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-20.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-21.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-22.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-23.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-24.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-25.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-26.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-27.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-28.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-29.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-3.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-30.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-31.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-32.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-33.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-34.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-35.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-36.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-37.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-38.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-39.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-4.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-40.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-41.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-42.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-43.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-44.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-45.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-46.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-47.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-48.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-49.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-5.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-50.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-51.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-52.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-53.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-54.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-55.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-56.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-57.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-58.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-59.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-6.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-60.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-61.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-62.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-63.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-64.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-65.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-66.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-67.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-68.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-69.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-7.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-70.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-71.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-72.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-73.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-74.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-75.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-76.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-77.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-78.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-79.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-8.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-80.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-81.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-82.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-83.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-84.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-85.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-86.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-87.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-88.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-89.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-9.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-90.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-91.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-92.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-93.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-94.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-95.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-96.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-97.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-98.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-21-150\regb-99.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file1.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file10.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file11.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file12.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file13.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file14.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file15.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file16.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file17.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file18.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file19.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file2.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file20.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file21.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file22.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file23.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file24.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file25.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file26.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file27.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file28.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file29.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file3.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file30.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file31.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file32.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file33.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file34.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file35.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file36.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file37.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file38.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file39.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file4.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file40.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file41.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file42.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file5.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file6.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file7.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file8.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\file9.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-1.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-10.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-100.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-101.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-102.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-103.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-104.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-105.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-106.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-107.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-108.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-109.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-11.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-110.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-111.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-112.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-113.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-114.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-115.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-116.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-117.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-118.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-119.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-12.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-120.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-121.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-122.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-123.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-124.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-125.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-126.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-127.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-128.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-129.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-13.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-130.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-131.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-132.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-133.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-134.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-135.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-136.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-137.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-138.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-139.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-14.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-140.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-141.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-142.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-143.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-144.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-145.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-146.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-147.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-148.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-149.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-15.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-150.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-151.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-152.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-153.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-154.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-155.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-156.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-157.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-158.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-159.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-16.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-160.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-161.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-162.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-163.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-164.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-165.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-166.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-167.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-168.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-169.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-17.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-170.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-171.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-172.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-173.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-174.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-175.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-176.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-177.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-178.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-179.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-18.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-180.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-181.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-182.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-183.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-184.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-185.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-186.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-187.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-188.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-189.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-19.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-190.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-191.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-192.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-193.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-194.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-195.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-196.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-197.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-198.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-199.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-2.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-20.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-200.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-201.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-202.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-203.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-204.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-205.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-206.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-207.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-208.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-209.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-21.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-210.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-211.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-212.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-213.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-214.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-215.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-216.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-217.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-22.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-23.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-24.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-25.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-26.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-27.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-28.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-29.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-3.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-30.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-31.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-32.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-33.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-34.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-35.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-36.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-37.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-38.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-39.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-4.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-40.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-41.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-42.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-43.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-44.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-45.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-46.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-47.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-48.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-49.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-5.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-50.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-51.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-52.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-53.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-54.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-55.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-56.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-57.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-58.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-59.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-6.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-60.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-61.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-62.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-63.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-64.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-65.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-66.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-67.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-68.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-69.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-7.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-70.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-71.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-72.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-73.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-74.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-75.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-76.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-77.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-78.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-79.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-8.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-80.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-81.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-82.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-83.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-84.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-85.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-86.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-87.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-88.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-89.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-9.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-90.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-91.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-92.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-93.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-94.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-95.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-96.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-97.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-98.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-26 22-30-090\regb-99.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-1.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-10.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-11.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-12.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-13.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-14.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-15.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-16.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-17.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-18.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-19.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-2.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-20.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-21.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-22.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-23.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-24.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-25.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-26.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-27.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-28.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-29.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-3.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-30.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-4.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-5.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-6.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-7.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-8.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-28 10-03-440\regb-9.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-30 10-02-550\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-30 10-02-550\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-09-140\file0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-09-140\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-09-140\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-09-140\regb-1.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-09-140\regb-2.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-09-140\regb-3.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-09-140\regb-4.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-38-510\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-08-31 10-38-510\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-01 10-01-170\file0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-01 10-01-170\file1.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-01 10-01-170\file2.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-01 10-01-170\file3.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-01 10-01-170\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-01 10-01-170\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-01 10-01-170\regb-1.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-02 10-08-320\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-02 10-08-320\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-03 10-01-050\filelist.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\QuarantineW\2009-09-03 10-01-050\regb-0.db
c:\documents and settings\Wes Finlay\Application Data\Reg Tool\spy_ignore.db
c:\program files\PC MightyMax 2009
c:\program files\Reg Tool
c:\program files\Reg Tool\JkDefragLib_sourcecode.zip
c:\program files\Reg Tool\LGPL for Defragger library.txt
c:\windows\system32\87359F989B.sys
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-03 21:22 . 2009-09-03 21:22 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-27 05:44 . 2009-08-27 05:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-27 05:41 . 2009-08-27 05:42 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-27 05:39 . 2009-08-27 05:39 -------- d-----w- c:\windows\system32\URTTEMP
2009-08-27 00:44 . 2009-09-01 02:50 -------- d-----w- c:\program files\World of Warcraft
2009-08-26 23:08 . 2009-08-26 23:08 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\licenses
2009-08-26 22:27 . 2009-08-26 22:27 -------- d-----w- c:\program files\Common Files\Skype
2009-08-26 22:27 . 2009-08-26 22:27 -------- d-----r- c:\program files\Skype
2009-08-25 01:40 . 2009-08-26 22:27 -------- d-----w- c:\program files\Skype(2)
2009-08-25 00:54 . 2009-08-26 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment.eed560f0.temp
2009-08-24 20:53 . 2009-08-26 22:27 -------- d-----w- c:\documents and settings\Wes Finlay\.housecall6.6
2009-08-20 01:30 . 2009-08-26 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment.temp
2009-08-12 23:09 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 05:49 . 2009-08-07 05:49 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 05:49 . 2009-08-07 05:49 -------- d-----w- c:\program files\MSBuild
2009-08-07 05:49 . 2009-08-07 05:49 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 05:48 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 05:48 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 05:48 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 05:48 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 05:48 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 05:48 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 05:48 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 17:43 . 2009-01-27 17:34 -------- d-----w- c:\program files\PokerStars
2009-09-04 06:08 . 2009-01-24 19:47 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\Skype
2009-09-04 03:08 . 2009-01-24 19:48 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\skypePM
2009-09-04 00:53 . 2009-02-03 17:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-02 20:46 . 2009-02-13 00:43 -------- d-----w- c:\program files\Full Tilt Poker
2009-09-01 18:33 . 2009-01-26 20:37 -------- d-----w- c:\program files\DYMO Label
2009-08-30 04:35 . 2009-01-24 15:37 53248 -c--a-w- c:\windows\system32\CSVer.dll
2009-08-29 19:08 . 2009-01-24 15:45 -------- d-----w- c:\program files\VIA
2009-08-29 19:06 . 2009-01-24 15:45 1389056 ----a-w- c:\windows\system32\drivers\monfilt.sys
2009-08-29 19:06 . 2009-01-24 15:45 1374464 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2009-08-29 19:06 . 2009-01-24 15:45 331184 ------w- c:\windows\system32\difxapi.dll
2009-08-29 19:04 . 2009-01-25 16:06 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\Download Manager
2009-08-27 00:44 . 2009-01-24 19:09 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-26 22:30 . 2009-06-22 19:53 -------- d-----w- c:\program files\UltimateBet
2009-08-26 22:30 . 2009-04-12 21:30 -------- d-----w- c:\program files\HighGrow
2009-08-26 22:27 . 2009-01-24 20:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-26 22:27 . 2009-01-24 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-24 18:47 . 2009-02-03 16:41 -------- d-----w- c:\program files\McAfee
2009-08-22 18:08 . 2009-01-25 19:12 -------- d-----w- c:\program files\Logitech
2009-08-17 20:55 . 2009-01-24 15:55 -------- d-----w- c:\program files\ASUS
2009-08-17 20:55 . 2009-01-24 15:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 17:23 . 2009-01-24 06:30 87536 -c--a-w- c:\documents and settings\Wes Finlay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 20:12 . 2009-07-19 22:42 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\NCH Swift Sound
2009-08-06 20:08 . 2009-07-20 20:24 -------- d-----w- c:\program files\Audacity
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:21 . 2009-01-25 21:31 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\n-Track Studio
2009-07-28 20:49 . 2009-07-28 20:15 60704 ----a-w- c:\windows\hpwins03.dat
2009-07-28 20:35 . 2009-01-28 20:35 -------- d-----w- c:\program files\HP
2009-07-25 19:59 . 2009-07-08 21:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-25 19:59 . 2009-07-08 21:33 -------- d-----w- c:\program files\AVS4YOU
2009-07-25 19:33 . 2009-07-08 21:33 -------- d-----w- c:\documents and settings\Wes Finlay\Application Data\AVS4YOU
2009-07-20 15:59 . 2009-07-19 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl(2)(2).dll
2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 23:32 . 2009-01-24 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-09 17:53 . 2009-01-30 18:42 -------- d-----w- c:\program files\Canon
2009-07-08 21:33 . 2009-07-08 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 15:12 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-27 15:12 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2009-01-24 06:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc(2)(2).dll
2009-01-24 17:00 . 2009-01-24 16:12 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 10:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [1/24/2009 8:55 AM 8960]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/25/2009 1:50 PM 3712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/3/2009 9:43 AM 210216]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [6/19/2009 10:42 AM 45824]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [6/19/2009 10:42 AM 56960]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/24/2009 8:45 AM 1374464]
S3 cpuz132;cpuz132; [x]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [1/24/2009 8:55 AM 11264]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [1/24/2009 8:55 AM 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-03 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-03 18:53]

2009-02-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-03 18:53]

2009-01-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - c:\documents and settings\Wes Finlay\Application Data\Mozilla\Firefox\Profiles\r6zmxzzu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,8e,07,63,90,3d,
0a,63,11,e2,63,26,f1,3f,c8,ff,68,d5,34,b8,c4,46,23,16,74,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,20,55,60,0d,d8,
1a,06,14,6a,9c,d6,61,af,45,84,18,49,e1,e3,21,ce,4e,b5,c5,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,7b,07,1a,10,9c,
07,f9,f5,ff,7c,85,e0,43,d4,0e,fe,bd,c2,32,f2,7a,b9,6f,cf,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,ad,53,e3,78,c2,
8d,ba,e8,86,8c,21,01,be,91,eb,e7,e9,a0,c6,b6,14,d7,06,cc,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,28,12,32,d4,54,
a7,04,3b,f5,1d,4d,73,a8,13,5c,05,78,f7,8a,2c,0c,68,5d,42,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,51,a8,ea,2f,c0,
37,e2,11,df,20,58,62,78,6b,cf,c8,54,ce,f5,82,22,f0,8b,1b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,40,f1,bf,71,9f,
0b,bf,9e,fb,a7,78,e6,12,2f,9a,ea,e1,e6,6a,d5,00,16,44,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e7,e5,45,34,70,
36,06,08,01,3a,48,fc,e8,04,4a,f1,08,89,68,a7,72,c0,a3,61,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,5c,e0,65,e6,9f,
0b,5f,35,f6,0f,4e,58,98,5b,89,c9,f0,48,15,52,29,42,8a,c5,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9b,69,6f,36,e1,
d4,2c,be,3d,ce,ea,26,2d,45,aa,78,5b,ef,01,f4,53,c8,f8,38,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ff,a4,62,9c,4e,
af,b7,05,2a,b7,cc,b5,b9,7f,41,e7,80,ee,aa,40,a8,d0,df,ca,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,cf,9c,0d,bc,3c,
cb,bc,82,6c,43,2d,1e,aa,22,2f,9c,d6,82,15,32,8a,06,1d,80,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1180)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\devldr32.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PSIService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe
c:\progra~1\McAfee\VIRUSS~1\mcvsmap.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-09-05 12:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 19:44
ComboFix2.txt 2009-09-03 20:56

Pre-Run: 405,619,613,696 bytes free
Post-Run: 405,584,052,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

871 --- E O F --- 2009-08-28 05:27

[Transience]

Hello -

CF log looks good let's run some final checks.

First we'll clean out your unnecessary temp files to speed up the scans:

1. TFC

• Please download TFC to your desktop.
• Save any work, then close all open windows.
• Double-click TFC to run it, and allow the process to complete, which should not take more than a couple minutes.
• You may or may not be prompted to reboot, if you are click "Yes" and allow the computer to reboot.
• Close TFC when it has completed.

2. Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from here.

Doubleclick (Vista users please right-click Run as Administrator) on mbam-setup.exe to install the program.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end of setup, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Full Scan, then click Scan.
• The scan is different from the quick scan and will take a fairly long time to finish (you can leave it to run and go do something else), please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab.
• Copy & Paste the entire report in your next reply.

3. Kaspersky Online Scan

Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts. A log will appear (JavaRa.log), DO NOT post this log, I have no need for it.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Scan

• Follow this link to the Kaspersky WebScanner
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

So post back with the logs from MBAM and Kaspersky when you have them and give me an update on how the PC is running, and we should have you on your way .

- Dave

[Transience]

Just checking in since it's been a couple days - still need any help on this one?

[Curly_Jones]

Hello Dave,
Whew . . I have learned so much by going through all this with your help.
I can access the Yahoo.com site and my Yahoo mail account. The problem seems to be fixed.
Thank You . . .
Wes

Below are the logs.
=========================

Malwarebytes' Anti-Malware 1.40
Database version: 2754
Windows 5.1.2600 Service Pack 3

9/7/2009 3:34:12 PM
mbam-log-2009-09-07 (15-34-12).txt

Scan type: Full Scan (C:\|V:\|)
Objects scanned: 201554
Time elapsed: 36 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{1BF6DCA8-2788-49BD-B4C1-4C7E8A866C74}\RP305\A0063300.rbf (Rogue.RegTool) -> Quarantined and deleted successfully.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 7, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 08, 2009 01:12:00
Records in database: 2757876
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
V:\

Scan statistics:
Objects scanned: 89992
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 00:49:22


File name / Threat / Threats count
C:\Documents and Settings\Wes Finlay\My Documents\Downloads Passwords\wowmodelview-0.5.08.zip Infected: not-a-virus:AdWare.Win32.AdMedia.ay 1

Selected area has been scanned.

[Transience]

Glad to hear things are running better. Your logs are clean! Congratulations

We have a couple last things to take care of and then you're good to go.

Uninstall ComboFix from your computer:

• Click on Start > Run
• Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
  

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.

• Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
• Click on the CleanUp! button and follow the prompts.
• You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
• After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Here are some tips to reduce the potential for malware infection in the future; I strongly that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, and if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're still clean. Once a week works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

If you don't have a firewall, some great free options you can test out are: Online Armor, Outpost, and Sunbelt. I'd highly recommend that you install one of those. If you do decide to use a 3rd party firewall program, please be sure to disable the Windows firewall as per these instructions so they don't conflict:

• Please click on Start -> Control Panel
• Double click Windows Firewall
• Click Change Settings
• Choose Off to disable Windows Firewall.

Finally, for a great tutorial on how to get the best protection out of your firewall, take a look at this guide.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives: Firefox, Opera, and Google Chrome. All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones: Green to go, Yellow for caution, and Red to stop. Available for Firefox and Internet Explorer.

NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. Available for Firefox only.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article.

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Dave

[Curly_Jones]

Hello Dave,

A quick note to express sincere Thanks. The problem was solved.
After the 15th of September ( Fixed Income here ) I will be using Pay Pal to send a donation in appreciation of your expertise and help.

Again Thank you

Wes

[Transience]

Thanks Wes I appreciate your kind words and donation . It's my pleasure to help.

Cheers,
Dave

[Transience]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.