Redirect Problems San Jose CA

Jack Fischer · Nov 6, 2010

My browser intermittently directs me to unwanted pages when I click a link. It also throws open new windows and goes to unwanted sites when the machine is unattended. Today I tried twice to run DDS as instructed here but both times it started the process and then rebooted Windows XP partway through. I'd be very grateful for any help. -- Jack Fischer

Jack&Jill · Nov 15, 2010

Hello Jack Fischer

,

Sorry for the delay.

If you still need help, please delete the DDS file that you have and download a fresh copy from one of the links below. Please post new DDS logs.

Link 1
Link 2
Link 3

Otherwise, this topic will be closed after 3 days.

Jack Fischer · Nov 16, 2010

I just found your email in my spam folder.:red::red: Please don't close this thread. I'll download a new copy of dds to night and get back to you with results

Thanks!

jack

Jack Fischer · Nov 18, 2010

Redirect Problems in San Jose, CA

I downloaded a new copy of dds as suggested and it did the same thing the old copy did when I tried to run it. It gathers information for a minute or two and then it reboots Windows without generating a file.

What can we try now?

Thanks and best,

jack fischer
san jose, ca

Jack&Jill · Nov 18, 2010

Hello Jack

,

I downloaded a new copy of dds as suggested and it did the same thing the old copy did when I tried to run it. It gathers information for a minute or two and then it reboots Windows without generating a file. What can we try now?

Did a blue screen appear? The reboot must be caused by the automatic restart on system failure setting. We need to change that to be able to gather some information in case it reoccurs.

Reboot your computer and tap on the F8 key repeatedly during startup. A menu will appear.

Select Disable automatic restart on system failure by using the arrow keys and Enter.

Please provide the error message information as shown in the picture when it happens:

The stop error will be always be displayed, but the other information may or may not be available. Just provide whatever is available.

--------------------

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1
Link 2

Scan with OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here.

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here and here.
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
- Uncheck IAT/EAT
- Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
- Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Please post back:
1. the answer to my question about the blue screen
2. error message from the blue screen if it happen again
3. OTL logs (OTL.txt and Extras.txt)
4. GMER result

Jack Fischer · Nov 19, 2010

Redirect Problems in San Jose, CA

I was able to get through all the steps except the last. The GMER application would start running as soon as it was launched and almost immediately crash the system and give me the same error message as when I tried to run DDS.

That error information is as follows:
DRIVER_IRQL_NOT_LESS_OR_EQUAL

TEHCNICAL INFO:

STOP:0x000000D1 (0x0A140017,0x00000005,0x00000000,0xF77C6E3E)

IdeChnDr.sys - Address F77C6E3E base at F77C3000,DateStamp 3bd89c65

Here's the first log:

OTL logfile created on: 11/18/2010 8:35:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.94 Gb Free Space | 26.71% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
PRC - [2010/10/28 08:40:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 08:39:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 15:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 16:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/10 09:39:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/13 01:39:09 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2001/09/23 07:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 14:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE

========== Modules (SafeList) ==========

MOD - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/22 21:28:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
SRV - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 15:10:10 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 10:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 20:21:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/08 20:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/18 20:21:09 | 000,000,000 | ---D | M]

[2010/10/10 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions
[2010/10/10 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions
[2009/08/09 07:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 21:34:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/23 18:36:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml
[2010/02/23 18:38:45 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\bing.xml
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 21:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/12/22 08:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2010/06/05 17:01:14 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab (FilePlanet Download Control Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} http://haserv1.liveglobalbid.com/lgbmpr.cab (LgbMediaPlayer Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349026031 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/04 22:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell - "" = AutoRun
O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6f61693c-091a-11dd-a5a9-00038a000015}\Shell\AutoRun\command - "" = E:\PortableVault.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 20:34:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[2010/11/06 14:50:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/06 14:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/06 14:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/05 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWiSHzone.com
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 20:35:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[2010/11/18 20:32:45 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2010/11/18 20:32:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/18 20:31:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/18 20:30:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/18 20:30:43 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/18 20:21:10 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/18 20:18:57 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2010/11/17 21:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/17 20:14:07 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2010/11/15 21:42:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/13 15:59:43 | 000,249,722 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\att bill wireless and landline.pdf
[2010/11/07 10:41:50 | 000,432,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 10:41:50 | 000,067,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 12:19:16 | 058,025,396 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\avira_antivir_personal_en.zip
[2010/11/04 17:53:49 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 20:14:05 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2010/11/13 15:59:43 | 000,249,722 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\att bill wireless and landline.pdf
[2010/11/06 12:12:21 | 058,025,396 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\avira_antivir_personal_en.zip
[2010/10/24 20:11:23 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/22 07:32:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/07/12 19:47:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
[2007/07/12 19:47:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PICTURM8.ini
[2007/02/26 22:56:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2006/09/13 19:52:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
[2006/09/13 19:44:36 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\svfiles.log
[2006/01/18 18:58:06 | 000,000,681 | ---- | C] () -- C:\WINDOWS\arp.INI
[2006/01/18 17:21:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\dpss.ini
[2006/01/16 22:13:27 | 000,000,395 | ---- | C] () -- C:\WINDOWS\DSSCC.INI
[2005/05/29 23:56:24 | 000,015,409 | ---- | C] () -- C:\WINDOWS\System32\lqmsaaaa.dll
[2005/05/29 13:40:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/29 13:40:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/29 13:40:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/25 20:24:58 | 000,002,640 | ---- | C] () -- C:\WINDOWS\System32\lqkaaaaa.dll
[2005/05/25 20:23:56 | 000,011,304 | ---- | C] () -- C:\WINDOWS\System32\haghkdf.dll
[2005/05/25 19:26:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/25 19:26:06 | 000,108,301 | ---- | C] () -- C:\WINDOWS\System32\comprsvp.dll
[2004/12/16 19:33:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/11/29 22:28:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/06 21:23:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
[2004/10/06 21:23:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
[2004/09/25 22:08:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS1280.ini
[2004/09/12 10:25:40 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/08/16 17:30:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 17:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/30 15:18:38 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/04/14 15:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/04/09 06:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
[2004/03/22 20:44:47 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/03/22 20:44:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ICE.INI
[2004/03/08 19:59:17 | 000,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/02/09 19:36:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/01/27 07:45:49 | 000,108,273 | ---- | C] () -- C:\WINDOWS\System32\autokdll.dll
[2004/01/27 07:45:49 | 000,103,575 | ---- | C] () -- C:\WINDOWS\System32\read87em.dll
[2004/01/27 07:45:47 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\plusideo.dll
[2004/01/10 19:42:03 | 000,050,012 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/08 09:05:51 | 000,110,708 | ---- | C] () -- C:\WINDOWS\System32\mtxo0081.dll
[2004/01/08 09:04:32 | 000,111,252 | ---- | C] () -- C:\WINDOWS\System32\hostgwiz.dll
[2004/01/08 09:01:42 | 000,102,687 | ---- | C] () -- C:\WINDOWS\System32\1252sutb.dll
[2004/01/08 08:57:36 | 000,110,292 | ---- | C] () -- C:\WINDOWS\System32\ltwvodex.dll
[2004/01/08 08:57:23 | 000,103,708 | ---- | C] () -- C:\WINDOWS\System32\vbamgnt5.dll
[2004/01/05 21:18:58 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2004/01/05 19:34:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/01/05 19:07:42 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/05 17:31:34 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/05 00:39:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
[2004/01/04 22:43:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/01/04 22:43:20 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/01/04 22:43:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/01/04 22:43:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/04 22:32:37 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\lsasqdv.dll
[2004/01/04 22:18:14 | 000,103,103 | ---- | C] () -- C:\WINDOWS\System32\esenonui.dll
[2004/01/04 14:00:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/04 13:59:55 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\noisshrm.dll
[2004/01/04 13:59:51 | 000,103,475 | ---- | C] () -- C:\WINDOWS\System32\freebteg.dll
[2003/11/03 15:38:02 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/08/18 04:00:00 | 000,110,736 | ---- | C] () -- C:\WINDOWS\System32\msv1arp.dll
[2001/08/18 04:00:00 | 000,109,089 | ---- | C] () -- C:\WINDOWS\System32\kbdcela3.dll
[2001/08/18 04:00:00 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\ntshpi32.dll
[2001/08/18 04:00:00 | 000,105,666 | ---- | C] () -- C:\WINDOWS\System32\msexjsel.dll
[2001/08/18 04:00:00 | 000,105,321 | ---- | C] () -- C:\WINDOWS\System32\msh2pgrd.dll
[2001/08/18 04:00:00 | 000,104,363 | ---- | C] () -- C:\WINDOWS\System32\wshoepad.dll
[2001/08/17 14:36:34 | 000,111,008 | ---- | C] () -- C:\WINDOWS\System32\javax11n.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
[2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
[2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
[2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
[2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
[2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
[2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
[2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
[2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
[2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
[2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
[2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
[2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
[2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

========== Purity Check ==========

< End of report >

second log to follow in separate message.

Jack Fischer · Nov 19, 2010

Redirect Problems in San Jose, CA

extras log:

OTL Extras logfile created on: 11/18/2010 8:35:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.94 Gb Free Space | 26.71% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet

isabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled

xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0C3831BF-D6CA-43A1-B32D-9A0CCCF9DD9E}" = Tunebite
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{146ED22B-BC11-4017-BBE8-E393848AA92A}" = MUSICMATCH iPod Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37306C0F-1248-4C2E-9B86-E964AAA81101}" = Minolta DiMAGE Scan Dual3 ver 1.0
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6392127-1223-4C7F-BBC8-87CCB449F96C}" = ArcSoft WebCam Companion 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D94B11F6-EDA8-466D-9E0F-5D49DED06FA0}" = ArcSoft Magic-i 3
"{DB978C71-BB58-4F94-AE95-18C119196937}" = ICC Color Profiles
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAE92D24-1E4B-4B3B-894D-622E942939DA}" = Google Desktop Plugin - eBay Watcher
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
"3DGroove" = 3D Groove Playback Engine
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"Avery Wizard 2.1 MSW10" = Avery® Wizard 2.1 for Microsoft® Word 2002
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Elf Bowling 3" = Elf Bowling 3 (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
"InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QTRgui" = QTRgui
"Real Estate Transaction Viewer" = Real Estate Transaction Viewer
"RealPlayer 6.0" = RealPlayer
"REAP LITE" = REAP LITE
"Shockwave" = Shockwave
"Shutterfly Plugin" = Shutterfly Plugin
"Sierra Uninstall" = Sierra On-Line Games (Remove only)
"Silent Package Run-Time Sample" = EPSON PictureMate User's Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 6:36:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4624687

Error - 10/19/2010 6:36:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4624687

Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4628078

Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4628078

Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4630031

Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4630031

Error - 10/24/2010 4:23:09 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3937, faulting
module xul.dll, version 1.9.2.3937, fault address 0x00720448.

Error - 10/24/2010 4:23:18 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3937, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 11/6/2010 12:55:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 11/6/2010 12:55:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/6/2010 3:22:15 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

Error - 11/6/2010 4:05:34 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

Error - 11/6/2010 4:09:53 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 11/6/2010 4:09:53 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/11/2010 1:47:28 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The MgiSvr service has reported an invalid current state 32.

Error - 11/13/2010 4:44:00 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.9 for the Network Card with network
address 00055D371377 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/18/2010 12:14:22 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

Error - 11/19/2010 12:22:05 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

< End of report >

What's next?

Best,

jack

Jack&Jill · Nov 20, 2010

Hello Jack

,

Is this a business computer?

Validate Windows

Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

Please download CKScanner© by askey127 and save to your desktop. Click here.
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please download Rootkit Unhooker and save it to your desktop. Click here.

Extract the file to the desktop using 7-Zip or a suitable archive utility that handles RAR files.
Double click on RkU3.8.388.590.exe to run the installer and follow the steps accordingly.
Once complete, start Rookit Unhooker by going to Start > All Programs >, then Rookit Unhooker LE and click on RkU.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):
- Drivers
- Stealth Code
- Files
- Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the answer to my question about your computer
2. MGADiag result
3. CKScanner log
4. the Rookit Unhooker log

Jack Fischer · Nov 20, 2010

Redirect Problems in San Jose, CA

Okay, did it all!

:

It is a home computer, not a business computer. Here is the MGADiag result:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.17.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1078081533-688789844-1801674531</SID><SYSTEM><Manufacturer>Dell Computer Corporation </Manufacturer><Model>DIM4400 </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20020108000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>14E03EAF0184C06E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57456</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840

ell Inc|112F5

ell Inc|112F5:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

And here is CKScanner file. All it generated was this:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

And, last, here is the RKU report. The program wouldn't let me "save report." It was grayed out. But it had a quick report option and this is what it generated. It's way shorter than the full list the program generated:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80570833-->F2F55E96 [Unknown module filename]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x80587A3C-->F2F55E8C [Unknown module filename]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595316-->F2F55E9B [Unknown module filename]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D64-->F2F55EA5 [Unknown module filename]
ntoskrnl.exe-->NtLoadKey, Type: Address change 0x805AEE7B-->F2F55EAA [Unknown module filename]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805719AC-->F2F55E78 [Unknown module filename]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->F2F55E7D [Unknown module filename]
ntoskrnl.exe-->NtReplaceKey, Type: Address change 0x8064F446-->F2F55EB4 [Unknown module filename]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->F2F55EAF [Unknown module filename]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->F2F55EA0 [Unknown module filename]

What's next?

:

Thanks and best,

jack

Jack&Jill · Nov 21, 2010

Hello Jack

,

The Microsoft Office Professional Edition 2003 on your computer is a non-genuine copy. It was installed with a now blocked Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, that is more installations of XP using that key than authorized.
A VL Product Key is non-transferable to individuals.

Please read the fourth post of the Forum Rules .

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Have a read here to see if you qualify for Genuince Office Offer. As an alternative, you can also try OpenOffice.

Jack Fischer · Nov 22, 2010

I had no idea that the Office suite was not the real thing. I purchased it several years ago on Ebay and there was nothing in the packaging or anything else that would make anyone suspicious. I'm sure I can no longer find that vendor, so I'm out the software, I guess. I'm download open office and see if it does what I need.

I'm on a different machine now, but I'll take the Microsoft version it off later and let you know. You'll need to tell me how you want to check it so we can proceed.

jack

Jack&Jill · Nov 22, 2010

Hello Jack

,

Please run MGADiag again and post back the new results after you have addressed the issue.

Jack Fischer · Nov 23, 2010

Redirect Problems in San Jose, CA

Okay, Office 2003 removed and here's the diag file:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.17.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1078081533-688789844-1801674531</SID><SYSTEM><Manufacturer>Dell Computer Corporation </Manufacturer><Model>DIM4400 </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20020108000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>14E03EAF0184C06E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840

ell Inc|112F5

ell Inc|112F5:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

What's next? I assume we're still in the diagnosing stage. We're still having the redirect problem.

Thanks!

jack

Jack&Jill · Nov 23, 2010

Hello Jack

,

What's next? I assume we're still in the diagnosing stage. We're still having the redirect problem.

Yes, you are right. I need you to address Office issue before I can continue. Thanks for adhering to our rules.

--------------------

The Rookit Unhooker log that you posted earlier is incomplete due to you saving the Quick Report while it was scanning. Please run it again, read carefully the steps and follow them closely. You may need to wait a bit for the prompt to select disk for scan.

Rerun Rookit Unhooker

Start Rookit Unhooker by going to Start > All Programs >, then Rookit Unhooker LE and click on RkU.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):
- Drivers
- Stealth Code
- Files
- Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the Rookit Unhooker log

Jack Fischer · Nov 25, 2010

Redirect Problems in San Jose, CA

I followed your directions carefully and even let Root kit run all night to be sure it was done, but it would not let me save the report. The save report option was grayed out and I could only use the quick report option, which is what I posted last time. Is it possible that the malware prevents its proper operation? And what next? Do you have advice to save the report?

Thanks!

jack

Jack&Jill · Nov 25, 2010

Hello Jack

,

Please try running Rookit Unhooker in Safe Mode. You might want to print out the instructions for the Rookit Unhooker steps.

Restart in Safe Mode

Reboot your computer and tap on the F8 key repeatedly during startup.
A menu will appear. Select to start Windows in Safe Mode by using the arrow keys. Click here for tutorial on how to boot up in Safe Mode if you need help.

Please post back the result.

Jack Fischer · Nov 26, 2010

Redirect Problems in San Jose, CA

I think I found the problem I was having with the Rootkit Unhooker software. When it finishes scanning, it switches from the report tab to the tab that is open when you launch the software. And when you're on that tab, you can't generate the report. I switched back to the report tab and was able to save the results. See how this looks:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF76ED000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6245000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 552960 bytes (Conexant Systems, WinACHSF driver)
0xEB2C6000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xEC17D000 C:\WINDOWS\System32\DRIVERS\v124nt.sys 491520 bytes (Conexant Systems, V124NT driver)
0xEB3A8000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6182000 C:\WINDOWS\system32\drivers\smwdm.sys 417792 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEB60A000 C:\WINDOWS\System32\DRIVERS\k56nt.sys 393216 bytes (Conexant Systems, K56NT driver)
0xF5976000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEB48D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEC26A000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvaa.dll 319488 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF6315000 C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys 299008 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xEB169000 C:\WINDOWS\System32\DRIVERS\fallback.sys 290816 bytes (Conexant Systems, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEBCC3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEC239000 C:\WINDOWS\System32\DRIVERS\faxnt.sys 200704 bytes (Conexant Systems, FaxNT driver)
0xF7820000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEB0B3000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF76C0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEB418000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEB465000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF621F000 C:\WINDOWS\System32\DRIVERS\AmosNt.SYS 155648 bytes (Conexant Systems, AmosNT driver)
0xEB382000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEB98A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF615E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF62DD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEB35F000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF61E8000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB443000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF77A3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77F0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEB341000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xEB14C000 C:\WINDOWS\System32\DRIVERS\fsksnt.sys 118784 bytes (Conexant Systems, FSKsNT driver)
0xF76A6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF77D8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF777A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5AAD000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEB28B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xEB2A0000 C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys 86016 bytes
0xF77C3000 IdeChnDr.sys 86016 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xEB1FE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF620B000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6301000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEB4E6000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7791000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF62CC000 C:\WINDOWS\System32\DRIVERS\basic2.sys 69632 bytes (Conexant Systems, NTRksample driver)
0xEBB16000 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF780F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5A9C000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEB2B5000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7A2F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF799F000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF78CF000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7A0F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEEBD6000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A4F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A3F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF79EF000 C:\WINDOWS\System32\DRIVERS\rksample.sys 61440 bytes (Conexant Systems, Rksample WDM driver)
0xF427C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEF51F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF42AC000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF78DF000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF78AF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79FF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A6F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A5F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xEB535000 C:\WINDOWS\System32\DRIVERS\tonesnt.sys 53248 bytes (Conexant Systems, TonesNT driver)
0xF788F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xEF50F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF6858000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78EF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xEEBF6000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A1F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF787F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6868000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6828000 C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 45056 bytes (RapidSolution Software AG, Intermediate Filter Driver)
0xF78BF000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\SOAR.SYS 45056 bytes (Conexant Systems, Soar driver)
0xF786F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF42CC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEB5A2000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF6838000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF789F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEF52F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6848000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF29C000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEB741000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF79CF000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEEBE6000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C57000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEF94D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEF1CF000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7C4F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7C77000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEF602000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xEF5FA000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xEF5F2000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 28672 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF7AFF000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEF1D7000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7B07000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7C6F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7C67000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7C5F000 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xEF1DF000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7B0F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEF95D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEF96D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xEF955000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AF7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B7F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B87000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7B77000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7C47000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEF5EA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys 16384 bytes (ArcSoft, Inc., ArcSoft Magic-i Driver)
0xF7C83000 IdeBusDr.sys 16384 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xF7D0F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF5A8C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF3723000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF766A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7662000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEFCE4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEF37B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF766E000 C:\WINDOWS\System32\DRIVERS\IPFilter.sys 12288 bytes (Microsoft Corporation, Microsoft IntelliPoint)
0xEF377000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6C97000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF373F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF3737000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xEB757000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7D81000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D7F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D83000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DBF000 C:\WINDOWS\System32\DRIVERS\msikbd2k.sys 8192 bytes (Netropa Corporation, Multimedia Keyboard Driver for Windows 2000)
0xF7DFB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D85000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7DDF000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DC1000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D71000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F10000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xEE623000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEEA41000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7F0E000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)

Jack Fischer · Nov 27, 2010

Redirect Problems in San Jose, CA

Here's another, more recent, that I just ran. It seems longer, so I'd study this one. --jack

First half:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF76ED000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6245000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 552960 bytes (Conexant Systems, WinACHSF driver)
0xEB2C6000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xEC17D000 C:\WINDOWS\System32\DRIVERS\v124nt.sys 491520 bytes (Conexant Systems, V124NT driver)
0xEB3A8000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6182000 C:\WINDOWS\system32\drivers\smwdm.sys 417792 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEB60A000 C:\WINDOWS\System32\DRIVERS\k56nt.sys 393216 bytes (Conexant Systems, K56NT driver)
0xF5976000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEB48D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEC26A000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvaa.dll 319488 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF6315000 C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys 299008 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xEB169000 C:\WINDOWS\System32\DRIVERS\fallback.sys 290816 bytes (Conexant Systems, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEBCC3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEC239000 C:\WINDOWS\System32\DRIVERS\faxnt.sys 200704 bytes (Conexant Systems, FaxNT driver)
0xF7820000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEB0B3000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF76C0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEB418000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEB465000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF621F000 C:\WINDOWS\System32\DRIVERS\AmosNt.SYS 155648 bytes (Conexant Systems, AmosNT driver)
0xEB382000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEB98A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF615E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF62DD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEB35F000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF61E8000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB443000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF77A3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77F0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEB341000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xEB14C000 C:\WINDOWS\System32\DRIVERS\fsksnt.sys 118784 bytes (Conexant Systems, FSKsNT driver)
0xF76A6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF77D8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF777A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5AAD000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEB28B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xEB2A0000 C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys 86016 bytes
0xF77C3000 IdeChnDr.sys 86016 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xEB1FE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF620B000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6301000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEB4E6000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7791000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF62CC000 C:\WINDOWS\System32\DRIVERS\basic2.sys 69632 bytes (Conexant Systems, NTRksample driver)
0xEBB16000 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF780F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5A9C000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEB2B5000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7A2F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF799F000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF78CF000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7A0F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEEBD6000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A4F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A3F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF79EF000 C:\WINDOWS\System32\DRIVERS\rksample.sys 61440 bytes (Conexant Systems, Rksample WDM driver)
0xF427C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEF51F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF42AC000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF78DF000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF78AF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79FF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A6F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A5F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xEB535000 C:\WINDOWS\System32\DRIVERS\tonesnt.sys 53248 bytes (Conexant Systems, TonesNT driver)
0xF788F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xEF50F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF6858000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78EF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xEEBF6000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A1F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF787F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6868000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6828000 C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 45056 bytes (RapidSolution Software AG, Intermediate Filter Driver)
0xF78BF000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\SOAR.SYS 45056 bytes (Conexant Systems, Soar driver)
0xF786F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF42CC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEB5A2000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF6838000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF789F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEF52F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6848000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF29C000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEB741000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF79CF000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEEBE6000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C57000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEF94D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEF1CF000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7C4F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7C77000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEF602000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xEF5FA000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xEF5F2000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 28672 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF7AFF000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEF1D7000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7B07000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7C6F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7C67000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7C5F000 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xEF1DF000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7B0F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEF95D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEF96D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xEF955000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AF7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B7F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B87000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7B77000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7C47000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEF5EA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys 16384 bytes (ArcSoft, Inc., ArcSoft Magic-i Driver)
0xF7C83000 IdeBusDr.sys 16384 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xF7D0F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF5A8C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF3723000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF766A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7662000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEFCE4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEF37B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF766E000 C:\WINDOWS\System32\DRIVERS\IPFilter.sys 12288 bytes (Microsoft Corporation, Microsoft IntelliPoint)
0xEF377000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6C97000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF373F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF3737000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xEB757000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7D81000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D7F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D83000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DBF000 C:\WINDOWS\System32\DRIVERS\msikbd2k.sys 8192 bytes (Netropa Corporation, Multimedia Keyboard Driver for Windows 2000)
0xF7DFB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D85000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7DDF000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DC1000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D71000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F10000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xEE623000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEEA41000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7F0E000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Config.Msi
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat(2)
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL Downloads\updateni_setup90
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\AOL Spyware Protection
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\OptScan
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\toaster\aol.activeupdate
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\toaster\aol.aspApp
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.26.13
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.1.13
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.2.7
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\AppleApplicationSupport 1.1.0
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\ArcSoft
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\CanonBJ
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Citrix
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Google
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Google Updater
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\GTek
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\10696
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Cache\Qps
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\0647a1f9a55c283c5bf2cbdd01f1
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\WIA
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MSN6
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-20-2009-19h40m32s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-20-2009-19h40m40s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-20-2009-19h40m47s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-21-2009-09h45m48s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-19-2009-07h59m28s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-19-2009-07h59m31s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-19-2009-07h59m33s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-20-2009-08h30m07s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\11-10-2008-17h29m09s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\11-10-2008-17h29m11s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\11-10-2008-17h29m19s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-10-2008-20h46m10s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-08h15m58s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-08h16m33s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h01m21s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h01m39s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h01m47s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h04m17s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h04m26s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h04m32s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\00000082
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Pure Networks
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\EncodingBackend
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\StandardProfiles\Restrictions
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\UserProfiles
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Documents\D-Link docs
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\My Playlists
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists
!-->[Hidden] C:\Documents and Settings\All Users\DRM\Cache
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Studio
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\AOL Instant Messenger
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Magic-i 3
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft WebCam Companion 2
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Avery Products
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Avira
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP1800 series
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Chessmaster 9000
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\FreshDevices
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Google Updater
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\iPod
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\NStorm
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Real Estate Transaction Viewer
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Safari
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Shutterfly
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ubi.com
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
!-->[Hidden] C:\Documents and Settings\BB443B11-7D12-450c-9F85-2D32804655F9
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\.limewire\themes\classic_theme
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\AdobeAUM
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\Collab
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\JavaScripts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\Preferences
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\Updater
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\9.0\JavaScripts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\CameraRaw
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Color
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\ESD
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\FileBrowser
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\ImageReady
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop Album\3.0\browserCache
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop Album\3.0\OLS\sessions
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop\9.0\Adobe Photoshop CS2 Settings\WorkSpaces
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Plugins
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Updater
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Workflow
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\AOL
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Apple Computer\QuickTime
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\ArcSoft Magic-i
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\ArcSoft Registration
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\ArcSoft WebCam Companion
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\log
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\GTek
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Lavasoft
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\a.blip.tv\scripts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\a.espncdn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\aa.online-metrix.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\admin.brightcove.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\adsatt.espn.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espntv\2009\ESPNGuideLoader_10.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espnvideo\mpf32\prod\r_3_2_0_10\ESPN_Player.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espnvideo\mpf32\prod\r_3_2_0_12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espnvideo\mpf32\prod\r_3_2_0_13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.newsinc.com\[[IMPORT]]
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cache.vindicosuite.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn-akm.vmixcore.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn-video.adconion.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn.abclocal.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn.gourmandia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn2.telemetryverification.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\d1.scribdassets.com\ScribdViewer.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\galleries.payserve.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\grfx.cstv.com\#gametracker
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\grfx.cstv.com\flash
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\grfx.cstv.com\[[IMPORT]]
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\i.cdn.turner.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\images.ibsys.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\img.widgets.video.s-msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\kiks.yandex.ru
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\media1.break.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\msnbcmedia.msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\pfiles.5min.com\FlexPlayers\SmartPlayer_141.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\player.cdn.targetspot.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\pvs.gotuit.com\4.2
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\pvs.gotuit.com\turner_si
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\secure.harryreid.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\static.awempire.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\static.foxsports.com\content\fscom\flash\2010\09\23
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\webdata2.vidz.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.analyticnet.info\analytics
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.blogtalkradio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.caforward.org
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.directorslive.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.mevio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.pornkeeper.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.stormmedia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.theonion.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.espncdn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aa.online-metrix.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adsatt.espn.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.newsinc.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.vindicosuite.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-video.adconion.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.abclocal.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gourmandia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn2.telemetryverification.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d1.scribdassets.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#galleries.payserve.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#grfx.cstv.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i.cdn.turner.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images-na.ssl-images-amazon.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.ibsys.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.widgets.video.s-msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kiks.yandex.ru
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mauthstudios.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.break.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.clubpenguin.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#msnbcmedia.msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#my.screenname.aol.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.cdn.targetspot.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pvs.gotuit.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure.harryreid.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.awempire.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#webdata2.vidz.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.am600kogo.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.analyticnet.info
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.blogtalkradio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.caforward.org
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.directorslive.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.getscorecash.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mevio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pornkeeper.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.stormmedia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Shockwave Player
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Clip Organizer
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\CLR Security Config\v2.0.50727.42
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Excel
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Forms
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Media Player
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Office\Actors
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Speech\Files\UserLexicons
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Templates\Avery
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Move Networks\QMCache00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Move Networks\temp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\MozillaControl\profiles\MozillaControl\6yqfsoyv.slt
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\MSN6
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\Msg
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\DRM
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\ErrorLogs
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\library
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\skins\data
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Skype\Content
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Skype\jack.fischer321\chatsync\c8
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\jre1.6.0_11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\jre1.6.0_14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Talkback
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}\chrome
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}\defaults
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\Mail\Local Folders\Piezography.sbd
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\minidumps
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\vlc
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\You've Got Pictures Screensaver\PictureDir
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\antique bottle
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\AOL Saved PFC
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\Downloads
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\image0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\Unused Desktop Shortcuts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\Win32
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Favorites\Adobe Studio
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Favorites\Microsoft Websites
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Favorites\Real Estate
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Acrobat\7.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Acrobat\9.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Fonts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Reader 9.1
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\TypeSpt
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Updater6
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\02
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\09
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\07
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\09
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\07
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\07
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\02
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\ArcSoft
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Citrix
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Google\Google Desktop\b277f1ec2a0f\icons
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Google\Google Desktop\b277f1ec2a0f\safeweb
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Graboid
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Graboid_Inc
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Learn2.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Feeds
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Feeds Cache
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Internet Explorer\Services
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Media Player
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\OFFICE\12.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Windows Live OneCare safety scanner\BackUp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Windows Media\10.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Windows Media\11.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\Cache\FCCC8CF8d01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\RapidSolution\Tunebite_2009\Log\EncodingBackend
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\RapidSolution\Tunebite_2009\Log\EncodingProfiles
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\WMTools Downloaded Files
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\History\History.IE5\MSHist012010110120101108
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\183.tmp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\7.dir
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\A.dir
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\MFPrint_PCL5c_3812
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-20
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-21
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-22
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-23
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-24
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-9
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\WER08d2.dir00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\WER0c1f.dir00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\WER2e2f.dir00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\~nsu.tmp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My

Jack Fischer · Nov 27, 2010

Redirect Problems in San Jose, CA

Second half:

Documents\AdobeStockPhotos
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Art
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\BirthdayCandlesMain
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Chessmaster 9000
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\download
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\filelib
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\My Downloads
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\My Google Gadgets
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\My Pictures\Adobe
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\sculpture
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Updater
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\vim
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\WebCam Albums
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\WebCam Media
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1986
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1987
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1988
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1989
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1990
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1991
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1992
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1993
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1994
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1995
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1996
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1997
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1998
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1999
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2000
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2001
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2002
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2003
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2004
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2005
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2006
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\Jack
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Books
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Mailing labels
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Paul estate business
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Rental properties
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\NetHood\c on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\NetHood\My Documents on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\NetHood\SharedDocs on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\PrivacIE
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\c on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\john's docs on 1.7 GHz Celeron, 256 MB DDR, 60GB (Johns)
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\My Documents on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\temp on 1.7 GHz Celeron, 256 MB DDR, 60GB (Johns)
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\temp on 1.7 GHz Celeron, 256 MB DDR, 60GB (Johns) (2)
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\Accessories\System Tools
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\Jack
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\QuadToneRIP
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\REAP LITE
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Microsoft\HTML Help
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Symantec
!-->[Hidden] C:\Documents and Settings\LocalService\Desktop
!-->[Hidden] C:\Documents and Settings\LocalService\IETldCache
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\LocalService\My Documents
!-->[Hidden] C:\Documents and Settings\NetworkService\IETldCache
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\epson
!-->[Hidden] C:\Graphs
!-->[Hidden] C:\hegames
!-->[Hidden] C:\My Downloads\grc
!-->[Hidden] C:\Netgear
!-->[Hidden] C:\Program Files\3DGroove
!-->[Hidden] C:\Program Files\Actiontec
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\ActiveX
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Esl
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Help
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Reader
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Resource
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Update
!-->[Hidden] C:\Program Files\Adobe\Adobe Stock Photos\Help
!-->[Hidden] C:\Program Files\Adobe\Adobe Stock Photos\Resources\da_DK
!-->[Hidden] C:\Program Files\Adobe\Adobe Studio
!-->[Hidden] C:\Program Files\Adobe\Photoshop 7.0
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Browser
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\IDTemplates
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Javascripts
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Legal
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Optional
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annotations
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Tracker
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\CMap
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\Font
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\SaslPrep
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\TypeSupport
!-->[Hidden] C:\Program Files\AIM
!-->[Hidden] C:\Program Files\Amazon
!-->[Hidden] C:\Program Files\Apple Software Update\plugins
!-->[Hidden] C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources
!-->[Hidden] C:\Program Files\ArcSoft\Magic-i 3
!-->[Hidden] C:\Program Files\Audible\Bin\HTML
!-->[Hidden] C:\Program Files\Avery Wizard
!-->[Hidden] C:\Program Files\Avira\AntiVir Desktop\EVENTDB
!-->[Hidden] C:\Program Files\Avira\AntiVir Desktop\FAILSAFE
!-->[Hidden] C:\Program Files\CanonBJ
!-->[Hidden] C:\Program Files\CASIO
!-->[Hidden] C:\Program Files\Citrix\GoToAssist
!-->[Hidden] C:\Program Files\Citrix\icaweb32
!-->[Hidden] C:\Program Files\Common Files\Adobe\Calibration
!-->[Hidden] C:\Program Files\Common Files\Adobe\Color\Profiles
!-->[Hidden] C:\Program Files\Common Files\Adobe\Color\Settings
!-->[Hidden] C:\Program Files\Common Files\Adobe\Fonts
!-->[Hidden] C:\Program Files\Common Files\Adobe\Legal
!-->[Hidden] C:\Program Files\Common Files\Adobe\PDFL
!-->[Hidden] C:\Program Files\Common Files\Adobe\TypeSpt\Unicode
!-->[Hidden] C:\Program Files\Common Files\Adobe\Updater6
!-->[Hidden] C:\Program Files\Common Files\Adobe\Web
!-->[Hidden] C:\Program Files\Common Files\Adobe\Workflow
!-->[Hidden] C:\Program Files\Common Files\AOL\AOL Spyware Protection
!-->[Hidden] C:\Program Files\Common Files\AOL\Screensaver
!-->[Hidden] C:\Program Files\Common Files\AOL\System Information
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServicesUI.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\doc
!-->[Hidden] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\UI
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Professional
!-->[Hidden] C:\Program Files\Common Files\Java
!-->[Hidden] C:\Program Files\Common Files\Logitech
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1025
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1028
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1031
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1036
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1040
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1041
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1042
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2052
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\3082
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\OFFICE12
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\VC
!-->[Hidden] C:\Program Files\Common Files\Nullsoft\ActiveX\2.0
!-->[Hidden] C:\Program Files\Common Files\PC Tools
!-->[Hidden] C:\Program Files\Common Files\PocketSoft
!-->[Hidden] C:\Program Files\Common Files\Real\GToolbar
!-->[Hidden] C:\Program Files\Common Files\xing shared
!-->[Hidden] C:\Program Files\CONEXANT
!-->[Hidden] C:\Program Files\DivX
!-->[Hidden] C:\Program Files\DS_Dual3\EasyScan\Progress
!-->[Hidden] C:\Program Files\DS_Dual3\Prefs\Calibration
!-->[Hidden] C:\Program Files\DS_Dual3\Prefs\EasyScan
!-->[Hidden] C:\Program Files\DS_Dual3\Prefs\standard
!-->[Hidden] C:\Program Files\EPSON Software
!-->[Hidden] C:\Program Files\EPSON\EPSON CardMonitor
!-->[Hidden] C:\Program Files\EPSON\EPSON PictureMate
!-->[Hidden] C:\Program Files\EPSON\guide
!-->[Hidden] C:\Program Files\EPSON\PrinterDriverTemp\PMATE
!-->[Hidden] C:\Program Files\EPSON\PrinterDriverTemp\SC60
!-->[Hidden] C:\Program Files\EPSON\PrinterDriverTemp\SP1280
!-->[Hidden] C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\FreshDevices
!-->[Hidden] C:\Program Files\GameSpy Arcade
!-->[Hidden] C:\Program Files\Google\Chrome
!-->[Hidden] C:\Program Files\Google\Common
!-->[Hidden] C:\Program Files\Google\CrashReports
!-->[Hidden] C:\Program Files\Google\Google Desktop Search
!-->[Hidden] C:\Program Files\Google\Google Toolbar
!-->[Hidden] C:\Program Files\Google\Google Updater
!-->[Hidden] C:\Program Files\Google\GoogleToolbarNotifier
!-->[Hidden] C:\Program Files\Google\Update
!-->[Hidden] C:\Program Files\Griffin Technology
!-->[Hidden] C:\Program Files\HarvEX
!-->[Hidden] C:\Program Files\Hewlett-Packard
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{146ED22B-BC11-4017-BBE8-E393848AA92A}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{3CB41017-F5CA-4C56-934C-ED02156251E6}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{B9987754-9A14-4B61-ABB3-73A79503238D}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{D94B11F6-EDA8-466D-9E0F-5D49DED06FA0}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{DB978C71-BB58-4F94-AE95-18C119196937}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}
!-->[Hidden] C:\Program Files\Internet Explorer\en-US
!-->[Hidden] C:\Program Files\iPod\iPod for Windows User guide
!-->[Hidden] C:\Program Files\iPod\Updater_2.0.1
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\fi.lproj\WelcomeWindow.nib
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\fr.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\it.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\ja.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\ko.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\nb.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\nl.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\pl.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\pt.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\ru.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\sv.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunesHelper.Resources
!-->[Hidden] C:\Program Files\iTunes\iTunesMiniPlayer.Resources
!-->[Hidden] C:\Program Files\iTunes\Mozilla Plugins
!-->[Hidden] C:\Program Files\KODAK
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\InitData
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3e36
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3e54
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3ef0
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3f17
!-->[Hidden] C:\Program Files\Microsoft Games
!-->[Hidden] C:\Program Files\Microsoft Office\Office12
!-->[Hidden] C:\Program Files\Microsoft Silverlight
!-->[Hidden] C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\Mozilla Firefox\dictionaries
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome
!-->[Hidden] C:\Program Files\Mozilla Firefox\modules
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\dictionaries
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\isp
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\modules
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\res\fonts
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\res\html
!-->[Hidden] C:\Program Files\MSECache
!-->[Hidden] C:\Program Files\MsnMusic
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\install
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\oobe
!-->[Hidden] C:\Program Files\MSXML 4.0
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\CDArt
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\Plugins\Portables\Apple_2
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\Skins\Apple iPod
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\Skins\Phoenix
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB.tmp
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB\Images
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB\sonic
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB\WMFDist9_5
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB_\partitions
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\UPSELL\.castanet
!-->[Hidden] C:\Program Files\Nstorm
!-->[Hidden] C:\Program Files\PixiePack Codec Pack
!-->[Hidden] C:\Program Files\PopCap Games
!-->[Hidden] C:\Program Files\Pure Networks
!-->[Hidden] C:\Program Files\QuadToneRIP\icc
!-->[Hidden] C:\Program Files\QuadToneRIP\Profiles
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9500-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9600
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9600-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad980
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9800
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9800-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9880
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadEX
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR1800
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR1800-3MK
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR1800-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR200-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR200-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR220-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR220-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR2400
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR2400-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR260
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR260-MIS
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR280
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR280-MIS
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR300-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR300-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR320-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR320-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR340-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR340-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR380
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR380-MIS
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR800
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR800-3MK
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR800-K7
!-->[Hidden] C:\Program Files\QuickTime\Plugins
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\Real\RealPlayer\cache_db
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Formats
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GPFeat
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Help
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\howto
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\keywords
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\library
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Login
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\mstore
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\musicguide
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\prefs
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Radio
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\search
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\sendlink
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\web
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\webresources
!-->[Hidden] C:\Program Files\Real\RealPlayer\Firstrun
!-->[Hidden] C:\Program Files\Real\RealPlayer\Producer
!-->[Hidden] C:\Program Files\REAPLITE
!-->[Hidden] C:\Program Files\Safari\PubSub.resources\Framework\pt.lproj
!-->[Hidden] C:\Program Files\Safari\PubSub.resources\pt.lproj
!-->[Hidden] C:\Program Files\Safari\Safari.resources\BookmarkChooser
!-->[Hidden] C:\Program Files\Safari\Safari.resources\Help\pt.lproj
!-->[Hidden] C:\Program Files\SDHelper (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\Shutterfly
!-->[Hidden] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\THQ
!-->[Hidden] C:\Program Files\Transaction Viewer
!-->[Hidden] C:\Program Files\TryMedia
!-->[Hidden] C:\Program Files\ubi.com
!-->[Hidden] C:\Program Files\Uninstall Information\mupdate
!-->[Hidden] C:\Program Files\Windows Live Safety Center
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player\Installer
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\WinZip
!-->[Hidden] C:\SIERRA
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1616\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1619\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1620\snapshot
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1621
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1622
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1623
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1624
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1625
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1626
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1627\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1635
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1637
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1641
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1642\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1643
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1645
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1646
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1647\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1648
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1653
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1656
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1657\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1658
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1662
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1665\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1666
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1667
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1668
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1669
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1670
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1671
!-->[Hidden] C:\WINDOWS\$hf_mig$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2121546$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2141007$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2158563$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2229593$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2259922$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2279986$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2296011$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2345886$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2347290$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2378111_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2387149$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB826942$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB828028$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB833987$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB839645$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840315$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840374$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840987$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB841356$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB841533$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB841873$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB842773$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB873333_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB873339_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB873376$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885492$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885835_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885836_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB888113_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB888302_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890046_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890859_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB891781_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893066_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893086_0$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893756_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896358_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896422_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896423_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896727-IE6SP1-20050719.165959$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB897715-OE6SP1-20050503.210336$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB898461$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899587_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899588_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899591_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB900485$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB901214_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB904942$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB908531$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911562$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911567$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB912812$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB913580$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914388$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914440$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB915865$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB916595$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917159$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917422$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918118$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918899$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920213$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920214$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920670$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921398$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921503$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921883$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922616$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922760$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923980$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924667$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926239$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926436$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927779$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927802$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928090$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928255$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928843$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929123$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929969$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB930916$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931768$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931836$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933360$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933566$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933729$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935840$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936021$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936357$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936782_WMP11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB937143$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938127$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938828$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938829$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939653$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939683$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941568$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941569$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941693$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942615$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942763$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942840$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943055$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943460$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943485$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944533$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944653$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB945553$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946026$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946648_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB947864$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948590$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948881$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950749$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950759$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950759_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951072-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951748$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952004$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952069_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953838$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953838_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954211_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954459$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954600$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955069$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956390$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956391$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956572$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956744$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956841$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958215$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB959426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960225$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960714$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960859$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961118$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961373$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961501$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB963027$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968537$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970238$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970653-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971557$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971657$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973354$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973507$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973540_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973815$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975558_WM8$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981322$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982132$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982802$
!-->[Hidden] C:\WINDOWS\$NtUninstallMSCompPackV1$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ327979$
!-->[Hidden] C:\WINDOWS\$NtUninstallWdf01005$
!-->[Hidden] C:\WINDOWS\$NtUninstallWMFDist11$
!-->[Hidden] C:\WINDOWS\$NtUninstallwmp11$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01000$
!-->[Hidden] C:\WINDOWS\.file_store_32
!-->[Hidden] C:\WINDOWS\.jagex_cache_32
!-->[Hidden] C:\WINDOWS\assembly
!-->[Hidden] C:\WINDOWS\Debug\Setup
!-->[Hidden] C:\WINDOWS\Debug\WPD
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{4C797164-EDB9-458E-B3BA-3E7790D30CF5}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{8A232810-B5F1-48DD-A63D-B439D7680D94}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{918E420F-2FF7-4EB4-A5C3-B02DA887D83F}
!-->[Hidden] C:\WINDOWS\EPSON CardMonitor Essential
!-->[Hidden] C:\WINDOWS\ie8
!-->[Hidden] C:\WINDOWS\ie8updates
!-->[Hidden] C:\WINDOWS\inf\IEM
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
!-->[Hidden] C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
!-->[Hidden] C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
!-->[Hidden] C:\WINDOWS\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}
!-->[Hidden] C:\WINDOWS\Installer\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
!-->[Hidden] C:\WINDOWS\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
!-->[Hidden] C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}
!-->[Hidden] C:\WINDOWS\Installer\{B9987754-9A14-4B61-ABB3-73A79503238D}
!-->[Hidden] C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}
!-->[Hidden] C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
!-->[Hidden] C:\WINDOWS\Installer\{E7004147-2CCA-431C-AA05-2AB166B9785D}
!-->[Hidden] C:\WINDOWS\Installer\{EAC1077D-EB12-4515-B8B1-2E55AA026D3E}
!-->[Hidden] C:\WINDOWS\Installer\{EAE92D24-1E4B-4B3B-894D-622E942939DA}
!-->[Hidden] C:\WINDOWS\Installer\{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
!-->[Hidden] C:\WINDOWS\Installer\{F958CA02-BB40-4007-894B-258729456EE4}
!-->[Hidden] C:\WINDOWS\Installer\{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
!-->[Hidden] C:\WINDOWS\Minidump
!-->[Hidden] C:\WINDOWS\network diagnostic
!-->[Hidden] C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps
!-->[Hidden] C:\WINDOWS\PCHEALTH\HELPCTR\Config\News
!-->[Hidden] C:\WINDOWS\Performance\WinSAT
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$
!-->[Hidden] C:\WINDOWS\ServicePackFiles\ServicePackCache
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\Redir
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\398f0c45cd46f045925de8cfce3ac8c4
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\8a4341850daecfe5fcade73622025bbf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\94076d2dfaa176bbb2083a92af29814c
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp1qfe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp2gdr
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp2qfe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\d0cba3879be069dcb3baf4851afcf42d
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D
!-->[Hidden] C:\WINDOWS\Sun
!-->[Hidden] C:\WINDOWS\SxsCaPendDel
!-->[Hidden] C:\WINDOWS\system32\bits
!-->[Hidden] C:\WINDOWS\system32\CanonIJ Uninstaller Information
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\en-US
!-->[Hidden] C:\WINDOWS\system32\LogFiles\WUDF
!-->[Hidden] C:\WINDOWS\system32\Macromed
!-->[Hidden] C:\WINDOWS\system32\Microsoft\Crypto
!-->[Hidden] C:\WINDOWS\system32\PreInstall
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0006
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\Resource
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\canonip1800_series47d4
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\epsonpicturemateda58
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_1243d9
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\WIN40
!-->[Hidden] C:\WINDOWS\temp\Cookies
!-->[Hidden] C:\WINDOWS\temp\CR_11.tmp
!-->[Hidden] C:\WINDOWS\temp\CR_19.tmp
!-->[Hidden] C:\WINDOWS\temp\CR_248.tmp
!-->[Hidden] C:\WINDOWS\temp\History
!-->[Hidden] C:\WINDOWS\temp\Temporary Internet Files
!-->[Hidden] C:\WINDOWS\WBEM
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_x-ww_037be232
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_x-ww_9b2f5ded
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4
!-->[Hidden] C:\_OTM\MovedFiles\06052010_174150\C_Program Files\Common Files\Symantec Shared\VirusDefs\20070530.020
!-->[Hidden] C:\_OTM\MovedFiles\06052010_174150\C_Program Files\Common Files\Symantec Shared\VirusDefs\tmp5a02.tmp
!-->[Hidden] C:\_OTM\MovedFiles\06052010_174150\C_Program Files\Common Files\Symantec Shared\VirusDefs\tmp60f8.tmp
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[1488]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[1604]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1604]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1604]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1604]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1604]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1604]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1604]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3904]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[436]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x0101B0A0-->00000000 [unknown_code_page]
[436]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0101B0A4-->00000000 [unknown_code_page]

Jack&Jill · Nov 27, 2010

Hello Jack

,

Check some files with OTL

Double click on OTL.exe to run it.
Make sure all the None options is checked (ticked). There are eight of them.

Copy and paste the following into the white box under Custom Scans/Fixes:

Code:

%systemroot%\system32\*.dll /lockedfiles
C:\WINDOWS\system32\DRIVERS\avgntflt.sys /md5
C:\WINDOWS\system32\drivers\wdmaud.sys /md5
C:\WINDOWS\System32\Drivers\IdeChnDr.sys /md5

Click on Run Scan at the top left hand corner. This might take a while.
When done, the OTL.txt file will open. Please post back the contents of this log.

--------------------

The Rootkit Unhooker log is not yielding the result I need. Please try GMER in Safe Mode. I will repeat the steps here. I have to be sure what we are dealing with to plan my approach and reduce the risk of any unforeseen circumstances.

Rerun GMER in Safe Mode

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here and here.
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
- Uncheck IAT/EAT
- Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
- Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Does the redirect happen when you use both Firefox and Internet Explorer? Or only specific one browser?

--------------------

Please post back:
1. OTL result
2. GMER log
3. the answer to my question about the redirect

Redirect Problems San Jose CA

New member

Security Expert- Emeritus

New member

New member

Security Expert- Emeritus

New member

New member

Security Expert- Emeritus

New member

Security Expert- Emeritus

New member

Security Expert- Emeritus

New member

Security Expert- Emeritus

New member

Security Expert- Emeritus

New member

New member

New member

Security Expert- Emeritus