Author Topic: limited connectivity (Read 22784 times)

hansberry · « **on:** February 09, 2012, 01:29:59 AM »

Hello,

I use a Galaxy Tab tablet as a hotspot for sending wireless to my computers. I have a usb netgear adapter on my vista computer to receive that signal. All has been well here for many many months. We have had no issues with the tablet or any connections. Then one day my son was getting some driver downloads from linksis website (did not open anything on the vista..just used it to download the files so he could transfer them to the other computer he needed it for) and he's not sure what all he might have done but whatever the case we now get a 'limited connectivity' issue on the Vista computer. Our other computers are still getting on fine. The Tablet is still fine and the signal is great.

We have uninstalled the netgear and reinstalled. We have diabled and enabled network. We've tried deleting it and finding it again. I've recovered the computer to a checkpoint from before the problem started. I've done all the diagnostic stuff the computer pops up with like finding IP address and stuff. It cant find that.

In the Netgear wizard it shows the IP address as just dashes -- -- -- . My computer is now running very slowly for somet things.

Another interesting thing is that the Rosetta Stone program no longer works because it uses internet stuff within its program (does not connect to the internet however) so whatever is going on is also affecting that.

Any help would be greatly appreciated. I'm not familiar with the ipconfig and that sort of stuff so if you give me any directions please make them detailed for a novice . I tried to look around on this site and didnt see anythign that helped.

Thanks

SuperDave · « **Reply #1 on:** February 09, 2012, 11:17:21 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
*******************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Geek-9pm · « **Reply #2 on:** February 09, 2012, 11:25:09 AM »

You need to provide more information about the one computer that has the problem. Apparently your issue is more that a connectivity issue.
One of two or three things:
A. The problem computer has unknown hardware issue with the wireless.
B. A driver on the computer was damaged.
~~C, D, E don't matter.~~
F. You did indeed pick up a virus or Trojan of some kind off the Internet.

Please wait for an expert to help you. I can't do it. $:-\$

hansberry · « **Reply #3 on:** February 09, 2012, 11:49:22 AM »

ok...here is the LOG from the mini toolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Hansberry (administrator) on 09-02-2012 at 10:36:58
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WG111v3 Wireless-G USB Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Hansberry-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WG111v3 Wireless-G USB Adapter
Physical Address. . . . . . . . . : E0-91-F5-92-47-9E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e9fe:4621:8bc9:c1aa%13(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.193.170(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 283152885
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-2F-A1-08-00-21-97-D6-C7-4C
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-D6-C7-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A953D97E-D32D-46BB-9CCB-00FE62A44F8D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3789212C-4E37-4DC7-8B34-88599A8C27F4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:General failure.General failure.Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),===========================================================================
Interface List
13 ...e0 91 f5 92 47 9e ...... NETGEAR WG111v3 Wireless-G USB Adapter
10 ...00 21 97 d6 c7 4c ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{A953D97E-D32D-46BB-9CCB-00FE62A44F8D}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{3789212C-4E37-4DC7-8B34-88599A8C27F4}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.193.170 281
169.254.193.170 255.255.255.255 On-link 169.254.193.170 281
169.254.255.255 255.255.255.255 On-link 169.254.193.170 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.193.170 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.193.170 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::e9fe:4621:8bc9:c1aa/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 09:47:22 AM) (Source: Application Hang) (User: )
Description: The program iTunes.exe version 10.5.2.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 850
Start Time: 01cce75275323a0d
Termination Time: 16

Error: (02/09/2012 09:38:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/08/2012 11:29:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b1bb12d6-db89-4515-8e7a-97214babf3a0}

System errors:
=============
Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: TICalc%%20

Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: TICalc%%20

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service32

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: Windows Installer%%1069

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: msiserverNT AUTHORITY\SYSTEM%%1352

Error: (02/08/2012 11:20:57 PM) (Source: DCOM) (User: )
Description: 1069MSIServer{000C101C-0000-0000-C000-000000000046}

Microsoft Office Sessions:
=========================
Error: (11/08/2009 11:48:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 1917.76 MB
Available physical RAM: 1067.47 MB
Total Pagefile: 4085.54 MB
Available Pagefile: 3057.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.32 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.05 GB) (Free:69.34 GB) NTFS
3 Drive e: (CANON_SD) (Removable) (Total:3.69 GB) (Free:2.2 GB) FAT32
7 Drive i: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:159.03 GB) NTFS
8 Drive j: (GABRIEL'S) (Removable) (Total:1.87 GB) (Free:1.04 GB) FAT
9 Drive k: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
10 Drive m: (CALEBCRUZER) (Removable) (Total:0.95 GB) (Free:0.76 GB) FAT

========================= Users: ========================================

User accounts for \\HANSBERRY-PC

Administrator Guest Hansberry

**** End of log ****

And here is the LOG from the FSS:

Farbar Service Scanner Version: 08-02-2012
Ran by Hansberry (administrator) on 09-02-2012 at 10:42:11
Running from "C:\Users\Hansberry\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

BTW, I dont think I mentioned that I tried getting new nettwork addapter but they didnt get on the net either even though they worked on the computer.

SuperDave · « **Reply #4 on:** February 09, 2012, 11:58:42 AM »

This is a wireless connection. Did you try hard-wiring it to the modem?

hansberry · « **Reply #5 on:** February 09, 2012, 12:01:47 PM »

I'm not sure what exactly you mean. I use the Galaxy Tab to get my internet sent to my computer and it gets the signal using the netgear adapter.

SuperDave · « **Reply #6 on:** February 09, 2012, 01:29:27 PM »

Is the computer you're having problems with hardwired to the modem?

hansberry · « **Reply #7 on:** February 09, 2012, 01:35:56 PM »

novice here....

not sure what hardwired to the modem means. the computer has a modem but as far as I know it is not in use because we dont have dsl or anything like that for our internet. we get the wireless signal from the hotspot. I don't know the ins and outs of how all this works.

My son had messed with some settings or something with our old router if that means anything. That router is off and not in use however since we dont need it.

SuperDave · « **Reply #8 on:** February 09, 2012, 04:21:19 PM »

Quote

My son had messed with some settings or something with our old router if that means anything. That router is off and not in use however since we dont need it.

I'm quite sure I can't sort this one out remotely. Please download thes programs, run the scans and post the logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

hansberry · « **Reply #9 on:** February 09, 2012, 07:10:57 PM »

Here ya go:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/09/2012 at 05:27 PM

Application Version : 5.0.1144

Core Rules Database Version : 8223
Trace Rules Database Version: 6035

Scan type : Complete Scan
Total Scan Time : 01:39:04

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 701
Memory threats detected : 0
Registry items scanned : 34071
Registry threats detected : 0
File items scanned : 243541
File threats detected : 314

Adware.Tracking Cookie
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /msadcenter.112.2o7 ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\KST4B109.txt [ /doubleclick.net ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\9G6YDUF5.txt [ /atdmt.com ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\D60TF823.txt [ /2o7.net ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\PHPCG60R.txt [ /www.windowsmedia.com ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJVQ2KBU.txt [ Cookie:[email protected]/accounts ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@apmebf[3].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0L1QENWC.txt [ Cookie:[email protected]/adsense/support/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MT34X0LQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\V08V3B1R.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3QJ20M1N.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AYB9EFCE.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ITYS1BO.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WR5ZNW2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUFH8YQ0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHTOVA4Q.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@yadro[2].txt [ *Blocked Russian URL*/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\IM4XS4W8.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SSEED4NT.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\V0A0E1K7.txt [ Cookie:[email protected]/vztracker/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\113AIWC1.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\W30TASG2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BU9ON83.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIY0BD5L.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DAKP2RC.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HI3TIVDV.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\B43RMHOZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6OY33U01.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@specificclick[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BHYQ7TIB.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6AZVLS3.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MYMNPRCY.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQTEQME8.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\73O1JBNK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\23R1NXFT.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZSZ92PQM.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\2SJ8LK37.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\18FX64EF.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0OAHPCEZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\S95VJZBK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHWUARZA.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYRP1WRQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLV6V95X.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AL5HPF9I.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YU0YJYAF.txt [ Cookie:[email protected]/hc/57386690 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSQI6Q0H.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9UK16LDI.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F7HDOX32.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FQC9CEBX.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOM9QB3D.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@questionpro[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@imrworldwide[3].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9WHI0GEG.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQOF0SIY.txt [ Cookie:[email protected]/hc/44153975 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJ7A6EOL.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NT4SYT0V.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6Q5SF90.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQ244PD8.txt [ Cookie:[email protected]/adsense/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PU1RV68.txt [ Cookie:[email protected]/hc/19357552 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\45UUYT19.txt [ Cookie:[email protected]/hc/37343836 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW3IQPU6.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDU9J90X.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ZDHELQ3.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1CFHFHN.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXHU9KEF.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8J2HM7VK.txt [ Cookie:[email protected]/accounts ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3NZQWH4Q.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YF3BC0NG.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FN5RMPYY.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MSXQF8RK.txt [ Cookie:[email protected]/pagead/conversion/986691772/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HFHZYNF6.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\E9K5FRD4.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EM9R0EL.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZT030K4H.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\74O5RT6W.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AR6SC1B.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NC264MTB.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTBH32X2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OFTUIJD.txt [ Cookie:[email protected]/hc/47899488 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ADXOS2U.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBIPAWDK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQD0ZRW4.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3GBA8N2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1T011GL.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MPIDQD6S.txt [ Cookie:[email protected]/dcsk62gwjq4tuubom1pirjier_1m1i ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCZ7JW6L.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUO0JERG.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CSHK145.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NP4EGWE0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1PJWPDY.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\QU9M7LFB.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q271HFND.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\23UW15Z0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AANL291G.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PF15UIK3.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\QZ7I3NW7.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YS3AJYLO.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OKV25025.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\K54UAWK0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MB0LL40.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XR9DFPRZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3N3DF3E.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUZV7897.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MEOGZJ0S.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VG3HM0HK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UWA1UG95.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0XOHZXK.txt [ Cookie:[email protected]/pagead/conversion/1071670928/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GOJHB8M.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\IDAAAEP7.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBP7YXIA.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9U4T77K2.txt [ Cookie:[email protected]/accounts/recovery/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HNIP7L51.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8BRMJ1WC.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Q3H0JG5.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8IXO43M4.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\9G6YDUF5.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\D60TF823.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\PHPCG60R.txt [ Cookie:[email protected]/ ]
   ad.insightexpressai.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   cdn.eyewonder.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   convoad.technoratimedia.net [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   media.socialvibe.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   media10.washingtonpost.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   objects.tremormedia.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   s0.2mdn.net [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   speed.pointroll.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /008.FREE-COUNTERS.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@247REALMEDIA[1].TXT [ /247REALMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@2O7[2].TXT [ /2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /A1.INTERCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ACCOUNTONLINE[1].TXT [ /ACCOUNTONLINE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ACTIVENETWORK.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AD.ADPERIUM ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.WSOD ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.YIELDMANAGER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADBRITE[1].TXT [ /ADBRITE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADBRITE[2].TXT [ /ADBRITE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADECN[1].TXT [ /ADECN ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADINTERAX[2].TXT [ /ADINTERAX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.ASSOCIATEDCONTENT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.CAROCEAN.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CAROCEAN.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CNN ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CPXADROIT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CRAKMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.HEARTLIGHT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.NETRITION ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.OOKLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.PEOPLESPHARMACY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /ADS.POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.PUBMATIC ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.TELEGRAPH.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.UNDERTONE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS2.PHONEARENA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADSERVER.ADTECHUS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADTECH[1].TXT [ /ADTECH ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADVANCE.ADTRACK.CALLS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADVERTISEFIRST[2].TXT [ /ADVERTISEFIRST ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADVERTISING[1].TXT [ /ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADXPOSE[1].TXT [ /ADXPOSE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ALLBRITTON.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@AMTK-MEDIA[2].TXT [ /AMTK-MEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@APMEBF[1].TXT [ /APMEBF ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AR.ATWOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ASSOCIATEDCONTENT.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ASURIONINSURANCESERVICES.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AT.ATWOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ATDMT[2].TXT [ /ATDMT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@AZJMP[2].TXT [ /AZJMP ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BEACON.DMSINSIGHTS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BETA-ADS.ACE.ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BIZRATE[2].TXT [ /BIZRATE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /BMUK.BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BRAVENET[1].TXT [ /BRAVENET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /BS.SERVING-SYS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BURSTBEACON[1].TXT [ /BURSTBEACON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BURSTNET[1].TXT [ /BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BURSTNET[3].TXT [ /BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /BUSINESSFINDER.OREGONLIVE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /C.GIGCOUNT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CASALEMEDIA[3].TXT [ /CASALEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CITI.BRIDGETRACK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CLICK.MEDIADOME ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CLICKBANK[1].TXT [ /CLICKBANK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@COHOMEFINDER[2].TXT [ /COHOMEFINDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /CONTENT.YIELDMANAGER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@COUNTRYLIVING[2].TXT [ /COUNTRYLIVING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CURRCLICK[1].TXT [ /CURRCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@DA-TRACKING[1].TXT [ /DA-TRACKING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /DATA.COREMETRICS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /DC.TREMORMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@DMTRACKER[1].TXT [ /DMTRACKER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /DOMINIONENTERPRISES.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /E-2DJ6WHLOCPC5KFP.STATS.ESOMNITURE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EARTHLINK.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EAS.APM.EMEDIATE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@EDGEADX[2].TXT [ /EDGEADX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EHG-TI.HITBOX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EHG-VERIZON.HITBOX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ERO-ADVERTISING[1].TXT [ /ERO-ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@EYEWONDER[1].TXT [ /EYEWONDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@EYEWONDER[3].TXT [ /EYEWONDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@FASTCLICK[1].TXT [ /FASTCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@FREEFIND[1].TXT [ /FREEFIND ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@GOSTATS[2].TXT [ /GOSTATS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /HEARSTMAGAZINES.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@HITBOX[2].TXT [ /HITBOX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /HOMESTORE.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /IN.GETCLICKY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INDIECLICK[1].TXT [ /INDIECLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INSIGHTEXPRESSAI[2].TXT [ /INSIGHTEXPRESSAI ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INTERCLICK[1].TXT [ /INTERCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INTERMUNDOMEDIA[2].TXT [ /INTERMUNDOMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@KANTARMEDIA[1].TXT [ /KANTARMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@KONTERA[1].TXT [ /KONTERA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /LEGO.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LEGOLAS-MEDIA[2].TXT [ /LEGOLAS-MEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LINKSYNERGY[1].TXT [ /LINKSYNERGY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[1].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[2].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[3].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[4].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[6].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /M1.WEBSTATS.MOTIGO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIA6DEGREES[3].TXT [ /MEDIA6DEGREES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIABRANDSWW[2].TXT [ /MEDIABRANDSWW ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MEDIASTORE.VERIZONWIRELESS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MERCOLA.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MM.CHITIKA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MONDAYMORNINGINSIGHT[1].TXT [ /MONDAYMORNINGINSIGHT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MSNBC.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MSNPORTAL.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MYACCOUNT.VERIZONWIRELESS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /NETWORK.REALMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@NEXTAG[1].TXT [ /NEXTAG ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@NORTHRIDGEMEDIA[1].TXT [ /NORTHRIDGEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /OPTIMIZE.INDIECLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@OVERTURE[2].TXT [ /OVERTURE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /PARENTINGTEENS.ABOUT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /PAYPAL.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /PERF.OVERTURE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@POINTROLL[2].TXT [ /POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@POINTROLL[3].TXT [ /POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@POINTROLL[4].TXT [ /POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@PRO-MARKET[2].TXT [ /PRO-MARKET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@QUESTIONMARKET[3].TXT [ /QUESTIONMARKET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /R1-ADS.ACE.ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@REALMEDIA[1].TXT [ /REALMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@REVENUE[2].TXT [ /REVENUE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@REVSCI[2].TXT [ /REVSCI ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ROTATOR.ADJUGGLER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@RU4[2].TXT [ /RU4 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /S.CLICKABILITY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SALES.LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SERVER.IAD.LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SERVING-SYS[2].TXT [ /SERVING-SYS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SPECIFICMEDIA[1].TXT [ /SPECIFICMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STAT.DEALTIME ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@STATCOUNTER[1].TXT [ /STATCOUNTER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATS.CRAYOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STATS.PAYPAL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATSE.WEBTRENDSLIVE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /TACODA.AT.ATWOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TACODA[1].TXT [ /TACODA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TESTQUESTIONSANDANSWERS[2].TXT [ /TESTQUESTIONSANDANSWERS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TEXASINSTRUMENT.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /TRACKER.OPTICSPLANET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRACKING.REALTOR ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRACKING.VEILLE-REFERENCEMENT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TRAFFICMP[2].TXT [ /TRAFFICMP ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRAVIDIA.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WALMART.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.ACCOUNTONLINE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.BURSTBEACON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /WWW.BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.COHOMEFINDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.COUNTRYLIVING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.COUNTRYWIDE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /WWW.COUNTRYWIDE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.CURRCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.GOOGLEADSERVICES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.HOBBYADSALES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@XITI[1].TXT [ /XITI ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ZEDO[1].TXT [ /ZEDO ]

Trojan.Agent/Gen-UsrMgr
   C:\USERS\HANSBERRY\DESKTOP\CALEB\GRAPHING CALCULATOR\TI-8X PROGRAMS\DOWNLOADS\TI-83+SE DOWNLOADS\AXE PARSER\TOOLS\APPLICATION SIGNING\RABBITSIGN.EXE

Trojan.Agent/Gen-Krpytik
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/RIPPLE.DLL
   C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/SWIRL.DLL
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/MANDELBROTT FRACTAL.DLL
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/RANDOMIZE.DLL

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Hansberry :: HANSBERRY-PC [administrator]

Protection: Enabled

2/9/2012 12:46:10 AM
mbam-log-2012-02-09 (00-46-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398513
Time elapsed: 1 hour(s), 27 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Hansberry\AppData\Local\volmgr.dll (Trojan.Downloader.adb) -> Quarantined and deleted successfully.
C:\Users\Hansberry\AppData\Local\volmgr.exe (Trojan.Downloader.adb) -> Quarantined and deleted successfully.
C:\Users\Hansberry\AppData\Local\Temp\jar_cache5846010264388550745.tmp (Trojan.Downloader.adb) -> Quarantined and deleted successfully.

(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Hansberry at 17:57:10 on 2012-02-09
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1115 [GMT -8:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Rosetta Stone\SMS v3.0.2hs\Service\JavaSrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.homeschoolfreebie.wholesomechildhood.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [eRecoveryService]
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Skytel] Skytel.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hansbe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\billmind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090811.002\IDSvix86.sys [2009-8-11 272432]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-2-19 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-17 149352]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-9 652360]
R2 SMSv3_0_2hs;SMSv3_0_2hs;c:\program files\rosetta stone\sms v3.0.2hs\service\JavaSrvc.exe [2006-7-26 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-9 20464]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2011-3-20 348160]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-28 1245064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-11 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.3.0;c:\windows\system32\drivers\libusb0.sys [2011-7-8 35904]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-3-18 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2011-3-18 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-3-18 105856]
.
=============== Created Last 30 ================
.
2012-02-09 23:36:05   --------   d-----w-   c:\users\hansberry\appdata\roaming\SUPERAntiSpyware.com
2012-02-09 23:34:30   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-09 23:34:30   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-09 17:37:00   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{3aad5b11-a19b-4275-a64c-a3dc40cf8f2b}\offreg.dll
2012-02-09 08:45:26   --------   d-----w-   c:\users\hansberry\appdata\roaming\Malwarebytes
2012-02-09 08:45:20   --------   d-----w-   c:\programdata\Malwarebytes
2012-02-09 08:45:19   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-09 08:45:19   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-09 07:31:43   --------   d-----w-   C:\OEMSettings
2012-02-05 06:06:39   --------   d-----w-   c:\users\hansberry\appdata\roaming\.minecraft
2012-01-23 22:23:58   91448   ----a-w-   c:\windows\system32\bcmwlcoi.dll
2012-01-23 22:23:58   3874816   ----a-w-   c:\windows\system32\bcmihvsrv.dll
2012-01-23 22:23:58   3563520   ----a-w-   c:\windows\system32\bcmihvui.dll
2012-01-23 22:23:58   21728   ----a-w-   c:\windows\system32\drivers\SCMNdisP.sys
2012-01-23 17:09:50   --------   d-----w-   C:\CSGAMES
2012-01-23 17:09:49   598544   ----a-w-   c:\windows\system\OWL202.DLL
2012-01-23 17:09:48   69632   ----a-w-   c:\windows\system\BIDS402.DLL
2012-01-23 17:09:48   219648   ----a-w-   c:\windows\system\BC402RTL.DLL
2012-01-23 00:44:45   --------   d-----w-   c:\windows\pss
2012-01-22 01:08:08   6823496   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{3aad5b11-a19b-4275-a64c-a3dc40cf8f2b}\mpengine.dll
2012-01-11 19:04:57   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2012-01-11 18:43:35   376320   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-11 18:43:33   23552   ----a-w-   c:\windows\system32\mciseq.dll
2012-01-11 18:43:33   189952   ----a-w-   c:\windows\system32\winmm.dll
2012-01-11 18:43:30   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 18:43:28   66560   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 18:43:20   497152   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 18:43:20   1314816   ----a-w-   c:\windows\system32\quartz.dll
.
==================== Find3M ====================
.
2011-11-23 13:37:27   2043904   ----a-w-   c:\windows\system32\win32k.sys
.
============= FINISH: 17:58:22.39 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2009 3:21:17 PM
System Uptime: 2/9/2012 5:32:58 PM (0 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon(tm) Processor LE-1620 | Socket AM2 | 2400/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 69.085 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 298 GiB total, 159.034 GiB free.
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Sansa Media Converter
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.1
Agere Systems PCI-SV92PP Soft Modem
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 2000
ASM Suite 2.0
AviSynth 2.5
Backup
Basic Facts Worksheet Factory
Best Buy Digital Music Store
Best Buy Rhapsody
Bonjour
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon ScanGear Toolbox 3.0
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
ccCommon
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD
Digital Media Reader
e-Sword
eMachines Games
eMachines Recovery Management
ffdshow [rev 2583] [2009-01-05]
GearDrvs
Google Toolbar for Internet Explorer
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Board Games 5
Interactive Math Journey
iTunes
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 26
LEGO Digital Designer
LEGO LOCO
LibUSB-Win32-1.2.3.0
LiveUpdate (Symantec Corporation)
LiveUpdate BVRP Software
LSI PCI-SV92PP Soft Modem
Malwarebytes Anti-Malware version 1.60.1.1000
Mathematics Worksheet Factory Lite 2.0
Mavis Beacon Teaches Typing 18
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft GIF Animator
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mobile PhoneTools
Movie DVD Maker 2.7.1021
Mp3 Stream Recorder
MusicReading
My DVD Maker 5.8
NETGEAR WG111v3 wireless USB 2.0 adapter
NI LabVIEW Run-Time Engine 5.1
Noah's Ark Deluxe 1.1
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
Phonics Made Easy
Picturetrail Photo Editor 2.1.0.0
PVSonyDll
Python 3.2
Quicken for Windows 6 Deluxe
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Rosetta Stone 2.1.5.1Asms
Sansa Media Converter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sothink Movie DVD Maker
SPBBC 32bit
Student Management System v3.0.2hs
SumatraPDF
SUPERAntiSpyware
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
TI-Black Link
TI-Graph Link 82
TI Connect 1.6
Ultimate Ride Coaster Deluxe
Unity Web Player (All users)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USDA-HealtheTech Search SR-20
Verizon Wireless AC30 Firmware Updates
VZAccess Manager
West Point Bridge Designer 2010 (2nd Edition) (remove only)
Windows Mobile Device Updater Component
Yahoo! Toolbar
ZTE USB Drivers
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.

SuperDave · « **Reply #10 on:** February 10, 2012, 11:34:27 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

hansberry · « **Reply #11 on:** February 10, 2012, 01:35:44 PM »

ComboFix 12-02-10.03 - Hansberry 02/10/2012 11:57:09.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1051 [GMT -8:00]
Running from: c:\users\Hansberry\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster1.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster2.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster3.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster4.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster5.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster6.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster7.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster8.csa
c:\users\Hansberry\CruzerSync_v3_2_016.exe
c:\windows\iun6002.exe
c:\windows\system32\DF33D21478.dll
c:\windows\system32\oem39.inf
c:\windows\system32\ReadMe.txt
c:\windows\system32\rnaph.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\002.002
c:\windows\Update.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 20:12 . 2012-02-10 20:16   --------   d-----w-   c:\users\Hansberry\AppData\Local\temp
2012-02-10 20:12 . 2012-02-10 20:12   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-09 23:36 . 2012-02-09 23:36   --------   d-----w-   c:\users\Hansberry\AppData\Roaming\SUPERAntiSpyware.com
2012-02-09 23:34 . 2012-02-09 23:38   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-09 23:34 . 2012-02-09 23:34   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-09 08:45 . 2012-02-09 08:45   --------   d-----w-   c:\users\Hansberry\AppData\Roaming\Malwarebytes
2012-02-09 08:45 . 2012-02-09 08:45   --------   d-----w-   c:\programdata\Malwarebytes
2012-02-09 08:45 . 2012-02-09 08:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-09 08:45 . 2011-12-10 23:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-09 07:31 . 2012-02-09 07:31   --------   d-----w-   C:\OEMSettings
2012-02-05 06:06 . 2012-02-07 19:01   --------   d-----w-   c:\users\Hansberry\AppData\Roaming\.minecraft
2012-01-23 22:23 . 2010-09-30 03:04   91448   ----a-w-   c:\windows\system32\bcmwlcoi.dll
2012-01-23 22:23 . 2010-09-30 02:39   3874816   ----a-w-   c:\windows\system32\bcmihvsrv.dll
2012-01-23 22:23 . 2010-09-30 02:39   3563520   ----a-w-   c:\windows\system32\bcmihvui.dll
2012-01-23 22:23 . 2007-01-20 02:20   21728   ----a-w-   c:\windows\system32\drivers\SCMNdisP.sys
2012-01-23 17:09 . 2012-01-23 17:23   --------   d-----w-   C:\CSGAMES
2012-01-23 17:09 . 1997-03-02 23:32   598544   ----a-w-   c:\windows\system\OWL202.DLL
2012-01-23 17:09 . 1997-03-02 23:32   69632   ----a-w-   c:\windows\system\BIDS402.DLL
2012-01-23 17:09 . 1997-03-02 23:32   219648   ----a-w-   c:\windows\system\BC402RTL.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 20:15 . 2012-02-10 20:15   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AAD5B11-A19B-4275-A64C-A3DC40CF8F2B}\offreg.dll
2012-02-10 19:01 . 2011-09-06 01:38   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-25 15:59 . 2012-01-11 18:43   376320   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 02:58   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2012-01-22 01:08   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AAD5B11-A19B-4275-A64C-A3DC40CF8F2B}\mpengine.dll
2011-11-18 20:23 . 2012-01-11 18:43   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 18:43   66560   ----a-w-   c:\windows\system32\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-01 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-25 988512]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Hansberry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-7-1 303104]
Billminder.lnk - c:\quickenw\billmind.exe [2009-7-3 33280]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\User_Feed_Synchronization-{C656AA48-3742-452D-927A-DA157E589446}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.homeschoolfreebie.wholesomechildhood.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-MathWFLite2 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 12:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-755083138-4246884183-2592298099-1000_Classes\CLSID\{472606e7-cde9-467d-83af-6333f3bad56e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013d
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,76,b5,b8,e7,1e,2c,e7,39,2e,4d,91,eb,9e,ca,8f,8d,41,3c,f8,bf,75,9b,\
.
[HKEY_USERS\S-1-5-21-755083138-4246884183-2592298099-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3f,a8,be,1a,3c,41,f1,a3,c6,78,f4,90,88,f6,22,07,ea,d7,fe,1d,7c,
76,bd,b7,ca,57,e9,89,d4,e0,22,3e,6e,a0,46,b5,a2,08,81,7b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\conime.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-02-10 12:25:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-10 20:25
.
Pre-Run: 73,730,621,440 bytes free
Post-Run: 74,212,982,784 bytes free
.
- - End Of File - - F2E7D8A284D0D2291F9029D935D664D6

SuperDave · « **Reply #12 on:** February 10, 2012, 07:42:06 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Firefox::
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg

DDS::
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

hansberry · « **Reply #13 on:** February 10, 2012, 10:30:08 PM »

hmmm..the combofix will start as yoou said but this time it doesnt continue going...it seems to stop altogether after printing:

"However, scan times for badly infected machines may easily double"

I wait a long long time and it just sits there with the cursur blinking and doesnt move on with scanning and stages etc. It didn't take this long the last/first time I ran it. How long should I wait?

hansberry · « **Reply #14 on:** February 11, 2012, 12:26:51 AM »

Ok, after a few tries with the combofix thing I think it worked.

Anyway here is the log for the SysProt. Is this supposed to eventually get to the limited connectivity issue I'm having?

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Computer Hope Forum

News:

Author Topic: limited connectivity (Read 22784 times)

hansberry

limited connectivity

SuperDave

Re: limited connectivity

Geek-9pm

Re: limited connectivity

hansberry

Re: limited connectivity

SuperDave

Re: limited connectivity

hansberry

Re: limited connectivity

SuperDave

Re: limited connectivity

hansberry

Re: limited connectivity

SuperDave

Re: limited connectivity

hansberry

Re: limited connectivity

SuperDave

Re: limited connectivity

hansberry

Re: limited connectivity

SuperDave

Re: limited connectivity

hansberry

Re: limited connectivity

hansberry

Re: limited connectivity