Author Topic: limited connectivity (Read 22774 times)

hansberry · « **on:** February 09, 2012, 01:29:59 AM »

Hello,

I use a Galaxy Tab tablet as a hotspot for sending wireless to my computers. I have a usb netgear adapter on my vista computer to receive that signal. All has been well here for many many months. We have had no issues with the tablet or any connections. Then one day my son was getting some driver downloads from linksis website (did not open anything on the vista..just used it to download the files so he could transfer them to the other computer he needed it for) and he's not sure what all he might have done but whatever the case we now get a 'limited connectivity' issue on the Vista computer. Our other computers are still getting on fine. The Tablet is still fine and the signal is great.

We have uninstalled the netgear and reinstalled. We have diabled and enabled network. We've tried deleting it and finding it again. I've recovered the computer to a checkpoint from before the problem started. I've done all the diagnostic stuff the computer pops up with like finding IP address and stuff. It cant find that.

In the Netgear wizard it shows the IP address as just dashes -- -- -- . My computer is now running very slowly for somet things.

Another interesting thing is that the Rosetta Stone program no longer works because it uses internet stuff within its program (does not connect to the internet however) so whatever is going on is also affecting that.

Any help would be greatly appreciated. I'm not familiar with the ipconfig and that sort of stuff so if you give me any directions please make them detailed for a novice . I tried to look around on this site and didnt see anythign that helped.

Thanks

SuperDave · « **Reply #1 on:** February 09, 2012, 11:17:21 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
*******************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Geek-9pm · « **Reply #2 on:** February 09, 2012, 11:25:09 AM »

You need to provide more information about the one computer that has the problem. Apparently your issue is more that a connectivity issue.
One of two or three things:
A. The problem computer has unknown hardware issue with the wireless.
B. A driver on the computer was damaged.
~~C, D, E don't matter.~~
F. You did indeed pick up a virus or Trojan of some kind off the Internet.

Please wait for an expert to help you. I can't do it. $:-\$

hansberry · « **Reply #3 on:** February 09, 2012, 11:49:22 AM »

ok...here is the LOG from the mini toolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Hansberry (administrator) on 09-02-2012 at 10:36:58
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WG111v3 Wireless-G USB Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Hansberry-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WG111v3 Wireless-G USB Adapter
Physical Address. . . . . . . . . : E0-91-F5-92-47-9E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e9fe:4621:8bc9:c1aa%13(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.193.170(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 283152885
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-2F-A1-08-00-21-97-D6-C7-4C
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-D6-C7-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A953D97E-D32D-46BB-9CCB-00FE62A44F8D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3789212C-4E37-4DC7-8B34-88599A8C27F4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:General failure.General failure.Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),===========================================================================
Interface List
13 ...e0 91 f5 92 47 9e ...... NETGEAR WG111v3 Wireless-G USB Adapter
10 ...00 21 97 d6 c7 4c ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{A953D97E-D32D-46BB-9CCB-00FE62A44F8D}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{3789212C-4E37-4DC7-8B34-88599A8C27F4}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.193.170 281
169.254.193.170 255.255.255.255 On-link 169.254.193.170 281
169.254.255.255 255.255.255.255 On-link 169.254.193.170 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.193.170 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.193.170 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::e9fe:4621:8bc9:c1aa/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 09:47:22 AM) (Source: Application Hang) (User: )
Description: The program iTunes.exe version 10.5.2.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 850
Start Time: 01cce75275323a0d
Termination Time: 16

Error: (02/09/2012 09:38:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/08/2012 11:29:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b1bb12d6-db89-4515-8e7a-97214babf3a0}

System errors:
=============
Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: TICalc%%20

Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: TICalc%%20

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service32

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: Windows Installer%%1069

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: msiserverNT AUTHORITY\SYSTEM%%1352

Error: (02/08/2012 11:20:57 PM) (Source: DCOM) (User: )
Description: 1069MSIServer{000C101C-0000-0000-C000-000000000046}

Microsoft Office Sessions:
=========================
Error: (11/08/2009 11:48:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 1917.76 MB
Available physical RAM: 1067.47 MB
Total Pagefile: 4085.54 MB
Available Pagefile: 3057.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.32 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.05 GB) (Free:69.34 GB) NTFS
3 Drive e: (CANON_SD) (Removable) (Total:3.69 GB) (Free:2.2 GB) FAT32
7 Drive i: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:159.03 GB) NTFS
8 Drive j: (GABRIEL'S) (Removable) (Total:1.87 GB) (Free:1.04 GB) FAT
9 Drive k: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
10 Drive m: (CALEBCRUZER) (Removable) (Total:0.95 GB) (Free:0.76 GB) FAT

========================= Users: ========================================

User accounts for \\HANSBERRY-PC

Administrator Guest Hansberry

**** End of log ****

And here is the LOG from the FSS:

Farbar Service Scanner Version: 08-02-2012
Ran by Hansberry (administrator) on 09-02-2012 at 10:42:11
Running from "C:\Users\Hansberry\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

BTW, I dont think I mentioned that I tried getting new nettwork addapter but they didnt get on the net either even though they worked on the computer.

SuperDave · « **Reply #4 on:** February 09, 2012, 11:58:42 AM »

This is a wireless connection. Did you try hard-wiring it to the modem?

hansberry · « **Reply #5 on:** February 09, 2012, 12:01:47 PM »

I'm not sure what exactly you mean. I use the Galaxy Tab to get my internet sent to my computer and it gets the signal using the netgear adapter.

SuperDave · « **Reply #6 on:** February 09, 2012, 01:29:27 PM »

Is the computer you're having problems with hardwired to the modem?

hansberry · « **Reply #7 on:** February 09, 2012, 01:35:56 PM »

novice here....

not sure what hardwired to the modem means. the computer has a modem but as far as I know it is not in use because we dont have dsl or anything like that for our internet. we get the wireless signal from the hotspot. I don't know the ins and outs of how all this works.

My son had messed with some settings or something with our old router if that means anything. That router is off and not in use however since we dont need it.

SuperDave · « **Reply #8 on:** February 09, 2012, 04:21:19 PM »

Quote

My son had messed with some settings or something with our old router if that means anything. That router is off and not in use however since we dont need it.

I'm quite sure I can't sort this one out remotely. Please download thes programs, run the scans and post the logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

hansberry · « **Reply #9 on:** February 09, 2012, 07:10:57 PM »

Here ya go:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/09/2012 at 05:27 PM

Application Version : 5.0.1144

Core Rules Database Version : 8223
Trace Rules Database Version: 6035

Scan type : Complete Scan
Total Scan Time : 01:39:04

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 701
Memory threats detected : 0
Registry items scanned : 34071
Registry threats detected : 0
File items scanned : 243541
File threats detected : 314

Adware.Tracking Cookie
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /msadcenter.112.2o7 ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\KST4B109.txt [ /doubleclick.net ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\9G6YDUF5.txt [ /atdmt.com ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\D60TF823.txt [ /2o7.net ]
   C:\Users\Hansberry\AppData\Roaming\Microsoft\Windows\Cookies\PHPCG60R.txt [ /www.windowsmedia.com ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJVQ2KBU.txt [ Cookie:[email protected]/accounts ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@apmebf[3].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0L1QENWC.txt [ Cookie:[email protected]/adsense/support/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MT34X0LQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\V08V3B1R.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3QJ20M1N.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AYB9EFCE.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ITYS1BO.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WR5ZNW2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUFH8YQ0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHTOVA4Q.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@yadro[2].txt [ *Blocked Russian URL*/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\IM4XS4W8.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SSEED4NT.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\V0A0E1K7.txt [ Cookie:[email protected]/vztracker/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\113AIWC1.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\W30TASG2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BU9ON83.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIY0BD5L.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DAKP2RC.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HI3TIVDV.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\B43RMHOZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6OY33U01.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@specificclick[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BHYQ7TIB.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6AZVLS3.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MYMNPRCY.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQTEQME8.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\73O1JBNK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\23R1NXFT.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZSZ92PQM.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\2SJ8LK37.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\18FX64EF.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0OAHPCEZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\S95VJZBK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHWUARZA.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYRP1WRQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLV6V95X.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AL5HPF9I.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YU0YJYAF.txt [ Cookie:[email protected]/hc/57386690 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSQI6Q0H.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9UK16LDI.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F7HDOX32.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FQC9CEBX.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOM9QB3D.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@questionpro[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\hansberry@imrworldwide[3].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9WHI0GEG.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQOF0SIY.txt [ Cookie:[email protected]/hc/44153975 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJ7A6EOL.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NT4SYT0V.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6Q5SF90.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQ244PD8.txt [ Cookie:[email protected]/adsense/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PU1RV68.txt [ Cookie:[email protected]/hc/19357552 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\45UUYT19.txt [ Cookie:[email protected]/hc/37343836 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW3IQPU6.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDU9J90X.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ZDHELQ3.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1CFHFHN.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXHU9KEF.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8J2HM7VK.txt [ Cookie:[email protected]/accounts ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3NZQWH4Q.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YF3BC0NG.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FN5RMPYY.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MSXQF8RK.txt [ Cookie:[email protected]/pagead/conversion/986691772/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HFHZYNF6.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\E9K5FRD4.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EM9R0EL.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZT030K4H.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\74O5RT6W.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AR6SC1B.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NC264MTB.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTBH32X2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OFTUIJD.txt [ Cookie:[email protected]/hc/47899488 ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ADXOS2U.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBIPAWDK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQD0ZRW4.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3GBA8N2.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1T011GL.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MPIDQD6S.txt [ Cookie:[email protected]/dcsk62gwjq4tuubom1pirjier_1m1i ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCZ7JW6L.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUO0JERG.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CSHK145.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NP4EGWE0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1PJWPDY.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\QU9M7LFB.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q271HFND.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\23UW15Z0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AANL291G.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PF15UIK3.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\QZ7I3NW7.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YS3AJYLO.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OKV25025.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\K54UAWK0.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MB0LL40.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XR9DFPRZ.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3N3DF3E.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUZV7897.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MEOGZJ0S.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VG3HM0HK.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UWA1UG95.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0XOHZXK.txt [ Cookie:[email protected]/pagead/conversion/1071670928/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GOJHB8M.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\IDAAAEP7.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBP7YXIA.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9U4T77K2.txt [ Cookie:[email protected]/accounts/recovery/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HNIP7L51.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8BRMJ1WC.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Q3H0JG5.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8IXO43M4.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\9G6YDUF5.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\D60TF823.txt [ Cookie:[email protected]/ ]
   C:\USERS\HANSBERRY\Cookies\PHPCG60R.txt [ Cookie:[email protected]/ ]
   ad.insightexpressai.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   cdn.eyewonder.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   convoad.technoratimedia.net [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   media.socialvibe.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   media10.washingtonpost.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   objects.tremormedia.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   s0.2mdn.net [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   speed.pointroll.com [ C:\USERS\HANSBERRY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7J6VFVDN ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /008.FREE-COUNTERS.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@247REALMEDIA[1].TXT [ /247REALMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@2O7[2].TXT [ /2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /A1.INTERCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ACCOUNTONLINE[1].TXT [ /ACCOUNTONLINE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ACTIVENETWORK.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AD.ADPERIUM ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.WSOD ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.YIELDMANAGER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADBRITE[1].TXT [ /ADBRITE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADBRITE[2].TXT [ /ADBRITE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADECN[1].TXT [ /ADECN ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADINTERAX[2].TXT [ /ADINTERAX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.ASSOCIATEDCONTENT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.CAROCEAN.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CAROCEAN.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CNN ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CPXADROIT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.CRAKMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.HEARTLIGHT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.NETRITION ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.OOKLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.PEOPLESPHARMACY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /ADS.POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.PUBMATIC ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.TELEGRAPH.CO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.UNDERTONE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS2.PHONEARENA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADSERVER.ADTECHUS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADTECH[1].TXT [ /ADTECH ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADVANCE.ADTRACK.CALLS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADVERTISEFIRST[2].TXT [ /ADVERTISEFIRST ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADVERTISING[1].TXT [ /ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ADXPOSE[1].TXT [ /ADXPOSE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ALLBRITTON.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@AMTK-MEDIA[2].TXT [ /AMTK-MEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@APMEBF[1].TXT [ /APMEBF ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AR.ATWOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ASSOCIATEDCONTENT.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ASURIONINSURANCESERVICES.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AT.ATWOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ATDMT[2].TXT [ /ATDMT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@AZJMP[2].TXT [ /AZJMP ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BEACON.DMSINSIGHTS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BETA-ADS.ACE.ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BIZRATE[2].TXT [ /BIZRATE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /BMUK.BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BRAVENET[1].TXT [ /BRAVENET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /BS.SERVING-SYS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BURSTBEACON[1].TXT [ /BURSTBEACON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BURSTNET[1].TXT [ /BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@BURSTNET[3].TXT [ /BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /BUSINESSFINDER.OREGONLIVE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /C.GIGCOUNT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CASALEMEDIA[3].TXT [ /CASALEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CITI.BRIDGETRACK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CLICK.MEDIADOME ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CLICKBANK[1].TXT [ /CLICKBANK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@COHOMEFINDER[2].TXT [ /COHOMEFINDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /CONTENT.YIELDMANAGER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@COUNTRYLIVING[2].TXT [ /COUNTRYLIVING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@CURRCLICK[1].TXT [ /CURRCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@DA-TRACKING[1].TXT [ /DA-TRACKING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /DATA.COREMETRICS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /DC.TREMORMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@DMTRACKER[1].TXT [ /DMTRACKER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /DOMINIONENTERPRISES.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /E-2DJ6WHLOCPC5KFP.STATS.ESOMNITURE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EARTHLINK.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EAS.APM.EMEDIATE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@EDGEADX[2].TXT [ /EDGEADX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EHG-TI.HITBOX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EHG-VERIZON.HITBOX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ERO-ADVERTISING[1].TXT [ /ERO-ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@EYEWONDER[1].TXT [ /EYEWONDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@EYEWONDER[3].TXT [ /EYEWONDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@FASTCLICK[1].TXT [ /FASTCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@FREEFIND[1].TXT [ /FREEFIND ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@GOSTATS[2].TXT [ /GOSTATS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /HEARSTMAGAZINES.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@HITBOX[2].TXT [ /HITBOX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /HOMESTORE.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /IN.GETCLICKY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INDIECLICK[1].TXT [ /INDIECLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INSIGHTEXPRESSAI[2].TXT [ /INSIGHTEXPRESSAI ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INTERCLICK[1].TXT [ /INTERCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INTERMUNDOMEDIA[2].TXT [ /INTERMUNDOMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@KANTARMEDIA[1].TXT [ /KANTARMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@KONTERA[1].TXT [ /KONTERA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /LEGO.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LEGOLAS-MEDIA[2].TXT [ /LEGOLAS-MEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LINKSYNERGY[1].TXT [ /LINKSYNERGY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[1].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[2].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[3].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[4].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LIVEPERSON[6].TXT [ /LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /M1.WEBSTATS.MOTIGO ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIA6DEGREES[3].TXT [ /MEDIA6DEGREES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIABRANDSWW[2].TXT [ /MEDIABRANDSWW ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MEDIASTORE.VERIZONWIRELESS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MERCOLA.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MM.CHITIKA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@MONDAYMORNINGINSIGHT[1].TXT [ /MONDAYMORNINGINSIGHT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MSNBC.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MSNPORTAL.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MYACCOUNT.VERIZONWIRELESS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /NETWORK.REALMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@NEXTAG[1].TXT [ /NEXTAG ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@NORTHRIDGEMEDIA[1].TXT [ /NORTHRIDGEMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /OPTIMIZE.INDIECLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@OVERTURE[2].TXT [ /OVERTURE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /PARENTINGTEENS.ABOUT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /PAYPAL.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /PERF.OVERTURE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@POINTROLL[2].TXT [ /POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@POINTROLL[3].TXT [ /POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@POINTROLL[4].TXT [ /POINTROLL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@PRO-MARKET[2].TXT [ /PRO-MARKET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@QUESTIONMARKET[3].TXT [ /QUESTIONMARKET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /R1-ADS.ACE.ADVERTISING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@REALMEDIA[1].TXT [ /REALMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@REVENUE[2].TXT [ /REVENUE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@REVSCI[2].TXT [ /REVSCI ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ROTATOR.ADJUGGLER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@RU4[2].TXT [ /RU4 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /S.CLICKABILITY ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SALES.LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SERVER.IAD.LIVEPERSON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SERVING-SYS[2].TXT [ /SERVING-SYS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@SPECIFICMEDIA[1].TXT [ /SPECIFICMEDIA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STAT.DEALTIME ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@STATCOUNTER[1].TXT [ /STATCOUNTER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATS.CRAYOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STATS.PAYPAL ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATSE.WEBTRENDSLIVE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /TACODA.AT.ATWOLA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TACODA[1].TXT [ /TACODA ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TESTQUESTIONSANDANSWERS[2].TXT [ /TESTQUESTIONSANDANSWERS ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TEXASINSTRUMENT.122.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /TRACKER.OPTICSPLANET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRACKING.REALTOR ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRACKING.VEILLE-REFERENCEMENT ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TRAFFICMP[2].TXT [ /TRAFFICMP ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRAVIDIA.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WALMART.112.2O7 ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.ACCOUNTONLINE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.BURSTBEACON ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /WWW.BURSTNET ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.COHOMEFINDER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.COUNTRYLIVING ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.COUNTRYWIDE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /WWW.COUNTRYWIDE ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.CURRCLICK ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.GOOGLEADSERVICES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.HOBBYADSALES ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@XITI[1].TXT [ /XITI ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
   C:\USERS\HANSBERRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANSBERRY@ZEDO[1].TXT [ /ZEDO ]

Trojan.Agent/Gen-UsrMgr
   C:\USERS\HANSBERRY\DESKTOP\CALEB\GRAPHING CALCULATOR\TI-8X PROGRAMS\DOWNLOADS\TI-83+SE DOWNLOADS\AXE PARSER\TOOLS\APPLICATION SIGNING\RABBITSIGN.EXE

Trojan.Agent/Gen-Krpytik
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/RIPPLE.DLL
   C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/SWIRL.DLL
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/MANDELBROTT FRACTAL.DLL
   ZIP ARCHIVE( C:\USERS\HANSBERRY\DESKTOP\SAVE TO FREEAGENT\BRUSH2.ZIP )/FILTERS/RANDOMIZE.DLL

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Hansberry :: HANSBERRY-PC [administrator]

Protection: Enabled

2/9/2012 12:46:10 AM
mbam-log-2012-02-09 (00-46-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398513
Time elapsed: 1 hour(s), 27 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Hansberry\AppData\Local\volmgr.dll (Trojan.Downloader.adb) -> Quarantined and deleted successfully.
C:\Users\Hansberry\AppData\Local\volmgr.exe (Trojan.Downloader.adb) -> Quarantined and deleted successfully.
C:\Users\Hansberry\AppData\Local\Temp\jar_cache5846010264388550745.tmp (Trojan.Downloader.adb) -> Quarantined and deleted successfully.

(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Hansberry at 17:57:10 on 2012-02-09
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1115 [GMT -8:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Rosetta Stone\SMS v3.0.2hs\Service\JavaSrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.homeschoolfreebie.wholesomechildhood.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [eRecoveryService]
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Skytel] Skytel.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hansbe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\billmind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090811.002\IDSvix86.sys [2009-8-11 272432]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-2-19 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-17 149352]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-9 652360]
R2 SMSv3_0_2hs;SMSv3_0_2hs;c:\program files\rosetta stone\sms v3.0.2hs\service\JavaSrvc.exe [2006-7-26 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-9 20464]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2011-3-20 348160]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-28 1245064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-11 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.3.0;c:\windows\system32\drivers\libusb0.sys [2011-7-8 35904]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-3-18 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2011-3-18 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-3-18 105856]
.
=============== Created Last 30 ================
.
2012-02-09 23:36:05   --------   d-----w-   c:\users\hansberry\appdata\roaming\SUPERAntiSpyware.com
2012-02-09 23:34:30   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-09 23:34:30   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-09 17:37:00   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{3aad5b11-a19b-4275-a64c-a3dc40cf8f2b}\offreg.dll
2012-02-09 08:45:26   --------   d-----w-   c:\users\hansberry\appdata\roaming\Malwarebytes
2012-02-09 08:45:20   --------   d-----w-   c:\programdata\Malwarebytes
2012-02-09 08:45:19   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-09 08:45:19   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-09 07:31:43   --------   d-----w-   C:\OEMSettings
2012-02-05 06:06:39   --------   d-----w-   c:\users\hansberry\appdata\roaming\.minecraft
2012-01-23 22:23:58   91448   ----a-w-   c:\windows\system32\bcmwlcoi.dll
2012-01-23 22:23:58   3874816   ----a-w-   c:\windows\system32\bcmihvsrv.dll
2012-01-23 22:23:58   3563520   ----a-w-   c:\windows\system32\bcmihvui.dll
2012-01-23 22:23:58   21728   ----a-w-   c:\windows\system32\drivers\SCMNdisP.sys
2012-01-23 17:09:50   --------   d-----w-   C:\CSGAMES
2012-01-23 17:09:49   598544   ----a-w-   c:\windows\system\OWL202.DLL
2012-01-23 17:09:48   69632   ----a-w-   c:\windows\system\BIDS402.DLL
2012-01-23 17:09:48   219648   ----a-w-   c:\windows\system\BC402RTL.DLL
2012-01-23 00:44:45   --------   d-----w-   c:\windows\pss
2012-01-22 01:08:08   6823496   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{3aad5b11-a19b-4275-a64c-a3dc40cf8f2b}\mpengine.dll
2012-01-11 19:04:57   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2012-01-11 18:43:35   376320   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-11 18:43:33   23552   ----a-w-   c:\windows\system32\mciseq.dll
2012-01-11 18:43:33   189952   ----a-w-   c:\windows\system32\winmm.dll
2012-01-11 18:43:30   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 18:43:28   66560   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 18:43:20   497152   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 18:43:20   1314816   ----a-w-   c:\windows\system32\quartz.dll
.
==================== Find3M ====================
.
2011-11-23 13:37:27   2043904   ----a-w-   c:\windows\system32\win32k.sys
.
============= FINISH: 17:58:22.39 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2009 3:21:17 PM
System Uptime: 2/9/2012 5:32:58 PM (0 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon(tm) Processor LE-1620 | Socket AM2 | 2400/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 69.085 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 298 GiB total, 159.034 GiB free.
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Sansa Media Converter
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.1
Agere Systems PCI-SV92PP Soft Modem
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 2000
ASM Suite 2.0
AviSynth 2.5
Backup
Basic Facts Worksheet Factory
Best Buy Digital Music Store
Best Buy Rhapsody
Bonjour
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon ScanGear Toolbox 3.0
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
ccCommon
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD
Digital Media Reader
e-Sword
eMachines Games
eMachines Recovery Management
ffdshow [rev 2583] [2009-01-05]
GearDrvs
Google Toolbar for Internet Explorer
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Board Games 5
Interactive Math Journey
iTunes
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 26
LEGO Digital Designer
LEGO LOCO
LibUSB-Win32-1.2.3.0
LiveUpdate (Symantec Corporation)
LiveUpdate BVRP Software
LSI PCI-SV92PP Soft Modem
Malwarebytes Anti-Malware version 1.60.1.1000
Mathematics Worksheet Factory Lite 2.0
Mavis Beacon Teaches Typing 18
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft GIF Animator
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mobile PhoneTools
Movie DVD Maker 2.7.1021
Mp3 Stream Recorder
MusicReading
My DVD Maker 5.8
NETGEAR WG111v3 wireless USB 2.0 adapter
NI LabVIEW Run-Time Engine 5.1
Noah's Ark Deluxe 1.1
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
Phonics Made Easy
Picturetrail Photo Editor 2.1.0.0
PVSonyDll
Python 3.2
Quicken for Windows 6 Deluxe
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Rosetta Stone 2.1.5.1Asms
Sansa Media Converter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sothink Movie DVD Maker
SPBBC 32bit
Student Management System v3.0.2hs
SumatraPDF
SUPERAntiSpyware
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
TI-Black Link
TI-Graph Link 82
TI Connect 1.6
Ultimate Ride Coaster Deluxe
Unity Web Player (All users)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USDA-HealtheTech Search SR-20
Verizon Wireless AC30 Firmware Updates
VZAccess Manager
West Point Bridge Designer 2010 (2nd Edition) (remove only)
Windows Mobile Device Updater Component
Yahoo! Toolbar
ZTE USB Drivers
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.

SuperDave · « **Reply #10 on:** February 10, 2012, 11:34:27 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

hansberry · « **Reply #11 on:** February 10, 2012, 01:35:44 PM »

ComboFix 12-02-10.03 - Hansberry 02/10/2012 11:57:09.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1051 [GMT -8:00]
Running from: c:\users\Hansberry\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster1.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster2.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster3.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster4.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster5.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster6.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster7.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster8.csa
c:\users\Hansberry\CruzerSync_v3_2_016.exe
c:\windows\iun6002.exe
c:\windows\system32\DF33D21478.dll
c:\windows\system32\oem39.inf
c:\windows\system32\ReadMe.txt
c:\windows\system32\rnaph.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\002.002
c:\windows\Update.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 20:12 . 2012-02-10 20:16   --------   d-----w-   c:\users\Hansberry\AppData\Local\temp
2012-02-10 20:12 . 2012-02-10 20:12   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-09 23:36 . 2012-02-09 23:36   --------   d-----w-   c:\users\Hansberry\AppData\Roaming\SUPERAntiSpyware.com
2012-02-09 23:34 . 2012-02-09 23:38   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-09 23:34 . 2012-02-09 23:34   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-09 08:45 . 2012-02-09 08:45   --------   d-----w-   c:\users\Hansberry\AppData\Roaming\Malwarebytes
2012-02-09 08:45 . 2012-02-09 08:45   --------   d-----w-   c:\programdata\Malwarebytes
2012-02-09 08:45 . 2012-02-09 08:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-09 08:45 . 2011-12-10 23:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-09 07:31 . 2012-02-09 07:31   --------   d-----w-   C:\OEMSettings
2012-02-05 06:06 . 2012-02-07 19:01   --------   d-----w-   c:\users\Hansberry\AppData\Roaming\.minecraft
2012-01-23 22:23 . 2010-09-30 03:04   91448   ----a-w-   c:\windows\system32\bcmwlcoi.dll
2012-01-23 22:23 . 2010-09-30 02:39   3874816   ----a-w-   c:\windows\system32\bcmihvsrv.dll
2012-01-23 22:23 . 2010-09-30 02:39   3563520   ----a-w-   c:\windows\system32\bcmihvui.dll
2012-01-23 22:23 . 2007-01-20 02:20   21728   ----a-w-   c:\windows\system32\drivers\SCMNdisP.sys
2012-01-23 17:09 . 2012-01-23 17:23   --------   d-----w-   C:\CSGAMES
2012-01-23 17:09 . 1997-03-02 23:32   598544   ----a-w-   c:\windows\system\OWL202.DLL
2012-01-23 17:09 . 1997-03-02 23:32   69632   ----a-w-   c:\windows\system\BIDS402.DLL
2012-01-23 17:09 . 1997-03-02 23:32   219648   ----a-w-   c:\windows\system\BC402RTL.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 20:15 . 2012-02-10 20:15   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AAD5B11-A19B-4275-A64C-A3DC40CF8F2B}\offreg.dll
2012-02-10 19:01 . 2011-09-06 01:38   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-25 15:59 . 2012-01-11 18:43   376320   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 02:58   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2012-01-22 01:08   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AAD5B11-A19B-4275-A64C-A3DC40CF8F2B}\mpengine.dll
2011-11-18 20:23 . 2012-01-11 18:43   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 18:43   66560   ----a-w-   c:\windows\system32\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-01 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-25 988512]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Hansberry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-7-1 303104]
Billminder.lnk - c:\quickenw\billmind.exe [2009-7-3 33280]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\User_Feed_Synchronization-{C656AA48-3742-452D-927A-DA157E589446}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.homeschoolfreebie.wholesomechildhood.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-MathWFLite2 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 12:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-755083138-4246884183-2592298099-1000_Classes\CLSID\{472606e7-cde9-467d-83af-6333f3bad56e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013d
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,76,b5,b8,e7,1e,2c,e7,39,2e,4d,91,eb,9e,ca,8f,8d,41,3c,f8,bf,75,9b,\
.
[HKEY_USERS\S-1-5-21-755083138-4246884183-2592298099-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3f,a8,be,1a,3c,41,f1,a3,c6,78,f4,90,88,f6,22,07,ea,d7,fe,1d,7c,
76,bd,b7,ca,57,e9,89,d4,e0,22,3e,6e,a0,46,b5,a2,08,81,7b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\conime.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-02-10 12:25:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-10 20:25
.
Pre-Run: 73,730,621,440 bytes free
Post-Run: 74,212,982,784 bytes free
.
- - End Of File - - F2E7D8A284D0D2291F9029D935D664D6

SuperDave · « **Reply #12 on:** February 10, 2012, 07:42:06 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Firefox::
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg

DDS::
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

hansberry · « **Reply #13 on:** February 10, 2012, 10:30:08 PM »

hmmm..the combofix will start as yoou said but this time it doesnt continue going...it seems to stop altogether after printing:

"However, scan times for badly infected machines may easily double"

I wait a long long time and it just sits there with the cursur blinking and doesnt move on with scanning and stages etc. It didn't take this long the last/first time I ran it. How long should I wait?

hansberry · « **Reply #14 on:** February 11, 2012, 12:26:51 AM »

Ok, after a few tries with the combofix thing I think it worked.

Anyway here is the log for the SysProt. Is this supposed to eventually get to the limited connectivity issue I'm having?

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #15 on:** February 11, 2012, 11:15:10 AM »

Quote

Is this supposed to eventually get to the limited connectivity issue I'm having?

Yes. I want to make sure that it's not malware that's causing that problem. One more scan please.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

hansberry · « **Reply #16 on:** February 11, 2012, 11:28:52 AM »

But remember, I dont have access to the internet on that computer (the reason I'm here). I've been downloading everything all this time and transferring the files to that one. Right now I'm using my funky laptop to access the internet.

So since this is an 'online' scan, I'm assuming I can't download it to use on the other computer.

?

SuperDave · « **Reply #17 on:** February 11, 2012, 01:30:17 PM »

You're correct. It needs a connection. This is the first time I've run across such a connection. I'm checking with a colleague to see if he has any suggestions.

SuperDave · « **Reply #18 on:** February 11, 2012, 04:59:25 PM »

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

hansberry · « **Reply #19 on:** February 11, 2012, 09:56:46 PM »

hmm...well, it seems that some of our programs that used to work must have been deleted from one of these antivirus programs because they arent working now. Is there a way to get THEM back and not the infected files? I saw that it was even deleting strange things like files from Roller Coaster Deluxe CDRom that I've had for years. Being a store bought program it wouldnt be possible to have a virus on it would it?

SuperDave · « **Reply #20 on:** February 12, 2012, 11:08:37 AM »

Quote

hmm...well, it seems that some of our programs that used to work must have been deleted from one of these antivirus programs because they arent working now.

All the tools I use are safe and won't cause that problem. Please tell me which programs are not working?

Quote

Being a store bought program it wouldnt be possible to have a virus on it would it?

Yes, it's possible. Can you run the aswMBR.exe program?

hansberry · « **Reply #21 on:** February 12, 2012, 06:06:51 PM »

I'm not sure what all programs are not working other than the Minecraft game the kids play. It shows all the files as there but acts like they arent when clicked. Just spins the wheel/cursur for a moment and then stops. There was one other program but I don't remember now what it was. Perhaps this is just something related to the initial problem but I thought the kids had played minecraft fine even with the internet/slow computer trouble. They play it every Saturday..so one week ago it was fine and yesterday it didnt work. I saw the roller coaster stuff listed in one of the scans but we havent played that program recently so I don't know if it was affected or not.

Well anyway, I posted the last two posts back to back and didnt notice your post come in between so here is the log for ASW. I didnt click the 'FIXMBR' button yet and of course being offline I didnt let it update definitions.....

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-12 16:57:31
-----------------------------
16:57:31.459 OS Version: Windows 6.0.6002 Service Pack 2
16:57:31.459 Number of processors: 1 586 0x5F03
16:57:31.462 ComputerName: HANSBERRY-PC UserName: Hansberry
16:57:32.135 Initialize success
16:58:19.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
16:58:19.695 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 6
16:58:19.704 Disk 0 MBR read successfully
16:58:19.709 Disk 0 MBR scan
16:58:19.711 Disk 0 unknown MBR code
16:58:19.717 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
16:58:19.733 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
16:58:19.738 Disk 0 scanning sectors +312579760
16:58:19.808 Disk 0 scanning C:\Windows\system32\drivers
16:58:26.793 Service scanning
16:58:28.201 Modules scanning
16:58:34.415 Disk 0 trace - called modules:
16:58:34.446 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys USBPORT.SYS usbehci.sys RTKVHDA.sys HDAudBus.sys
16:58:34.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8549e298]
16:58:34.796 3 CLASSPNP.SYS[879a38b3] -> nt!IofCallDriver -> [0x84f126b0]
16:58:34.803 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\00000062[0x84b189c0]
16:58:34.809 Scan finished successfully
16:59:09.994 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
16:59:10.013 The log file has been saved successfully to "E:\aswMBR.txt"

SuperDave · « **Reply #22 on:** February 12, 2012, 06:55:30 PM »

Quote

I'm not sure what all programs are not working other than the Minecraft game the kids play

You may need to re-install the program.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

hansberry · « **Reply #23 on:** February 12, 2012, 07:21:35 PM »

It gave me an error or something that said:

Found non-standard or infected MBR.
Enter Y and hit enter for more options or N to exit

hansberry · « **Reply #24 on:** February 12, 2012, 09:36:18 PM »

BTW, in case it matters, if you type in Y to get more options it says

1) Dump the MBR of a physical disk to file
2) Restore the MBR of a physical disk with a standard boot code
3) Exit

hansberry · « **Reply #25 on:** February 12, 2012, 09:46:49 PM »

UM...haha. Well, no log ever popped up and it had a different message than what I think you mentioned but after trying it three times I finally figured out it was saving logs to my desktop instead of popping them up!

So here is the log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows Vista Home Basic Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   eMachines
BIOS Manufacturer:      Phoenix Technologies, LTD
System Manufacturer:      eMachines
System Product Name:      ET1161-05
Logical Drives Mask:      0x000007fc

Kernel Drivers (total 148):
0x82007000 \SystemRoot\system32\ntkrnlpa.exe
0x823C1000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805B6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80602000 \SystemRoot\system32\drivers\acpi.sys
0x80648000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80651000 \SystemRoot\system32\drivers\msisadrv.sys
0x80659000 \SystemRoot\system32\drivers\pci.sys
0x80680000 \SystemRoot\System32\drivers\partmgr.sys
0x8068F000 \SystemRoot\system32\drivers\volmgr.sys
0x8069E000 \SystemRoot\System32\drivers\volmgrx.sys
0x806E8000 \SystemRoot\system32\drivers\pciide.sys
0x806EF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x806FD000 \SystemRoot\System32\drivers\mountmgr.sys
0x8070D000 \SystemRoot\system32\drivers\atapi.sys
0x80715000 \SystemRoot\system32\drivers\ataport.SYS
0x80733000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80757000 \SystemRoot\system32\DRIVERS\storport.sys
0x80798000 \SystemRoot\system32\drivers\fltmgr.sys
0x807CA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8260E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8267F000 \SystemRoot\system32\drivers\ndis.sys
0x8278A000 \SystemRoot\system32\drivers\msrpc.sys
0x827B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8760F000 \SystemRoot\System32\drivers\tcpip.sys
0x876F9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87806000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87916000 \SystemRoot\system32\drivers\volsnap.sys
0x8794F000 \SystemRoot\System32\Drivers\spldr.sys
0x87957000 \SystemRoot\System32\Drivers\mup.sys
0x87966000 \SystemRoot\System32\drivers\ecache.sys
0x8798D000 \SystemRoot\system32\drivers\disk.sys
0x8799E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x879BF000 \SystemRoot\system32\drivers\crcdisk.sys
0x879DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x879EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87738000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87748000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x879F3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8775B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87766000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87770000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x877AE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE97000 \SystemRoot\system32\drivers\iviaspi.sys
0x8AE9A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEB2000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B20B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BB1C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8BB1E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BBBE000 \SystemRoot\System32\drivers\watchdog.sys
0x8BBCA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AEB8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AECF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AEDA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AEFD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF0C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF20000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AF35000 \SystemRoot\System32\Drivers\Pcouffin.sys
0x8AF41000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BBF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AF51000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AF7B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AF85000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AF92000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AFC7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C005000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C212000 \SystemRoot\system32\drivers\portcls.sys
0x8C23F000 \SystemRoot\system32\drivers\drmk.sys
0x8C264000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C26D000 \SystemRoot\System32\Drivers\Null.SYS
0x8C274000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C27B000 \SystemRoot\System32\drivers\vga.sys
0x8C287000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C2A8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C2B0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C2B8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C2C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C2D1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C2DA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C2F0000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8C31C000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8C341000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C355000 \SystemRoot\system32\drivers\afd.sys
0x8C39D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C3CF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8C3D8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C3EE000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8AFD8000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x8AFE2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x877BD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AFF0000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8C80B000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x8C87B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8C89D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C8A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C8DF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C8E9000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
0x8C92F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C98D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D001000 \SystemRoot\system32\DRIVERS\wg111v3.sys
0x8D05F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D075000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8D07F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D081000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8D08E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D09B000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8D0A5000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8D0C9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93A60000 \SystemRoot\System32\win32k.sys
0x8D0DE000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D0E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93C80000 \SystemRoot\System32\TSDDD.dll
0x93CA0000 \SystemRoot\System32\cdd.dll
0x8D0F7000 \SystemRoot\system32\drivers\luafv.sys
0x8D112000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D12C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D13C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D166000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D170000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D183000 \SystemRoot\system32\drivers\HTTP.sys
0x8C9A4000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9D40A000 \SystemRoot\system32\drivers\spsys.sys
0x9D4BA000 \??\C:\Windows\system32\drivers\CO_Mon.sys
0x9D4C2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D4DF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D4F8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D50D000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D52E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D54D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D586000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D59E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x97808000 \SystemRoot\System32\DRIVERS\srv.sys
0x97857000 \??\C:\Windows\system32\drivers\int15.sys
0x9785E000 \SystemRoot\system32\drivers\peauth.sys
0x9793C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x97964000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x97968000 \SystemRoot\System32\drivers\tcpipreg.sys
0x97976000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x97997000 \??\C:\Windows\system32\drivers\mbam.sys
0x9799B000 \??\C:\Users\HANSBE~1\AppData\Local\Temp\aswMBR.sys
0x76F10000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
508 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1192 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\nvvsvc.exe
1716 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\taskeng.exe
1776 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
1876 C:\Windows\System32\dwm.exe
1888 C:\Windows\explorer.exe
276 C:\Windows\System32\svchost.exe
1400 C:\Windows\RtHDVCpl.exe
1632 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
256 C:\Program Files\Zune\ZuneLauncher.exe
1564 C:\Program Files\iTunes\iTunesHelper.exe
420 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
896 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1232 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2056 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2064 C:\Program Files\Windows Media Player\wmpnscfg.exe
2072 C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
2088 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2096 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
2104 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2592 C:\Program Files\SUPERAntiSpyware\SASCore.exe
2624 C:\Windows\System32\agrsmsvc.exe
2648 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2708 C:\Program Files\Bonjour\mDNSResponder.exe
2740 C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2896 C:\Windows\System32\svchost.exe
2956 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3144 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
3868 C:\Windows\System32\svchost.exe
3912 C:\Windows\System32\SearchIndexer.exe
4060 WUDFHost.exe
2416 C:\Program Files\Windows Media Player\wmpnetwk.exe
1456 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2788 C:\Program Files\iPod\bin\iPodService.exe
824 C:\Windows\System32\taskeng.exe
272 C:\Windows\System32\svchost.exe
192 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2192 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
3928 C:\Windows\System32\conime.exe
2844 C:\Windows\System32\SearchProtocolHost.exe
1504 C:\Windows\System32\SearchFilterHost.exe
3216 dllhost.exe
3324 dllhost.exe
1860 C:\Users\Hansberry\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\I: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 4.AA
PhysicalDrive5 Model Number: SeagateFreeAgentDesktop, Rev: 100D

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F85B7CD526802923C3EA061081FBF03E1B7455C 7
298 GB \\.\PhysicalDrive5 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98 F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

SuperDave · « **Reply #26 on:** February 13, 2012, 11:18:02 AM »

Do you have the Recovery Console on your hard drive? If not, do you have the OS disk?

hansberry · « **Reply #27 on:** February 13, 2012, 11:28:02 AM »

what do you mean by recovery console? Is that the windows thing that has the checkpoints?

I have something called emachines recovery management that has options like 'create factory default disc' and 'create driver and application backup disc'. Then under the restore tab it has 'restore system to factory default', 'reinstall aplications/drivers' and 'password settings'.

hansberry · « **Reply #28 on:** February 13, 2012, 12:14:09 PM »

Someone thought I should make sure you knew I have VISTA.

Cant find any CD. The only one I have is the cd verson of the manual that came with the computer..no OS stuff. I don't remember gettting anything else so perhaps it is already installed or that other thing I mentioned is replacing it?

hansberry · « **Reply #29 on:** February 13, 2012, 12:49:09 PM »

Sorry to make another reply.

When I clicked on the info about the emachines recovery management that I mentioned to you before
it said:

"emachines recovery management does away with the neeed for recovery discs provided by the manufacturer. emachines recovery management occupies space in a hidden partition on your systems hard disk and allows you to perform backup/restore operations and to burn backup images to CD or DVD depending on system configuration."

I just thought this might be why I cant find a VISTA OS disk and don't remember having one with this computer. I usually save them and have them for all my other/past computers.

SuperDave · « **Reply #30 on:** February 13, 2012, 01:45:47 PM »

Quote

I just thought this might be why I cant find a VISTA OS disk and don't remember having one with this computer. I usually save them and have them for all my other/past computers.

Yup, that's it. Very few people have the Vista disks.
This will restore your computer back to the day it was purchased. Can you boot into the Recovery Console? If you can, we should be able to repair the MBR.
This may work for you.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows bootup)

When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter

Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now.

hansberry · « **Reply #31 on:** February 13, 2012, 02:06:32 PM »

ok, so you do NOT want me to use the emachines recovery management. You just want me to turn my computer off and then back on.

If I do that I dont see the recovery console option. If I just turn it off I get safemode options. If I tell it to shutdown I only get bios settings option and boot options but it doesnt give me the menu you showed.

If you wanted me to do something other than just turn the computer on and off then I guess I'll need that spelled out, lol.

SuperDave · « **Reply #32 on:** February 13, 2012, 04:31:02 PM »

Just hold on a bit. I'm going to check something.

SuperDave · « **Reply #33 on:** February 13, 2012, 04:34:44 PM »

Download BootKit Remover to your Desktop.

•You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip

•After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

•It will show a Black screen with some data on it.

•Right click on the screen and click Select All.

•Press Enter

•Open a Notepad and press CTRL V

•Post the output back here.

hansberry · « **Reply #34 on:** February 13, 2012, 05:25:51 PM »

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`80100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: c3f4814ee2c87f8f4fc3acd72454a04d

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

SuperDave · « **Reply #35 on:** February 14, 2012, 12:00:30 PM »

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply
*************************************************************************
Please download and run ListParts by Farbar

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

hansberry · « **Reply #36 on:** February 14, 2012, 12:32:44 PM »

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-14 11:22:03
-----------------------------
11:22:03.866 OS Version: Windows 6.0.6002 Service Pack 2
11:22:03.866 Number of processors: 1 586 0x5F03
11:22:03.868 ComputerName: HANSBERRY-PC UserName: Hansberry
11:22:04.724 Initialize success
11:22:11.097 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
11:22:11.100 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 6
11:22:11.123 Disk 0 MBR read successfully
11:22:11.125 Disk 0 MBR scan
11:22:11.129 Disk 0 unknown MBR code
11:22:11.135 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
11:22:11.151 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
11:22:11.156 Disk 0 scanning sectors +312579760
11:22:11.226 Disk 0 scanning C:\Windows\system32\drivers
11:22:18.519 Service scanning
11:22:19.946 Modules scanning
11:22:26.241 Disk 0 trace - called modules:
11:22:26.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys tcpip.sys NETIO.SYS SYMTDI.SYS
11:22:26.269 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b0b918]
11:22:26.276 3 CLASSPNP.SYS[879a78b3] -> nt!IofCallDriver -> [0x841a26c0]
11:22:26.281 5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\00000061[0x841a2b88]
11:22:26.286 Scan finished successfully
11:23:43.367 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
11:23:43.386 The log file has been saved successfully to "E:\aswMBR.txt"

ListParts by Farbar
Ran by Hansberry on 14-02-2012 at 11:27:41
Windows Vista (X86)
Running From: C:\Users\Hansberry\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 47%
Total physical RAM: 1917.76 MB
Available physical RAM: 1001.97 MB
Total Pagefile: 4083.5 MB
Available Pagefile: 2758.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.55 MB

=================ed.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WG111v3 Wireless-G USB Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Hansberry-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WG111v3 Wireless-G USB Adapter
Physical Address. . . . . . . . . : E0-91-F5-92-47-9E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e9fe:4621:8bc9:c1aa%13(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.193.170(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 283152885
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-2F-A1-08-00-21-97-D6-C7-4C
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-D6-C7-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A953D97E-D32D-46BB-9CCB-00FE62A44F8D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3789212C-4E37-4DC7-8B34-88599A8C27F4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:General failure.General failure.Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),===========================================================================
Interface List
13 ...e0 91 f5 92 47 9e ...... NETGEAR WG111v3 Wireless-G USB Adapter
10 ...00 21 97 d6 c7 4c ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{A953D97E-D32D-46BB-9CCB-00FE62A44F8D}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{3789212C-4E37-4DC7-8B34-88599A8C27F4}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.193.170 281
169.254.193.170 255.255.255.255 On-link 169.254.193.170 281
169.254.255.255 255.255.255.255 On-link 169.254.193.170 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.193.170 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.193.170 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::e9fe:4621:8bc9:c1aa/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 09:47:22 AM) (Source: Application Hang) (User: )
Description: The program iTunes.exe version 10.5.2.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 850
Start Time: 01cce75275323a0d
Termination Time: 16

Error: (02/09/2012 09:38:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/09/2012 09:37:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/08/2012 11:29:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b1bb12d6-db89-4515-8e7a-97214babf3a0}

System errors:
=============
Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: TICalc%%20

Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (02/09/2012 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: TICalc%%20

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (02/08/2012 11:23:39 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service32

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: Windows Installer%%1069

Error: (02/08/2012 11:20:57 PM) (Source: Service Control Manager) (User: )
Description: msiserverNT AUTHORITY\SYSTEM%%1352

Error: (02/08/2012 11:20:57 PM) (Source: DCOM) (User: )
Description: 1069MSIServer{000C101C-0000-0000-C000-000000000046}

Microsoft Office Sessions:
=========================
Error: (11/08/2009 11:48:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 1917.76 MB
Available physical RAM: 1067.47 MB
Total Pagefile: 4085.54 MB
Available Pagefile: 3057.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.32 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.05 GB) (Free:69.34 GB) NTFS
3 Drive e: (CANON_SD) (Removable) (Total:3.69 GB) (Free:2.2 GB) FAT32
7 Drive i: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:159.03 GB) NTFS
8 Drive j: (GABRIEL'S) (Removable) (Total:1.87 GB) (Free:1.04 GB) FAT
9 Drive k: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
10 Drive m: (CALEBCRUZER) (Removable) (Total:0.95 GB) (Free:0.76 GB) FAT

========================= Users: ========================================

User accounts for \\HANSBERRY-PC

Administrator Guest Hansberry

**** End of log ****

SuperDave · « **Reply #37 on:** February 15, 2012, 11:27:17 AM »

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: Vista Recovery disk. (Option Two)
Windows 7: Win 7 Recovery disk.

Option 2
Download : Vista Recovery disk iso image
Download : Windows 7 Recovery Disc iso image
Burn it to CD, or DVD: Burning Image to disk.

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

hansberry · « **Reply #38 on:** February 15, 2012, 01:48:05 PM »

OK, well, all of that was very confusing. I ended up accidentally doing option with the recdisc permissions etc just to discover that it was only for those with a vista installation disk, lol.

Then when I went to option 2 you listed, it wanted me to pay $10 for the file. So instead I looked around in the windows help file on my computer searching for system repair and managed to find out that the way I need to get to the last screenshot you just posted, is to hit F8 while the computer is restarting! I don't think that was mentioned yet on this thread, so there ya go.

Hopefully I didnt mess anythign up by doing the recdisc.exe replacement and permission stuff in Option 1.

Anyway, here is the log for the check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows Vista Home Basic Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   eMachines
BIOS Manufacturer:      Phoenix Technologies, LTD
System Manufacturer:      eMachines
System Product Name:      ET1161-05
Logical Drives Mask:      0x000007fc

Kernel Drivers (total 146):
0x82019000 \SystemRoot\system32\ntkrnlpa.exe
0x823D3000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\PSHED.dll
0x80425000 \SystemRoot\system32\BOOTVID.dll
0x8042D000 \SystemRoot\system32\CLFS.SYS
0x8046E000 \SystemRoot\system32\CI.dll
0x8054E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80602000 \SystemRoot\system32\drivers\acpi.sys
0x80648000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80651000 \SystemRoot\system32\drivers\msisadrv.sys
0x80659000 \SystemRoot\system32\drivers\pci.sys
0x80680000 \SystemRoot\System32\drivers\partmgr.sys
0x8068F000 \SystemRoot\system32\drivers\volmgr.sys
0x8069E000 \SystemRoot\System32\drivers\volmgrx.sys
0x806E8000 \SystemRoot\system32\drivers\pciide.sys
0x806EF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x806FD000 \SystemRoot\System32\drivers\mountmgr.sys
0x8070D000 \SystemRoot\system32\drivers\atapi.sys
0x80715000 \SystemRoot\system32\drivers\ataport.SYS
0x80733000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80757000 \SystemRoot\system32\DRIVERS\storport.sys
0x80798000 \SystemRoot\system32\drivers\fltmgr.sys
0x807CA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8260A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8267B000 \SystemRoot\system32\drivers\ndis.sys
0x82786000 \SystemRoot\system32\drivers\msrpc.sys
0x827B1000 \SystemRoot\system32\drivers\NETIO.SYS
0x87603000 \SystemRoot\System32\drivers\tcpip.sys
0x876ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87803000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87913000 \SystemRoot\system32\drivers\volsnap.sys
0x8794C000 \SystemRoot\System32\Drivers\spldr.sys
0x87954000 \SystemRoot\System32\Drivers\mup.sys
0x87963000 \SystemRoot\System32\drivers\ecache.sys
0x8798A000 \SystemRoot\system32\drivers\disk.sys
0x8799B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x879BC000 \SystemRoot\system32\drivers\crcdisk.sys
0x87708000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87713000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8771C000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8772C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8773F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8774A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87755000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8775F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8779D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE97000 \SystemRoot\system32\drivers\iviaspi.sys
0x8AE9A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEB2000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B207000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BB18000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8BB1A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BBBA000 \SystemRoot\System32\drivers\watchdog.sys
0x8BBC6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BBF5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AEB8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AECF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AEDA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AEFD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF0C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF20000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AF35000 \SystemRoot\System32\Drivers\Pcouffin.sys
0x8AF41000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B200000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AF51000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AF7B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AF85000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AF92000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AFC7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C008000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C215000 \SystemRoot\system32\drivers\portcls.sys
0x8C242000 \SystemRoot\system32\drivers\drmk.sys
0x8C267000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C270000 \SystemRoot\System32\Drivers\Null.SYS
0x8C277000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C27E000 \SystemRoot\System32\drivers\vga.sys
0x8C28A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C2AB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C2B3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C2BB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C2C6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C2D4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C2DD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C2F3000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8C31F000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8C344000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C358000 \SystemRoot\system32\drivers\afd.sys
0x8C3A0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C3D2000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8C3DB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C3F1000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8AFD8000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x8AFE2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x877AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AFF0000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8C80A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x8C87A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8C89C000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C8A2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C8DE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C8E8000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
0x8C92E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C98C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D005000 \SystemRoot\system32\DRIVERS\wg111v3.sys
0x8D063000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8D06D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D06F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8D07C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D089000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8D093000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8D0B7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93A20000 \SystemRoot\System32\win32k.sys
0x8D0CC000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D0D6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93C40000 \SystemRoot\System32\TSDDD.dll
0x93C60000 \SystemRoot\System32\cdd.dll
0x8D0E5000 \SystemRoot\system32\drivers\luafv.sys
0x8D100000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D11A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D12A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D154000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D15E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D171000 \SystemRoot\system32\drivers\HTTP.sys
0x8C9A3000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D1DE000 \??\C:\Windows\system32\drivers\CO_Mon.sys
0x8C9CB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA2A0D000 \SystemRoot\system32\drivers\spsys.sys
0xA2ABD000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA2AD6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA2AEB000 \SystemRoot\system32\drivers\mrxdav.sys
0xA2B0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2B2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2B64000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2B7C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2BA4000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2BF3000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xA2BF7000 \??\C:\Windows\system32\drivers\int15.sys
0xA8004000 \SystemRoot\system32\drivers\peauth.sys
0xA80E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA810A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA8118000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA8139000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779E0000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
508 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1192 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\nvvsvc.exe
1440 C:\Windows\System32\svchost.exe
1672 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\taskeng.exe
1736 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
1772 C:\Windows\System32\dwm.exe
1868 C:\Windows\explorer.exe
2008 C:\Windows\System32\svchost.exe
1048 C:\Windows\RtHDVCpl.exe
1304 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
1588 C:\Program Files\Zune\ZuneLauncher.exe
1540 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
1720 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2072 C:\Program Files\iTunes\iTunesHelper.exe
2080 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2088 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2124 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2144 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2164 C:\Program Files\Windows Media Player\wmpnscfg.exe
2184 C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
2200 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2208 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
2216 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2608 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
3184 C:\Program Files\SUPERAntiSpyware\SASCore.exe
3200 C:\Windows\System32\agrsmsvc.exe
3228 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3244 C:\Program Files\Bonjour\mDNSResponder.exe
3276 C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
3420 C:\Windows\System32\svchost.exe
3456 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3568 C:\Windows\System32\svchost.exe
3632 C:\Windows\System32\SearchIndexer.exe
3768 WUDFHost.exe
4024 C:\Program Files\Windows Media Player\wmpnetwk.exe
4044 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
3172 C:\Program Files\iPod\bin\iPodService.exe
2348 C:\Windows\System32\taskeng.exe
3176 C:\Windows\System32\SearchProtocolHost.exe
2828 C:\Windows\System32\SearchFilterHost.exe
1052 dllhost.exe
420 dllhost.exe
3956 C:\Users\Hansberry\Desktop\MBRCheck.exe
472 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\I: --> \\.\PhysicalDrive7 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 4.AA
PhysicalDrive7 Model Number: SeagateFreeAgentDesktop, Rev: 100D

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A797 9
298 GB \\.\PhysicalDrive7 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98 F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

SuperDave · « **Reply #39 on:** February 15, 2012, 04:22:14 PM »

Quote

hit F8 while the computer is restarting! I don't think that was mentioned yet on this thread, so there ya go.

Did you get a chance to do this?

Quote

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

[/COLOR]

hansberry · « **Reply #40 on:** February 15, 2012, 04:42:18 PM »

Yep...I posted the log in my previous post. The one drive that says unknown MBR is just an external drive we save things to if that matters. The hard drive (C) for the computer says: Windows 2008 MBR code detected.

hansberry · « **Reply #41 on:** February 15, 2012, 04:49:11 PM »

Here is a new log with the freeagent external drive unplugged. We don't run stuff from that one it is just for backing up stuff we dont want to lose if the computer goes down.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows Vista Home Basic Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   eMachines
BIOS Manufacturer:      Phoenix Technologies, LTD
System Manufacturer:      eMachines
System Product Name:      ET1161-05
Logical Drives Mask:      0x000006fc

Kernel Drivers (total 147):
0x82019000 \SystemRoot\system32\ntkrnlpa.exe
0x823D3000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\PSHED.dll
0x80418000 \SystemRoot\system32\BOOTVID.dll
0x80420000 \SystemRoot\system32\CLFS.SYS
0x80461000 \SystemRoot\system32\CI.dll
0x80541000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805B2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060D000 \SystemRoot\system32\drivers\acpi.sys
0x80653000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065C000 \SystemRoot\system32\drivers\msisadrv.sys
0x80664000 \SystemRoot\system32\drivers\pci.sys
0x8068B000 \SystemRoot\System32\drivers\partmgr.sys
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\system32\drivers\pciide.sys
0x806FA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80708000 \SystemRoot\System32\drivers\mountmgr.sys
0x80718000 \SystemRoot\system32\drivers\atapi.sys
0x80720000 \SystemRoot\system32\drivers\ataport.SYS
0x8073E000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80762000 \SystemRoot\system32\DRIVERS\storport.sys
0x807A3000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x82605000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82676000 \SystemRoot\system32\drivers\ndis.sys
0x82781000 \SystemRoot\system32\drivers\msrpc.sys
0x827AC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8760B000 \SystemRoot\System32\drivers\tcpip.sys
0x876F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87805000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87915000 \SystemRoot\system32\drivers\volsnap.sys
0x8794E000 \SystemRoot\System32\Drivers\spldr.sys
0x87956000 \SystemRoot\System32\Drivers\mup.sys
0x87965000 \SystemRoot\System32\drivers\ecache.sys
0x8798C000 \SystemRoot\system32\drivers\disk.sys
0x8799D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x879BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x879DE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x879E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87734000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87744000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x879F2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87757000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87762000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8776C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x877AA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AC0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AC9A000 \SystemRoot\system32\drivers\iviaspi.sys
0x8AC9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ACB5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8AE07000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B718000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8B71A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B7BA000 \SystemRoot\System32\drivers\watchdog.sys
0x8B7C6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B7F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ACBB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ACD2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ACDD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD0F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AD23000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AD38000 \SystemRoot\System32\Drivers\Pcouffin.sys
0x8AD44000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AD54000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AD7E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AD88000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AD95000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ADCA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BA0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BC18000 \SystemRoot\system32\drivers\portcls.sys
0x8BC45000 \SystemRoot\system32\drivers\drmk.sys
0x8BC6A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BC73000 \SystemRoot\System32\Drivers\Null.SYS
0x8BC7A000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BC81000 \SystemRoot\System32\drivers\vga.sys
0x8BC8D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BCAE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BCB6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BCBE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BCC9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BCD7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BCE0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BCF6000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8BD22000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8BD47000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BD5B000 \SystemRoot\system32\drivers\afd.sys
0x8BDA3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BDD5000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8BDDE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BDF4000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x8ADDB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8ADE9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AC00000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8C40E000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x8C47E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8C4A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C4A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C4E2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C4EC000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
0x8C532000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C590000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CC0F000 \SystemRoot\system32\DRIVERS\wg111v3.sys
0x8CC6D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8CC77000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CC79000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CC86000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8CC90000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8CCB4000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8CCC1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x938E0000 \SystemRoot\System32\win32k.sys
0x8CCD6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CCE0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93B00000 \SystemRoot\System32\TSDDD.dll
0x93B20000 \SystemRoot\System32\cdd.dll
0x8CCEF000 \SystemRoot\system32\drivers\luafv.sys
0x8CD0A000 \SystemRoot\system32\drivers\WudfPf.sys
0x8CD24000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CD34000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CD5E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8CD68000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8CD7B000 \SystemRoot\system32\drivers\HTTP.sys
0x8C5A7000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9D805000 \SystemRoot\system32\drivers\spsys.sys
0x9D8B5000 \??\C:\Windows\system32\drivers\CO_Mon.sys
0x9D8BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D8DA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D8F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D908000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D929000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D948000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D981000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D999000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA800B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA805A000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xA805E000 \??\C:\Windows\system32\drivers\int15.sys
0xA8065000 \SystemRoot\system32\drivers\peauth.sys
0xA8143000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA816B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA8179000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA819A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA81B0000 \??\C:\Windows\system32\drivers\mbam.sys
0x773C0000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
508 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1192 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\nvvsvc.exe
1456 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\spoolsv.exe
1748 C:\Windows\System32\dwm.exe
1796 C:\Windows\System32\taskeng.exe
1808 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
1836 C:\Windows\explorer.exe
300 C:\Windows\System32\svchost.exe
1088 C:\Windows\RtHDVCpl.exe
888 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
1444 C:\Program Files\Zune\ZuneLauncher.exe
972 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2072 C:\Program Files\iTunes\iTunesHelper.exe
2080 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2088 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2096 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2104 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2112 C:\Program Files\Windows Media Player\wmpnscfg.exe
2120 C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
2136 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2164 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
2172 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2564 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
3152 C:\Program Files\SUPERAntiSpyware\SASCore.exe
3168 C:\Windows\System32\agrsmsvc.exe
3196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3212 C:\Program Files\Bonjour\mDNSResponder.exe
3244 C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
3384 C:\Windows\System32\svchost.exe
3416 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3540 C:\Windows\System32\svchost.exe
3600 C:\Windows\System32\SearchIndexer.exe
3872 WUDFHost.exe
4012 C:\Program Files\Windows Media Player\wmpnetwk.exe
4032 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2148 C:\Program Files\iPod\bin\iPodService.exe
1904 C:\Windows\System32\conime.exe
2896 C:\Windows\System32\taskeng.exe
3080 C:\Windows\System32\SearchProtocolHost.exe
3664 C:\Windows\System32\svchost.exe
1304 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3864 C:\Windows\servicing\TrustedInstaller.exe
3620 WmiPrvSE.exe
3776 C:\Windows\System32\SearchFilterHost.exe
2556 dllhost.exe
1380 dllhost.exe
3024 C:\Users\Hansberry\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 4.AA

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A797 9

Done!

SuperDave · « **Reply #42 on:** February 15, 2012, 05:29:05 PM »

Quote

We don't run stuff from that one it is just for backing up stuff we dont want to lose if the computer goes down.

Good idea. How is the internet connection now? Can you run the ESET scan?

hansberry · « **Reply #43 on:** February 15, 2012, 05:36:32 PM »

No internet connection yet...still shows 'unidentified' network..sees the tab but wont really connect. I have two other computers finding and connecting just fine. I'm assuming the ESET scan you mean is the one I needed a connection for.

SuperDave · « **Reply #44 on:** February 15, 2012, 07:40:48 PM »

Quote

I'm assuming the ESET scan you mean is the one I needed a connection for.

Yes. What browser are you using?

Please download Farbar Service Scanner and run it on the computer with the issue.

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

******************************************************
Download GMER Rootkit Scanner from here.

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
*Sections
*IAT/EAT
*Drives/Partition other than Systemdrive (typically C:\)
*Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

hansberry · « **Reply #45 on:** February 15, 2012, 11:31:14 PM »

I'm using Internet Explorer 8

Farbar Service Scanner Version: 14-02-2012
Ran by Hansberry (administrator) on 15-02-2012 at 19:57:14
Running from "C:\Users\Hansberry\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

I hope the following log for gmer is what you needed. It didn't give me a message in the end. It just stopped and did nothing so I clicked the save button.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-15 22:25:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 ST316081 rev.4.AA
Running: upltoohq.exe; Driver: C:\Users\HANSBE~1\AppData\Local\Temp\fwddquow.sys

---- System - GMER 1.0.15 ----

SSDT 872A9828 ZwAlertResumeThread
SSDT 874B24D0 ZwAlertThread
SSDT 872E9800 ZwAllocateVirtualMemory
SSDT 872B1D10 ZwAlpcConnectPort
SSDT 87056FC0 ZwCreateMutant
SSDT 872A91B8 ZwCreateThread
SSDT 874B80A8 ZwDebugActiveProcess
SSDT 872A8900 ZwFreeVirtualMemory
SSDT 872AE690 ZwImpersonateAnonymousToken
SSDT 872A5E70 ZwImpersonateThread
SSDT 872B1D78 ZwMapViewOfSection
SSDT 87056F40 ZwOpenEvent
SSDT 872B5D68 ZwOpenProcessToken
SSDT 86FE6A60 ZwOpenThreadToken
SSDT 90E82540 ZwResumeThread
SSDT 872E9150 ZwSetContextThread
SSDT 86FE6F90 ZwSetInformationProcess
SSDT 90DFFED0 ZwSetInformationThread
SSDT 874B8008 ZwSuspendProcess
SSDT 871E6798 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x90348640]
SSDT 87082A18 ZwTerminateThread
SSDT 871E60A8 ZwUnmapViewOfSection
SSDT 872A6FC0 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. \OpenWithProgids@\1\22\t_auto_file

---- EOF - GMER 1.0.15 ----

SuperDave · « **Reply #46 on:** February 16, 2012, 10:55:09 AM »

We're going to try something else.

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

hansberry · « **Reply #47 on:** February 16, 2012, 11:35:17 AM »

ok, did that...still no full connection.

For some reason my netgear wizard with not start when I click it (I've been using the computer/internet icon in the tray rather than the wizard). Neither will the itunes. The windows dont show up (except with the itunes it takes about 30 seconds for a ghost window to appear and then a couple more minutes for the full itunes window to appear. Sometimes it never appears. The netgear never appears. The strange thing is that even though they dont show up, they are still shown as running in the task manager.

I don't have that problem with other programs such as windows mail (though of course I dont have a connection but the program comes up fine), quichen and internet explorer...so it doesnt seem as though the computer is just being slow. It apparently is internet related somehow (as is the Rosetta stone that hasnt been working either).

SuperDave · « **Reply #48 on:** February 16, 2012, 01:49:45 PM »

Quote

I don't have that problem with other programs such as windows mail (though of course I dont have a connection but the program comes up fine), quichen and internet explorer...so it doesnt seem as though the computer is just being slow. It apparently is internet related somehow (as is the Rosetta stone that hasnt been working either).

Unfortunately, neither myself or my colleague are familiar with the hookup that you have to access the internet. I'm afraid I can't go any further with this procedure. I'm sure that problem is with the Galaxy Tablet. Why not try to connect the computer to the modem?
We should cleanup before I let you go.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

hansberry · « **Reply #49 on:** February 16, 2012, 02:18:02 PM »

I find it pretty strange that nobody on here is familiar with this connection..it is simply a wireless connection just as if you went to McD's or something. My computer catches the signal and connects to the wireless signal my TAB is sending. The tab gets the signal from the verizon cloud and sends it out to anything in the house that can catch it. Basic wireless signal. The tab is working just fine and the who other computers in my house are connecting without a problem. So the problem cant be the TAB. I have also changed the netgear adapter on the non-connecting computer and it is the same so the problem is not the Netgear either. Everything was working just fine until my son did something in a setting possibly that he cant remember. At that time he had also downloaded something so a virus could have been the problem though he never opened it on that computer and we have already dealt with virus/mallware issues so that leaves either a setting or driver issue from what I can understand of the situation.

Do you think restoring the computer to the factory settings would help? I don't see any other possibility if we are to the end of knowledge on this board.

Whatever the case, I greatly appreciate your time and effort you have put into helping me.

Thank you

hansberry · « **Reply #50 on:** February 16, 2012, 02:21:17 PM »

PS....I cant hook in through a modem because my internet connection is wireless not through a phone cord. I dont have dsl or any of that. It comes straight from the cloud ..like in the Mickey D's example.

Hope that makes sense. It's a pretty common senario.

SuperDave · « **Reply #51 on:** February 16, 2012, 04:19:10 PM »

Quote

PS....I cant hook in through a modem because my internet connection is wireless not through a phone cord. I dont have dsl or any of that. It comes straight from the cloud ..like in the Mickey D's example.

Something has happened with the signal from the Tablet to your laptop and I can't help much with that. Either it's not transmitting a signal or your laptop is not receiving the signal. I would suggest that you could start a new thread in the this forum.

hansberry · « **Reply #52 on:** February 16, 2012, 04:26:04 PM »

OK, thanks. This has taught me to stick with regular ISPs. When this originally happened I tried to talk to Verizon's tech support but they said they cant look at anything on my computer..they only cover the tablet which seemed to be fine to them. I had great support with local dsl back when I had it. I've still got another year on the contract with verizon.

Thanks again for your help!

SuperDave · « **Reply #53 on:** February 16, 2012, 04:29:06 PM »

You're welcome. It taught me about a new way to connect. Good luck.

Computer Hope Forum

News:

Author Topic: limited connectivity (Read 22774 times)

hansberry

SuperDave

Geek-9pm

hansberry

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

hansberry

SuperDave

hansberry

SuperDave

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

hansberry

hansberry

SuperDave

hansberry

hansberry

hansberry

SuperDave

hansberry

SuperDave

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

hansberry

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

SuperDave

hansberry

hansberry

SuperDave

hansberry

SuperDave