Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Go to first new post Screen Freeze.
Go to first new post how to get bluetooth in my computer
Go to first new post Can't boot Windows XP SP3
Go to first new post Windows XP, Unable to open Windows
Go to first new post how to back my pictures viewer to Window ...
Go to first new post HELP!!! Im getting Stop Error Screens al ...
Go to first new post Internet Explorer
Go to first new post Solved: Can't open links in Outlook Expr ...
Go to first new post Blue screen
Go to first new post Unmountable_boot_volume
Go to first new post Slow Start-up Due To Lexmark File
Go to first new post Not able to INSERT a photo into Outlook ...
Go to first new post Can't Uninstall Program
Go to first new post Solved: STOP errors
Go to first new post Logitech wecam mic not working
Search Search
Search for:
Tech Support Guy Forums > > >

Firewall blocking


(!)

Reply
Page 3 of 6 12 3 456
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,546 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
30-Jun-2012, 10:14 PM #31
Please run the AVG Remover Tool (the first one on the list):

http://www.avg.com/ca-en/utilities

Then reboot and try running ComboFix again. If it still alerts to AVG then do the following:
  • Go to Start - Run and type wbemtest then click OK.
  • Click on the Connect button on the upper right side (above Exit).
  • Change root\default to root\SecurityCenter and click on Connect again.
  • Under IWbemServices click on Query…
  • Type in SELECT * FROM AntiVirusProduct and then click on Apply.

Among the entries listed you should see the following:

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

Highlight the above entry and then click on the Delete button. Be sure not to delete any others.

Then reboot and try ComboFix again.
__________________
Microsoft MVP - Consumer Security
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
01-Jul-2012, 02:07 PM #32
I tried this again and the AVG was still on there. I get all the way through to Query and typed in the select information and hit apply. Then I get an error:
Number: 0x80041017
Facility: WMI
Description: Invalid Query
????
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,546 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-Jul-2012, 03:09 PM #33
Are you typing in all of the following?

SELECT * FROM AntiVirusProduct
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
01-Jul-2012, 04:28 PM #34
ComboFix 12-07-01.03 - Elaine Strean 07/01/2012 13:11:53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1316 [GMT -7:00]
Running from: c:\documents and settings\Elaine Strean\Desktop\puppy.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\currdat.lst.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Elaine Strean\GoToAssistDownloadHelper.exe
c:\program files\Angle Interactive\RD Platinum v5.0
c:\program files\Angle Interactive\RD Platinum v5.0\report.csv
c:\program files\Internet Explorer\SET5D2.tmp
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\SET4CA.tmp
c:\windows\system32\_003060_.tmp.dll
c:\windows\system32\_003061_.tmp.dll
c:\windows\system32\_003062_.tmp.dll
c:\windows\system32\_003063_.tmp.dll
c:\windows\system32\_003070_.tmp.dll
c:\windows\system32\_003071_.tmp.dll
c:\windows\system32\_003072_.tmp.dll
c:\windows\system32\_003073_.tmp.dll
c:\windows\system32\_003075_.tmp.dll
c:\windows\system32\_003076_.tmp.dll
c:\windows\system32\_003079_.tmp.dll
c:\windows\system32\_003080_.tmp.dll
c:\windows\system32\_003082_.tmp.dll
c:\windows\system32\_003083_.tmp.dll
c:\windows\system32\_003084_.tmp.dll
c:\windows\system32\_003086_.tmp.dll
c:\windows\system32\_003089_.tmp.dll
c:\windows\system32\_003090_.tmp.dll
c:\windows\system32\_003094_.tmp.dll
c:\windows\system32\_003095_.tmp.dll
c:\windows\system32\_003097_.tmp.dll
c:\windows\system32\_003100_.tmp.dll
c:\windows\system32\_003102_.tmp.dll
c:\windows\system32\_003103_.tmp.dll
c:\windows\system32\_003104_.tmp.dll
c:\windows\system32\_003105_.tmp.dll
c:\windows\system32\_003106_.tmp.dll
c:\windows\system32\_003109_.tmp.dll
c:\windows\system32\_003110_.tmp.dll
c:\windows\system32\_003111_.tmp.dll
c:\windows\system32\_003112_.tmp.dll
c:\windows\system32\_003113_.tmp.dll
c:\windows\system32\_003118_.tmp.dll
c:\windows\system32\_003120_.tmp.dll
c:\windows\system32\_003121_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\kill.exe
c:\windows\system32\SET1077.tmp
c:\windows\system32\SET107B.tmp
c:\windows\system32\SET1085.tmp
c:\windows\system32\SET10FC.tmp
c:\windows\system32\SET1388.tmp
c:\windows\system32\SET1389.tmp
c:\windows\system32\SET1429.tmp
c:\windows\system32\SET142B.tmp
c:\windows\system32\SET142E.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1E2.tmp
c:\windows\system32\SET1E3.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F7.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET1FF.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET236.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23A.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET273.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET27C.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET306.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36E.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET40F.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\SET43B.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET444.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET447.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET44D.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET450.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET455.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET45B.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET486.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET496.tmp
c:\windows\system32\SET499.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET4A1.tmp
c:\windows\system32\SET4A3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 20:05 . 2012-07-01 20:05 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-07-01 17:50 . 2012-07-01 17:50 -------- d-----w- C:\puppy
2012-06-30 19:28 . 2012-06-30 19:29 -------- dc-h--w- c:\windows\ie8
2012-06-29 23:47 . 2012-06-29 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-06-29 21:36 . 2012-06-29 21:36 -------- d-----w- c:\documents and settings\Elaine Strean\Application Data\SUPERAntiSpyware.com
2012-06-29 21:36 . 2012-06-29 21:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-29 21:36 . 2012-06-29 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-29 21:32 . 2012-06-29 21:32 -------- d-----w- c:\documents and settings\Elaine Strean\Application Data\Malwarebytes
2012-06-29 21:32 . 2012-06-29 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-29 21:32 . 2012-06-29 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 21:32 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:50 . 2012-06-29 00:50 388096 ----a-r- c:\documents and settings\Elaine Strean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-23 02:05 . 2012-06-23 02:08 -------- d-----w- c:\documents and settings\Kenneth Strean\Application Data\xfinitytb
2012-06-22 03:18 . 2012-06-22 03:18 -------- d-----w- c:\documents and settings\Elaine Strean\Application Data\AVG2012
2012-06-22 00:06 . 2012-06-22 00:06 -------- d-----w- c:\documents and settings\Kenneth Strean\Application Data\AVG2012
2012-06-22 00:04 . 2012-06-22 02:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-22 00:03 . 2012-06-22 00:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-06-22 00:03 . 2012-07-01 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-06-08 23:50 . 2012-06-30 01:12 -------- d-----w- c:\program files\comcasttb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 00:54 . 2012-04-01 02:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 00:54 . 2012-02-19 01:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 00:35 . 2008-07-15 20:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-10 18:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-10 18:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-10 18:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-07-31 02:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-08-10 18:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-10 18:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-08-10 17:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-10 18:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-08-10 18:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2008-07-15 20:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2008-07-15 20:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
.
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"nwiz"="nwiz.exe" [2008-04-07 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]
"HostManager"="c:\program files\Common Files\AOL\1208987670\EE\AOLHostManager.exe" [2004-11-03 125528]
"MegaPanel"="c:\program files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe" [2009-12-11 2113536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WhiteSmoke Translator.lnk - c:\documents and settings\Elaine Strean\Local Settings\Temporary Internet Files\Content.IE5\GKAOUDCI\WhiteSmokeWriterGeo5002_en[1].exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1208987670\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\dell\\EXPRESS.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [12/19/2011 11:40 AM 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/19/2011 11:47 AM 64080]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2010 7:08 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 7:32 PM 257224]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2010 7:08 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:54]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:08]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:08]
.
2012-06-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d3c607ac-0c85-413d-a6f2-fef53e1af5d0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e6c77580-b657-4ab2-b161-a25b1e8ff57c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-01 c:\windows\Tasks\User_Feed_Synchronization-{6AFCE08B-0196-4590-A1EC-5A865B41E2BB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
BHO-{c9d421f2-bf25-4224-95ed-2b491106634d} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-AROReminder - c:\program files\Advanced Registry Optimizer\aro.exe
HKCU-Run-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
HKCU-Run-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
HKCU-Run-KGShareApp - c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-ErrorTeck - c:\program files\ErrorTeck\ErrorTeck.exe
HKLM-Run-RegWork - c:\program files\RegWork\RegWork.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-01 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\progra~1\COMMON~1\AOL\120898~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\120898~1\EE\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2012-07-01 13:27:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 20:27
.
Pre-Run: 138,444,857,344 bytes free
Post-Run: 138,786,467,840 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1827FC6A507463F403C6B6D91B05465F
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,546 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-Jul-2012, 06:38 PM #35
Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.
__________________
Microsoft MVP - Consumer Security
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
01-Jul-2012, 09:50 PM #36
I went through the whole scan and no window pops up. They ask me if I want to buy a couple of different anti virus options, but I don't see any results in a box. What am I doing wrong?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,546 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
02-Jul-2012, 05:57 PM #37
I don't know. Is there a log? It may be at this location:

C:\Program Files\EsetOnlineScanner\log.txt

or this one:

C:\Program Files\Eset\EsetOnlineScanner\log.txt
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
02-Jul-2012, 07:47 PM #38
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<base href="http://www.eset.com/" />
<link rel="shortcut icon" href="http://static1.int.esetstatic.com/fi...es/favicon.ico" type="image/x-ico; charset=binary" />
<link rel="icon" href="http://static1.int.esetstatic.com/fi...es/favicon.ico" type="image/x-ico; charset=binary" />
<title>ESET :: Download :: For Home</title>
<meta name="keywords" content="antivirus software, spyware, antispyware, antispam, personal firewall" />
<meta name="description" content="ESET software provides advanced proactive antivirus protection. Download the award-winning ESET NOD32 Antivirus or ESET Smart Security now!" />
<meta name="author" content="ESET" />
<meta name="copyright" content="ESET" />
<meta name="doc-type" content="Web Page" />
<meta name="doc-class" content="Published" />
<meta name="doc-rights" content="Copywritten Work" />
<meta name="doc-publisher" content="ESET" />
<meta name="robots" content="index, follow" />
<meta name="google-site-verification" content="dHfSJtqaVSUJZCZxxWeEFEPe5bf8zWns1jsScwMdorc" />
<style type="text/css">
#sec-download .item-detail #os_dd #inpt_os,
#sec-download .item-detail .select label span,
.select label span {font-size: 11px !important;}
span.ugheading { font-weight:bold; text-decoration:underline}
ul#neug { padding-left:0px }
ul#neug.links li { padding-left:0px;}
ul#neug.links li a { background-image:url('fileadmin/templates/img/icn-pdf.png'); }
.sec-download-new .down-detail .item-detail {padding:0px 0px 0px 60px !important}
.sec-download-new .down-detail .new_area {margin-top:10px !important}
.sec-download-new .down-detail .item-detail .alert {margin:0px !important;padding-bottom:10px !important}
}
</style><meta name="msvalidate.01" content="d92a49a0b538fe1bea905e38ba036ad8" /><meta name="yandex-verification" content="45e99e1a936f7f86" />
<meta property="og:description" content="ESET software provides advanced proactive antivirus protection. Download the award-winning ESET NOD32 Antivirus or ESET Smart Security now!" />
<meta property="og:url" content="http://www.eset.com/us/download/home/" />
<meta property="og:type" content="og_productsroduct" />
<link rel="alternate" type="application/rss+xml" title="ESET" href="http://www.eset.com/rss/rss-us-.xml" />
<meta property="og:title" content="ESET :: Download :: For Home" />
<link rel="stylesheet" type="text/css" media="all" href="http://static3.int.esetstatic.com/fi...617.merged.css" />
<link rel="stylesheet" type="text/css" media="print" href="http://static3.int.esetstatic.com/fi...b7f.merged.css" />
<!--[if IE 6]>
<link href="fileadmin/templates/styles/ie6.css" type="text/css" rel="stylesheet" />
<script src="http://static3.int.esetstatic.com/fi...G.js"></script>
<script>
DD_belatedPNG.fix('img, div');
</script>
<![endif]-->

<!--[if IE 7]>
<link href="fileadmin/templates/styles/ie7.css" type="text/css" rel="stylesheet" />
<![endif]-->
<script type="text/javascript" src="http://static5.int.esetstatic.com/fi...y.js"></script>
<script type="text/javascript" src="http://static4.int.esetstatic.com/fi...t.js"></script>
<script type="text/javascript" src="http://static3.int.esetstatic.com/fi...d.js"></script>
</head>
<body>
<script type="text/javascript">
FontSet();
</script>
<div id="info"><div id="atom-eset-news-index"></div></div>
<div id="page">
<div id="content">
<div id="top"><div id="atom-eset-header-index">

<script type="text/javascript">

document.observe('dom:loaded', function(){ var urlString = 'us/download/home/?_ajax_=newsHelper&amp;screenwidth=' + screen.width + '&amp;screenheight=' + screen.height + '&amp;id=7435'; BoxUpdater.update(urlString.replace(/&amp;/g,"&"));});
</script>

<script type="text/javascript">
var aliases404 = new Array();
//console.log("creating aliases404 array");
</script>

<script type="text/javascript">
var myDomain = "";
//console.log("domain " + "");
function getCookie(c_name)
{
var i,x,y,ARRcookies=document.cookie.split(";");
for (i=0;i<ARRcookies.length;i++)
{
x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));
y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);
x=x.replace(/^\s+|\s+$/g,"");
if (x==c_name)
{
return unescape(y);
}
}
}
function in_array(needle, haystack)
{
var length = haystack.length;
var i=0;
for(var key in haystack)
{
//alert('comparing '+haystack[key].indexOf(needle,0)+' with '+(haystack[key].length - needle.length));
//alert('comparing '+haystack[key]+' with '+needle);
i++;
if(i<=length) {
if(haystack[key].indexOf(needle,0) == (haystack[key].length - needle.length))
{
return true;
}
}
}
return false;
}
function redirectBranch() {
if(getCookie("fe_typo_branch")) {
var currentBranch = '';
$$('a.branch-selector').each(function(el) {
if(el.readAttribute('class') == "branch-selector sel") {
currentBranch = el.readAttribute('title');
}
});
if((currentBranch != titles[ids.indexOf(parseInt(getCookie("fe_typo_branch")))]) && (currentBranch.length > 0)) {
//window.location = urls[ids.indexOf(parseInt(getCookie("fe_typo_branch")))] + urlParts[ids.indexOf(parseInt(getCookie("fe_typo_branch")))];
//alert(window.location.pathname.substring(1,window.location.pathname.length-1).split('/'));
var pathParts = window.location.pathname.substring(1,window.location.pathname.length-1).split('/');
//console.log("pathparts "+pathParts);
var urlPartToCheck = '';
if(in_array("/"+pathParts[0]+"/", urls)) {
//alert('inarray');
if(pathParts.length > 1) {
for(var i=1; i<pathParts.length; i++) {
urlPartToCheck += pathParts[i] + "/";
}
}
}
else {
//alert('not inarray');
if(pathParts.length > 1) {
var urlPartToCheck = '';
for(var i=0; i<pathParts.length; i++) {
urlPartToCheck += pathParts[i] + "/";
}
}
}
//console.log("urlparttocheck "+urlPartToCheck);
if(!in_array(urlPartToCheck, aliases404)) {
window.location = urls[ids.indexOf(parseInt(getCookie("fe_typo_branch")))] + urlParts[ids.indexOf(parseInt(getCookie("fe_typo_branch")))];
}
else {
//alert('we are in here');
window.location = urls[ids.indexOf(parseInt(getCookie("fe_typo_branch")))];
}
}
}
}
$$('a.branch-selector').each(function(el) {
el.observe('click', function(element) {
var actualDate = new Date();
var expires = new Date();
expires.setDate(actualDate.getDate()+365);
//alert("fe_typo_branch" + "=" + ids[titles.indexOf(el.readAttribute('title'))] + "; expires="+expires.toUTCString()+"; path=/; domain=" + myDomain);
document.cookie = "fe_typo_branch" + "=" + ids[titles.indexOf(el.readAttribute('title'))] + "; expires="+expires.toUTCString()+"; path=/; domain=" + myDomain;
});
});
document.observe('dom:loaded', function() {
$$('a.branch-selector').each(function(el) {
el.observe('click', function(element) {
var actualDate = new Date();
var expires = new Date();
expires.setDate(actualDate.getDate()+365);
//alert("fe_typo_branch" + "=" + ids[titles.indexOf(el.readAttribute('title'))] + "; expires="+expires.toUTCString()+"; path=/; domain=" + myDomain);
document.cookie = "fe_typo_branch" + "=" + ids[titles.indexOf(el.readAttribute('title'))] + "; expires="+expires.toUTCString()+"; path=/; domain=" + myDomain;
});
});
});
var ids = new Array();
var urls = new Array();
var titles = new Array();
var urlParts = new Array();
</script>

<div class="top_links">

<a href="us/language-selector/" class="world" id="countries-target" onclick="return false;"><strong>United States and Canada</strong></a>

<span class="sep"> | </span>
<a title="Partners" href="http://go.eset.com/us/partnerinfo">Partners</a>

<span class="sep"> | </span>
<a title="About ESET" href="us/about/profile/overview/">About ESET</a>

<span class="sep"> | </span>

<a class="cart" id="cart" title="Cart" href="http://cart.eset.com/c.438708/ssp/cart.ssp">Cart</a>


</div>
<div class="top_line">
<div class="logo">
<a href="us/"><img title="ESET :: Antivirus Software and Protection" alt="ESET logo" width="67" height="26" src="http://static5.int.esetstatic.com/fi.../logo-eset.png" /></a>
</div>

<ul class="m_menu">

<li>
<a class="m01" title="For Home" href="us/home/"><span class="hdn">For Home</span></a>
</li>

<li>
<a class="m02" title="For Business" href="us/business/eset-for-business/"><span class="hdn">For Business</span></a>
</li>

<li>
<a class="m03" title="Store" href="http://go.eset.com/us/store"><span class="hdn">Store</span></a>
</li>

<li>
<strong>
<a class="m04" title="Download" href="us/download/home/"><span class="hdn">Download</span></a>
</strong>
</li>

<li>
<a class="m05" title="Support" href="http://kb.eset.com"><span class="hdn">Support</span></a>
</li>

</ul>
<form id="search-form" action="/us/download/home/" method="get">
<fieldset class="search">
<legend></legend>
<input type="hidden" id="search-redirect" value="" />
<input type="hidden" name="page" value="answers" />
<input type="hidden" name="type" value="search" />
<input id="search-target" type="text" title="Search for information about our products" class="input_cleaner input_text" name="question_box" value="Search" />
<input type="submit" id="search-submit" class="input_submit" value="Search" />
</fieldset>
</form>
<script type="text/javascript">
$('search-target').setAttribute("autocomplete", "off");
</script>
</div>
<div id="search-popup" style="display:none;"></div>
</div></div>
<div id="sub_area" class="content">
<div id="caption"><div id="atom-eset-caption-index">

<div id="print_hr">
<br /><br />

ESET


Download


For Home

<hr />
</div>


<div class="caption nobrd">

<h1 class="l">Download for Home</h1>


</div>



<div class="produkt_img">
<ul class="s_menu">


<li>

<strong>
<a name="activeMenu">
<span>For Home</span>
</a>
</strong>

</li>



<li>

<a title="For Business" href="us/download/business/">
<span>For Business</span>
</a>

</li>



<li>

<a title="Documentation" href="us/download/documentation/">
<span>Documentation</span>
</a>

</li>



<li>

<a title="Utilities" href="us/download/utilities/">
<span>Utilities</span>
</a>

</li>



<li>

<a title="Training" href="us/download/training/">
<span>Training</span>
</a>

</li>



<li>

<a title="Free 30-day Trial" href="us/download/free-trial/">
<span>Free 30-day Trial</span>
</a>

</li>


</ul>

</div>
</div></div>
<div id="sec-download" class="new_area"><div id="c144643" class="csc-default" ><style type="text/css">
/* common styles */
.btn a.btn_blue_down {
background: url("/fileadmin/templates/img/btn_blue.png") no-repeat scroll 0 0 transparent;
color: #FFFFFF;
display: block;
font-size: 14px;
height: 31px;
line-height: 26px;
margin-bottom: 2px;
padding-left: 9px;
width: 148px;
}
#sec-download .sec {
overflow: hidden;
padding-bottom: 11px;
width: 910px;
</style></div><div id="c38474" class="csc-default" ><div id="atom-eset_download-pi1-index">

<div class="sec-download-new">
<div class="forhome">
<div class="lists">












<div class="item">
<div class="f">
<a alt="ESET Smart Security" title="ESET Smart Security" href="us/download/home/detail/family/5" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Smart Security', 'Picture']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Smart Security', 'Picture']);"><img title="ESET Smart Security" alt="ESET Smart Security" width="50" height="80" src="http://static3.int.esetstatic.com/up..._ESS-v5_02.png" /></a>
</div>
<div class="c">
<h2><a title="ESET Smart Security" href="us/download/home/detail/family/5" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Smart Security', 'Title']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Smart Security', 'Title']);">ESET Smart Security</a></h2>
<p>NOD32 Antivirus | Antispyware | Antispam | Firewall | Parental Controls | Security Training</p>
</div>

<div class="os">
<p class="windows">Windows</p>
</div>

<div class="btn">

<a class="btn_blue_down" href="http://www.eset.com/us/download/home/detail/family/5/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Smart Security', 'TryNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Smart Security', 'TryNow']);">

I already purchased
</a>
<div><div style="margin-bottom:5px">&nbsp;</div><a href="/us/download/home/detail/family/5/?trl=es" class="btn_blue_down" onClick="s.tl(this,'o','Download Trial ESS Button');" title="I want a free trial">I want a free trial</a></div>
</div>
<div class="l">
<a style="background-image:url('fileadmin/templates/img/ico_l_buy.png');" href="us/store/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Smart Security', 'BuyNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Smart Security', 'BuyNow']);">
Buy now
</a>

<a style="background-image:url('fileadmin/templates/img/ico_l_info.png');" href="us/home/products/smart-security/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Smart Security', 'LearnMore']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Smart Security', 'LearnMore']);">
Learn more
</a>
<div>
</div>
</div>
</div>
<div class="divider_padding"><div class="divider"><hr /></div></div>


<div class="item">
<div class="f">
<a alt="ESET NOD32 Antivirus" title="ESET NOD32 Antivirus" href="us/download/home/detail/family/2" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'Picture']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'Picture']);"><img title="ESET NOD32 Antivirus" alt="ESET NOD32 Antivirus" width="50" height="80" src="http://static1.int.esetstatic.com/up..._EAV-v5_02.png" /></a>
</div>
<div class="c">
<h2><a title="ESET NOD32 Antivirus" href="us/download/home/detail/family/2" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'Title']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'Title']);">ESET NOD32 Antivirus</a></h2>
<p>Antivirus | Antispyware | Security Training</p>
</div>

<div class="os">
<p class="windows">Windows</p>
</div>

<div class="btn">

<a class="btn_blue_down" href="http://www.eset.com/us/download/home/detail/family/2" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'TryNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'TryNow']);">

I already purchased
</a>
<div><div style="margin-bottom:5px">&nbsp;</div><a href="/us/download/home/detail/family/2/?trl=ea" class="btn_blue_down" onClick="s.tl(this,'o','Download Trial EAV Button');">I want a free trial</a></div>
</div>
<div class="l">
<a style="background-image:url('fileadmin/templates/img/ico_l_buy.png');" href="us/store/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'BuyNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'BuyNow']);">
Buy now
</a>

<a style="background-image:url('fileadmin/templates/img/ico_l_info.png');" href="us/home/products/antivirus/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'LearnMore']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus', 'LearnMore']);">
Learn more
</a>
<div>
</div>
</div>
</div>
<div class="divider_padding"><div class="divider"><hr /></div></div>


<div class="item">
<div class="f">
<a alt="ESET Cybersecurity" title="ESET Cybersecurity" href="us/download/home/detail/family/29" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Cybersecurity', 'Picture']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Cybersecurity', 'Picture']);"><img title="ESET Cybersecurity" alt="ESET Cybersecurity" width="50" height="80" src="http://static2.int.esetstatic.com/up...x80_ECS_02.png" /></a>
</div>
<div class="c">
<h2><a title="ESET Cybersecurity" href="us/download/home/detail/family/29" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Cybersecurity', 'Title']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Cybersecurity', 'Title']);">ESET Cybersecurity</a></h2>
<p>Antivirus | Antispyware | Security Training<br />
</p>
</div>

<div class="os">
<p class="mac_os_x">Mac OS X</p>
</div>

<div class="btn">

<a class="btn_blue_down" href="us/download/home/detail/family/29" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Cybersecurity', 'TryNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Cybersecurity', 'TryNow']);">


I already purchased
</a>
<div><div style="margin-bottom:5px">&nbsp;</div><a href="/us/download/home/detail/family/29/?trl=ec" class="btn_blue_down" onClick="s.tl(this,'o','Download Trial ECS Button');">I want a free trial</a></div>
</div>
<div class="l">
<a style="background-image:url('fileadmin/templates/img/ico_l_buy.png');" href="us/store/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Cybersecurity', 'BuyNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Cybersecurity', 'BuyNow']);">
Buy now
</a>

<a style="background-image:url('fileadmin/templates/img/ico_l_info.png');" href="us/home/products/antivirus-for-mac/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Cybersecurity', 'LearnMore']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Cybersecurity', 'LearnMore']);">
Learn more
</a>
<div>
</div>
</div>
</div>
<div class="divider_padding"><div class="divider"><hr /></div></div>


<div class="item">
<div class="f">
<a alt="ESET Mobile Security" title="ESET Mobile Security" href="us/download/home/detail/family/25" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Mobile Security', 'Picture']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Mobile Security', 'Picture']);"><img title="ESET Mobile Security" alt="ESET Mobile Security" width="50" height="80" src="http://static3.int.esetstatic.com/up..._EMS-02_01.png" /></a>
</div>
<div class="c">
<h2><a title="ESET Mobile Security" href="us/download/home/detail/family/25" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Mobile Security', 'Title']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Mobile Security', 'Title']);">ESET Mobile Security</a></h2>
<p>Antivirus | Firewall | SMS Antispam | Anti-Theft | Security Training</p>
</div>

<div class="os">
<p class="mobile">Mobile</p>
</div>

<div class="btn">

<a class="btn_blue_down" href="us/download/home/detail/family/25" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Mobile Security', 'TryNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Mobile Security', 'TryNow']);">


I already purchased
</a>
<div><div style="margin-bottom:5px">&nbsp;</div><a href="/us/download/home/detail/family/25/?trl=em" class="btn_blue_down" onClick="s.tl(this,'o','Download Trial EMS Button');">I want a free trial</a></div>
</div>
<div class="l">
<a style="background-image:url('fileadmin/templates/img/ico_l_buy.png');" href="us/store/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Mobile Security', 'BuyNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Mobile Security', 'BuyNow']);">
Buy now
</a>

<a style="background-image:url('fileadmin/templates/img/ico_l_info.png');" href="us/home/products/mobile-security/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET Mobile Security', 'LearnMore']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET Mobile Security', 'LearnMore']);">
Learn more
</a>
<div>
</div>
</div>
</div>
<div class="divider_padding"><div class="divider"><hr /></div></div>


<div class="item">
<div class="f">
<a alt="ESET NOD32 Antivirus for Linux Desktop" title="ESET NOD32 Antivirus for Linux Desktop" href="us/download/home/detail/family/71" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'Picture']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'Picture']);"><img title="ESET NOD32 Antivirus for Linux Desktop" alt="ESET NOD32 Antivirus for Linux Desktop" width="50" height="80" src="http://static5.int.esetstatic.com/up...x80_EAV_04.png" /></a>
</div>
<div class="c">
<h2><a title="ESET NOD32 Antivirus for Linux Desktop" href="us/download/home/detail/family/71" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'Title']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'Title']);">ESET NOD32 Antivirus<br/>for Linux Desktop</a></h2>
<p>Antivirus | Antispyware</p>
</div>

<div class="os">
<p class="linux">Linux</p>
</div>

<div class="btn">

<a class="btn_blue_down" href="us/download/home/detail/family/71" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'TryNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'TryNow']);">


I already purchased
</a>
<div><div style="margin-bottom:5px">&nbsp;</div><a href="/us/download/home/detail/family/5/?trl=el" class="btn_blue_down" onClick="s.tl(this,'o','Download Trial EAV for Linux Button');">I want a free trial</a></div>
</div>
<div class="l">
<a style="background-image:url('fileadmin/templates/img/ico_l_buy.png');" href="http://www.eset.com/us/store/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'BuyNow']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'BuyNow']);">
Buy now
</a>

<a style="background-image:url('fileadmin/templates/img/ico_l_info.png');" href="us/home/products/nod32-for-linux/" onclick="_gaq.push(['local._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'LearnMore']);_gaq.push(['global._trackEvent', 'Download - us', 'ESET NOD32 Antivirus for Linux Desktop', 'LearnMore']);">
Learn more
</a>
<div>
</div>
</div>
</div>
<div class="divider_padding"><div class="divider"><hr /></div></div>


</div>
<div class="sec">
<div class="area3">
<h3 class="support"><a href="http://kb.eset.com">Technical support</a></h3>
<p>Visit the ESET Knowledgebase to find the quickest solutions to the most common questions. From there you can also view video tutorials, access documentation and contact ESET Customer Care.</p>
<a class="all" href="http://kb.eset.com">Learn more</a>
</div>
<div class="area3">
<h3 class="doc"><a href="/us/resource/papers/white-papers/">Reference Materials</a></h3>
<p>Download white papers, data sheets, presentations and more. Also find independent tests, product reviews and links to industry resources.</p>
<a class="all" href="/us/resource/papers/white-papers/">Learn more</a>
</div>
<div class="area3">
<h3 class="scan"><a href="http://blog.eset.com/">ESET Threat Blog</a></h3>
<p>Keep up to date on the latest threats and malware by reading the ESET Researchers’ blog. Also available as an RSS feed.</p>
<a class="all" href="http://blog.eset.com/">Learn more</a>
</div>
</div>
</div>
</div></div></div><div class="area1"><div style="margin-top:20px; border-radius:5px; font-size:12px; -moz-border-radius:5px; border:1px solid #E6E9EF; padding:15px 20px; background-color:#F6F8F9;line-height:20px; overflow:hidden">
<strong> Important: </strong>
Before the installation we recommend you uninstall all other security solutions, including older versions of ESET.
<a target="_blank" href="http://kb.eset.com/esetkb/index?page...SOLN146">Click here</a>
to learn more.
</div>
<p>&nbsp;</p>

</div><div id="c178630" class="csc-default" ><!-- Google Code for Download - Home Remarketing List -->
<script type="text/javascript">
/* <![CDATA[ */
var google_conversion_id = 1028393326;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "anfWCLLz6wMQ7pKw6gM";
var google_conversion_value = 0;
/* ]]> */
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://
www.googleadservices.com/pagead/conversion/1028393326/?
value=0&amp;label=anfWCLLz6wMQ7pKw6gM&amp;guid=ON&amp;script=0"/>
</div>
</noscript></div></div>
</div>
<div id="bottom"><div id="atom-eset-footer-index">
<script type="text/javascript">

</script>

<div class="oldarea">


<div class="path pathOld">

<a title="US" href="us/">ESET</a>
<span class="sep"> > </span>


<a title="Download" href="us/download/home/">Download</a>
<span class="sep"> > </span>

<em>
For Home
</em>

</div>


<div class="f_area">
<p class="q">
<strong>Quick Links:</strong>

<a title="Store" href="http://go.eset.com/us/store">Store</a>
<span class="sep"> | </span>

<a title="Renew" href="http://go.eset.com/us/renew">Renew</a>
<span class="sep"> | </span>

<a title="Activate" href="http://go.eset.com/us/activate">Activate</a>
<span class="sep"> | </span>

<a title="Free Trial" href="http://www.eset.com/us/download/free-trial/">Free Trial</a>
<span class="sep"> | </span>

<a title="Online Scanner" href="us/online-scanner/">Online Scanner</a>
<span class="sep"> | </span>

<a title="ESET vs. Competition" href="us/home/whyeset/compare/">ESET vs. Competition</a>
<span class="sep"> | </span>

<a title="Press Center" href="http://www.eset.com/us/presscenter/p...leases/">Press Center</a>
<span class="sep"> | </span>

<a title="Blog" href="http://blog.eset.com/">Blog</a>
<span class="sep"> | </span>

<a title="Threat Center" href="us/threat-center/">Threat Center</a>
<span class="sep"> | </span>

<a title="Support" href="http://kb.eset.com">Support</a>

</p>

<form id="chooseProductForm" method="get" action="http://www.eset.com/us/download/home/" onsubmit="if ($('productOption').getValue() != 'do not redirect') submitProductForm(); return false;">
<fieldset>
<label>
<strong>All products:</strong>
<select id="productOption" onchange="if ($('productOption').getValue() != 'do not redirect') submitProductForm();">
<option value="do not redirect" selected="selected">Select product</option>

<option value='us/home/products/smart-security/'>ESET Smart Security</option>

<option value='us/home/products/antivirus/'>ESET NOD32 Antivirus</option>

<option value='us/home/products/nod32-for-linux/'>ESET NOD32 Antivirus 4 for Linux</option>

<option value='us/home/products/antivirus-for-mac/'>ESET Cybersecurity for Mac</option>

<option value='us/home/products/mobile-security/'>ESET Mobile Security</option>

<option value='us/home/products/family-security-pack/'>ESET Family Security Pack</option>

<option value='us/business/products/antivirus/'>ESET Endpoint Antivirus</option>

<option value='us/business/products/security/'>ESET Endpoint Security</option>

<option value='us/business/products/antivirus-for-mac/'>ESET NOD32 Antivirus Business Edition for Mac OS X</option>

<option value='us/business/products/remote-administrator/'>ESET Remote Administrator</option>

<option value='us/business/products/mail-exchange/'>ESET Mail Security for Microsoft Exchange Server</option>

<option value='us/business/products/mail-lotus/'>ESET Mail Security for IBM Lotus Domino</option>

<option value='us/business/products/mail-linux/'>ESET Mail Security for Linux / BSD / Solaris</option>

<option value='us/business/products/mail-kerio/'>ESET NOD32 Antivirus for Kerio Connect</option>

<option value='us/business/products/file-windows/'>ESET NOD32 Antivirus for Windows File Server</option>

<option value='us/business/products/file-linux/'>ESET File Security for Linux / BSD / Solaris</option>

<option value='us/business/products/gateway-linux/'>ESET Gateway Security for Linux / BSD / Solaris</option>

<option value='us/business/products/gateway-kerio/'>ESET NOD32 Antivirus for Kerio Control</option>

<option value='us/online-scanner/'>ESET Online Scanner</option>

<option value='us/download/utilities/'>ESET SysInspector</option>

</select>
</label>
<input type="hidden" value="1" name="productdd" />
<input type="submit" class="input_submit" value="Go" />
</fieldset>
</form>
</div>


<div class="bottom_area">
<div class="bl">
<p class="b_menu">
<a title="Contact" href="us/about/contact/">Contact</a>
<span class="sep"> | </span>
<a title="Privacy" href="us/privacy/">Privacy</a>
<span class="sep"> | </span>
<a title="Legal Information" href="us/legal-information/">Legal Information</a>
<span class="sep"> | </span>
<a title="Return Policy" href="us/return-policy/">Return Policy</a>
<span class="sep"> | </span>
<a title="Sitemap" href="us/sitemap/">Sitemap</a>

</p>
<p class="copy"> © 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies. </p>
</div>

<div style="display: none; right: 116px;" class="pop" id="bottom-pop-113">
<div class="pop_top"></div>
<div class="pop_center">
<div>
<img class=" img_right" alt="Facebook" title="" width="40" height="40" src="http://static1.int.esetstatic.com/up...acebook_25.png" />
<div><p class="bodytext">Join our facebook fan site!</p></div>
</div>
</div>
<div class="pop_bottom"></div>
</div>
<div style="display: none; right: 96px;" class="pop" id="bottom-pop-240">
<div class="pop_top"></div>
<div class="pop_center">
<div>
<img class=" img_right" alt="Google+" title="" width="32" height="32" src="http://static1.int.esetstatic.com/up...e/gplus-32.png" />
<div><p class="bodytext">Visit the official ESET USA Google+ Page.</p></div>
</div>
</div>
<div class="pop_bottom"></div>
</div>
<div style="display: none; right: 76px;" class="pop" id="bottom-pop-112">
<div class="pop_top"></div>
<div class="pop_center">
<div>
<img class=" img_right" alt="Twitter" title="" width="40" height="40" src="http://static5.int.esetstatic.com/up...twitter_25.png" />
<div><p class="bodytext">Visit the official ESET Twitter page.</p></div>
</div>
</div>
<div class="pop_bottom"></div>
</div>
<div style="display: none; right: 56px;" class="pop" id="bottom-pop-114">
<div class="pop_top"></div>
<div class="pop_center">
<div>
<img class=" img_right" alt="YouTube" title="" width="40" height="40" src="http://static2.int.esetstatic.com/up...youtube_25.png" />
<div><p class="bodytext">Watch our videos at the official ESET YouTube Channel.</p></div>
</div>
</div>
<div class="pop_bottom"></div>
</div>
<div style="display: none; right: 36px;" class="pop" id="bottom-pop-268">
<div class="pop_top"></div>
<div class="pop_center">
<div>
<img class=" img_right" alt="LinkedIn" title="" width="42" height="42" src="http://static4.int.esetstatic.com/up...icon_42x42.png" />
<div><p class="bodytext">Connect with ESET North America on LinkedIn.</p></div>
</div>
</div>
<div class="pop_bottom"></div>
</div>
<div style="display: none; right: 16px;" class="pop" id="bottom-pop-111">
<div class="pop_top"></div>
<div class="pop_center">
<div>
<img class=" img_right" alt="RSS" title="" width="40" height="40" src="http://static2.int.esetstatic.com/up...ico_rss_25.png" />
<div><p class="bodytext">Receive regular updates from the ESET Press Center.</p></div>
</div>
</div>
<div class="pop_bottom"></div>
</div>

<div class="icons">

<a href="http://www.facebook.com/esetusa" onclick="recordOutboundLink(this, 'Clicks', 'Facebook', '', 0, '1'); return false;" title="" id="bottom-icon-113"><img title="" alt="" width="16" height="16" src="http://static3.int.esetstatic.com/up...acebook_28.gif" /></a>

<a href="https://plus.google.com/100120447453...51568551/posts" onclick="recordOutboundLink(this, 'Clicks', 'Google+', '', 0, '1'); return false;" title="" id="bottom-icon-240"><img title="" alt="" width="16" height="16" src="http://static1.int.esetstatic.com/up...us_icon_01.png" /></a>

<a href="https://twitter.com/eset" onclick="recordOutboundLink(this, 'Clicks', 'Twitter', '', 0, '1'); return false;" title="" id="bottom-icon-112"><img title="" alt="" width="16" height="16" src="http://static3.int.esetstatic.com/up...wistter_27.gif" /></a>

<a href="http://www.youtube.com/esetusa" onclick="recordOutboundLink(this, 'Clicks', 'YouTube', '', 0, '1'); return false;" title="" id="bottom-icon-114"><img title="" alt="" width="16" height="16" src="http://static1.int.esetstatic.com/up...youtube_28.gif" /></a>

<a href="http://www.linkedin.com/company/esetnorthamerica" onclick="recordOutboundLink(this, 'Clicks', 'LinkedIn', '', 0, '1'); return false;" title="" id="bottom-icon-268"><img title="" alt="" width="16" height="16" src="http://static2.int.esetstatic.com/up...edin-16x16.png" /></a>

<a href="http://www.eset.com/us/rss" onclick="recordOutboundLink(this, 'Clicks', 'RSS', '', 0, '1'); return false;" title="" id="bottom-icon-111"><img title="" alt="" width="16" height="16" src="http://static2.int.esetstatic.com/up...ico_rss_27.gif" /></a>


</div>
</div>
<div class="clear"></div>
<script type="text/javascript">

$('bottom-icon-113').observe('mouseenter',function(ev){$('bottom-pop-113').show(); });
$('bottom-icon-113').observe('mouseleave',function(ev){$('bottom-pop-113').hide(); });

$('bottom-icon-240').observe('mouseenter',function(ev){$('bottom-pop-240').show(); });
$('bottom-icon-240').observe('mouseleave',function(ev){$('bottom-pop-240').hide(); });

$('bottom-icon-112').observe('mouseenter',function(ev){$('bottom-pop-112').show(); });
$('bottom-icon-112').observe('mouseleave',function(ev){$('bottom-pop-112').hide(); });

$('bottom-icon-114').observe('mouseenter',function(ev){$('bottom-pop-114').show(); });
$('bottom-icon-114').observe('mouseleave',function(ev){$('bottom-pop-114').hide(); });

$('bottom-icon-268').observe('mouseenter',function(ev){$('bottom-pop-268').show(); });
$('bottom-icon-268').observe('mouseleave',function(ev){$('bottom-pop-268').hide(); });

$('bottom-icon-111').observe('mouseenter',function(ev){$('bottom-pop-111').show(); });
$('bottom-icon-111').observe('mouseleave',function(ev){$('bottom-pop-111').hide(); });

function submitProductForm() {
el = $('chooseProductForm');
el.writeAttribute('action', $('productOption').getValue());
el.submit();
}
</script>

<div id="countries-popup" class="countries" style="display:none;">
<form action=""><fieldset><input type="text" /></fieldset></form>
<div class="cont">
<div class="warp">
<ul class="fade">
<li class="sel">
<a class="fade-1" href="#">North America</a>
</li>

<li>
<a class="fade-2" href="#">Europe</a>
</li>

<li>
<a class="fade-3" href="#">Latin America</a>
</li>

<li>
<a class="fade-4" href="#">Asia</a>
</li>

<li>
<a class="fade-5" href="#">Australia and Oceania</a>
</li>

<li>
<a class="fade-6" href="#">Africa</a>
</li>

</ul><span id="arrow"></span></div>
</div>
<div class="state">
<a href="#" class="close" title="close"><span class="hdn">Close</span></a>
<div class="clear"></div>

<div class="fade fade-1">


<ul>
<li class="act def">
<a href="http://www.eset.com/us/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'United States and Canada',0);return false;">United States and Canada</a></li>

</ul>

</div>
<div class="fade fade-2 hidden">


<ul>
<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Armenia',0);return false;">Armenia</a></li>



<li>
<a href="http://www.eset.at/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Austria',0);return false;">Austria</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Azerbaijan',0);return false;">Azerbaijan</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Belarus',0);return false;">Belarus</a></li>



<li>
<a href="http://www.nod32.lu/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Belgium',0);return false;">Belgium</a></li>



<li>
<a href="http://www.nod32adria.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Bosnia and Herzegovina',0);return false;">Bosnia and Herzegovina</a></li>



<li>
<a href="http://www.eset.com/bg/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Bulgaria',0);return false;">Bulgaria</a></li>



<li>
<a href="http://www.nod32.com.hr/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Croatia',0);return false;">Croatia</a></li>



<li>
<a href="http://www.eset.com/gr-en" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Cyprus',0);return false;">Cyprus</a></li>



<li>
<a href="http://www.eset.cz" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Czech Republic',0);return false;">Czech Republic</a></li>



<li>
<a href="http://www.nod32denmark.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Denmark',0);return false;">Denmark</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset.ee/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Estonia',0);return false;">Estonia</a></li>



<li>
<a href="http://www.esetfinland.fi/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Finland',0);return false;">Finland</a></li>



<li>
<a href="http://www.eset.com/fr/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'France',0);return false;">France</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Georgia',0);return false;">Georgia</a></li>



<li>
<a href="http://www.eset.com/de/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Germany',0);return false;">Germany</a></li>



<li>
<a href="http://www.eset.com/gr" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Greece',0);return false;">Greece</a></li>



<li>
<a href="http://www.nod32.hu/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Hungary',0);return false;">Hungary</a></li>



<li>
<a href="http://www.nod32iceland.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Iceland',0);return false;">Iceland</a></li>



<li>
<a href="http://www.eset.ie/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Ireland',0);return false;">Ireland</a></li>



<li>
<a href="http://www.nod32.it/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Italy',0);return false;">Italy</a></li>



<li>
<a href="http://www.eset.lv/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Latvia',0);return false;">Latvia</a></li>
</ul>


<ul>
<li>
<a href="http://www.nod32.lt/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Lithuania',0);return false;">Lithuania</a></li>



<li>
<a href="http://www.nod32.lu/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Luxembourg',0);return false;">Luxembourg</a></li>



<li>
<a href="http://www.nod32adria.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Macedonia',0);return false;">Macedonia</a></li>



<li>
<a href="http://www.eset.com/partners/malta" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Malta',0);return false;">Malta</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Moldova',0);return false;">Moldova</a></li>



<li>
<a href="http://www.nod32.nl/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Netherlands',0);return false;">Netherlands</a></li>



<li>
<a href="http://www.nod32norway.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Norway',0);return false;">Norway</a></li>



<li>
<a href="http://www.eset.pl/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Poland',0);return false;">Poland</a></li>



<li>
<a href="http://www.eset.com/pt/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Portugal',0);return false;">Portugal</a></li>



<li>
<a href="http://www.nod32.ro/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Romania',0);return false;">Romania</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Russia',0);return false;">Russia</a></li>
</ul>


<ul>
<li>
<a href="http://www.nod32adria.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Serbia and Montenegro',0);return false;">Serbia and Montenegro</a></li>



<li>
<a href="http://www.eset.com/sk" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Slovakia',0);return false;">Slovakia</a></li>



<li>
<a href="http://www.nod32.si/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Slovenia',0);return false;">Slovenia</a></li>



<li>
<a href="http://www.nod32-es.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Spain',0);return false;">Spain</a></li>



<li>
<a href="http://www.nod32sweden.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Sweden',0);return false;">Sweden</a></li>



<li>
<a href="http://www.eset.com/ch-en/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Switzerland',0);return false;">Switzerland</a></li>



<li>
<a href="http://www.eset.com/tr/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Turkey',0);return false;">Turkey</a></li>



<li>
<a href="http://eset.com.ua/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Ukraine',0);return false;">Ukraine</a></li>



<li>
<a href="http://www.eset.co.uk" onclick="recordOutboundLink(this, 'Language selector', 'us', 'United Kingdom',0);return false;">United Kingdom</a></li>

</ul>

</div>
<div class="fade fade-3 hidden">


<ul>
<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Argentina',0);return false;">Argentina</a></li>



<li>
<a href="http://www.eset.com/partners/aruba" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Aruba',0);return false;">Aruba</a></li>



<li>
<a href="http://www.eset.com/partners/barbados" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Barbados',0);return false;">Barbados</a></li>



<li>
<a href="http://www.eset.com/partners/belize" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Belize',0);return false;">Belize</a></li>



<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Bolivia',0);return false;">Bolivia</a></li>



<li>
<a href="http://www.eset.com.br" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Brazil',0);return false;">Brazil</a></li>



<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Colombia',0);return false;">Colombia</a></li>



<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Costa Rica',0);return false;">Costa Rica</a></li>



<li>
<a href="http://www.eset-la.com" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Dominican Republic',0);return false;">Dominican Republic</a></li>



<li>
<a href="http://www.eset.com.ec/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Ecuador',0);return false;">Ecuador</a></li>



<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'El Salvador',0);return false;">El Salvador</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset.com.gt/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Guatemala',0);return false;">Guatemala</a></li>



<li>
<a href="http://www.eset.com.hn/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Honduras',0);return false;">Honduras</a></li>



<li>
<a href="http://www.eset.cl/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Chile',0);return false;">Chile</a></li>



<li>
<a href="http://www.eset.com.mx/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Mexico',0);return false;">Mexico</a></li>



<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Nicaragua',0);return false;">Nicaragua</a></li>



<li>
<a href="http://www.eset.com.pa/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Panama',0);return false;">Panama</a></li>



<li>
<a href="http://www.eset-la.com" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Paraguay',0);return false;">Paraguay</a></li>



<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Peru',0);return false;">Peru</a></li>



<li>
<a href="http://www.eset.com/partners/suriname" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Suriname',0);return false;">Suriname</a></li>



<li>
<a href="http://www.eset.com/partners/Trinidad-and-Tobago" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Trinidad and Tobago',0);return false;">Trinidad and Tobago</a></li>



<li>
<a href="http://www.eset.com.uy/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Uruguay',0);return false;">Uruguay</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset-la.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Venezuela',0);return false;">Venezuela</a></li>

</ul>

</div>
<div class="fade fade-4 hidden">


<ul>
<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Bahrain',0);return false;">Bahrain</a></li>



<li>
<a href="http://www.eset.com/partners/bangladesh/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Bangladesh',0);return false;">Bangladesh</a></li>



<li>
<a href="http://www.eset.com/partners/bhutan" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Bhutan',0);return false;">Bhutan</a></li>



<li>
<a href="http://www.eset.com/partners/brunei" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Brunei',0);return false;">Brunei</a></li>



<li>
<a href="http://www.nod32.com.hk/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Hong Kong',0);return false;">Hong Kong</a></li>



<li>
<a href="http://www.eset.com.kh" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Cambodia',0);return false;">Cambodia</a></li>



<li>
<a href="http://www.nod32cn.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'China',0);return false;">China</a></li>



<li>
<a href="http://www.esetindia.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'India',0);return false;">India</a></li>



<li>
<a href="http://www.eset.co.id/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Indonesia',0);return false;">Indonesia</a></li>



<li>
<a href="http://www.eset.co.il/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Israel',0);return false;">Israel</a></li>



<li>
<a href="http://www.canon-sol.jp/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Japan',0);return false;">Japan</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Jordan',0);return false;">Jordan</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Kazakhstan',0);return false;">Kazakhstan</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Kuwait',0);return false;">Kuwait</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Kyrgyzstan',0);return false;">Kyrgyzstan</a></li>



<li>
<a href="http://www.eset.com/partners/laos" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Laos',0);return false;">Laos</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Lebanon',0);return false;">Lebanon</a></li>



<li>
<a href="http://www.eset.com/partners/malaysia/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Malaysia',0);return false;">Malaysia</a></li>



<li>
<a href="http://www.getnod32.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Maldives',0);return false;">Maldives</a></li>



<li>
<a href="http://www.eset.com/partners/mongolia" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Mongolia',0);return false;">Mongolia</a></li>



<li>
<a href="http://www.eset.com/partners/myanmar/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Myanmar',0);return false;">Myanmar</a></li>



<li>
<a href="http://www.eset.com/partners/nepal" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Nepal',0);return false;">Nepal</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Oman',0);return false;">Oman</a></li>



<li>
<a href="http://www.eset.com/partners/pakistan" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Pakistan',0);return false;">Pakistan</a></li>



<li>
<a href="http://www.eset.com/ph/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Philippines',0);return false;">Philippines</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Qatar',0);return false;">Qatar</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Saudi Arabia',0);return false;">Saudi Arabia</a></li>



<li>
<a href="http://www.nod32.com.sg/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Singapore',0);return false;">Singapore</a></li>



<li>
<a href="http://www.eset.com/partners/south-korea/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'South Korea',0);return false;">South Korea</a></li>



<li>
<a href="http://www.eset.com/partners/sri-lanka/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Sri Lanka',0);return false;">Sri Lanka</a></li>



<li>
<a href="http://www.nod32tw.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Taiwan',0);return false;">Taiwan</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Tajikistan',0);return false;">Tajikistan</a></li>



<li>
<a href="http://www.nod32th.com/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Thailand',0);return false;">Thailand</a></li>
</ul>


<ul>
<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Turkmenistan',0);return false;">Turkmenistan</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'United Arab Emirates',0);return false;">United Arab Emirates</a></li>



<li>
<a href="http://www.esetnod32.ru/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Uzbekistan',0);return false;">Uzbekistan</a></li>



<li>
<a href="http://www.eset.com.vn" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Vietnam',0);return false;">Vietnam</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Yemen',0);return false;">Yemen</a></li>

</ul>

</div>
<div class="fade fade-5 hidden">


<ul>
<li>
<a href="http://eset.com.au/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Australia',0);return false;">Australia</a></li>



<li>
<a href="http://www.nod32.co.nz/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'New Zealand',0);return false;">New Zealand</a></li>

</ul>

</div>
<div class="fade fade-6 hidden">


<ul>
<li>
<a href="http://www.eset.com/dz" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Algeria',0);return false;">Algeria</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Angola',0);return false;">Angola</a></li>



<li>
<a href="http://www.eset.com/bj" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Benin',0);return false;">Benin</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Botswana',0);return false;">Botswana</a></li>



<li>
<a href="http://www.eset.com/bf" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Burkina Faso',0);return false;">Burkina Faso</a></li>



<li>
<a href="http://www.eset.com/bf/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Burundi',0);return false;">Burundi</a></li>



<li>
<a href="http://www.eset.com/cm" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Cameroon',0);return false;">Cameroon</a></li>



<li>
<a href="http://www.eset.com/cf/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Central African Republic',0);return false;">Central African Republic</a></li>



<li>
<a href="http://www.eset.com/cg/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Congo',0);return false;">Congo</a></li>



<li>
<a href="http://www.eset.com/ci/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Cote D’Ivoire',0);return false;">Cote D’Ivoire</a></li>



<li>
<a href="http://www.eset.com/dj/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Djibuti',0);return false;">Djibuti</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset.com/cd/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Democratic Republic of the Congo',0);return false;">Democratic Republic of the Congo</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Egypt',0);return false;">Egypt</a></li>



<li>
<a href="http://www.eset.com/partners/ethiopia" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Ethiopia',0);return false;">Ethiopia</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Equatorial Guinea',0);return false;">Equatorial Guinea</a></li>



<li>
<a href="http://www.eset.com/ga/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Gabon',0);return false;">Gabon</a></li>



<li>
<a href="http://www.eset.com/ng" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Ghana',0);return false;">Ghana</a></li>



<li>
<a href="http://www.eset.com/gn/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Guinea',0);return false;">Guinea</a></li>



<li>
<a href="http://www.eset.com/td/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Chad',0);return false;">Chad</a></li>



<li>
<a href="http://www.eset.co.ke/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Kenya',0);return false;">Kenya</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Lesotho',0);return false;">Lesotho</a></li>



<li>
<a href="http://www.eset.com/me" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Libya',0);return false;">Libya</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Madagascar',0);return false;">Madagascar</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Malawi',0);return false;">Malawi</a></li>



<li>
<a href="http://www.eset.com/ml/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Mali',0);return false;">Mali</a></li>



<li>
<a href="http://www.eset.com/mr/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Mauritania',0);return false;">Mauritania</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Mauritius',0);return false;">Mauritius</a></li>



<li>
<a href="http://www.eset.com/ma/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Morocco',0);return false;">Morocco</a></li>



<li>
<a href="http://www.eset.co.mz" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Mozambique',0);return false;">Mozambique</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Namibia',0);return false;">Namibia</a></li>



<li>
<a href="http://www.eset.com/ne/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Niger',0);return false;">Niger</a></li>



<li>
<a href="http://www.eset.com/ng/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Nigeria',0);return false;">Nigeria</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Rwanda',0);return false;">Rwanda</a></li>
</ul>


<ul>
<li>
<a href="http://www.eset.com/sn/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Senegal',0);return false;">Senegal</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Seychelles',0);return false;">Seychelles</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'South Africa',0);return false;">South Africa</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Swaziland',0);return false;">Swaziland</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Tanzania',0);return false;">Tanzania</a></li>



<li>
<a href="http://www.eset.com/tg/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Togo',0);return false;">Togo</a></li>



<li>
<a href="http://www.eset.com/tn/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Tunisia',0);return false;">Tunisia</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Uganda',0);return false;">Uganda</a></li>



<li>
<a href="http://www.eset.com/za/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Zambia',0);return false;">Zambia</a></li>



<li>
<a href="http://www.eset.com/partners/zimbabwe/" onclick="recordOutboundLink(this, 'Language selector', 'us', 'Zimbabwe',0);return false;">Zimbabwe</a></li>

</ul>

</div>

<div class="inter">
<a href="http://www.eset.com/" id="country_int">International (English)</a>
</div>

</div>
</div>



</div>

<div id="bottom_print"><p>ESET – globálna centrála, Aupark Tower, Einsteinova 24, 851 01 Bratislava, Slovenská republika, Spojovateľka: +421 (2) 322 44 111</p> <p>Obchodné oddelenie: +421 (2) 322 44 250 (obchod@eset.sk), Fax: +421 (2) 322 44 109</p> <p><strong>Technická podpora: +421 (2) 322 44 444</strong></p> </div></div></div>
</div>
</div>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['global._setAccount', 'UA-160836-30'],
['global._setAllowLinker', true],
['global._setDomainName', '.eset.com'],
['global._trackPageview'],
['local._setAccount', 'UA-32126-1'],
['local._setAllowLinker', true],
['local._setDomainName', '.eset.com'],
['local._trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script><!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://go.eset.com/us/scripts/lib/s_code_2.js"></script>
<script type="text/javascript"><!--
/* You may give each page an identifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+' \!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetprod/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<!-- Eloqua -->
<script type="text/javascript" src="http://go.eset.com/us/scripts/elqNow...g.js"></script>
<script type="text/javascript" src="http://go.eset.com/us/scripts/elqNow...g.js"></script>
<!-- End Eloqua --><!-- <ul id="autocompleter-choices" class="autocompleter-choices" style="z-index: 1000; left: 1117px; top: 73px; width: 196px; overflow-y: hidden; display: block;"></ul>
<script type="text/javascript" src="/us/scripts/lib/mootools-1.2.5-core-yc.js"></script><script type="text/javascript" src="/us/scripts/lib/mootools-1.2.5.1-more.js"></script><script type="text/javascript" src="/us/scripts/download.js"></script><script type="text/javascript" src="/us/scripts/lib/autocompleter/Autocompleter.js"></script><script type="text/javascript" src="/us/request/jsonp/topsearches.js"></script>
<script type="text/javascript">
document.observe('dom:loaded', function() {
$('search-target').setAttribute('name','search-target');
new Autocompleter.Local('search-target', 'autocompleter-choices', __topsearches, { /* 'autocompleter-choices', */
'zIndex': 1000,
'delay': 100,
'topOffset': 3,
'leftOffset': 2,
'width': '196px',
'fullSearch': true,
onChoice: function() {
$('search_form').submit();
}
});
});
</script> -->
</body>
</html><!-- from cache 2012-07-03T00:58:47+02:00 -->
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
02-Jul-2012, 08:49 PM #39
I have no idea what I sent you. It was listed at the top of the scan under a notebook. I looked for both of the suggestions you gave me, but the computer said that they couldn't be found. Sorry I just don't understand all of this.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,546 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
03-Jul-2012, 05:53 PM #40
Let's try this one instead as that means nothing to me either.

Please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!
  • Accept the License Agreement.
  • Once the ActiveX installs click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy and paste the entire report in your next reply.
__________________
Microsoft MVP - Consumer Security
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
03-Jul-2012, 08:48 PM #41

Scanning Report

Tuesday, July 3, 2012 17:03:34 - 17:46:54

Computer name: DB85P4G1
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
14 malware found

TrackingCookie.Questionmarket (spyware)
  • System (Disinfected)
TrackingCookie.Adinterax (spyware)
  • System (Disinfected)
TrackingCookie.2o7 (spyware)
  • System (Disinfected)
TrackingCookie.Advertising (spyware)
  • System (Disinfected)
TrackingCookie.Atdmt (spyware)
  • System (Disinfected)
TrackingCookie.Doubleclick (spyware)
  • System (Disinfected)
TrackingCookie.Revsci (spyware)
  • System (Disinfected)
TrackingCookie.Fastclick (spyware)
  • System (Disinfected)
TrackingCookie.Adbrite (spyware)
  • System (Disinfected)
TrackingCookie.Webtrends (spyware)
  • System (Disinfected)
TrackingCookie.Mediaplex (spyware)
  • System (Disinfected)
TrackingCookie.Liveperson (spyware)
  • System (Disinfected)
TrackingCookie.Atwola (spyware)
  • System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
  • System (Disinfected)
Statistics

Scanned:
  • Files: 51687
  • System: 3276
  • Not scanned: 20
Actions:
  • Disinfected: 14
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
Files not scanned:
  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\REG4C.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\REG6B.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\REG4B.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\REG6C.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\REG75.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\REG76.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\~DF2F46.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\~DFAB28.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\~DF5AC0.TMP
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\HSPERFDATA_ELAINE STREAN\3980
  • C:\DOCUMENTS AND SETTINGS\ELAINE STREAN\LOCAL SETTINGS\TEMP\HSPERFDATA_ELAINE STREAN\176
Options

Scanning engines: Scanning options:
  • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
  • Use advanced heuristics
  • Copyright © 1998-2009 Product support | Send virus sample to F-Secure

    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,546 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
04-Jul-2012, 05:52 PM #42
Download OTS.exe to your Desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus interferes with OTS, allow it to run.
  3. Double-click on OTS.exe to start the program.
  4. At the top put a check mark in the box beside "Scan All Users".
  5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
  6. Now click the Run Scan button on the toolbar.
  7. Let it run unhindered until it finishes.
  8. When the scan is complete Notepad will open with the report file loaded in it.
  9. Save that notepad file.
Use the Reply button, scroll down to the attachments section and attach the notepad file here.
__________________
Microsoft MVP - Consumer Security
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
05-Jul-2012, 01:14 AM #43
Code:
OTS logfile created on: 7/4/2012 9:50:40 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Elaine Strean\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 128.38 Gb Free Space | 86.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DB85P4G1
Current User Name: Elaine Strean
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Elaine Strean\Desktop\OTS.exe -> [2012/07/04 21:48:34 | 000,646,656 | ---- | M] (OldTimer Tools)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2012/06/26 10:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com)
jqs.exe -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -> [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
coreserviceshell.exe -> C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -> [2011/02/16 16:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.)
uiwatchdog.exe -> C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe -> [2011/02/10 07:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.)
uiseagnt.exe -> C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe -> [2011/02/10 06:57:40 | 001,035,512 | ---- | M] (Trend Micro Inc.)
coreframeworkhost.exe -> C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe -> [2010/08/08 03:35:32 | 000,138,640 | ---- | M] (Trend Micro Inc.)
hstrans.exe -> C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe -> [2009/12/11 13:17:56 | 002,113,536 | ---- | M] (NCP)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
aolhos~1.exe -> C:\Program Files\Common Files\AOL\1208987670\EE\AOLHostManager.exe -> [2004/11/03 14:03:00 | 000,125,528 | ---- | M] (America Online, Inc.)
aolservicehost.exe -> C:\Program Files\Common Files\AOL\1208987670\EE\AOLServiceHost.exe -> [2004/11/03 14:03:00 | 000,110,680 | ---- | M] (America Online, Inc.)
aolacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> [2004/10/20 06:40:04 | 000,010,328 | R--- | M] (America Online)
aoltsmon.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc)
aoltpspd.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc)
 
[Modules - No Company Name]
sd10006.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll -> [2012/07/04 21:31:49 | 000,065,024 | ---- | M] ()
sd10007.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll -> [2012/07/04 21:31:49 | 000,052,736 | ---- | M] ()
uirepair.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL -> [2012/06/29 14:36:55 | 000,117,760 | ---- | M] ()
sd10005.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll -> [2012/06/29 14:36:55 | 000,052,224 | ---- | M] ()
libprotobuf.dll -> C:\Program Files\Trend Micro\AMSP\libprotobuf.dll -> [2010/08/08 03:35:32 | 001,081,344 | ---- | M] ()
sqlite3.dll -> C:\Program Files\Trend Micro\AMSP\sqlite3.dll -> [2010/08/08 03:35:32 | 000,442,368 | ---- | M] ()
boost_date_time-vc80-mt-1_36.dll -> C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll -> [2010/08/08 03:35:32 | 000,057,344 | ---- | M] ()
boost_thread-vc80-mt-1_36.dll -> C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll -> [2010/08/08 03:35:32 | 000,049,152 | ---- | M] ()
luadll.dll -> C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll -> [2010/08/08 03:04:30 | 000,174,432 | ---- | M] ()
libexpat.dll -> C:\Program Files\Common Files\AOL\1208987670\EE\libexpat.dll -> [2004/11/03 14:03:00 | 000,143,360 | ---- | M] ()
c4dll.dll -> C:\Program Files\National Consumer Panel\NCP Internet Transporter\c4dll.dll -> [2004/07/19 13:06:58 | 000,520,192 | ---- | M] ()
ssleay32.dll -> C:\Program Files\National Consumer Panel\NCP Internet Transporter\ssleay32.dll -> [2003/05/28 08:55:30 | 000,155,648 | ---- | M] ()
libeay32.dll -> C:\Program Files\National Consumer Panel\NCP Internet Transporter\libeay32.dll -> [2003/05/28 08:55:28 | 000,684,032 | ---- | M] ()
zlib.dll -> C:\Program Files\National Consumer Panel\NCP Internet Transporter\zlib.dll -> [2002/09/12 09:29:46 | 000,057,344 | ---- | M] ()
pihook.dll -> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll -> [2002/07/03 17:38:00 | 000,053,248 | ---- | M] ()
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] ->  -> File not found
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/06/13 17:54:19 | 000,257,224 | ---- | M] (Adobe Systems Incorporated)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -> [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(Amsp) Trend Micro Solution Platform [Auto | Running] -> C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -> [2011/02/16 16:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.)
(AOL ACS) AOL Connectivity Service [Auto | Running] -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -> [2004/10/20 06:40:04 | 000,010,328 | R--- | M] (America Online)
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Auto | Running] -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc)
 
[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmcomm.sys -> [2010/08/08 03:35:34 | 000,189,520 | ---- | M] (Trend Micro Inc.)
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tmtdi.sys -> [2010/08/08 03:35:34 | 000,092,112 | ---- | M] (Trend Micro Inc.)
(tmactmon) tmactmon [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmactmon.sys -> [2010/08/08 03:35:34 | 000,080,464 | ---- | M] (Trend Micro Inc.)
(tmevtmgr) tmevtmgr [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmevtmgr.sys -> [2010/08/08 03:35:34 | 000,064,080 | ---- | M] (Trend Micro Inc.)
(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ftdibus.sys -> [2009/02/17 05:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.)
(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ftser2k.sys -> [2009/02/17 05:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2008/04/23 14:55:04 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2008/04/06 19:29:14 | 000,022,016 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2008/04/06 19:29:08 | 000,054,400 | ---- | M] (NVIDIA Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008/04/06 19:25:40 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/17 12:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2003/11/17 12:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/17 12:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080423 -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080423 -> 
HKEY_LOCAL_MACHINE\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_LOCAL_MACHINE\: SearchURL\\"provider" -> gogl -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080423 -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080423 -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={sear...e=utf8&oe=utf8 -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\: Main\\"Start Page" -> http://www.msn.com/?ocid=OIE8HP&PC=UP62 -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc} -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [C:\PROGRAM FILES\TREND MICRO\TITANIUM\UIFRAMEWORK\TOOLBAR\FIREFOXEXTENSION] -> [2011/12/19 11:45:06 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} -> C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1505\6.6.1088\FIREFOXEXTENSION\ [C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1505\6.6.1088\FIREFOXEXTENSION\] -> [2012/03/20 11:29:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} -> C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK\ [C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK\] -> [2012/06/21 17:03:15 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2012/07/01 13:22:32 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{1CA1377B-DC1D-4A52-9585-6E06050FAC53} [HKLM] -> C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll [TmIEPlugInBHO Class] -> [2010/07/20 09:02:12 | 000,185,680 | ---- | M] (Trend Micro Inc.)
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} [HKLM] ->  [AVG Do Not Track] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{43C6D902-A1C5-45c9-91F6-FD9E90337E18} [HKLM] -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [TSToolbarBHO] -> [2011/02/17 12:28:32 | 000,194,064 | ---- | M] (Trend Micro Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/05/04 19:29:48 | 000,453,504 | ---- | M] (Oracle Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{bb46be07-13eb-4c49-b0f0-fc78b9ea4983} [HKLM] ->  [Updater For XFIN_PORTAL] -> File not found
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} [HKLM] -> C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll [TmBpIeBHO Class] -> [2011/03/24 19:06:58 | 000,235,024 | ---- | M] (Trend Micro Inc.)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [MSN Toolbar Helper] -> [2009/02/09 21:33:14 | 000,082,768 | ---- | M] (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/05/04 19:29:42 | 000,157,576 | ---- | M] (Oracle Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [MSN Toolbar] -> [2009/02/09 21:33:14 | 000,082,768 | ---- | M] (Microsoft Corp.)
"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{CCAC5586-44D7-4c43-B64A-F042461A97D2}" [HKLM] -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [Trend Micro Toolbar] -> [2011/02/17 12:28:32 | 000,194,064 | ---- | M] (Trend Micro Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HostManager" -> C:\Program Files\Common Files\AOL\1208987670\EE\AOLHostManager.exe [C:\Program Files\Common Files\AOL\1208987670\EE\AOLHostManager.exe] -> [2004/11/03 14:03:00 | 000,125,528 | ---- | M] (America Online, Inc.)
"MegaPanel" -> C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe [C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe] -> [2009/12/11 13:17:56 | 002,113,536 | ---- | M] (NCP)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/04/06 19:41:44 | 008,466,432 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/04/06 19:42:10 | 000,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2008/04/06 19:42:50 | 001,626,112 | ---- | M] ()
"Trend Micro Client Framework" -> C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe ["C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"] -> [2011/02/10 07:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.)
"Trend Micro Titanium" -> C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""] -> [2011/10/08 08:16:10 | 001,111,568 | ---- | M] (Trend Micro Inc.)
< Run [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2012/06/26 10:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk ->  -> File not found
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Elaine Strean Startup Folder > -> C:\Documents and Settings\Elaine Strean\Start Menu\Programs\Startup -> 
< Kenneth Strean Startup Folder > -> C:\Documents and Settings\Kenneth Strean\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... ->  [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}:{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} [HKLM] ->  [Button: AVG Do Not Track] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/micr...?1341087178636 [MUWebControl Class] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
CabBuilder [HKLM] -> http://www.imgag.com/kiw/toolbar/dow...lerControl.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 75.75.75.75 75.75.76.76 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3743EF6B-1187-4DC8-A792-33B270D77432}\\DhcpNameServer -> 75.75.75.75 75.75.76.76   (NVIDIA nForce Networking Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2011/05/04 10:54:14 | 000,551,296 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/18 17:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" ->  [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> File not found
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" ->  [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\dell\EXPRESS.EXE" -> C:\dell\EXPRESS.EXE [C:\dell\EXPRESS.EXE:*:Enabled:Express Service Code] -> [2006/06/08 09:54:20 | 000,551,936 | ---- | M] (Dell, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> [2006/08/31 09:30:25 | 000,037,464 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1208987670\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1208987670\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1208987670\EE\AOLServiceHost.exe:*:Enabled:AOL] -> [2004/11/03 14:03:00 | 000,110,680 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> [2004/10/20 06:40:04 | 000,010,328 | R--- | M] (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> [2004/10/20 06:40:04 | 000,034,904 | R--- | M] (America Online)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 15:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> [2005/04/05 17:06:43 | 000,140,888 | ---- | M] (America Online Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Disabled:Yahoo! Music Jukebox] -> [2007/06/17 04:56:42 | 006,399,480 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console] -> [2008/04/13 17:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" -> C:\WINDOWS\System32\usmt\migwiz.exe [C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard] -> [2008/04/13 17:12:25 | 000,245,248 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 11:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
AppMgmt ->  -> File not found
HidServ ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 6/21/2012 10:27:52 PM Computer Name = DB85P4G1 | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 6/22/2012 10:17:38 PM Computer Name = DB85P4G1 | Source = IDVault | ID = 0 -> Description = IsStrikeForceAlreadyRunning failed Cannot process request because the process (1336) has exited.   at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)     at System.Diagnostics.Process.OpenProcessHandle()     at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value)     at (Object , Boolean )     at ? .? .  ()
Application [ Error ] 6/22/2012 10:17:38 PM Computer Name = DB85P4G1 | Source = IDVault | ID = 0 -> Description = IsStrikeForceAlreadyRunning failed Cannot process request because the process (1652) has exited.   at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)     at System.Diagnostics.Process.OpenProcessHandle()     at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value)     at (Object , Boolean )     at ? .? .  ()
Application [ Error ] 6/29/2012 3:59:45 PM Computer Name = DB85P4G1 | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18702, fault address 0x0009da70.
Application [ Error ] 6/29/2012 3:59:49 PM Computer Name = DB85P4G1 | Source = Application Error | ID = 1001 -> Description = Fault bucket 1192495393.
Application [ Error ] 6/29/2012 6:55:40 PM Computer Name = DB85P4G1 | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 6/29/2012 6:55:40 PM Computer Name = DB85P4G1 | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 6/29/2012 7:08:23 PM Computer Name = DB85P4G1 | Source = AntiSpywareService | ID = 0 -> Description = 
Application [ Error ] 6/29/2012 7:43:03 PM Computer Name = DB85P4G1 | Source = AntiSpywareService | ID = 0 -> Description = 
Application [ Error ] 6/29/2012 9:12:52 PM Computer Name = DB85P4G1 | Source = AntiSpywareService | ID = 0 -> Description = 
System [ Error ] 7/2/2012 4:23:07 PM Computer Name = DB85P4G1 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AVGIDSHX
System [ Error ] 7/2/2012 8:27:12 PM Computer Name = DB85P4G1 | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
System [ Error ] 7/3/2012 2:06:26 PM Computer Name = DB85P4G1 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AVGIDSHX
System [ Error ] 7/3/2012 7:49:25 PM Computer Name = DB85P4G1 | Source = F-Secure Standalone Minifilter | ID = 327681 -> Description = 
System [ Error ] 7/3/2012 7:49:33 PM Computer Name = DB85P4G1 | Source = F-Secure Standalone Minifilter | ID = 327681 -> Description = 
System [ Error ] 7/3/2012 7:51:10 PM Computer Name = DB85P4G1 | Source = F-Secure Standalone Minifilter | ID = 327681 -> Description = 
System [ Error ] 7/3/2012 7:52:48 PM Computer Name = DB85P4G1 | Source = F-Secure Standalone Minifilter | ID = 327681 -> Description = 
System [ Error ] 7/3/2012 7:55:13 PM Computer Name = DB85P4G1 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AVGIDSHX
System [ Error ] 7/4/2012 11:03:06 AM Computer Name = DB85P4G1 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AVGIDSHX
System [ Error ] 7/5/2012 12:31:34 AM Computer Name = DB85P4G1 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AVGIDSHX
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Elaine Strean\Desktop\OTS.exe -> [2012/07/04 21:48:32 | 000,646,656 | ---- | C] (OldTimer Tools)
 f-secure -> C:\Documents and Settings\Elaine Strean\Application Data\f-secure -> [2012/07/03 16:46:06 | 000,000,000 | ---D | C]
 F-Secure -> C:\Documents and Settings\All Users\Application Data\F-Secure -> [2012/07/03 16:45:37 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\Elaine Strean\Local Settings\Application Data\Sun -> [2012/07/03 16:38:29 | 000,000,000 | ---D | C]
 Java -> C:\Program Files\Common Files\Java -> [2012/07/03 16:37:46 | 000,000,000 | ---D | C]
 Oracle -> C:\Program Files\Oracle -> [2012/07/03 16:37:04 | 000,000,000 | ---D | C]
 Oracle -> C:\Documents and Settings\Elaine Strean\Application Data\Oracle -> [2012/07/03 16:36:53 | 000,000,000 | ---D | C]
 npDeployJava1.dll -> C:\WINDOWS\System32\npDeployJava1.dll -> [2012/07/03 16:36:45 | 000,772,504 | ---- | C] (Oracle Corporation)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2012/07/03 16:36:45 | 000,227,720 | ---- | C] (Oracle Corporation)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2012/07/03 16:36:45 | 000,143,872 | ---- | C] (Oracle Corporation)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2012/07/03 16:36:32 | 000,174,064 | ---- | C] (Oracle Corporation)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2012/07/03 16:36:32 | 000,174,064 | ---- | C] (Oracle Corporation)
 Java -> C:\Program Files\Java -> [2012/07/03 16:35:40 | 000,000,000 | ---D | C]
 ESET -> C:\Program Files\ESET -> [2012/07/01 16:51:19 | 000,000,000 | ---D | C]
 RECYCLER -> C:\RECYCLER -> [2012/07/01 16:04:29 | 000,000,000 | -HSD | C]
 cmdcons -> C:\cmdcons -> [2012/07/01 13:10:30 | 000,000,000 | RHSD | C]
 puppy24365p -> C:\puppy24365p -> [2012/07/01 13:06:46 | 000,000,000 | ---D | C]
 puppy21311p -> C:\puppy21311p -> [2012/07/01 13:06:21 | 000,000,000 | ---D | C]
 puppy30060p -> C:\puppy30060p -> [2012/07/01 13:05:18 | 000,000,000 | ---D | C]
 PROCEXP113.SYS -> C:\WINDOWS\System32\drivers\PROCEXP113.SYS -> [2012/07/01 13:05:14 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com)
 puppy -> C:\puppy -> [2012/07/01 10:50:32 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2012/06/30 16:38:47 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2012/06/30 16:38:47 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2012/06/30 16:38:47 | 000,212,480 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2012/06/30 16:38:47 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2012/06/30 16:37:11 | 000,000,000 | ---D | C]
 puppy.exe -> C:\Documents and Settings\Elaine Strean\Desktop\puppy.exe -> [2012/06/30 16:36:33 | 004,568,829 | R--- | C] (Swearware)
 erdnt -> C:\WINDOWS\erdnt -> [2012/06/30 16:35:38 | 000,000,000 | ---D | C]
 ie8 -> C:\WINDOWS\ie8 -> [2012/06/30 12:28:16 | 000,000,000 | -H-D | C]
 MGADiag.exe -> C:\Documents and Settings\Elaine Strean\Desktop\MGADiag.exe -> [2012/06/29 16:49:07 | 002,031,992 | ---- | C] (Microsoft Corporation)
 Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [2012/06/29 16:47:25 | 000,000,000 | ---D | C]
 Downloads -> C:\Documents and Settings\Elaine Strean\My Documents\Downloads -> [2012/06/29 15:49:11 | 000,000,000 | ---D | C]
 Google Chrome -> C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome -> [2012/06/29 14:40:01 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\Elaine Strean\Application Data\SUPERAntiSpyware.com -> [2012/06/29 14:36:38 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware -> [2012/06/29 14:36:32 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2012/06/29 14:36:28 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2012/06/29 14:36:28 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\Elaine Strean\Application Data\Malwarebytes -> [2012/06/29 14:32:20 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/06/29 14:32:13 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2012/06/29 14:32:11 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2012/06/29 14:32:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2012/06/29 14:32:10 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Documents and Settings\Elaine Strean\Start Menu\Programs\HiJackThis -> [2012/06/28 17:50:52 | 000,000,000 | ---D | C]
 AVG2012 -> C:\Documents and Settings\Elaine Strean\Application Data\AVG2012 -> [2012/06/21 20:18:56 | 000,000,000 | ---D | C]
 AVG Secure Search -> C:\Program Files\Common Files\AVG Secure Search -> [2012/06/21 17:04:42 | 000,000,000 | ---D | C]
 Common Files -> C:\Documents and Settings\All Users\Application Data\Common Files -> [2012/06/21 17:03:44 | 000,000,000 | -H-D | C]
 AVG2012 -> C:\Documents and Settings\All Users\Application Data\AVG2012 -> [2012/06/21 17:03:06 | 000,000,000 | ---D | C]
 comcasttb -> C:\Program Files\comcasttb -> [2012/06/08 16:50:23 | 000,000,000 | ---D | C]
 6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> 
 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 User_Feed_Synchronization-{6AFCE08B-0196-4590-A1EC-5A865B41E2BB}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{6AFCE08B-0196-4590-A1EC-5A865B41E2BB}.job -> [2012/07/04 21:51:00 | 000,000,440 | -H-- | M] ()
 OTS.exe -> C:\Documents and Settings\Elaine Strean\Desktop\OTS.exe -> [2012/07/04 21:48:34 | 000,646,656 | ---- | M] (OldTimer Tools)
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/07/04 21:37:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/07/04 21:31:39 | 000,000,898 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/07/04 21:31:19 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/07/04 21:31:17 | 2078,789,632 | -HS- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/07/04 08:06:06 | 000,000,902 | ---- | M] ()
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2012/07/03 16:35:47 | 000,174,064 | ---- | M] (Oracle Corporation)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2012/07/03 16:35:47 | 000,174,064 | ---- | M] (Oracle Corporation)
 Google.url -> C:\Documents and Settings\Elaine Strean\Desktop\Google.url -> [2012/07/03 12:01:17 | 000,000,211 | ---- | M] ()
 SUPERAntiSpyware Scheduled Task e6c77580-b657-4ab2-b161-a25b1e8ff57c.job -> C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e6c77580-b657-4ab2-b161-a25b1e8ff57c.job -> [2012/07/02 14:36:00 | 000,000,526 | ---- | M] ()
 SUPERAntiSpyware Scheduled Task d3c607ac-0c85-413d-a6f2-fef53e1af5d0.job -> C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d3c607ac-0c85-413d-a6f2-fef53e1af5d0.job -> [2012/07/02 08:59:54 | 000,000,526 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/07/01 16:47:59 | 000,002,206 | ---- | M] ()
 PROCEXP113.SYS -> C:\WINDOWS\System32\drivers\PROCEXP113.SYS -> [2012/07/01 13:27:55 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com)
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2012/07/01 13:22:32 | 000,000,027 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2012/07/01 13:10:37 | 000,000,327 | RHS- | M] ()
 (18 unread) Yahoo! Mail.url -> C:\Documents and Settings\Elaine Strean\Desktop\(18 unread) Yahoo! Mail.url -> [2012/07/01 11:08:05 | 000,000,627 | ---- | M] ()
 puppy.exe -> C:\Documents and Settings\Elaine Strean\Desktop\puppy.exe -> [2012/07/01 10:47:23 | 004,568,829 | R--- | M] (Swearware)
 hbmu5ijs.exe -> C:\Documents and Settings\Elaine Strean\Desktop\hbmu5ijs.exe -> [2012/06/30 13:48:49 | 000,302,592 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Elaine Strean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2012/06/30 12:45:11 | 000,000,815 | ---- | M] ()
 MGADiag.exe -> C:\Documents and Settings\Elaine Strean\Desktop\MGADiag.exe -> [2012/06/29 16:49:10 | 002,031,992 | ---- | M] (Microsoft Corporation)
 Google Chrome.lnk -> C:\Documents and Settings\Elaine Strean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2012/06/29 14:40:03 | 000,001,791 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> [2012/06/29 14:40:02 | 000,001,813 | ---- | M] ()
 HiJackThis.lnk -> C:\Documents and Settings\Elaine Strean\Desktop\HiJackThis.lnk -> [2012/06/29 13:11:32 | 000,002,463 | ---- | M] ()
 Download HijackThis 2.0.4 - FileHippo.com.url -> C:\Documents and Settings\Elaine Strean\Desktop\Download HijackThis 2.0.4 - FileHippo.com.url -> [2012/06/28 17:44:43 | 000,002,608 | ---- | M] ()
 Windows XP - Tech Support Guy Forums.url -> C:\Documents and Settings\Elaine Strean\Desktop\Windows XP - Tech Support Guy Forums.url -> [2012/06/27 16:01:02 | 000,000,480 | ---- | M] ()
 myProvidence.url -> C:\Documents and Settings\Elaine Strean\Desktop\myProvidence.url -> [2012/06/24 18:03:53 | 000,000,573 | ---- | M] ()
 NCP  Online.url -> C:\Documents and Settings\Elaine Strean\Desktop\NCP  Online.url -> [2012/06/23 14:07:17 | 000,000,266 | ---- | M] ()
 FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2012/06/13 17:54:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/06/13 17:54:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated)
 Boot.bak -> C:\Boot.bak -> [2012/06/08 18:33:27 | 000,000,211 | ---- | M] ()
 90 C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp -> 
 90 C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp -> 
 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 SUPERAntiSpyware Scheduled Task d3c607ac-0c85-413d-a6f2-fef53e1af5d0.job -> C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d3c607ac-0c85-413d-a6f2-fef53e1af5d0.job -> [2012/07/02 08:59:53 | 000,000,526 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2012/07/01 13:10:37 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2012/07/01 13:10:36 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2012/06/30 16:38:47 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2012/06/30 16:38:47 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2012/06/30 16:38:47 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2012/06/30 16:38:47 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2012/06/30 16:38:47 | 000,068,096 | ---- | C] ()
 hbmu5ijs.exe -> C:\Documents and Settings\Elaine Strean\Desktop\hbmu5ijs.exe -> [2012/06/30 13:48:46 | 000,302,592 | ---- | C] ()
 Google Chrome.lnk -> C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> [2012/06/29 14:40:02 | 000,001,813 | ---- | C] ()
 Google Chrome.lnk -> C:\Documents and Settings\Elaine Strean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2012/06/29 14:40:02 | 000,001,791 | ---- | C] ()
 SUPERAntiSpyware Scheduled Task e6c77580-b657-4ab2-b161-a25b1e8ff57c.job -> C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e6c77580-b657-4ab2-b161-a25b1e8ff57c.job -> [2012/06/29 14:36:41 | 000,000,526 | ---- | C] ()
 HiJackThis.lnk -> C:\Documents and Settings\Elaine Strean\Desktop\HiJackThis.lnk -> [2012/06/28 17:50:53 | 000,002,463 | ---- | C] ()
 Download HijackThis 2.0.4 - FileHippo.com.url -> C:\Documents and Settings\Elaine Strean\Desktop\Download HijackThis 2.0.4 - FileHippo.com.url -> [2012/06/28 17:44:43 | 000,002,608 | ---- | C] ()
 Windows XP - Tech Support Guy Forums.url -> C:\Documents and Settings\Elaine Strean\Desktop\Windows XP - Tech Support Guy Forums.url -> [2012/06/27 16:01:02 | 000,000,480 | ---- | C] ()
 FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2011/12/20 11:25:15 | 000,253,936 | ---- | C] ()
 currdat.lst -> C:\Documents and Settings\All Users\Application Data\currdat.lst -> [2011/11/06 16:37:25 | 000,001,039 | ---- | C] ()
 WV5DataStore -> C:\Documents and Settings\All Users\Application Data\WV5DataStore -> [2011/11/06 16:35:29 | 010,485,760 | ---- | C] ()
 patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2010/12/13 17:04:11 | 000,181,760 | ---- | C] ()
< End of report >
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,546 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
05-Jul-2012, 11:03 AM #44
Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.
Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: SearchURL\\"provider" -> gogl
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} [HKLM] -> [AVG Do Not Track]
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} [HKLM] -> [Updater For XFIN_PORTAL]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}:{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} [HKLM] -> [Button: AVG Do Not Track]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\] > -> HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
YN -> CabBuilder [HKLM] -> http://www.imgag.com/kiw/toolbar/dow...lerControl.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  AVG2012 -> C:\Documents and Settings\Elaine Strean\Application Data\AVG2012
NY ->  AVG Secure Search -> C:\Program Files\Common Files\AVG Secure Search
NY ->  AVG2012 -> C:\Documents and Settings\All Users\Application Data\AVG2012
NY ->  6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  90 C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp
NY ->  90 C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Elaine Strean\Local Settings\temp\*.tmp
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
__________________
Microsoft MVP - Consumer Security
rose1954's Avatar
Computer Specs
Member with 40 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
05-Jul-2012, 09:35 PM #45
All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\\provider deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}:{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-1314697744-1693218791-833567686-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\CabBuilder\ not found.
[Files/Folders - Created Within 30 Days]
C:\Documents and Settings\Elaine Strean\Application Data\AVG2012\cfgall folder moved successfully.
C:\Documents and Settings\Elaine Strean\Application Data\AVG2012 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2012\fet folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully.
C:\WINDOWS\Fonts\SET4D4.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4D5.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4D6.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4D7.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4D8.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4D9.tmp deleted successfully.
C:\WINDOWS\002715_.tmp deleted successfully.
C:\WINDOWS\002716_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Elaine Strean\Local Settings\temp\FXI16.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\RD11.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG10.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG101.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG102.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG11.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG113.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG114.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG11C.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG11D.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG12.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG13.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG14.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG15.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG16.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG17.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG18.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG19.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1A.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1B.tmp deleted successfully.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1D.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG23.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG24.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG25.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG26.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG28.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG29.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG2A.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG2B.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG2F.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG30.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG33.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG34.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG3B.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG3C.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG3F.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG40.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG43.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG44.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG46.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG47.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG49.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG4B.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG4C.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG51.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG52.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG55.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG56.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG5D.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG5E.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG5F.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG60.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG62.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG63.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG6B.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG6C.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG6E.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG6F.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG75.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG76.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG7C.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG7D.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG97.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG98.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG99.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG9A.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGA7.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGA8.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGA9.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGAA.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGE.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGF.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGF8.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REGF9.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\tmp7.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\tmp8.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS7A.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS7B.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS7C.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS7D.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS7E.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS7F.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS80.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS81.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS82.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS83.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS84.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS85.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS86.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS87.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS88.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS8B.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS8C.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS8D.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS8E.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS8F.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS90.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS91.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS92.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS93.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS94.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\USS95.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF2E17.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF8C2D.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF8C7A.tmp deleted successfully.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF9234.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF9C97.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DFC607.tmp deleted successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DFC654.tmp deleted successfully.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF9234.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF9C97.tmp scheduled to be deleted on reboot.
[Empty Temp Folders]


User: All Users

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 2777283 bytes
->Flash cache emptied: 922 bytes

User: Elaine Strean
->Temp folder emptied: 484944407 bytes
->Temporary Internet Files folder emptied: 90050166 bytes
->Java cache emptied: 42366254 bytes
->Google Chrome cache emptied: 24496533 bytes
->Flash cache emptied: 2181 bytes

User: Kenneth Strean
->Temp folder emptied: 594305 bytes
->Temporary Internet Files folder emptied: 55855391 bytes
->Java cache emptied: 46229286 bytes
->Google Chrome cache emptied: 17830654 bytes
->Flash cache emptied: 1627 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 61 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 222638 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2428992 bytes
RecycleBin emptied: 104 bytes

Total Files Cleaned = 732.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Elaine Strean
->Flash cache emptied: 0 bytes

User: Kenneth Strean
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Elaine Strean
->Java cache emptied: 0 bytes

User: Kenneth Strean
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 07052012_182831
Files\Folders moved on Reboot...
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1C.tmp moved successfully.
C:\Documents and Settings\Elaine Strean\Local Settings\temp\REG1D.tmp moved successfully.
File\Folder C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF9234.tmp not found!
File\Folder C:\Documents and Settings\Elaine Strean\Local Settings\temp\~DF9C97.tmp not found!
C:\Documents and Settings\Elaine Strean\Local Settings\Temporary Internet Files\Content.IE5\OG8O37JI\1058841-firewall-blocking-3[1].html moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_138.dat not found!
Registry entries deleted on Reboot...
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 3 of 6 12 3 456
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Windows XP | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 08:09 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑