Hello, I've been experiencing very slow reactions on my system, especially using IE8. I ran Spybot, it found many results which were fixed. I ran it again, no results but IE8 takes long to load pages. I tried to install Chrome, but something's blocking it. I've tried running Windows Updates, but that service isn't running and I can't turn it on. I tried to enable it,but keep getting the same message. I was able to install FireFox to download HJ, but when running it, i received the following message: "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this." It then instructs me to edit any mention of HJ in the file, but when done, I'm unable to save file. I'm hoping I won't have to resintall Win7. Any help and/or suggestions will be greatly appreciated. Thank you in advance. Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 9:39:23 PM, on 1/31/2014 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) FIREFOX: 26.0 (en-US) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Dana129\Downloads\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theroot.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110221202157.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} (LinksysViewer Control) - http://192.168.2.115:1024/img/LinksysViewer.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} (LinksysMLViewer Control) - http://192.168.1.3/img/LinksysMLViewer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 9830 bytes
Hi baddassb, haven’t heard from you in a while. HJT is no longer any good for checking an infected machine. It only shows IE stuff but not Firefox or Chrome etc. Follow my instructions and we’ll give it hell on a cleanup. First turn off Spybot S&D Tea timer it interferes with everything.. Then run OTL so I can see what infection you have. --OTL-- Please download OTL by OldTimer to your Desktop. If you already have a copy of OTL, delete it and use this version. Double click OTL.exe to launch the program. Check the following. Scan all users. Standard Output. Lop check. Purity check. Under Extra Registry section, select Use SafeList Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins). When finished it will produce two logs. OTL.txt (open on your desktop). Extras.txt (minimized in your taskbar) Please post me both logs TNX 2oG
Hi 2oG, I've been clean, but new year, new problems (LOL). I had only installed FireFox because IE wasn't functioning properly at all. Here are the two logs. Thanks again in advance. OTL logfile created on: 2/1/2014 12:07:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dana129\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.97% Memory free 2.62 Gb Paging File | 1.25 Gb Available in Paging File | 47.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73.52 Gb Total Space | 0.53 Gb Free Space | 0.72% Space Free | Partition Type: NTFS Drive D: | 1004.03 Mb Total Space | 701.87 Mb Free Space | 69.91% Space Free | Partition Type: NTFS Computer Name: WINDOWS7 | User Name: Dana129 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/02/01 12:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dana129\Desktop\OTL.exe PRC - [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013/12/05 14:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011/01/12 12:11:45 | 003,129,432 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai) SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/05/18 07:48:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2010/02/26 16:59:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2003/05/29 10:00:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - [2014/01/18 14:49:10 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2010/10/13 22:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/10/13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter) DRV - [2010/03/19 00:16:52 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2009/10/07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2009/10/07 07:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/06/30 21:24:14 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2003/05/05 15:43:34 | 000,024,365 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\AW_HOST5.sys -- (AW_HOST) DRV - [2003/04/21 13:08:44 | 000,010,901 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\AWLEGACY.sys -- (awlegacy) DRV - [2003/04/21 12:00:32 | 000,013,898 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GERNUWA.sys -- (Gernuwa) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theroot.com/ IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 FB 3E 29 B7 CA 01 [binary data] IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\..\SearchScopes,DefaultScope = {DAC26116-0A28-4AA8-86FE-60B4B478ED65} IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\..\SearchScopes\{DAC26116-0A28-4AA8-86FE-60B4B478ED65}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\..\SearchScopes\{EFFC81A8-41DB-471A-9755-F740558A6D0A}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/22 07:29:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/31 20:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dana129\AppData\Roaming\Mozilla\Extensions [2014/01/31 20:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014/01/31 20:40:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2014/01/31 19:43:41 | 000,450,742 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15470 more lines... O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110221202157.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe File not found O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4025774962-2729404890-3371987861-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} http://192.168.2.115:1024/img/LinksysViewer.cab (LinksysViewer Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} http://192.168.1.3/img/LinksysMLViewer.cab (LinksysMLViewer Control) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E3AE6A-14AF-4C64-B458-6E83F20BC74B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{748B4990-4D60-43CA-82D8-156989474074}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\System32\PCANotify.dll (Symantec Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d80bea7f-2953-11df-a297-00123fcbabc3}\Shell - "" = AutoRun O33 - MountPoints2\{d80bea7f-2953-11df-a297-00123fcbabc3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/02/01 12:05:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dana129\Desktop\OTL.exe [2014/01/31 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\Dana129\Desktop\Old Firefox Data [2014/01/31 21:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2014/01/31 20:40:41 | 000,000,000 | ---D | C] -- C:\Users\Dana129\AppData\Roaming\Mozilla [2014/01/31 20:40:41 | 000,000,000 | ---D | C] -- C:\Users\Dana129\AppData\Local\Mozilla [2014/01/31 20:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2014/01/31 20:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2014/01/31 20:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014/01/19 02:06:36 | 000,000,000 | ---D | C] -- C:\Users\Dana129\AppData\Roaming\Malwarebytes [2014/01/19 02:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014/01/19 02:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014/01/19 02:05:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014/01/19 02:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2014/01/19 02:05:35 | 000,000,000 | ---D | C] -- C:\Users\Dana129\AppData\Local\Programs [2014/01/18 15:21:06 | 000,000,000 | ---D | C] -- C:\Users\Dana129\AppData\Local\Apps [2014/01/18 15:21:05 | 000,000,000 | ---D | C] -- C:\Users\Dana129\AppData\Local\Deployment [2014/01/18 14:50:33 | 000,464,384 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys [2014/01/18 14:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin [2014/01/18 14:50:30 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2014/01/18 14:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin [2014/01/18 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\Dana129\AppData\Roaming\InstallShield [2011/08/14 13:16:00 | 000,075,456 | ---- | C] (MyWebSearch.com) -- C:\Users\Dana129\AppData\Local\mwsauto.exe ========== Files - Modified Within 30 Days ========== [2014/02/01 12:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dana129\Desktop\OTL.exe [2014/02/01 11:03:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/31 21:09:52 | 000,015,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/31 21:09:52 | 000,015,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/31 21:06:09 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/01/31 21:06:09 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/01/31 21:03:24 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk [2014/01/31 21:01:01 | 1602,859,008 | -HS- | M] () -- C:\hiberfil.sys [2014/01/31 20:40:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/01/31 19:43:41 | 000,450,742 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2014/01/31 19:43:41 | 000,450,742 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts - Copy (2) [2014/01/31 16:28:22 | 000,004,722 | ---- | M] () -- C:\Windows\wininit.ini [2014/01/18 14:49:10 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys ========== Files Created - No Company Name ========== [2014/01/31 20:40:30 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014/01/31 20:40:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/01/31 16:27:25 | 000,004,722 | ---- | C] () -- C:\Windows\wininit.ini [2014/01/18 14:50:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe [2014/01/18 14:50:31 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini [2010/08/01 19:55:00 | 000,008,704 | ---- | C] () -- C:\Users\Dana129\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/01 09:43:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/09/17 07:00:02 | 000,000,000 | ---D | M] -- C:\Users\Dana129\AppData\Roaming\go [2010/03/24 00:19:29 | 000,000,000 | ---D | M] -- C:\Users\Dana129\AppData\Roaming\Leadertech [2010/10/28 10:50:11 | 000,000,000 | ---D | M] -- C:\Users\Dana129\AppData\Roaming\Sony ========== Purity Check ========== < End of report > -------------------------------------------------------------------------------- OTL Extras logfile created on: 2/1/2014 12:07:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dana129\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.97% Memory free 2.62 Gb Paging File | 1.25 Gb Available in Paging File | 47.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73.52 Gb Total Space | 0.53 Gb Free Space | 0.72% Space Free | Partition Type: NTFS Drive D: | 1004.03 Mb Total Space | 701.87 Mb Free Space | 69.91% Space Free | Partition Type: NTFS Computer Name: WINDOWS7 | User Name: Dana129 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4025774962-2729404890-3371987861-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DD26AAB-D993-40DA-B266-E3DABC1F2C40}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{12805F77-F160-4FA7-AFB1-4BF8BFDE3BD4}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | "{1432BC1D-FC4B-4DD0-9E3D-E2CB1A4F3617}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1DAD28F0-A9C7-4009-9B56-E0FFBEF88F2A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{22777891-0356-42EE-A791-531FF2F1300D}" = lport=445 | protocol=6 | dir=in | app=system | "{272666F4-8B66-4A83-8344-8EF5C5C8E2DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2A21B4F9-84AB-44DA-9C18-EB443B2889AC}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{2B1721D2-938D-451E-95FB-5A0E63B5360B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{302CF240-8521-43BD-BD87-0C719780A935}" = lport=138 | protocol=17 | dir=in | app=system | "{34C68F9F-246E-41BB-8B93-7016071BF0DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6524025E-B712-42F0-A147-94674AFEB30D}" = rport=10243 | protocol=6 | dir=out | app=system | "{682B89C9-7939-46FB-9878-351D2E202436}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{71D97B88-FDD1-42D3-911C-5A11FB4CE597}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8777149B-B4A3-491C-9543-7A788CE96E9E}" = rport=137 | protocol=17 | dir=out | app=system | "{A07FDB11-C45C-4022-B596-A3500E61E0AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A15F399B-E58F-431B-A78D-0A947B13CD33}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{A6887F32-1CE7-415E-9B74-3675EDAC1810}" = lport=2869 | protocol=6 | dir=in | app=system | "{A90742AF-567B-4A10-98E7-3307BAAB852B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{B0ABEC23-CBF4-4D2D-8B78-FBB21D410431}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{C09C81BD-0C7E-46FA-9285-321B6EA6DC13}" = lport=10243 | protocol=6 | dir=in | app=system | "{CC222A3E-CCD9-4FA2-82E1-7281262B6612}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CCF81541-54BD-4957-BB5A-E368B5FEEB80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E000F952-6AB0-403C-BCB7-96E372270CD8}" = lport=139 | protocol=6 | dir=in | app=system | "{E067CF84-7C07-4494-976C-47A9DA13BFF4}" = rport=139 | protocol=6 | dir=out | app=system | "{E695015D-784D-42AC-9DAD-8E140F3C945C}" = lport=137 | protocol=17 | dir=in | app=system | "{E759E966-3371-4AE6-AA93-9492A181CB82}" = rport=445 | protocol=6 | dir=out | app=system | "{EA61E8AD-0421-4F95-AD2B-578564811C69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F21F8D56-048A-45B1-9DED-9BF43F13DBA8}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{F80147E1-CE4D-434F-8ABA-C5293F33F108}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FDCE097F-129C-4EB6-9CBA-5839394CC2E0}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09E0E1FF-DD0E-474F-8C32-8507E2AA7033}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{135DCE58-BB95-4521-9665-E9AD26B726DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A5C18E3-ADB9-48F3-9218-F18D2A9B2162}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F871C7D-94D1-4E59-A988-17433C2F4FC0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{22DAE6A3-5F39-4B44-B41F-DD1911D3F934}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{23AA2F0C-0604-4657-8D0A-61423049D65D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{31319609-24B0-4D5B-A0F3-5095F47C2AAD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{3BA8FE87-1EA5-440C-8767-7F7E104C5461}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{3FB6C132-7ECF-4788-B9B4-6ED8260E14FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{48FBE5A8-0E7C-4B1B-B8AC-FA9FA573EDA1}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{531B7FD3-B649-43BA-B4D9-8ED0FF3BF2B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5A03FDF9-A03E-45E2-892D-52016A2225E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5B5A6BD1-37B7-4B8D-BC84-C7A15503B299}" = dir=in | app=c:\program files\itunes\itunes.exe | "{6023E7A2-D978-42CF-AE86-8BB78358EA12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{62E137A3-DF6E-4EF3-A096-66BA25E18B84}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{656E47C7-F07C-465E-B8D8-7D4754CAACC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{690B6D8B-E8C7-4F63-8BFF-7C97F6C03C4A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{72EFA5F4-4CC4-4228-A01B-4D19E5F7038C}" = protocol=6 | dir=out | app=system | "{73A98E6F-192D-4459-AF97-E0D519363AF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{751D4104-2FC7-4844-B99A-B69EC2181A8E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{79775C19-9639-49D9-B67A-696B461D1FCA}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{7BF3A9D6-8DE2-4E84-BEEA-99A361DD3D0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C4C2B0E-51B4-41A9-B1F7-9AF165074061}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{8797E245-E28A-43E4-B75A-12A7E7C6624D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{93627410-A8D2-4F7B-8DF9-3244138F739E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AEE0CAE6-E787-4F41-8469-8AC1208526A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B40F8A22-8B45-456A-A4F1-16CA3079EAA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BBC9A215-7DD5-4635-9772-E3921FF30E77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BD16DC70-8687-4E29-8663-DF50923500DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BDBEDD12-A25C-4EE8-B4CF-328AAA478309}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{C003CC41-ED97-47CF-AC9A-F2FF18FDC211}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{C009F55E-7527-462F-A47D-53AE385D8D34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C6E4052F-FEA1-4959-ADE7-216A53FB8544}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D042E5C0-3769-432D-8C9A-4554EC6FF9B1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{DC2F152C-5F91-447F-BB42-B9692D6272B4}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24 "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.101 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4 "Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4 "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Akamai" = Akamai NetSession Interface "BitLord" = BitLord 1.1 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "ENTERPRISER" = Microsoft Office Enterprise 2007 "HDMI" = Intel(R) Graphics Media Accelerator Driver "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Magic FLAC to MP3 Converter_is1" = Magic FLAC to MP3 Converter 3.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee Total Protection "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4025774962-2729404890-3371987861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Adobe ConnectNow Add-in" = Adobe ConnectNow Add-in "Game Organizer" = GameXN GO ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2/1/2014 12:04:30 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:04:30 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:04:31 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:04:31 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:04:31 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:04:31 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:04:31 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:04:31 PM | Computer Name = Windows7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 2/1/2014 12:24:43 PM | Computer Name = Windows7 | Source = Application Error | ID = 1000 Description = Faulting application name: install_flashplayer12x32_mssd_aaa_aih.exe, version: 3.3.9.0, time stamp: 0x51c7f3cd Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaae Exception code: 0xc06d007e Fault offset: 0x00009617 Faulting process id: 0x11e8 Faulting application start time: 0x01cf1f6a0e8abc92 Faulting application path: C:\Users\Dana129\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 5b07fb69-8b5d-11e3-85c2-00123fcbabc3 Error - 2/1/2014 12:26:28 PM | Computer Name = Windows7 | Source = Application Error | ID = 1000 Description = Faulting application name: install_flashplayer12x32_mssd_aaa_aih.exe, version: 3.3.9.0, time stamp: 0x51c7f3cd Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaae Exception code: 0xc06d007e Fault offset: 0x00009617 Faulting process id: 0x1784 Faulting application start time: 0x01cf1f6a2f6b0b4d Faulting application path: C:\Users\Dana129\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 99bebc85-8b5d-11e3-85c2-00123fcbabc3 [ System Events ] Error - 2/1/2014 1:16:28 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness service terminated with the following error: %%193 Error - 2/1/2014 1:16:28 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%193 Error - 2/1/2014 1:16:31 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness service terminated with the following error: %%193 Error - 2/1/2014 1:16:31 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%193 Error - 2/1/2014 1:16:34 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness service terminated with the following error: %%193 Error - 2/1/2014 1:16:34 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%193 Error - 2/1/2014 1:16:38 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness service terminated with the following error: %%193 Error - 2/1/2014 1:16:38 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%193 Error - 2/1/2014 1:16:42 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness service terminated with the following error: %%193 Error - 2/1/2014 1:16:42 PM | Computer Name = Windows7 | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%193 < End of report >
The problem is NOT malware, your HD is FULL!!.. Less than 1% free space. I found one little remnant of MyWebSearch but it's dead..... Looks like it's time to invest in a larger drive or do a hell of a lot of deleting... 2oG
OUCH! OK -- since it's only used for emergency surfing, delete, delete, delete.............Many thanks as always!
Looking at the directory, I notice a "Windows.old" folder (which contains a Documents and Settings, a Program Files and a Windows folder). It's also using about half of the hd space. I'm assuming this was created during the upgrade from XP to7. I hope it's safe to delete at this point. Your thoughts.......... Thanks again,
yes it was and yes it is.. Also go down the uninstall list, you have a LOT of programs on there that I just know you don't use or need. like office 2003 AND office 2007 etc etc 2oG
One last question: is that lack of space the reason I'm unable to install any programs and enable Windows Update? Thank you!
You can't put 10 pounds of shit in a 5 pound bag! YES YES and also unable to defrag, needs room to move files.
