# Can installing Ad-Aware slow down my computer?



## GreggIllinois (Jan 5, 2014)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 4 Stepping 1
Processor Count: 1
RAM: 1149 Mb
Graphics Card: Intel(R) 82865G Graphics Controller, 96 Mb
Hard Drives: C: Total - 38091 MB, Free - 14603 MB;
Motherboard: Dell Computer Corp., 0U2575
Antivirus: CA Anti-Virus Plus, Updated: No, On-Demand Scanner: Enabled

BTW I just noticed my TSG SysInfo shows CA AV running, but I just recently installed Panda Cloud Free 2.3. One of the things I liked about Panda was it's light on usage drain. But in my attempt to shore up security even more I added Ad-Aware Free. Not as my AV but as a "secondary defense" (they call it "compatible"). For starters, it took almost an hour to download and set-up. (Which wasn't a good sign.) And now I feel like my computer is slower and I know the PF usage has really increased since I installed the Ad-Aware.

I read in an article:

_For example, Ad-Aware by Lavasoft often slows a computer to the point where it is virtually unusable. In fact, some people even classify Ad-Aware itself as malware._

If you're interested here's the link to the article:

http://www.insidetechnology360.com/index.php/things-that-may-slow-down-your-computer-2-14813/

I've never really known that Ad-Aware is so great to begin with and now I'm on the verge of un-installing it. I don't have a ton of hardrive space or (as you can see) memory to play with. Anybody got any feedback on this for me? Thanks.


----------



## lunarlander (Sep 22, 2007)

One can only have one active real-time antivirus running. You have to remove CA or Panda. Only keep one antivirus.

Ad-Aware is consider by many a protection from yesteryear.


----------



## GreggIllinois (Jan 5, 2014)

Thanks lunarlander,

I'm getting rid of Ad-Aware.

And as far as I can tell I'm not running CA. I checked the log. Did I miss something. And I'm wondering why the SysInfo log says I am. Could you take a look? Thanks.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:29:08 PM, on 1/19/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 26.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Linda Bal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irs.gov/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://libertytax.webex.com/client/T27L/support/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

--
End of file - 7976 bytes


----------



## lunarlander (Sep 22, 2007)

Have to wait for a golden-shield malware removal member to look at the hijackthis log.


----------



## Cookiegal (Aug 27, 2003)

Please uninstall Ad-Aware and then reboot the machine and do the following:

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## GreggIllinois (Jan 5, 2014)

Hi. I uninstalled Ad-Aware and rebooted. Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Linda Bal at 14:49:25 on 2014-01-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.198 [GMT -6:00]
.
AV: CA Anti-Virus Plus *Enabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Cloud Antivirus Firewall *Disabled* 
FW: CA Personal Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.irs.gov/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://libertytax.webex.com/client/T27L/support/ieatgpc.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1164DB00-24E4-4F81-AB8D-38902FB495F7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{395FE8BA-EC24-4BDC-9027-1C388AE800B7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{41C99EEE-D375-448F-93AF-7D13EE295AF7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AFABA86A-A94C-482D-A6AD-AA47205684DE} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: PFW - UmxWnp.Dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\linda bal\application data\mozilla\firefox\profiles\gjaz7bmp.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-8-27 143352]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-9-30 78840]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-4-28 55288]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-8 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-3-27 58872]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-10 47640]
R2 MSSQL$LIBTAX;SQL Server (LIBTAX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-3 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-1-18 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-1-18 1042272]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
R3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-1-18 47632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-1-18 171416]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2013-1-14 1034240]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-10-22 627072]
S4 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2009-10-22 212992]
S4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-10-22 206064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]
S4 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
S4 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
S4 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
.
=============== Created Last 30 ================
.
2014-01-19 05:45:59 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-01-19 05:45:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-01-19 05:16:22 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-01-19 05:08:29 -------- d-----w- c:\documents and settings\linda bal\application data\LavasoftStatistics
2014-01-19 03:54:14 -------- d-----w- c:\documents and settings\all users\application data\Licenses
2014-01-19 03:53:43 -------- d-----w- c:\program files\SpywareBlaster
2014-01-19 02:37:32 -------- d-----w- c:\documents and settings\linda bal\application data\SUPERAntiSpyware.com
2014-01-19 02:36:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-01-19 02:36:55 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-01-18 21:51:43 -------- d-----w- c:\documents and settings\linda bal\application data\Panda Security
2014-01-18 21:50:45 -------- d-----w- c:\program files\Panda Security
2014-01-18 21:50:45 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2014-01-14 00:29:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2014-01-14 00:29:33 -------- d-----w- c:\program files\Belarc
2014-01-11 03:57:27 -------- d-----w- c:\documents and settings\linda bal\local settings\application data\Secunia PSI
2014-01-11 03:56:43 -------- d-----w- c:\program files\Secunia
2013-12-25 19:41:04 -------- d-----w- c:\program files\Windows Media Connect 2
2013-12-24 01:31:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-12-24 01:31:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-12-24 01:31:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-12-24 01:31:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-12-24 01:31:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-12-24 01:28:07 -------- d-----w- c:\documents and settings\linda bal\local settings\application data\Apple
2013-12-24 00:48:13 -------- d-----w- c:\program files\VideoLAN
.
==================== Find3M ====================
.
2014-01-17 22:29:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-17 22:29:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-07 05:09:56 22 ----a-w- c:\windows\system32\syoepk_lib0.dll
2013-12-07 05:05:37 211464 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2006-12-03 02:53:08 18662400 -c----w- c:\program files\common files\InterviewPLUS Workstation.msi
2006-12-03 02:50:42 18662912 ------w- c:\program files\common files\TaxWise Workstation.msi
2004-12-02 21:42:18 18448384 -c----w- c:\program files\common files\InterviewPLUS Workstation Setup.msi
2004-12-02 21:32:48 18448384 -c----w- c:\program files\common files\TaxWise Workstation Setup.msi
.
============= FINISH: 14:51:54.39 ===============

And now Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2005 3:57:51 PM
System Uptime: 1/20/2014 11:22:42 AM (3 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2794/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 14.967 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1036: 1/6/2014 12:24:27 PM - System Checkpoint
RP1037: 1/7/2014 1:57:07 PM - Software Distribution Service 3.0
RP1038: 1/8/2014 2:57:34 PM - System Checkpoint
RP1039: 1/8/2014 11:08:31 PM - Software Distribution Service 3.0
RP1040: 1/9/2014 11:34:31 PM - Software Distribution Service 3.0
RP1041: 1/10/2014 10:35:28 PM - Installed MSXML 4.0 SP3 Parser
RP1042: 1/11/2014 1:04:05 PM - Software Distribution Service 3.0
RP1043: 1/11/2014 4:51:53 PM - Installed Windows XP KB2898785.
RP1044: 1/11/2014 7:56:06 PM - Software Distribution Service 3.0
RP1045: 12/1/2004 3:53:45 PM - System Checkpoint
RP1046: 1/13/2014 8:36:23 PM - System Checkpoint
RP1047: 1/14/2014 12:27:48 PM - Software Distribution Service 3.0
RP1048: 1/15/2014 12:47:36 PM - Software Distribution Service 3.0
RP1049: 1/15/2014 9:09:33 PM - Software Distribution Service 3.0
RP1050: 1/16/2014 2:10:28 PM - Software Distribution Service 3.0
RP1051: 1/17/2014 2:11:43 PM - System Checkpoint
RP1052: 1/18/2014 2:33:32 PM - Software Distribution Service 3.0
RP1053: 1/18/2014 10:17:04 PM - Installed Windows XP KB942288-v3.
RP1054: 1/18/2014 10:17:58 PM - AA11
RP1055: 1/19/2014 5:49:22 PM - AA11
.
==== Installed Programs ======================
.
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Amazon Kindle
AMRT
Apple Application Support
Apple Software Update
Balabolka
Belarc Advisor 8.4
CA Anti-Virus Plus
CA Personal Firewall
calibre
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Crystal Reports 9
Crystal Reports Basic Runtime for Visual Studio 2008
ePubPack
eSupportQFolder
GIMP 2.8.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterviewPLUS Workstation
InterviewPLUS Workstation Setup
Java 2 Runtime Environment, SE v1.4.2_03
Java 7 Update 45
Java Auto Updater
Kindle Previewer
LaserJet 1018
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.1.2.3
LibTax 2006
LibTax 2008
LibTax 2009
LibTax 2010
Linksys Wireless Manager
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (LIBTAX)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft SQLXML 4.0 SP1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6 Service Pack 2 (KB954459)
Notepad++
OGA Notifier 2.0.0048.0
Paint.NET v3.5.11
Panda Cloud Antivirus
Photo Pos Pro
PRS-500 USB driver
QuickTime
Reader Library by Sony
ReportViewer
Roxio UDF Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sigil 0.7.2
Skype 6.10
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 5.0
SUPERAntiSpyware
TaxWise Workstation
TaxWise Workstation Setup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.1.2
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/19/2014 11:12:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/19/2014 11:12:02 AM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2014 11:46:40 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2014 11:46:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
1/13/2014 10:51:41 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
.
==== End Of File ===========================

Thanks!


----------



## Cookiegal (Aug 27, 2003)

These are still listed in the Control Panel - Add or Remove programs so please try first uninstalling them from there.

CA Anti-Virus Plus
CA Personal Firewall

Then reboot the machine and post a new DDS log.


----------



## GreggIllinois (Jan 5, 2014)

Thanks, Cookiegal. I looked very carefully at the Control Panel 'add or remove.' Neither the

CA Anti-Virus Plus

nor the

CA Personal Firewall

are there. (See screenshot.) And I noticed in the log (granted, I don't know how to read it well) that Secunia (or the name "secunia" anyway) was there, and I had a couple of days ago uninstalled Secunia (and it is not in the Control Panel either).

Thanks.

P.S. Flavalee (Frank) helped me get rid of the CA a while back (or at least I thought it was gone). Here's the thread:

http://forums.techguy.org/windows-xp/1116785-about-increasing-ram-xp.html


----------



## Cookiegal (Aug 27, 2003)

There are definitely lots of remnants such as services that are still showing but it's odd that they aren't listed there.

Please visit the following link and scroll down to CA Internet Security Suite utility and click on it to uninstall that program.

http://www.avg.com/ww-en/faq.num-4400

After running it please reboot the machine and post a new DDS log.


----------



## GreggIllinois (Jan 5, 2014)

Thanks, Cookiegal, but the removal tool wouldn't let me use it. When I clicked on the CA Internet Security Suite Utility link, an 'error' window popped up. (See attachment: Denied Acess2RemovalTool#1). Then when I clicked on the okay button on that, this screen (See attachment: DeniedAcess2RemovalTool#2) came up. 

(As a side note, I was wondering about the Secunia and other remnants on my computer. Would they be a good reason to uninstall with something like the Revo Uninstaller Freeware?)

Will await your further instructions.

Thank you.


----------



## dvk01 (Dec 14, 2002)

the error messages are due to the ca site not working properly 
I am seeing if I can find an uninstaller that works


----------



## dvk01 (Dec 14, 2002)

CA no longer make or support home security tools. They sold out a couple of years ago to total security and the link from AVG is no longer active 
The new company http://www.totaldefense.com/home-and-home-office.html do not appear to have any uninstall tools at all but they do say they have free uninstall help on their website http://www.totaldefense.com/home-and-home-office/support/index.html


----------



## Cookiegal (Aug 27, 2003)

Thanks Derek. I had seen that the new company was Total Defense and was afraid that might happen but thought that since AVG still had the CA uninstaller actively listed on their site that it might still work.


----------



## Cookiegal (Aug 27, 2003)

I would try the free support from Total Defense first to remove CA and then come back and post a new DDS log. Be sure you reboot the machine following any procedure they have you perform before running DDS again. Also, be sure you determine that the service will be free right from the beginning to avoid any surprises. "Free" support sometimes turns out to be expensive. 

As for Secunia they are probably just a couple of leftover folders that may be empty. We can check that with other tools after CA is gone.


----------



## dvk01 (Dec 14, 2002)

Cookiegal said:


> Thanks Derek. I had seen that the new company was Total Defense and was afraid that might happen but thought that since AVG still had the CA uninstaller actively listed on their site that it might still work.


The AVG page links to an old page that needs you to log in via an intranet now and for some weird reason gives a stupid error message saying unsupported browser, when it really should say "you need a user name & password" . BUT it is very possible that it only ever worked in IE6 or lower


----------



## GreggIllinois (Jan 5, 2014)

Thanks Cookiegal. I checked out the Total Defense. The first person (in a live "chat") said, 'Try Revo Uninstaller Pro, and if that doesn't work call the Total Defense Tech. Support number (877-205-7962).' The Revo Pro was $30 and I had no idea if it would work or not, so I called the Support number. While I was on hold they had me open up this page: http://1mb.iyogi.com/win/ Then I talked to a customer service tech and explained that the CA anti-virus was still running despite being removed from the Control Panel. He said that if CA didn't show up in the list of programs in the Control Panel, it was not running on the computer. I told him about you and running the log that said it was running, and he insisted that if the CA didn't show up in the Control Panel, it couldn't possibly be running. I asked, 'Well, what about what is showing up on the log my friends (you) had me scan?' He said it was just the remnants of the CA and that they would be easily removed by running the free (I clarified that it was the free version) version of Revo uninstaller tool.

So I've done nothing--but report back to you! 

Just an additional note: When Frank (flavalee) had me do some things in terms of removing the CA, my computer did drop substantially in the PF usage. (I just mention that if it might be a helpful clue as to what's going on.) Thanks!


----------



## Cookiegal (Aug 27, 2003)

Go ahead and try Revo then please.


----------



## GreggIllinois (Jan 5, 2014)

I got the Revo free uninstaller (I could've got the Revo Pro uinstaller with a 30 day free trial but figured I'd try the free first) but I got a little nervous when I saw that the CA "personal firewall" was in there. (I expected just CA AV.) So I didn't remove it. (Do I have a Windows firewall? I know Panda isn't supplying a firewall. That is, is it okay to use the Revo uninstaller on the CA personal firewall?) Plus I saw four more things on the Revo screen (see screenshot) that were not on the Control Panel (see next screenshot). Is it okay to do the Revo uninstall on them, as well? (And interestingly, Secunia did not show up on the Revo.) Thanks.


----------



## Cookiegal (Aug 27, 2003)

I think part of the problem is that you're running SpyBot Search & Destroy which prevents registry changes. This could be why not all entries were removed. Please disabled it and leave it disabled for the duration of this process. Or uninstall it completely as you can always reinstall it again later on.

Then please uninstall the following via the Control Panel - Add or Remove Programs as it's listed there:

Java 2 Runtime Environment, SE v1.4.2_03

These are all part of CA Internet Security Suite so allow Revo to remove them:

AMRT
CA Personal Firewall
HIPSCC

Reboot after and the Windows firewall should come back on automatically but check to be sure. Go to Control Panel - Security Center and see if it says the firewall is on. Then click on the arrow beside the Firewall to make sure it's the Windows one that is running and not the CA one.

After you done all of the above reboot as the final step to make sure all deletions are done and then run DDS again and post the new log.


----------



## GreggIllinois (Jan 5, 2014)

Hi Cookiegal,

Uninstalled Spybot via Control Panel 'add/remove programs."

Uninstalled Java via the Control Panel 'add/remove programs.'

Uninstalled Java 2 Runtime Environment, SE v1.4.2_03 via the Control Panel 'add/remove programs.'

Then to test the Revo I uinstalled a program (Notepad++) and the Revo uinstaller gave me three removal modes to choose from:1)Safe 2)Moderate 3)Advanced. I did the Moderate for the Notepad++. Then the Revo gave me the choices of which things to delete (see screen shot). I'd watched a video tutorial and the guy just deleted everything (in his eg.). But I just deleted the things that were emboldened. Then another screen came up with a list of things and all the things listed there were all in the Program Files so I felt comfortable deleting them all.

I did not proceed with removing AMRT, CA Personal Firewall, or HIPSCC because I was uncertain as to use the Safe, Moderate or Advanced removal mode (the Advanced is the deepest it says). And I was also uncertain whether to delete everything (like in the screenshot) in the two screens that made me choose what to delete. (Again, like I said, the video tutor deleted everything in both screens. But I wasn't comfortable deleting things like "My Computer" (in the screenshot) esp. when they Revo advice said 'Only checked bolded items and their sub-items will be deleted.') 

So when I encounter these things in removing what you told me to remove should I check everything in the first screen (the screenshot) and then everything in the second screen as well? Or do I do as I did for the Notepad++ (just checking the emboldened items). And then checking everything in the second screen.

And again, which mode to use: Safe, Moderate or Advanced.

Thanks.


----------



## Cookiegal (Aug 27, 2003)

I only see one screenshot.

I've never had to use Revo but I'm pretty sure you'll have to use the Avanced mode to get rid of all of the remnants of CA.

Create a system restore point before doing that and if you like post a screen shot of what it finds before deleting them and I'll review it for you.


----------



## TOGG (Apr 2, 2002)

Forgive me for butting in but I have used Revo in the past, including Advanced mode, and it creates a restore point whichever type of uninstall you do and advises that you should only ever remove the bolded items.


----------



## Cookiegal (Aug 27, 2003)

Thanks TOGG. :up: I've never used it so it's difficult to know all the ins and outs of the tool.


----------



## GreggIllinois (Jan 5, 2014)

Okay. Removed AMRT, HIPSCC and CA Personal Firewall with the Revo uinstaller in the advanced mode. Rebooted. Checked and although at first there was no firewall, within maybe five seconds the Windows firewall appeared. Then did another reboot and then did the DDS scans. (A side note, when I tried to copy (and paste) the DDS file from my Downloads file to my Desktop, this window came on (see screenshot attachment) and wouldn't let me do it. (The "What should I do?" link did nothing when I clicked on it.)Fortunately I was able to double click on the file in Downloads and it ran from there.)

Adding this a bit later: When I go to copy or delete any file, that warning windows appears (and stops me). Here's the progression:

I right click on a file. I choose either "delete" or "copy" (it doesn't matter). The hour-glass icon appears and remains for maybe 3-5 seconds. Then the warning window appears. The warning window remains for maybe 2 seconds. Then the entire screen disappears (whatever was on there). Then I can see my desktop wallpaper (with no icons) for a second and then the icons reappear.

I haven't done everything I normally do with the computer yet, but I did use the email and that was working fine.

I noticed one more little thing: I can't see the "Task Manager" icon in the Taskbar when I minimize the Windows Task Manager. (When I click the "performance" tab in the Task Manager and then minimize it, a little green icon usually appears in the taskbar, showing the CPU fluctuation.)

I've been using the computer a little more. I was in the ebook-formatting program Sigil and I went File-->Open and I _was_ able to delete a file by right clicking on it and hitting "delete" but when I did, (there was no warning window) the whole Sigil program disappeared.

But the computer seems to be substantially quicker (and that is exciting)!

Here is the DDS scan:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Linda Bal at 17:33:57 on 2014-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.574 [GMT -6:00]
.
AV: CA Anti-Virus Plus *Enabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Cloud Antivirus Firewall *Disabled* 
FW: CA Personal Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.irs.gov/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://libertytax.webex.com/client/T27L/support/ieatgpc.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1164DB00-24E4-4F81-AB8D-38902FB495F7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{395FE8BA-EC24-4BDC-9027-1C388AE800B7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{41C99EEE-D375-448F-93AF-7D13EE295AF7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AFABA86A-A94C-482D-A6AD-AA47205684DE} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\linda bal\application data\mozilla\firefox\profiles\gjaz7bmp.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-10 47640]
R2 MSSQL$LIBTAX;SQL Server (LIBTAX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-3 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]
R3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-1-18 47632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2013-1-14 1034240]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-10-22 627072]
S4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-10-22 206064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]
.
=============== Created Last 30 ================
.
2014-01-22 03:56:07	--------	d-----w-	c:\program files\VS Revo Group
2014-01-19 05:45:28	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-01-19 05:16:22	47632	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2014-01-19 05:08:29	--------	d-----w-	c:\documents and settings\linda bal\application data\LavasoftStatistics
2014-01-19 03:54:14	--------	d-----w-	c:\documents and settings\all users\application data\Licenses
2014-01-19 03:53:43	--------	d-----w-	c:\program files\SpywareBlaster
2014-01-19 02:37:32	--------	d-----w-	c:\documents and settings\linda bal\application data\SUPERAntiSpyware.com
2014-01-19 02:36:55	--------	d-----w-	c:\program files\SUPERAntiSpyware
2014-01-19 02:36:55	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-01-18 21:51:43	--------	d-----w-	c:\documents and settings\linda bal\application data\Panda Security
2014-01-18 21:50:45	--------	d-----w-	c:\program files\Panda Security
2014-01-18 21:50:45	--------	d-----w-	c:\documents and settings\all users\application data\Panda Security
2014-01-14 00:29:33	3840	----a-w-	c:\windows\system32\drivers\BANTExt.sys
2014-01-14 00:29:33	--------	d-----w-	c:\program files\Belarc
2014-01-11 03:57:27	--------	d-----w-	c:\documents and settings\linda bal\local settings\application data\Secunia PSI
2014-01-11 03:56:43	--------	d-----w-	c:\program files\Secunia
2013-12-25 19:41:04	--------	d-----w-	c:\program files\Windows Media Connect 2
.
==================== Find3M ====================
.
2014-01-17 22:29:17	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-01-17 22:29:16	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-07 05:09:56	22	----a-w-	c:\windows\system32\syoepk_lib0.dll
2013-12-07 05:05:37	211464	----a-w-	c:\windows\Photo Pos Pro Uninstaller.exe
2013-11-27 20:21:06	40960	----a-w-	c:\windows\system32\drivers\ndproxy.sys
2013-11-19 10:21:30	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42	150528	----a-w-	c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51	591360	----a-w-	c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31	7168	----a-w-	c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17	1879040	----a-w-	c:\windows\system32\win32k.sys
2013-10-29 07:57:34	920064	----a-w-	c:\windows\system32\wininet.dll
2013-10-29 07:57:33	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33	18944	----a-w-	c:\windows\system32\corpol.dll
2013-10-29 07:57:33	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02	385024	----a-w-	c:\windows\system32\html.iec
2006-12-03 02:53:08	18662400	-c----w-	c:\program files\common files\InterviewPLUS Workstation.msi
2006-12-03 02:50:42	18662912	------w-	c:\program files\common files\TaxWise Workstation.msi
2004-12-02 21:42:18	18448384	-c----w-	c:\program files\common files\InterviewPLUS Workstation Setup.msi
2004-12-02 21:32:48	18448384	-c----w-	c:\program files\common files\TaxWise Workstation Setup.msi
.
============= FINISH: 17:35:45.92 ===============

And here is the Attach scan:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2005 3:57:51 PM
System Uptime: 1/23/2014 2:34:45 PM (3 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 15.655 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1042: 1/11/2014 1:04:05 PM - Software Distribution Service 3.0
RP1043: 1/11/2014 4:51:53 PM - Installed Windows XP KB2898785.
RP1044: 1/11/2014 7:56:06 PM - Software Distribution Service 3.0
RP1045: 12/1/2004 3:53:45 PM - System Checkpoint
RP1046: 1/13/2014 8:36:23 PM - System Checkpoint
RP1047: 1/14/2014 12:27:48 PM - Software Distribution Service 3.0
RP1048: 1/15/2014 12:47:36 PM - Software Distribution Service 3.0
RP1049: 1/15/2014 9:09:33 PM - Software Distribution Service 3.0
RP1050: 1/16/2014 2:10:28 PM - Software Distribution Service 3.0
RP1051: 1/17/2014 2:11:43 PM - System Checkpoint
RP1052: 1/18/2014 2:33:32 PM - Software Distribution Service 3.0
RP1053: 1/18/2014 10:17:04 PM - Installed Windows XP KB942288-v3.
RP1054: 1/18/2014 10:17:58 PM - AA11
RP1055: 1/19/2014 5:49:22 PM - AA11
RP1056: 1/20/2014 8:35:02 PM - System Checkpoint
RP1057: 1/22/2014 2:25:06 PM - System Checkpoint
RP1058: 1/22/2014 7:57:36 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1059: 1/22/2014 8:00:37 PM - Revo Uninstaller's restore point - Notepad++
RP1060: 1/23/2014 1:02:26 PM - Revo Uninstaller's restore point - AMRT
RP1061: 1/23/2014 1:42:14 PM - Revo Uninstaller's restore point - HIPSCC
RP1062: 1/23/2014 1:42:27 PM - Removed HIPSCC.
RP1063: 1/23/2014 1:53:54 PM - Revo Uninstaller's restore point - CA Personal Firewall
RP1064: 1/23/2014 1:54:19 PM - Removed CA Personal Firewall.
.
==== Installed Programs ======================
.
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Amazon Kindle
Apple Application Support
Apple Software Update
Balabolka
Belarc Advisor 8.4
CA Anti-Virus Plus
calibre
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Crystal Reports 9
Crystal Reports Basic Runtime for Visual Studio 2008
ePubPack
eSupportQFolder
GIMP 2.8.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterviewPLUS Workstation
InterviewPLUS Workstation Setup
Java 7 Update 45
Java Auto Updater
Kindle Previewer
LaserJet 1018
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.1.2.3
LibTax 2006
LibTax 2008
LibTax 2009
LibTax 2010
Linksys Wireless Manager
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (LIBTAX)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft SQLXML 4.0 SP1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6 Service Pack 2 (KB954459)
OGA Notifier 2.0.0048.0
Paint.NET v3.5.11
Panda Cloud Antivirus
Photo Pos Pro
PRS-500 USB driver
QuickTime
Reader Library by Sony
ReportViewer
Revo Uninstaller 1.95
Roxio UDF Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sigil 0.7.2
Skype™ 6.10
SolutionCenter
SpywareBlaster 5.0
SUPERAntiSpyware
TaxWise Workstation
TaxWise Workstation Setup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.1.2
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/19/2014 11:12:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/19/2014 11:12:02 AM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2014 3:21:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
1/18/2014 11:46:40 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2014 11:46:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
.
==== End Of File ===========================

Looking forward to what the scans reveal. Thanks for all the help!


----------



## Cookiegal (Aug 27, 2003)

I notice you also have Microsoft Security Essentials listed. Does it appear in the Add or Remove Programs list? I doubt it because it doesn't show in the DDS log. If not, does it appear in the Revo list?

Regarding the Data Execution Prevention message, please do the following:

Go to *Start *- *Run *and type *sysdm.cpl *then click *OK *or hit Enter. Click on the *Advanced* tab and then under *Performance *click on the *Settings* button. Click the *Data Execution Prevention* tab and let me know which box is checked there.


----------



## GreggIllinois (Jan 5, 2014)

_I notice you also have Microsoft Security Essentials listed. Does it appear in the Add or Remove Programs list? I doubt it because it doesn't show in the DDS log. If not, does it appear in the Revo list?_

I uninstalled Microsoft Security Essentials before I installed Panda. It is on neither the Add or Remove programs list or the Revo list. Where do I have it listed?

_Regarding the Data Execution Prevention message, please do the following:

Go to Start - Run and type sysdm.cpl then click OK or hit Enter. Click on the Advanced tab and then under Performance click on the Settings button. Click the Data Execution Prevention tab and let me know which box is checked there._

The space checked is: Turn on DEP for essential Windows programs and services only

Thanks.


----------



## GreggIllinois (Jan 5, 2014)

Hey Cookiegal. This is a tiny thing that doesn't bother me in the least but I figured I'd tell you about it in case it was a clue as to what was causing the inability to copy or delete issue.

When I open up my Chrome browser I normally get a screen (see screenshot) that looks just like the screenshot, but there is usually a little link for "gmail" in the upper right hand corner (that I can click on and go to my gmail). (I circled the area and typed in "gmail" in the screenshot.)


----------



## GreggIllinois (Jan 5, 2014)

Had another issue arise. Attempting to attach a file to an email (in gmail) failed. (see screenshot) I'm starting to wonder (not that I know how this works) if it might be better go to a system restore for the day before yesterday (as I did all the Revo uninstaller stuff yesterday 1/23/14). It's like the little gmail link missing (which I mentioned in the previous post) and now this, seems to say something substantial has been affected in gmail. And I'm kind of wondering if other little things will surface in other areas of the computer as I use things I haven't used yet.


----------



## GreggIllinois (Jan 5, 2014)

Gmail definitely buggy. Can't send email at all.


----------



## Cookiegal (Aug 27, 2003)

All I can think of is that CA is still hooked in there.

Here are the restore points created by Revo:

RP1059: 1/22/2014 8:00:37 PM - Revo Uninstaller's restore point - Notepad++
RP1060: 1/23/2014 1:02:26 PM - Revo Uninstaller's restore point - AMRT
RP1061: 1/23/2014 1:42:14 PM - Revo Uninstaller's restore point - HIPSCC
RP1062: 1/23/2014 1:42:27 PM - Removed HIPSCC.
RP1063: 1/23/2014 1:53:54 PM - Revo Uninstaller's restore point - CA Personal Firewall
RP1064: 1/23/2014 1:54:19 PM - Removed CA Personal Firewall.

Try going back to the more recent one first to see if that solves the problem first. Then if not, undo that same system restore before trying the next one. That way you won't lose any of the restore points. If you just do one restore after another then you won't be able to undo the previous ones.


----------



## TOGG (Apr 2, 2002)

See Couriant's post here; http://forums.techguy.org/web-email/1118354-report-g-mail-currently-having.html The Gmail problem may be cleared up for some users now but refreshing the status dashboard still shows service disruption.


----------



## GreggIllinois (Jan 5, 2014)

This day has been an adventure (computer-wise). I really think (despite the coincidence of Gmail having problems on their end--thanks for the heads-up, TOGG) that I got a virus because not only Gmail was goofy but the inability to copy or delete and when I was Googling the problem I clicked on a link and it took me to a porn site. Which got me researching the 'Google Redirect Virus.'

And also I could not post to TechGuySupport. And even that inability to post was funky, because when I was signed in I could see my posts in the forum, but when I signed out I couldn't. And when all was said and done my posts weren't there.

I proceeded with your advice, Cookiegal, to do the system restore/undo system restore by stages one-by-one. Just a thumbnail sketch. Going back to just the restore point of CA Personal Firewall did nothing in terms of the computer's performance (ie. I still couldn't copy/delete and things were funky). Going back to the restore point for the regular removal of HIPPSCC (sp?) did nothing. But when I went to the restore of the Revo removal of HIPPSCC I _was_ able to copy and delete files but when I was done, the 'Data Execution...' window came on.

Well, the computer was still substantially impaired so I kept going, eventually getting to successfully restoring the computer to Wednesday 1/22/14, which was the Revo uinstaller's restore point for Notepad++.

After that the computer seems to be functioning pretty much as it did, although I haven't done much on it as the system restores pretty much took all day. What I did notice however was that the links on the Google screen (in the upper right hand corner as I pointed out in a previous screenshot) are still not there. In fact, when I was emailing in the morning (before the Gmail became funky) I got so tired of Googling Gmail every time I wanted to use it, I put a Gmail favorite on the tool bar, and when I was done with the Notepad++ restore point that Gmail favorite was still in the toolbar. Now it seems to me that if the computer was restored to Wednesday 1/22/14, the changes I made to the tool bar 1/23/14 shouldn't be there, right?

So anyway, that's where the status of the computer stands. Oh, one last, ironic, thing. When the computer was starting up after the last couple of restore points, a window came up saying: 'Please wait while Windows configures CA Personal Firewall.' (I checked the Security Center and ascertained that it is a Windows firewall running.)

I'm going to do the DDS and Attach scans and paste them here.

Any suggestions on the Google re-direct virus, which I have seen no evidence of in this latest version but again I have not done much with the computer? Or take a 'wait and see' approach?

If I am indeed running the two AVs and the computer is running reasonably well, is it absolutely mandatory to remove the CA? Are there security risks? Or is removing the CA just going to speed things up?

Sorry this is all turning out be to so convoluted, but I do sincerely appreciate the help.

DDS scan:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Linda Bal at 1:52:43 on 2014-01-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.155 [GMT -6:00]
.
AV: CA Anti-Virus Plus *Enabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Cloud Antivirus Firewall *Disabled* 
FW: CA Personal Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.irs.gov/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://libertytax.webex.com/client/T27L/support/ieatgpc.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1164DB00-24E4-4F81-AB8D-38902FB495F7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{395FE8BA-EC24-4BDC-9027-1C388AE800B7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{41C99EEE-D375-448F-93AF-7D13EE295AF7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AFABA86A-A94C-482D-A6AD-AA47205684DE} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs= UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\linda bal\application data\mozilla\firefox\profiles\gjaz7bmp.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-8-27 143352]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-9-30 78840]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-4-28 55288]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-8 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-3-27 58872]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-10 47640]
R2 MSSQL$LIBTAX;SQL Server (LIBTAX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-3 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
R3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-1-18 47632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2013-1-14 1034240]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-10-22 627072]
S4 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2009-10-22 212992]
S4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-10-22 206064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]
S4 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
S4 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
S4 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
.
=============== Created Last 30 ================
.
2014-01-25 05:35:39	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2014-01-25 05:35:39	--------	d-----w-	c:\windows\system32\wbem\Repository
2014-01-23 19:54:25	79368	----a-w-	c:\windows\system32\UmxWNP.dll
2014-01-22 03:56:07	--------	d-----w-	c:\program files\VS Revo Group
2014-01-19 05:45:28	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-01-19 05:16:22	47632	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2014-01-19 05:08:29	--------	d-----w-	c:\documents and settings\linda bal\application data\LavasoftStatistics
2014-01-19 03:54:14	--------	d-----w-	c:\documents and settings\all users\application data\Licenses
2014-01-19 03:53:43	--------	d-----w-	c:\program files\SpywareBlaster
2014-01-19 02:37:32	--------	d-----w-	c:\documents and settings\linda bal\application data\SUPERAntiSpyware.com
2014-01-19 02:36:55	--------	d-----w-	c:\program files\SUPERAntiSpyware
2014-01-19 02:36:55	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-01-18 21:51:43	--------	d-----w-	c:\documents and settings\linda bal\application data\Panda Security
2014-01-18 21:50:45	--------	d-----w-	c:\program files\Panda Security
2014-01-18 21:50:45	--------	d-----w-	c:\documents and settings\all users\application data\Panda Security
2014-01-14 00:29:33	3840	----a-w-	c:\windows\system32\drivers\BANTExt.sys
2014-01-14 00:29:33	--------	d-----w-	c:\program files\Belarc
2014-01-11 03:57:27	--------	d-----w-	c:\documents and settings\linda bal\local settings\application data\Secunia PSI
2014-01-11 03:56:43	--------	d-----w-	c:\program files\Secunia
.
==================== Find3M ====================
.
2014-01-17 22:29:17	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-01-17 22:29:16	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-07 05:09:56	22	----a-w-	c:\windows\system32\syoepk_lib0.dll
2013-12-07 05:05:37	211464	----a-w-	c:\windows\Photo Pos Pro Uninstaller.exe
2013-11-27 20:21:06	40960	----a-w-	c:\windows\system32\drivers\ndproxy.sys
2013-11-19 10:21:30	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42	150528	----a-w-	c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51	591360	----a-w-	c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31	7168	----a-w-	c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17	1879040	----a-w-	c:\windows\system32\win32k.sys
2013-10-29 07:57:34	920064	----a-w-	c:\windows\system32\wininet.dll
2013-10-29 07:57:33	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33	18944	----a-w-	c:\windows\system32\corpol.dll
2013-10-29 07:57:33	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02	385024	----a-w-	c:\windows\system32\html.iec
2006-12-03 02:53:08	18662400	-c----w-	c:\program files\common files\InterviewPLUS Workstation.msi
2006-12-03 02:50:42	18662912	------w-	c:\program files\common files\TaxWise Workstation.msi
2004-12-02 21:42:18	18448384	-c----w-	c:\program files\common files\InterviewPLUS Workstation Setup.msi
2004-12-02 21:32:48	18448384	-c----w-	c:\program files\common files\TaxWise Workstation Setup.msi
.
============= FINISH: 1:54:49.26 ===============

Attach scan:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2005 3:57:51 PM
System Uptime: 1/24/2014 11:36:10 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 1.134 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1043: 1/11/2014 4:51:53 PM - Installed Windows XP KB2898785.
RP1044: 1/11/2014 7:56:06 PM - Software Distribution Service 3.0
RP1045: 12/1/2004 3:53:45 PM - System Checkpoint
RP1046: 1/13/2014 8:36:23 PM - System Checkpoint
RP1047: 1/14/2014 12:27:48 PM - Software Distribution Service 3.0
RP1048: 1/15/2014 12:47:36 PM - Software Distribution Service 3.0
RP1049: 1/15/2014 9:09:33 PM - Software Distribution Service 3.0
RP1050: 1/16/2014 2:10:28 PM - Software Distribution Service 3.0
RP1051: 1/17/2014 2:11:43 PM - System Checkpoint
RP1052: 1/18/2014 2:33:32 PM - Software Distribution Service 3.0
RP1053: 1/18/2014 10:17:04 PM - Installed Windows XP KB942288-v3.
RP1054: 1/18/2014 10:17:58 PM - AA11
RP1055: 1/19/2014 5:49:22 PM - AA11
RP1056: 1/20/2014 8:35:02 PM - System Checkpoint
RP1057: 1/22/2014 2:25:06 PM - System Checkpoint
RP1058: 1/22/2014 7:57:36 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1059: 1/22/2014 8:00:37 PM - Revo Uninstaller's restore point - Notepad++
RP1060: 1/23/2014 1:02:26 PM - Revo Uninstaller's restore point - AMRT
RP1061: 1/23/2014 1:42:14 PM - Revo Uninstaller's restore point - HIPSCC
RP1062: 1/23/2014 1:42:27 PM - Removed HIPSCC.
RP1063: 1/23/2014 1:53:54 PM - Revo Uninstaller's restore point - CA Personal Firewall
RP1064: 1/23/2014 1:54:19 PM - Removed CA Personal Firewall.
RP1065: 1/24/2014 10:24:55 AM - Printer Driver LogMeIn Printer Driver Installed
RP1066: 1/24/2014 6:01:25 PM - Restore Operation
RP1067: 1/24/2014 6:21:57 PM - Restore Operation
RP1068: 1/24/2014 6:31:00 PM - Restore Operation
RP1069: 1/24/2014 6:43:14 PM - Restore Operation
RP1070: 1/24/2014 6:56:20 PM - Restore Operation
RP1071: 1/24/2014 7:09:55 PM - Restore Operation
RP1072: 1/24/2014 7:23:10 PM - Restore Operation
RP1073: 1/24/2014 7:47:50 PM - Restore Operation
RP1074: 1/24/2014 8:10:59 PM - Restore Operation
RP1075: 1/24/2014 9:08:59 PM - Restore Operation
RP1076: 1/24/2014 9:58:30 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Amazon Kindle
AMRT
Apple Application Support
Apple Software Update
Balabolka
Belarc Advisor 8.4
CA Anti-Virus Plus
CA Personal Firewall
calibre
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Crystal Reports 9
Crystal Reports Basic Runtime for Visual Studio 2008
ePubPack
eSupportQFolder
GIMP 2.8.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterviewPLUS Workstation
InterviewPLUS Workstation Setup
Java 7 Update 45
Java Auto Updater
Kindle Previewer
LaserJet 1018
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.1.2.3
LibTax 2006
LibTax 2008
LibTax 2009
LibTax 2010
Linksys Wireless Manager
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (LIBTAX)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft SQLXML 4.0 SP1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6 Service Pack 2 (KB954459)
Notepad++
OGA Notifier 2.0.0048.0
Paint.NET v3.5.11
Panda Cloud Antivirus
Photo Pos Pro
PRS-500 USB driver
QuickTime
Reader Library by Sony
ReportViewer
Revo Uninstaller 1.95
Roxio UDF Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sigil 0.7.2
Skype 6.10
SolutionCenter
SpywareBlaster 5.0
SUPERAntiSpyware
TaxWise Workstation
TaxWise Workstation Setup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.1.2
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/22/2014 7:47:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
1/22/2014 12:25:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
1/22/2014 12:25:21 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2014 12:19:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/21/2014 12:19:29 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

We'll check for malware but you may have picked that up during your Google search and then the restore went back to before it happened. We'll deal with the CA and MSE leftovers later.

In the meantime, please don't do anything on your own.

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## Cookiegal (Aug 27, 2003)

I also meant to ask why you're using LogMeIn. Are you receiving help via remote assistance or helping someone else that way? I just want to be sure you are aware this program is installed and running.


----------



## GreggIllinois (Jan 5, 2014)

# AdwCleaner v3.017 - Report created 25/01/2014 at 16:45:26
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Linda Bal - OLDPROCESSOR
# Running from : C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\prefs.js ]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1455 octets] - [25/01/2014 16:45:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1515 octets] ##########


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> I also meant to ask why you're using LogMeIn. Are you receiving help via remote assistance or helping someone else that way? I just want to be sure you are aware this program is installed and running.


Honestly I was going to ask you why it was there. I don't use it for anything. I guess it's for when somebody wants to remote access my computer. I suppose that's a valuable thing to have, but I was going to ask you if I should get rid of it.


----------



## GreggIllinois (Jan 5, 2014)

Seems to me my available "C" drive space (3.6 GB) is much lower than it was. (I always thought I had about 17GB space free.) I have two computers so I could be mistaken about this, but could anything we've done have caused the available "C" drive space to diminish drastically? And if not, shouldn't I be reducing the things on my "C" drive to make more space? Thanks.


----------



## Cookiegal (Aug 27, 2003)

Not much there but you can go ahead and run AdwCleaner again and this time select the "delete" option then post the new log please.

When you were talking to the people at Total Defense did they remote in to your computer? LogMeIn doesn't install itself. You would have to install it to receive (or give) remote assistance.

It does look like the free space has gone down considerable but we haven't really done anything other than using system restore and that shouldn't do anything like that.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> Not much there but you can go ahead and run AdwCleaner again and this time select the "delete" option then post the new log please.
> 
> When you were talking to the people at Total Defense did they remote in to your computer? LogMeIn doesn't install itself. You would have to install it to receive (or give) remote assistance.
> 
> It does look like the free space has gone down considerable but we haven't really done anything other than using system restore and that shouldn't do anything like that.


Hi.

No, all Total Defense did was tell me to use the Revo uninstaller. The 'Log Me In" was on the computer when I got it. I have never used it.

Here's the new scan after I did the "clean" function (the "delete" function only showed up after I attempted to exit and then it seemed the "clean" and "delete" were the same, so I went with the "clean.").

I'm concerned about the loss of "C" drive space. When I was cleaning icons off my Desktop I came across the screenshot "techSupportTEST.png." (see attachment) That was taken not long before we did all these system restores, and that showed that I had 16 GB of hard drive space. (Now I have only 3.6.) I've read that with less than 4GB of hard drive capacity each system restore can only be 400MB, which would not account for such a huge loss of C drive space. But I have read about people feeling the system restores took a huge amount of C drive space. (And the system restores did take a very long time. Some of them over an hour. And I did a total of five of them, along with four "undo" system restores.) See second attachment. ('turnOffSystemRestore). I have done absolutely nothing (outside what we've been doing here) that would account for over 12 GB of C drive space being used up. There must be some reason for it being used up.

So do you think turning off the system restore might give me the C drive space back?

# AdwCleaner v3.017 - Report created 25/01/2014 at 18:48:48
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Linda Bal - OLDPROCESSOR
# Running from : C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\prefs.js ]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1595 octets] - [25/01/2014 16:45:26]
AdwCleaner[R1].txt - [1655 octets] - [25/01/2014 18:45:47]
AdwCleaner[S0].txt - [1588 octets] - [25/01/2014 18:48:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1648 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

That's odd because system restore can only use a maximum of 12% of the space. It does appear to have been reduced after the restores as the DDS log showed this amount in the first log:

C: is FIXED (NTFS) - 37 GiB total, 14.967 GiB free

and then after running Revo:

C: is FIXED (NTFS) - 37 GiB total, 15.655 GiB free.

and this in the last one:

C: is FIXED (NTFS) - 37 GiB total, 1.134 GiB free.

But that's already come up to over 3.58 in your screenshot so it will likely recover the space.

If you turn off system restore then you will delete all of the restore points so it will be impossible to go back to an earlier date.

Try rebooting and running DDS again please and post the new logs.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> That's odd because system restore can only use a maximum of 12% of the space. It does appear to have been reduced after the restores as the DDS log showed this amount in the first log:
> 
> C: is FIXED (NTFS) - 37 GiB total, 14.967 GiB free
> 
> ...


Hi Cookiegal. I see the C drive at 3.84. So it's creeping up. I thought for sure my Gmail was hacked/corrupted/virused. An importnant email I was expecting to _receive_ was in my _sent_ box. And the subject heading changed from what my correspondent wrote to what I wrote in my email to her. It was freaky. It would change as I switched from the inbox to the sent box.

I am still not certain that the computer is where it was before I did the restore for Notepad++, which is when we started all this. I say that because my Google screen is different. (see screenshots) The first screenshot ('Google missing') is _not _ from my computer, but on my computer I did have those links in the upper right hand corner. And in the pre-restore Notepad++ days I never had the Gmail tab (see 'Google I have now'). I only added that after we started the system restore because I had to use Gmail and it wasn't there on the Google screen and I got tired of having to Google it to get it.

In one sense the computer seems the same because the Notepad++ icon is on the screen, but if the computer is the same why would the Google screen be different? (And there may be some reason for this, but in terms of logic it makes no sense.)

And I'm hoping against hope that that quirkiness (although I sent that email in question at 1:30am, which as far as I know was well after Gmail was restored to its proper functioning) with the email I mentioned was due to problems on Gmail's end of things.

Do you think I should follow Gmail's protocol for a compromised email account? (This is the link.)

https://support.google.com/mail/answer/50270?hl=en

Besides the C drive disk space and Gmail issue (and I've tested Gmail (sending and receiving) it seems to be working properly.) the computer is working quite well.

Here are the DDS logs. Thanks!

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Linda Bal at 21:58:57 on 2014-01-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.536 [GMT -6:00]
.
AV: CA Anti-Virus Plus *Enabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Cloud Antivirus Firewall *Disabled* 
FW: CA Personal Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.irs.gov/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://libertytax.webex.com/client/T27L/support/ieatgpc.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1164DB00-24E4-4F81-AB8D-38902FB495F7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{395FE8BA-EC24-4BDC-9027-1C388AE800B7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{41C99EEE-D375-448F-93AF-7D13EE295AF7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AFABA86A-A94C-482D-A6AD-AA47205684DE} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs= UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\linda bal\application data\mozilla\firefox\profiles\gjaz7bmp.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-8-27 143352]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-9-30 78840]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-4-28 55288]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-8 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-3-27 58872]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-10 47640]
R2 MSSQL$LIBTAX;SQL Server (LIBTAX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-3 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
R3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-1-18 47632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2013-1-14 1034240]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-10-22 627072]
S4 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2009-10-22 212992]
S4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-10-22 206064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]
S4 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
S4 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
S4 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
.
=============== Created Last 30 ================
.
2014-01-25 22:45:06	--------	d-----w-	C:\AdwCleaner
2014-01-25 05:35:39	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2014-01-25 05:35:39	--------	d-----w-	c:\windows\system32\wbem\Repository
2014-01-23 19:54:25	79368	----a-w-	c:\windows\system32\UmxWNP.dll
2014-01-22 03:56:07	--------	d-----w-	c:\program files\VS Revo Group
2014-01-19 05:45:28	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-01-19 05:16:22	47632	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2014-01-19 05:08:29	--------	d-----w-	c:\documents and settings\linda bal\application data\LavasoftStatistics
2014-01-19 03:54:14	--------	d-----w-	c:\documents and settings\all users\application data\Licenses
2014-01-19 03:53:43	--------	d-----w-	c:\program files\SpywareBlaster
2014-01-19 02:37:32	--------	d-----w-	c:\documents and settings\linda bal\application data\SUPERAntiSpyware.com
2014-01-19 02:36:55	--------	d-----w-	c:\program files\SUPERAntiSpyware
2014-01-19 02:36:55	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-01-18 21:51:43	--------	d-----w-	c:\documents and settings\linda bal\application data\Panda Security
2014-01-18 21:50:45	--------	d-----w-	c:\program files\Panda Security
2014-01-18 21:50:45	--------	d-----w-	c:\documents and settings\all users\application data\Panda Security
2014-01-14 00:29:33	3840	----a-w-	c:\windows\system32\drivers\BANTExt.sys
2014-01-14 00:29:33	--------	d-----w-	c:\program files\Belarc
2014-01-11 03:57:27	--------	d-----w-	c:\documents and settings\linda bal\local settings\application data\Secunia PSI
2014-01-11 03:56:43	--------	d-----w-	c:\program files\Secunia
.
==================== Find3M ====================
.
2014-01-17 22:29:17	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-01-17 22:29:16	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-07 05:09:56	22	----a-w-	c:\windows\system32\syoepk_lib0.dll
2013-12-07 05:05:37	211464	----a-w-	c:\windows\Photo Pos Pro Uninstaller.exe
2013-11-27 20:21:06	40960	----a-w-	c:\windows\system32\drivers\ndproxy.sys
2013-11-19 10:21:30	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42	150528	----a-w-	c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51	591360	----a-w-	c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31	7168	----a-w-	c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17	1879040	----a-w-	c:\windows\system32\win32k.sys
2013-10-29 07:57:34	920064	----a-w-	c:\windows\system32\wininet.dll
2013-10-29 07:57:33	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33	18944	----a-w-	c:\windows\system32\corpol.dll
2013-10-29 07:57:33	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02	385024	----a-w-	c:\windows\system32\html.iec
2006-12-03 02:53:08	18662400	-c----w-	c:\program files\common files\InterviewPLUS Workstation.msi
2006-12-03 02:50:42	18662912	------w-	c:\program files\common files\TaxWise Workstation.msi
2004-12-02 21:42:18	18448384	-c----w-	c:\program files\common files\InterviewPLUS Workstation Setup.msi
2004-12-02 21:32:48	18448384	-c----w-	c:\program files\common files\TaxWise Workstation Setup.msi
.
============= FINISH: 22:01:09.04 ===============

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2005 3:57:51 PM
System Uptime: 1/25/2014 9:51:51 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 3.842 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1043: 1/11/2014 4:51:53 PM - Installed Windows XP KB2898785.
RP1044: 1/11/2014 7:56:06 PM - Software Distribution Service 3.0
RP1045: 12/1/2004 3:53:45 PM - System Checkpoint
RP1046: 1/13/2014 8:36:23 PM - System Checkpoint
RP1047: 1/14/2014 12:27:48 PM - Software Distribution Service 3.0
RP1048: 1/15/2014 12:47:36 PM - Software Distribution Service 3.0
RP1049: 1/15/2014 9:09:33 PM - Software Distribution Service 3.0
RP1050: 1/16/2014 2:10:28 PM - Software Distribution Service 3.0
RP1051: 1/17/2014 2:11:43 PM - System Checkpoint
RP1052: 1/18/2014 2:33:32 PM - Software Distribution Service 3.0
RP1053: 1/18/2014 10:17:04 PM - Installed Windows XP KB942288-v3.
RP1054: 1/18/2014 10:17:58 PM - AA11
RP1055: 1/19/2014 5:49:22 PM - AA11
RP1056: 1/20/2014 8:35:02 PM - System Checkpoint
RP1057: 1/22/2014 2:25:06 PM - System Checkpoint
RP1058: 1/22/2014 7:57:36 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1059: 1/22/2014 8:00:37 PM - Revo Uninstaller's restore point - Notepad++
RP1060: 1/23/2014 1:02:26 PM - Revo Uninstaller's restore point - AMRT
RP1061: 1/23/2014 1:42:14 PM - Revo Uninstaller's restore point - HIPSCC
RP1062: 1/23/2014 1:42:27 PM - Removed HIPSCC.
RP1063: 1/23/2014 1:53:54 PM - Revo Uninstaller's restore point - CA Personal Firewall
RP1064: 1/23/2014 1:54:19 PM - Removed CA Personal Firewall.
RP1065: 1/24/2014 10:24:55 AM - Printer Driver LogMeIn Printer Driver Installed
RP1066: 1/24/2014 6:01:25 PM - Restore Operation
RP1067: 1/24/2014 6:21:57 PM - Restore Operation
RP1068: 1/24/2014 6:31:00 PM - Restore Operation
RP1069: 1/24/2014 6:43:14 PM - Restore Operation
RP1070: 1/24/2014 6:56:20 PM - Restore Operation
RP1071: 1/24/2014 7:09:55 PM - Restore Operation
RP1072: 1/24/2014 7:23:10 PM - Restore Operation
RP1073: 1/24/2014 7:47:50 PM - Restore Operation
RP1074: 1/24/2014 8:10:59 PM - Restore Operation
RP1075: 1/24/2014 9:08:59 PM - Restore Operation
RP1076: 1/24/2014 9:58:30 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Amazon Kindle
AMRT
Apple Application Support
Apple Software Update
Balabolka
Belarc Advisor 8.4
CA Anti-Virus Plus
CA Personal Firewall
calibre
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Crystal Reports 9
Crystal Reports Basic Runtime for Visual Studio 2008
ePubPack
eSupportQFolder
GIMP 2.8.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterviewPLUS Workstation
InterviewPLUS Workstation Setup
Java 7 Update 45
Java Auto Updater
Kindle Previewer
LaserJet 1018
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.1.2.3
LibTax 2006
LibTax 2008
LibTax 2009
LibTax 2010
Linksys Wireless Manager
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (LIBTAX)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft SQLXML 4.0 SP1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6 Service Pack 2 (KB954459)
Notepad++
OGA Notifier 2.0.0048.0
Paint.NET v3.5.11
Panda Cloud Antivirus
Photo Pos Pro
PRS-500 USB driver
QuickTime
Reader Library by Sony
ReportViewer
Revo Uninstaller 1.95
Roxio UDF Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sigil 0.7.2
Skype 6.10
SolutionCenter
SpywareBlaster 5.0
SUPERAntiSpyware
TaxWise Workstation
TaxWise Workstation Setup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.1.2
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/25/2014 6:48:49 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
1/19/2014 11:12:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/19/2014 11:12:02 AM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2014 2:23:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
1/18/2014 11:46:40 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2014 11:46:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

I don't know about the gmail account because they were having problems and one guy is receiving thousands of emails a day because his address is getting inserted to other people's emails.

I'm sure the space is increasing as earlier restore points drop off. The ones that are shown as "restore operation" are baffling me because I think there should only be one of those since they are the "undos". I'd like to take a look at the entries pertaining to the system restores that were done in the Event Viewer so please do the following:

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Information*
*Warning*

Click the radio button for "Number of events"
Type *20* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## GreggIllinois (Jan 5, 2014)

Thanks Cookiegal. So am I no longer worrying about Gmail being compromised? It's working well. I'm receiving and sending emails. And that notion of the screen (missing the gmail link in the upper right and _having _the Gmail tab) being different is a non-issue? And should I follow the Gmail protocol for changing the password etc.?

And am I concerned about the Google Redirect virus or has that become a non-issue?

I noticed that the C drive space has increased to 4.26.

Here' s the info. you requested.

Thanks!

Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/01/2014 2:22:42 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/01/2014 7:45:59 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x011b4fe0.

Log: 'Application' Date/Time: 24/01/2014 7:44:34 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x012b4fe0.

Log: 'Application' Date/Time: 24/01/2014 7:07:36 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x012c4fe0.

Log: 'Application' Date/Time: 24/01/2014 6:40:47 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02f34fe0.

Log: 'Application' Date/Time: 24/01/2014 6:37:22 PM
Type: error Category: 0
Event: 1 Source: SQLWRITER
SQL writer initialization error: the control dispatcher cannot be started [0x80070427].

Log: 'Application' Date/Time: 24/01/2014 6:13:26 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02e74fe0.

Log: 'Application' Date/Time: 24/01/2014 5:26:41 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04184fe0.

Log: 'Application' Date/Time: 24/01/2014 5:25:38 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x04124fe0.

Log: 'Application' Date/Time: 24/01/2014 5:23:11 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03504fe0.

Log: 'Application' Date/Time: 24/01/2014 3:01:36 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01b34fe0.

Log: 'Application' Date/Time: 24/01/2014 2:11:58 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04064fe0.

Log: 'Application' Date/Time: 24/01/2014 1:39:56 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x042e4fe0.

Log: 'Application' Date/Time: 24/01/2014 11:10:30 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x019e4fe0.

Log: 'Application' Date/Time: 23/01/2014 7:33:27 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x035c4fe0.

Log: 'Application' Date/Time: 23/01/2014 6:28:20 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x041f4fe0.

Log: 'Application' Date/Time: 23/01/2014 6:27:28 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04324fe0.

Log: 'Application' Date/Time: 23/01/2014 6:22:52 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03604fe0.

Log: 'Application' Date/Time: 23/01/2014 6:21:03 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03ba4fe0.

Log: 'Application' Date/Time: 23/01/2014 6:19:09 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03534fe0.

Log: 'Application' Date/Time: 23/01/2014 6:18:42 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03534fe0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/01/2014 12:53:40 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 26/01/2014 12:27:15 PM
Type: information Category: 2
Event: 17403 Source: MSSQL$LIBTAX
Server resumed execution after being idle 1793 seconds. Reason: timer event.

Log: 'Application' Date/Time: 26/01/2014 11:58:04 AM
Type: information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped.

Log: 'Application' Date/Time: 26/01/2014 11:58:03 AM
Type: information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 26/01/2014 11:57:03 AM
Type: information Category: 1
Event: 100 Source: SkypeUpdate
Service started.

Log: 'Application' Date/Time: 26/01/2014 11:56:50 AM
Type: information Category: 2
Event: 9688 Source: MSSQL$LIBTAX
Service Broker manager has started.

Log: 'Application' Date/Time: 26/01/2014 11:56:50 AM
Type: information Category: 2
Event: 9666 Source: MSSQL$LIBTAX
The Database Mirroring protocol transport is disabled or not configured.

Log: 'Application' Date/Time: 26/01/2014 11:56:50 AM
Type: information Category: 2
Event: 9666 Source: MSSQL$LIBTAX
The Service Broker protocol transport is disabled or not configured.

Log: 'Application' Date/Time: 26/01/2014 11:56:49 AM
Type: information Category: 2
Event: 3408 Source: MSSQL$LIBTAX
Recovery is complete. This is an informational message only. No user action is required.

Log: 'Application' Date/Time: 26/01/2014 11:56:49 AM
Type: information Category: 2
Event: 17126 Source: MSSQL$LIBTAX
SQL Server is now ready for client connections. This is an informational message; no user action is required.

Log: 'Application' Date/Time: 26/01/2014 11:56:49 AM
Type: information Category: 2
Event: 26037 Source: MSSQL$LIBTAX
The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x54b, state: 3. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

Log: 'Application' Date/Time: 26/01/2014 11:56:49 AM
Type: information Category: 2
Event: 17199 Source: MSSQL$LIBTAX
Dedicated administrator connection support was not started because it is not available on this edition of SQL Server. This is an informational message only. No user action is required.

Log: 'Application' Date/Time: 26/01/2014 11:56:49 AM
Type: information Category: 2
Event: 26028 Source: MSSQL$LIBTAX
Server named pipe provider is ready to accept connection on [ \\.\pipe\MSSQL$LIBTAX\sql\query ].

Log: 'Application' Date/Time: 26/01/2014 11:56:49 AM
Type: information Category: 2
Event: 26048 Source: MSSQL$LIBTAX
Server local connection provider is ready to accept connection on [ \\.\pipe\SQLLocal\LIBTAX ].

Log: 'Application' Date/Time: 26/01/2014 11:56:49 AM
Type: information Category: 2
Event: 17137 Source: MSSQL$LIBTAX
Starting up database 'tempdb'.

Log: 'Application' Date/Time: 26/01/2014 11:56:48 AM
Type: information Category: 2
Event: 26022 Source: MSSQL$LIBTAX
Server is listening on [ 'any' <ipv4> 1057].

Log: 'Application' Date/Time: 26/01/2014 11:56:46 AM
Type: information Category: 2
Event: 26018 Source: MSSQL$LIBTAX
A self-generated certificate was successfully loaded for encryption.

Log: 'Application' Date/Time: 26/01/2014 11:56:42 AM
Type: information Category: 2
Event: 17136 Source: MSSQL$LIBTAX
Clearing tempdb database.

Log: 'Application' Date/Time: 26/01/2014 11:56:40 AM
Type: information Category: 2
Event: 17137 Source: MSSQL$LIBTAX
Starting up database 'msdb'.

Log: 'Application' Date/Time: 26/01/2014 11:56:40 AM
Type: information Category: 2
Event: 17663 Source: MSSQL$LIBTAX
Server name is 'OLDPROCESSOR\LIBTAX'. This is an informational message only. No user action is required.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/01/2014 11:56:20 AM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 26/01/2014 11:56:20 AM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 26/01/2014 11:56:16 AM
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance LIBTAX is not valid.

Log: 'Application' Date/Time: 25/01/2014 9:53:02 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 25/01/2014 9:53:02 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 25/01/2014 9:52:58 PM
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance LIBTAX is not valid.

Log: 'Application' Date/Time: 25/01/2014 6:52:43 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 25/01/2014 6:52:43 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 25/01/2014 6:52:38 PM
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance LIBTAX is not valid.

Log: 'Application' Date/Time: 25/01/2014 6:50:18 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2681A52E-FCFA-4982-A030-7B652BDD346C}', feature 'WinNT_MergeModules' failed during request for component '{2616CA4F-5BD8-47C2-B1AC-31C5D524EF2D}'

Log: 'Application' Date/Time: 25/01/2014 12:15:28 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 25/01/2014 12:15:28 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 25/01/2014 12:15:26 PM
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance LIBTAX is not valid.

Log: 'Application' Date/Time: 25/01/2014 12:22:23 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2681A52E-FCFA-4982-A030-7B652BDD346C}', feature 'WinNT_MergeModules' failed during request for component '{2616CA4F-5BD8-47C2-B1AC-31C5D524EF2D}'

Log: 'Application' Date/Time: 25/01/2014 12:22:23 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2681A52E-FCFA-4982-A030-7B652BDD346C}', feature 'WinNT_MergeModules', component '{C6EB4747-20AB-40C3-8412-1721E960C705}' failed. The resource 'C:\Program Files\CA\SharedComponents\HIPSEngine\HIPSEngineApplications.xml' does not exist.

Log: 'Application' Date/Time: 24/01/2014 11:37:30 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 24/01/2014 11:37:30 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 24/01/2014 11:37:28 PM
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance LIBTAX is not valid.

Log: 'Application' Date/Time: 24/01/2014 9:47:23 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 24/01/2014 9:47:23 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/01/2014 11:55:53 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 26/01/2014 12:08:25 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 25/01/2014 9:52:36 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 25/01/2014 9:50:58 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 25/01/2014 6:54:28 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 25/01/2014 6:51:18 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 25/01/2014 6:48:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/01/2014 12:16:02 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 25/01/2014 2:17:39 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 25/01/2014 12:22:44 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 24/01/2014 9:09:07 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 24/01/2014 8:50:32 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 23/01/2014 11:29:06 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 23/01/2014 12:21:04 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 22/01/2014 11:50:19 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 22/01/2014 8:56:00 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 22/01/2014 7:47:26 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 22/01/2014 7:46:01 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Log: 'System' Date/Time: 22/01/2014 12:25:21 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 22/01/2014 12:25:21 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/01/2014 2:03:52 PM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: Windows - Virtual Memory Minimum Too Low : Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. For more information, see Help.

Log: 'System' Date/Time: 26/01/2014 1:37:03 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.

Log: 'System' Date/Time: 26/01/2014 1:37:03 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.

Log: 'System' Date/Time: 26/01/2014 1:37:03 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control.

Log: 'System' Date/Time: 26/01/2014 12:53:40 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate) service entered the stopped state.

Log: 'System' Date/Time: 26/01/2014 12:53:26 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Google Update Service (gupdate) service was successfully sent a start control.

Log: 'System' Date/Time: 26/01/2014 12:37:01 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.

Log: 'System' Date/Time: 26/01/2014 12:37:00 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.

Log: 'System' Date/Time: 26/01/2014 12:37:00 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control.

Log: 'System' Date/Time: 26/01/2014 11:58:04 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Skype Updater service entered the stopped state.

Log: 'System' Date/Time: 26/01/2014 11:57:04 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 26/01/2014 11:57:03 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Skype Updater service entered the running state.

Log: 'System' Date/Time: 26/01/2014 11:57:03 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Skype Updater service was successfully sent a start control.

Log: 'System' Date/Time: 26/01/2014 11:56:59 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Remote Access Connection Manager service entered the running state.

Log: 'System' Date/Time: 26/01/2014 11:56:59 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Application Layer Gateway Service service entered the running state.

Log: 'System' Date/Time: 26/01/2014 11:56:59 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Application Layer Gateway Service service was successfully sent a start control.

Log: 'System' Date/Time: 26/01/2014 11:56:57 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The SSDP Discovery Service service entered the running state.

Log: 'System' Date/Time: 26/01/2014 11:56:56 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 26/01/2014 11:56:56 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Network Location Awareness (NLA) service entered the running state.

Log: 'System' Date/Time: 26/01/2014 11:56:56 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The SSDP Discovery Service service was successfully sent a start control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/01/2014 9:21:08 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{41C99EEE-D375-448F-93AF-7D13EE295AF7}. The data is the error code.

Log: 'System' Date/Time: 24/01/2014 10:24:58 AM
Type: warning Category: 0
Event: 20 Source: Print
Printer Driver LogMeIn Printer Driver for Windows NT x86 Version-3 was added or updated. Files:- LMIprinter.dll, LMIprinterui.dll, LMIprinterdat.dll.

Log: 'System' Date/Time: 23/01/2014 8:56:27 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{41C99EEE-D375-448F-93AF-7D13EE295AF7}. The data is the error code.

Log: 'System' Date/Time: 21/01/2014 8:56:09 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 21/01/2014 8:11:38 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 18/01/2014 9:37:51 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{41C99EEE-D375-448F-93AF-7D13EE295AF7}. The data is the error code.

Log: 'System' Date/Time: 18/01/2014 3:21:17 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 18/01/2014 3:20:54 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001111972F7F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 18/01/2014 3:16:10 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 17/01/2014 6:10:14 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{41C99EEE-D375-448F-93AF-7D13EE295AF7}. The data is the error code.

Log: 'System' Date/Time: 17/01/2014 1:20:08 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 15/01/2014 8:38:10 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{41C99EEE-D375-448F-93AF-7D13EE295AF7}. The data is the error code.

Log: 'System' Date/Time: 13/01/2014 7:50:22 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{41C99EEE-D375-448F-93AF-7D13EE295AF7}. The data is the error code.

Log: 'System' Date/Time: 13/01/2014 5:30:23 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 11/01/2014 5:57:39 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 09/01/2014 10:48:20 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{41C99EEE-D375-448F-93AF-7D13EE295AF7}. The data is the error code.

Log: 'System' Date/Time: 08/01/2014 5:03:11 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 08/01/2014 3:48:09 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\PROCESSOR on the network \Device\NetBT_Tcpip_{083E9687-903D-4EA7-BD7A-76CF27AE9714}. The data is the error code.

Log: 'System' Date/Time: 08/01/2014 10:58:34 AM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 07/01/2014 7:26:18 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down


----------



## Cookiegal (Aug 27, 2003)

For Gmail, please try another browser like IE or Firefox and let me know if you still have the same problems.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## Cookiegal (Aug 27, 2003)

One of our Trusted Advisors has informed me of a nice little program called JDiskReport which will help us to determine what is occuping the space on the hard drive. Please go to the following link and download the installer to your desktop:

http://www.jgoodies.com/freeware/jdiskreport/

Close all other windows and double-click the installer to run it. You will be presented with three options in boxes that are already ticked. Uncheck all but the one saying to put an icon on your desktop (I think it was the middle one). There's no need to have it in the starup menu or the other option either. Then follow the prompt to accept the terms of use and launch the program.

Click on "Scan file tree" and then click on the + beside My Computer to expand it and highlight Local Disk (C and click OK. It will start the scan. Let it run (it may take several minutes) until it's finished and presents you with a pie chart showing the total disk space (for the tree we selected) and the portions various elements are occupying. Please report the total and all of the elements (one of which will be system restore).


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> For Gmail, please try another browser like IE or Firefox and let me know if you still have the same problems.


Thanks, Cookiegal. Gmail (I was in Chrome) was working, and still is, working fine. I checked it in IE (I have IE8) and when I enter my email address and password into the Gmail sign-in boxes, an "Account Overview" page comes up instead of my email. There is also a highlighted box,saying, "You are using an old browser version which Account Settings no longer supports. Some features may not work correctly. Please upgrade to a modern browser, such as Google Chrome." But this is the message I normally get when I tried to use IE for gmail. And Gmail works fine in Firefox. The thing that's different is that on the Firefox Google page, the sign-in links are in the upper right hand corner (see screenshot), whereas, as I have said before, they are not there on the Google page in Chrome, which they usually are.



Cookiegal said:


> Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.
> 
> *Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).
> 
> ...


Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 01
Ran by Linda Bal (administrator) on OLDPROCESSOR on 27-01-2014 13:40:49
Running from C:\Documents and Settings\Linda Bal\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(CA) C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardian.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Linksys, LLC) C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardian.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(HP) C:\WINDOWS\SYSTEM32\HPZipm12.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-07-24] (LogMeIn, Inc.)
HKLM\...\Run: [Linksys Wireless Manager] - C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1358384 2009-02-16] (Linksys, LLC)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-18] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre7\bin\jusched.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\PFW: C:\WINDOWS\system32\UmxWnp.Dll (CA)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
MountPoints2: {5ccb0e0a-de00-11dd-94da-001111972f7f} - E:\Software\FirefoxPortable\FirefoxPortable.exe
MountPoints2: {83d5f684-cdfc-11dc-8452-001111972f7f} - E:\LaunchU3.exe -a
AppInit_DLLs: UmxSbxExw.dll => C:\WINDOWS\system32\UmxSbxExw.dll [113144 2009-04-01] (CA)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irs.gov/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://libertytax.webex.com/client/T27L/support/ieatgpc.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\WINDOWS\system32\VetRedir.dll [95472] (Computer Associates International, Inc.)
Winsock: Catalog9 07 C:\WINDOWS\system32\VetRedir.dll [95472] (Computer Associates International, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @sony.com/eBookLibrary - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\Extensions\[email protected] [2014-01-04]
FF Extension: Adblock Plus - C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Reader Library) - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-15]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-15]
CHR Extension: (HTTPS Everywhere) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-07-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S4 CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [251120 2009-10-07] (CA, Inc.)
S4 CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [212992 2009-10-02] (Computer Associates International, Inc.)
S4 ccSchedulerSVC; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [206064 2009-10-07] (Computer Associates International, Inc.)
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MSSQL$LIBTAX; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-18] (Panda Security, S.L.)
S4 UmxAgent; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [887288 2009-08-04] (CA)
S4 UmxCfg; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [760664 2009-07-13] (CA)
R2 UmxFwHlp; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [154104 2009-06-08] (CA)
S4 UmxPol; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [227832 2009-07-27] (CA)

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-07] (HP)
R1 KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [78840 2009-09-30] (CA)
R0 KmxAMRT; C:\WINDOWS\System32\DRIVERS\KmxAMRT.sys [143352 2009-08-27] (CA)
S3 KmxAMVet; C:\WINDOWS\system32\Drivers\KmxAMVet.sys [598656 2009-03-27] (Computer Associates International, Inc.)
R2 KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [145912 2009-06-08] (CA)
R3 KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [239608 2009-09-30] (CA)
R1 KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [55288 2009-04-28] (CA)
R1 KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [115704 2009-06-08] (CA)
R2 KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [58872 2009-03-27] (CA)
R0 KmxStart; C:\WINDOWS\System32\DRIVERS\kmxstart.sys [108024 2009-06-08] (CA)
S3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-30] (Broadcom Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [126184 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [107752 2013-05-28] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [124648 2013-05-28] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [95464 2013-05-28] (Panda Security, S.L.)
S4 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52328 2013-05-28] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [106344 2013-05-28] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [287336 2013-05-28] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [161384 2013-05-28] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-28] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [230376 2013-05-28] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-28] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103528 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [179944 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [115048 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [128232 2013-10-11] (Panda Security, S.L.)
R3 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [97896 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 UdfReadr; C:\WINDOWS\system32\Drivers\UdfReadr.sys [213120 2004-01-09] (Roxio)
S3 WUSB54GCv3; C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys [627072 2008-12-04] (Ralink Technology, Corp.)
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-27 13:40 - 2014-01-27 13:41 - 00018103 _____ C:\Documents and Settings\Linda Bal\Desktop\FRST.txt
2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 ____D C:\FRST
2014-01-27 13:39 - 2014-01-27 13:38 - 01223168 _____ (Farbar) C:\Documents and Settings\Linda Bal\Desktop\FRST.exe
2014-01-26 14:22 - 2014-01-26 14:22 - 00030693 _____ C:\VEW.txt
2014-01-26 14:15 - 2014-01-26 14:12 - 00061440 _____ ( ) C:\Documents and Settings\Linda Bal\Desktop\VEW.exe
2014-01-25 16:45 - 2014-01-25 18:49 - 00000000 ____D C:\AdwCleaner
2014-01-25 16:44 - 2014-01-25 16:42 - 01236282 _____ C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k7
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k6
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k5
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k4
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k3
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k2
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k1
2014-01-25 02:18 - 2014-01-26 18:06 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k0
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\Linda Bal\Start Menu\Programs\Notepad++
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k7
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k6
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k5
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k4
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k3
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k2
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k1
2014-01-24 18:24 - 2014-01-26 18:06 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k0
2014-01-23 17:28 - 2014-01-25 02:10 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\DDSscans
2014-01-23 13:54 - 2009-03-27 15:27 - 00079368 _____ (CA) C:\WINDOWS\system32\UmxWNP.dll
2014-01-22 19:42 - 2014-01-22 19:42 - 00000079 _____ C:\WINDOWS\wininit.ini
2014-01-21 21:56 - 2014-01-21 21:56 - 00000924 _____ C:\Documents and Settings\Linda Bal\Desktop\Revo Uninstaller.lnk
2014-01-21 21:56 - 2014-01-21 21:56 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-19 20:19 - 2014-01-25 17:36 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\purchases
2014-01-19 14:13 - 2009-01-09 00:32 - 00290772 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20140119-141328.backup
2014-01-18 23:46 - 2014-01-22 19:46 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-18 23:45 - 2014-01-22 19:47 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-18 23:16 - 2013-04-29 01:17 - 00047632 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-01-18 23:08 - 2014-01-18 23:08 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\LavasoftStatistics
2014-01-18 22:16 - 2014-01-18 22:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-18 22:14 - 2014-01-18 22:17 - 00009045 _____ C:\WINDOWS\KB942288-v3.log
2014-01-18 22:14 - 2014-01-18 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-01-18 21:54 - 2014-01-18 21:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2014-01-18 21:53 - 2014-01-18 21:57 - 00000000 ____D C:\Program Files\SpywareBlaster
2014-01-18 21:53 - 2014-01-18 21:53 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2014-01-18 21:53 - 2014-01-18 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-01-18 20:37 - 2014-01-18 20:37 - 00001685 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\SUPERAntiSpyware.com
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 20:36 - 2014-01-18 20:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-18 20:36 - 2014-01-18 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-01-18 15:51 - 2014-01-26 18:06 - 00589824 _____ C:\WINDOWS\system32\config\Nano.evt
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Panda Security
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Program Files\Panda Security
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2014-01-15 21:11 - 2014-01-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 21:10 - 2014-01-15 21:12 - 00004704 _____ C:\WINDOWS\KB2914368.log
2014-01-14 21:48 - 2014-01-14 21:48 - 00021863 _____ C:\Documents and Settings\Linda Bal\Local Settings\Application Data\recently-used.xbel
2014-01-13 18:29 - 2014-01-13 18:29 - 00001774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00001768 _____ C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00000000 ____D C:\Program Files\Belarc
2014-01-13 18:29 - 2013-09-10 18:25 - 00003840 _____ C:\WINDOWS\system32\Drivers\BANTExt.sys
2014-01-11 19:56 - 2014-01-11 19:56 - 00287402 _____ C:\WINDOWS\msxml4-KB2758694-enu.LOG
2014-01-10 22:55 - 2014-01-14 12:21 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-10 22:55 - 2014-01-10 22:55 - 00001741 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-10 22:53 - 2014-01-10 22:54 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-10 21:57 - 2014-01-10 21:57 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Secunia PSI
2014-01-10 21:56 - 2014-01-10 21:56 - 00000000 ____D C:\Program Files\Secunia
2014-01-10 12:51 - 2014-01-10 12:51 - 00509440 _____ (Tech Support Guy System) C:\Documents and Settings\Linda Bal\Desktop\SysInfo.exe
2014-01-09 23:05 - 2014-01-09 23:05 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\backups
2014-01-07 19:50 - 2014-01-05 21:04 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Linda Bal\Desktop\HijackThis.exe
2014-01-03 22:49 - 2014-01-03 22:49 - 00000898 _____ C:\WINDOWS\KB927891.log
2014-01-03 18:01 - 2014-01-03 18:01 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Mozilla
2014-01-03 18:00 - 2014-01-03 18:00 - 00000737 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000731 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2013-12-30 14:54 - 2013-12-30 14:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2013-12-29 18:29 - 2013-12-29 18:29 - 00005673 _____ C:\WINDOWS\KB975558.log
2013-12-28 16:47 - 2013-12-28 20:07 - 00009334 _____ C:\WINDOWS\KB2378111.log

==================== One Month Modified Files and Folders =======

2014-01-27 13:41 - 2014-01-27 13:40 - 00018103 _____ C:\Documents and Settings\Linda Bal\Desktop\FRST.txt
2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 ____D C:\FRST
2014-01-27 13:38 - 2014-01-27 13:39 - 01223168 _____ (Farbar) C:\Documents and Settings\Linda Bal\Desktop\FRST.exe
2014-01-27 13:37 - 2013-03-31 08:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-27 13:36 - 2008-10-14 12:35 - 00002497 _____ C:\Documents and Settings\Linda Bal\Desktop\Microsoft Office Word 2003.lnk
2014-01-27 13:26 - 2004-12-28 14:47 - 01867248 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-27 12:53 - 2013-01-15 17:20 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 11:25 - 2004-12-28 14:45 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL
2014-01-27 11:25 - 2004-08-11 17:09 - 00000159 ____C C:\WINDOWS\WIADEBUG.LOG
2014-01-27 11:25 - 2004-08-11 17:09 - 00000049 ____C C:\WINDOWS\WIASERVC.LOG
2014-01-27 11:24 - 2013-01-15 17:20 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 11:24 - 2009-01-10 15:43 - 00000000 ____D C:\Program Files\LogMeIn
2014-01-27 11:24 - 2004-12-28 14:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k7
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k6
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k5
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k4
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k3
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k2
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k1
2014-01-26 18:06 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k0
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k7
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k6
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k5
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k4
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k3
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k2
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k1
2014-01-26 18:06 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k0
2014-01-26 18:06 - 2014-01-18 15:51 - 00589824 _____ C:\WINDOWS\system32\config\Nano.evt
2014-01-26 18:06 - 2005-01-05 15:58 - 00000278 __SHC C:\Documents and Settings\Linda Bal\NTUSER.INI
2014-01-26 18:06 - 2004-12-28 14:47 - 00032522 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-26 14:22 - 2014-01-26 14:22 - 00030693 _____ C:\VEW.txt
2014-01-26 14:12 - 2014-01-26 14:15 - 00061440 _____ ( ) C:\Documents and Settings\Linda Bal\Desktop\VEW.exe
2014-01-25 18:49 - 2014-01-25 16:45 - 00000000 ____D C:\AdwCleaner
2014-01-25 17:36 - 2014-01-19 20:19 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\purchases
2014-01-25 17:30 - 2013-05-31 12:09 - 00000000 ____D C:\My Publications
2014-01-25 17:24 - 2013-05-31 12:46 - 00000000 ____D C:\Documents and Settings\Linda Bal\My Documents\My Publications
2014-01-25 17:22 - 2013-06-06 15:44 - 00000000 ____D C:\Documents and Settings\Linda Bal\My Documents\My Kindle Content
2014-01-25 16:42 - 2014-01-25 16:44 - 01236282 _____ C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
2014-01-25 02:10 - 2014-01-23 17:28 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\DDSscans
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\Linda Bal\Start Menu\Programs\Notepad++
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
2014-01-24 23:35 - 2013-01-27 17:02 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Paint.NET
2014-01-24 23:35 - 2013-01-16 16:29 - 00000000 ____D C:\Program Files\Notepad++
2014-01-24 23:35 - 2013-01-16 16:29 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Notepad++
2014-01-24 23:35 - 2005-01-05 15:58 - 00000000 ____D C:\Documents and Settings\Linda Bal
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 ____D C:\Documents and Settings\Administrator
2014-01-24 18:01 - 2004-12-28 14:35 - 00000000 ____D C:\WINDOWS\system32\Restore
2014-01-24 10:24 - 2009-01-10 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-01-23 20:15 - 2013-06-12 12:03 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\EPUBS
2014-01-23 18:20 - 2013-04-08 10:11 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\AboutTheAuthor--howto
2014-01-23 00:16 - 2013-11-15 17:14 - 00000000 ____D C:\Documents and Settings\Linda Bal\My Documents\Calibre Library
2014-01-22 19:58 - 2004-12-28 14:54 - 00000000 ____D C:\Program Files\Java
2014-01-22 19:58 - 2004-12-28 14:54 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-22 19:47 - 2014-01-18 23:45 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-22 19:46 - 2014-01-18 23:46 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-22 19:42 - 2014-01-22 19:42 - 00000079 _____ C:\WINDOWS\wininit.ini
2014-01-21 21:56 - 2014-01-21 21:56 - 00000924 _____ C:\Documents and Settings\Linda Bal\Desktop\Revo Uninstaller.lnk
2014-01-21 21:56 - 2014-01-21 21:56 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-21 13:23 - 2013-12-24 12:01 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\remittances
2014-01-20 14:54 - 2013-12-23 19:28 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-19 14:10 - 2009-01-09 00:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-01-19 12:24 - 2013-05-26 11:59 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\BankOfAmericareceipts
2014-01-18 23:12 - 2004-08-11 17:20 - 00398344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-18 23:08 - 2014-01-18 23:08 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\LavasoftStatistics
2014-01-18 22:22 - 2013-05-30 12:29 - 00120593 _____ C:\WINDOWS\setupapi.log
2014-01-18 22:17 - 2014-01-18 22:14 - 00009045 _____ C:\WINDOWS\KB942288-v3.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00152281 _____ C:\WINDOWS\tsoc.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00111496 _____ C:\WINDOWS\comsetup.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00102622 _____ C:\WINDOWS\msmqinst.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00067598 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00058482 _____ C:\WINDOWS\netfxocm.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00022950 _____ C:\WINDOWS\MedCtrOC.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00018468 _____ C:\WINDOWS\ocmsn.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00016794 _____ C:\WINDOWS\tabletoc.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00016686 _____ C:\WINDOWS\msgsocm.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-18 22:17 - 2013-04-10 19:36 - 00362772 _____ C:\WINDOWS\iis6.log
2014-01-18 22:17 - 2013-04-10 19:36 - 00332583 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 22:17 - 2013-04-10 19:36 - 00159624 _____ C:\WINDOWS\ocgen.log
2014-01-18 22:17 - 2004-12-28 14:34 - 00000000 ____D C:\WINDOWS\system32\MUI
2014-01-18 22:16 - 2014-01-18 22:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-18 22:14 - 2014-01-18 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-01-18 21:57 - 2014-01-18 21:53 - 00000000 ____D C:\Program Files\SpywareBlaster
2014-01-18 21:54 - 2014-01-18 21:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2014-01-18 21:53 - 2014-01-18 21:53 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2014-01-18 21:53 - 2014-01-18 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-01-18 20:37 - 2014-01-18 20:37 - 00001685 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\SUPERAntiSpyware.com
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 20:37 - 2014-01-18 20:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-18 20:36 - 2014-01-18 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-01-18 15:52 - 2005-02-10 13:20 - 00113104 ____C C:\Documents and Settings\Linda Bal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Panda Security
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Program Files\Panda Security
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2014-01-18 15:18 - 2013-01-14 13:28 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-17 16:29 - 2013-03-31 08:39 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-17 16:29 - 2013-03-31 08:39 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-17 16:29 - 2008-01-13 14:12 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Adobe
2014-01-17 11:03 - 2013-01-15 17:24 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-15 21:16 - 2013-08-14 11:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 21:12 - 2014-01-15 21:10 - 00004704 _____ C:\WINDOWS\KB2914368.log
2014-01-15 21:12 - 2013-04-10 19:37 - 00001374 _____ C:\WINDOWS\imsins.BAK
2014-01-15 21:12 - 2008-01-08 17:19 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 21:11 - 2014-01-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 21:50 - 2013-05-17 18:27 - 00000000 ____D C:\Documents and Settings\Linda Bal\.gimp-2.8
2014-01-14 21:48 - 2014-01-14 21:48 - 00021863 _____ C:\Documents and Settings\Linda Bal\Local Settings\Application Data\recently-used.xbel
2014-01-14 12:21 - 2014-01-10 22:55 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-13 22:52 - 2004-12-28 14:35 - 00000000 ____D C:\WINDOWS\SECURITY
2014-01-13 18:29 - 2014-01-13 18:29 - 00001774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00001768 _____ C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00000000 ____D C:\Program Files\Belarc
2014-01-11 19:56 - 2014-01-11 19:56 - 00287402 _____ C:\WINDOWS\msxml4-KB2758694-enu.LOG
2014-01-11 16:52 - 2013-12-11 03:03 - 00016440 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-10 23:09 - 2008-01-13 14:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-10 23:07 - 2008-01-13 13:50 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Adobe
2014-01-10 22:55 - 2014-01-10 22:55 - 00001741 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-10 22:54 - 2014-01-10 22:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-10 22:53 - 2011-01-19 14:23 - 00000000 ____D C:\Program Files\Adobe
2014-01-10 22:35 - 2009-10-22 13:41 - 00000000 ____D C:\Program Files\MSXML 4.0
2014-01-10 21:57 - 2014-01-10 21:57 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Secunia PSI
2014-01-10 21:56 - 2014-01-10 21:56 - 00000000 ____D C:\Program Files\Secunia
2014-01-10 12:51 - 2014-01-10 12:51 - 00509440 _____ (Tech Support Guy System) C:\Documents and Settings\Linda Bal\Desktop\SysInfo.exe
2014-01-09 23:17 - 2004-12-28 14:37 - 00000211 __RSH C:\BOOT.INI
2014-01-09 23:17 - 2004-08-11 17:15 - 00000689 _____ C:\WINDOWS\WIN.INI
2014-01-09 23:17 - 2004-08-11 17:07 - 00000227 _____ C:\WINDOWS\SYSTEM.INI
2014-01-09 23:05 - 2014-01-09 23:05 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\backups
2014-01-06 16:43 - 2013-11-16 13:04 - 00017982 _____ C:\WINDOWS\KB2868626.log
2014-01-06 16:40 - 2013-10-11 22:39 - 00028679 _____ C:\WINDOWS\KB2847311.log
2014-01-05 21:04 - 2014-01-07 19:50 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Linda Bal\Desktop\HijackThis.exe
2014-01-03 23:15 - 2008-01-08 14:46 - 00000000 __SHD C:\Documents and Settings\Linda Bal\UserData
2014-01-03 23:08 - 2004-08-11 17:15 - 00001514 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-01-03 22:49 - 2014-01-03 22:49 - 00000898 _____ C:\WINDOWS\KB927891.log
2014-01-03 18:01 - 2014-01-03 18:01 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Mozilla
2014-01-03 18:00 - 2014-01-03 18:00 - 00000737 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000731 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-03 18:00 - 2009-12-28 21:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 14:07 - 2013-05-31 10:47 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\RE-UPLOADINFO
2014-01-02 00:43 - 2013-10-23 22:14 - 00609640 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-12-30 20:00 - 2013-01-17 19:48 - 00000000 ____D C:\Documents and Settings\Linda Bal\.kindle
2013-12-30 14:54 - 2013-12-30 14:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2013-12-29 18:29 - 2013-12-29 18:29 - 00005673 _____ C:\WINDOWS\KB975558.log
2013-12-28 20:07 - 2013-12-28 16:47 - 00009334 _____ C:\WINDOWS\KB2378111.log
2013-12-28 20:07 - 2013-08-01 18:04 - 00010483 _____ C:\WINDOWS\wmsetup.log

Some content of TEMP:
====================
C:\Documents and Settings\Linda Bal\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-29c0e1f5.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

And here is the "Addition" log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-01-2014 01
Ran by Linda Bal at 2014-01-27 13:42:34
Running from C:\Documents and Settings\Linda Bal\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: CA Anti-Virus Plus (Disabled - Up to date) {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Panda Cloud Antivirus (Disabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Cloud Antivirus Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: CA Personal Firewall (Disabled) {FE9BB4F9-4C8D-4EB7-82D2-D7159B9BCD33}

==================== Installed Programs ======================

Adobe Digital Editions 2.0 (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Kindle (Version: - Amazon)
AMRT (Version: 1.6.380 - cathreat) Hidden
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Balabolka (Version: 2.7.0.546 - Ilya Morozov)
Belarc Advisor 8.4 (Version: 8.4.0.0 - Belarc Inc.)
CA Anti-Virus Plus (Version: 2.0.0.216 - CA) Hidden
CA Personal Firewall (Version: 11.0.0.604 - CA) Hidden
calibre (Version: 1.11.0 - Kovid Goyal)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Crystal Reports 9 (Version: 1.00.0000 - Liberty Tax Service) Hidden
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.1.0 - Business Objects)
ePubPack (HKCU Version: 1.3.2.0 - ePubPack)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GIMP 2.8.4 (Version: 2.8.4 - The GIMP Team)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP Image Zone Express (Version: 1.5.1.29 - Hewlett-Packard)
HP Software Update (Version: 3.0.5.001 - HEWLET~1|Hewlett-Packard) Hidden
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3 - HP)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Intel(R) Extreme Graphics 2 Driver (Version: - )
Intel(R) PRO Network Adapters and Drivers (Version: - )
Intel(R) PROSet (Version: 6.05.2001 - Intel)
InterviewPLUS Workstation (Version: 21 - Universal Tax Systems, Inc.) Hidden
InterviewPLUS Workstation Setup (Version: 19 - Universal Tax Systems, Inc.) Hidden
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kindle Previewer (HKCU Version: 2.9 - Amazon)
LaserJet 1018 (Version: - )
LibreOffice 4.0 Help Pack (English) (Version: 4.0.4.2 - The Document Foundation)
LibreOffice 4.1.2.3 (Version: 4.1.2.3 - The Document Foundation)
LibTax 2006 (Version: - )
LibTax 2008 (Version: - )
LibTax 2009 (Version: - )
LibTax 2010 (Version: - )
Linksys Wireless Manager (Version: 4.9.9047.0 - Linksys, LLC)
LogMeIn (Version: 4.0.784 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (LIBTAX) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQLXML 4.0 SP1 (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)
Notepad++ (Version: 6.5.2 - Notepad++ Team)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
Panda Cloud Antivirus (Version: 02.03.00.0000 - Panda Security)
Panda Cloud Antivirus (Version: 6.06.00.0000 - Panda Security) Hidden
Photo Pos Pro (Version: 1.89.5 - PowerOfSoftware Ltd.)
PRS-500 USB driver (Version: 1.0.00.08110 - Sony)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Reader Library by Sony (Version: 3.3.00.07130 - Sony Corporation)
ReportViewer (Version: 1.0.0.0 - )
Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)
Roxio UDF Reader (Version: - )
Sigil 0.7.2 (Version: - John Schember)
Skype 6.10 (Version: 6.10.104 - Skype Technologies S.A.)
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.0 (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
TaxWise Workstation (Version: 20 - Universal Tax Systems, Inc.) Hidden
TaxWise Workstation (Version: 21 - Universal Tax Systems, Inc.) Hidden
TaxWise Workstation Setup (Version: 19 - Universal Tax Systems, Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WebEx (Version: - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (Version: 08/08/2006 1.0.03.08080 - Sony Corporation)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows PowerShell(TM) 1.0 (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

11-01-2014 22:51:53 Installed Windows XP KB2898785.
12-01-2014 01:56:06 Software Distribution Service 3.0
01-12-2004 21:53:45 System Checkpoint
14-01-2014 02:36:23 System Checkpoint
14-01-2014 18:27:48 Software Distribution Service 3.0
15-01-2014 18:47:36 Software Distribution Service 3.0
16-01-2014 03:09:33 Software Distribution Service 3.0
16-01-2014 20:10:28 Software Distribution Service 3.0
17-01-2014 20:11:43 System Checkpoint
18-01-2014 20:33:32 Software Distribution Service 3.0
19-01-2014 04:17:04 Installed Windows XP KB942288-v3.
19-01-2014 04:17:58 AA11
19-01-2014 23:49:22 AA11
21-01-2014 02:35:02 System Checkpoint
22-01-2014 20:25:06 System Checkpoint
23-01-2014 01:57:36 Removed Java 2 Runtime Environment, SE v1.4.2_03
23-01-2014 02:00:37 Revo Uninstaller's restore point - Notepad++
23-01-2014 19:02:26 Revo Uninstaller's restore point - AMRT
23-01-2014 19:42:14 Revo Uninstaller's restore point - HIPSCC
23-01-2014 19:42:27 Removed HIPSCC.
23-01-2014 19:53:54 Revo Uninstaller's restore point - CA Personal Firewall
23-01-2014 19:54:19 Removed CA Personal Firewall.
24-01-2014 16:24:55 Printer Driver LogMeIn Printer Driver Installed
25-01-2014 00:01:25 Restore Operation
25-01-2014 00:21:57 Restore Operation
25-01-2014 00:31:00 Restore Operation
25-01-2014 00:43:14 Restore Operation
25-01-2014 00:56:20 Restore Operation
25-01-2014 01:09:55 Restore Operation
25-01-2014 01:23:10 Restore Operation
25-01-2014 01:47:50 Restore Operation
25-01-2014 02:10:59 Restore Operation
25-01-2014 03:08:59 Restore Operation
25-01-2014 03:58:30 Restore Operation
26-01-2014 18:24:04 System Checkpoint
27-01-2014 18:27:13 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 05:00 - 2014-01-19 14:13 - 00451418 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	www.123simsen.com
127.0.0.1	123simsen.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-10-22 14:26 - 2009-09-15 17:07 - 01063248 _____ () C:\Program Files\LogMeIn\x86\ICSAgent32.dll
2009-10-22 12:58 - 2009-09-30 07:10 - 00589824 _____ () C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll
2012-06-18 09:24 - 2012-06-18 09:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2004-08-04 05:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-12 11:23 - 2013-04-12 11:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2014-01-17 11:03 - 2014-01-11 04:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 11:03 - 2014-01-11 04:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 11:03 - 2014-01-11 04:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2013-07-06 20:08 - 2013-07-06 20:08 - 04591616 _____ () C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2013-07-06 20:08 - 2013-07-06 20:08 - 00112128 _____ () C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2014 07:45:59 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x011b4fe0.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/24/2014 07:44:34 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x012b4fe0.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/24/2014 07:07:36 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x012c4fe0.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/24/2014 06:40:47 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02f34fe0.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/24/2014 06:37:22 PM) (Source: SQLWRITER) (User: )
Description: SQL writer initialization error: the control dispatcher cannot be started [0x80070427].

Error: (01/24/2014 06:13:26 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02e74fe0.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/24/2014 05:26:41 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04184fe0.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/24/2014 05:25:38 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x04124fe0.
Processing media-specific event for [!ws!]

Error: (01/24/2014 05:23:11 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03504fe0.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/24/2014 03:01:36 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01b34fe0.
Processing media-specific event for [explorer.exe!ws!]

System errors:
=============
Error: (01/27/2014 11:24:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/26/2014 06:05:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/26/2014 11:55:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/26/2014 00:08:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/25/2014 09:52:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/25/2014 09:50:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/25/2014 06:54:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/25/2014 06:51:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error: (01/25/2014 06:48:49 PM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2014 00:16:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Microsoft Office Sessions:
=========================
Error: (01/24/2014 07:45:59 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0011b4fe0

Error: (01/24/2014 07:44:34 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0012b4fe0

Error: (01/24/2014 07:07:36 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0012c4fe0

Error: (01/24/2014 06:40:47 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.002f34fe0

Error: (01/24/2014 06:37:22 PM) (Source: SQLWRITER)(User: )
Description: 0x80070427

Error: (01/24/2014 06:13:26 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.002e74fe0

Error: (01/24/2014 05:26:41 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.004184fe0

Error: (01/24/2014 05:25:38 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.004124fe0

Error: (01/24/2014 05:23:11 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.003504fe0

Error: (01/24/2014 03:01:36 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.001b34fe0

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 1149.98 MB
Available physical RAM: 507.43 MB
Total Pagefile: 1440.48 MB
Available Pagefile: 535.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.82 MB

==================== Drives ================================

Drive c: (HUN-TP3) (Fixed) (Total:37.2 GB) (Free:4.6 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thanks!


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> One of our Trusted Advisors has informed me of a nice little program called JDiskReport which will help us to determine what is occuping the space on the hard drive. Please go to the following link and download the installer to your desktop:
> 
> http://www.jgoodies.com/freeware/jdiskreport/
> 
> ...


Thanks Cookiegal. I ran the jdisk program successfully, but I wasn't certain what you meant by "all of the elements." I attached the pie chart.(see screenshot) I also saved the scan. I tried to open the saved scan to view it but got this window (see next screenshot) and didn't recognize the file icon (which I circled on the screenshot). (So I didn't open it.) I was going to send you the file but then remembered the TechSupportGuy warning about not sending security-sensitive things on the 'manage attachment' window and thought I'd better ask you if it was a good idea before I did. And I'm keeping the file open (in case it didn't save the file properly or I need to open it up to find the info. you're wanting) as a minimized file until I hear back from you.

When I opened the computer today the available space was 4.73 (up from 4.26 yesterday). When I was done with the jDisk scan the available space was 4.59. In my amatuer take on the jdisk report I would think I have 37.1 GB capacity so minus the 20.8 GB total on my C drive I should have 16.3 GB available space, which is what I always used to have. But perhaps there is information hidden in the jdisk scan that I am unaware of. Please advise. As I said I'm holding the scan open until I hear from you. Plus if the way I have saved it (that icon) is okay or is there another way of saving it. And then again even if I should send it because of security issues. Thanks!


----------



## Cookiegal (Aug 27, 2003)

What's odd in the screenshot from JDiskReport there's nothing listed for System Volume Information which is the System Restore repository. Mine shows it there. 

If you click on Recyclers what size is that directory? This is the Recycle Bin.

I'll review the log tomorrow and post further instructions.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> What's odd in the screenshot from JDiskReport there's nothing listed for System Volume Information which is the System Restore repository. Mine shows it there.
> 
> If you click on Recyclers what size is that directory? This is the Recycle Bin.
> 
> I'll review the log tomorrow and post further instructions.


Hey Cookiegal. Recycler is 67.1 MB. (see attachment) Thanks. Will check back tomorrow.


----------



## GreggIllinois (Jan 5, 2014)

I was going through my emails and in a big hurry. Someone on Twitter sent me a tweet saying 'your blog post was so funny' or something like that and a tiny url. The split second I clicked on the tiny url I knew I shouldn't have. <sigh> Anyway, I ran the tiny url through URL Xray and sure enough, the full URL looks like spyware. (see attachment) I circled the full URL. I ran Super Anti-Spyware quick scan and it just turned up some tracking cookies and little things. I was going to download Spybot Search and Destroy but I remembered you saying something about Spybot messing with the registry so I passed. Then somebody I was talking to in a chat room suggested running the full url through VirusTotal, which I did. Amazingly the url came through as clean. (See second attachment.) I never looked at the site that opened so I don't _know_ that it was spyware or whatever. Does the Virus Total report mean it was nothing to worry about? <fingers crossed> Thanks.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal, the links on the Google page in Chrome (in the upper right hand corner) (that I keep telling you about them being missing) are back! (I get excited over these things!) Thanks!


----------



## Cookiegal (Aug 27, 2003)

I doubt that link was legitimate. It redirects to a Russian site valv.im:

https://www.virustotal.com/en/domain/valv.im/information/

I'm going to need you to run FRST again and post the new log as this may have changed things. You will only get one log this time.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> I doubt that link was legitimate. It redirects to a Russian site valv.im:
> 
> https://www.virustotal.com/en/domain/valv.im/information/
> 
> I'm going to need you to run FRST again and post the new log as this may have changed things. You will only get one log this time.


Okay, here's the FRST scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by Linda Bal (administrator) on OLDPROCESSOR on 28-01-2014 10:52:30
Running from C:\Documents and Settings\Linda Bal\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(CA) C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardian.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(HP) C:\WINDOWS\SYSTEM32\HPZipm12.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Linksys, LLC) C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardian.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-07-24] (LogMeIn, Inc.)
HKLM\...\Run: [Linksys Wireless Manager] - C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1358384 2009-02-16] (Linksys, LLC)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-18] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre7\bin\jusched.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\PFW: C:\WINDOWS\system32\UmxWnp.Dll (CA)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
MountPoints2: {5ccb0e0a-de00-11dd-94da-001111972f7f} - E:\Software\FirefoxPortable\FirefoxPortable.exe
MountPoints2: {83d5f684-cdfc-11dc-8452-001111972f7f} - E:\LaunchU3.exe -a
AppInit_DLLs: UmxSbxExw.dll => C:\WINDOWS\system32\UmxSbxExw.dll [113144 2009-04-01] (CA)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irs.gov/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://libertytax.webex.com/client/T27L/support/ieatgpc.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\WINDOWS\system32\VetRedir.dll [95472] (Computer Associates International, Inc.)
Winsock: Catalog9 07 C:\WINDOWS\system32\VetRedir.dll [95472] (Computer Associates International, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @sony.com/eBookLibrary - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\Extensions\[email protected] [2014-01-04]
FF Extension: Adblock Plus - C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Reader Library) - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-15]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-15]
CHR Extension: (HTTPS Everywhere) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-07-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S4 CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [251120 2009-10-07] (CA, Inc.)
S4 CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [212992 2009-10-02] (Computer Associates International, Inc.)
S4 ccSchedulerSVC; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [206064 2009-10-07] (Computer Associates International, Inc.)
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MSSQL$LIBTAX; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-18] (Panda Security, S.L.)
S4 UmxAgent; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [887288 2009-08-04] (CA)
S4 UmxCfg; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [760664 2009-07-13] (CA)
R2 UmxFwHlp; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [154104 2009-06-08] (CA)
S4 UmxPol; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [227832 2009-07-27] (CA)

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-07] (HP)
R1 KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [78840 2009-09-30] (CA)
R0 KmxAMRT; C:\WINDOWS\System32\DRIVERS\KmxAMRT.sys [143352 2009-08-27] (CA)
S3 KmxAMVet; C:\WINDOWS\system32\Drivers\KmxAMVet.sys [598656 2009-03-27] (Computer Associates International, Inc.)
R2 KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [145912 2009-06-08] (CA)
R3 KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [239608 2009-09-30] (CA)
R1 KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [55288 2009-04-28] (CA)
R1 KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [115704 2009-06-08] (CA)
R2 KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [58872 2009-03-27] (CA)
R0 KmxStart; C:\WINDOWS\System32\DRIVERS\kmxstart.sys [108024 2009-06-08] (CA)
S3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-30] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-01-27] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [126184 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [107752 2013-05-28] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [124648 2013-05-28] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [95464 2013-05-28] (Panda Security, S.L.)
S4 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52328 2013-05-28] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [106344 2013-05-28] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [287336 2013-05-28] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [161384 2013-05-28] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-28] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [230376 2013-05-28] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-28] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103528 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [179944 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [115048 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [128232 2013-10-11] (Panda Security, S.L.)
R3 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [97896 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 UdfReadr; C:\WINDOWS\system32\Drivers\UdfReadr.sys [213120 2004-01-09] (Roxio)
S3 WUSB54GCv3; C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys [627072 2008-12-04] (Ralink Technology, Corp.)
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-28 10:52 - 2014-01-28 10:53 - 00017815 _____ C:\Documents and Settings\Linda Bal\Desktop\FRST.txt
2014-01-28 10:50 - 2014-01-28 10:50 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\FRST-OlderVersion
2014-01-27 21:38 - 2014-01-27 21:38 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-27 14:28 - 2014-01-27 14:29 - 04516552 _____ C:\Documents and Settings\Linda Bal\Desktop\jDiskCompleteScanFile.jdr
2014-01-27 14:11 - 2014-01-27 14:11 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\JGoodies
2014-01-27 14:07 - 2014-01-27 14:07 - 00001569 _____ C:\Documents and Settings\Linda Bal\Desktop\JDiskReport.lnk
2014-01-27 14:07 - 2014-01-27 14:07 - 00000000 ____D C:\Program Files\JGoodies
2014-01-27 14:06 - 2014-01-27 14:05 - 00627040 _____ C:\Documents and Settings\Linda Bal\Desktop\jdiskreport-1_4_0-win.exe
2014-01-27 13:40 - 2014-01-28 10:50 - 00000000 ____D C:\FRST
2014-01-27 13:39 - 2014-01-28 10:50 - 01136640 _____ (Farbar) C:\Documents and Settings\Linda Bal\Desktop\FRST.exe
2014-01-26 14:22 - 2014-01-26 14:22 - 00030693 _____ C:\VEW.txt
2014-01-26 14:15 - 2014-01-26 14:12 - 00061440 _____ ( ) C:\Documents and Settings\Linda Bal\Desktop\VEW.exe
2014-01-25 16:45 - 2014-01-25 18:49 - 00000000 ____D C:\AdwCleaner
2014-01-25 16:44 - 2014-01-25 16:42 - 01236282 _____ C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k7
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k6
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k5
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k4
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k3
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k2
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k1
2014-01-25 02:18 - 2014-01-27 23:56 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k0
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\Linda Bal\Start Menu\Programs\Notepad++
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k7
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k6
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k5
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k4
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k3
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k2
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k1
2014-01-24 18:24 - 2014-01-27 23:56 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k0
2014-01-23 17:28 - 2014-01-25 02:10 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\DDSscans
2014-01-23 13:54 - 2009-03-27 15:27 - 00079368 _____ (CA) C:\WINDOWS\system32\UmxWNP.dll
2014-01-22 19:42 - 2014-01-22 19:42 - 00000079 _____ C:\WINDOWS\wininit.ini
2014-01-21 21:56 - 2014-01-21 21:56 - 00000924 _____ C:\Documents and Settings\Linda Bal\Desktop\Revo Uninstaller.lnk
2014-01-21 21:56 - 2014-01-21 21:56 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-19 20:19 - 2014-01-25 17:36 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\purchases
2014-01-19 14:13 - 2009-01-09 00:32 - 00290772 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20140119-141328.backup
2014-01-18 23:46 - 2014-01-22 19:46 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-18 23:45 - 2014-01-22 19:47 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-18 23:16 - 2013-04-29 01:17 - 00047632 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-01-18 23:08 - 2014-01-18 23:08 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\LavasoftStatistics
2014-01-18 22:16 - 2014-01-18 22:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-18 22:14 - 2014-01-18 22:17 - 00009045 _____ C:\WINDOWS\KB942288-v3.log
2014-01-18 22:14 - 2014-01-18 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-01-18 21:54 - 2014-01-18 21:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2014-01-18 21:53 - 2014-01-18 21:57 - 00000000 ____D C:\Program Files\SpywareBlaster
2014-01-18 21:53 - 2014-01-18 21:53 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2014-01-18 21:53 - 2014-01-18 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-01-18 20:37 - 2014-01-18 20:37 - 00001685 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\SUPERAntiSpyware.com
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 20:36 - 2014-01-18 20:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-18 20:36 - 2014-01-18 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-01-18 15:51 - 2014-01-28 10:41 - 00720896 _____ C:\WINDOWS\system32\config\Nano.evt
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Panda Security
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Program Files\Panda Security
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2014-01-15 21:11 - 2014-01-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 21:10 - 2014-01-15 21:12 - 00004704 _____ C:\WINDOWS\KB2914368.log
2014-01-14 21:48 - 2014-01-14 21:48 - 00021863 _____ C:\Documents and Settings\Linda Bal\Local Settings\Application Data\recently-used.xbel
2014-01-13 18:29 - 2014-01-13 18:29 - 00001774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00001768 _____ C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00000000 ____D C:\Program Files\Belarc
2014-01-13 18:29 - 2013-09-10 18:25 - 00003840 _____ C:\WINDOWS\system32\Drivers\BANTExt.sys
2014-01-11 19:56 - 2014-01-11 19:56 - 00287402 _____ C:\WINDOWS\msxml4-KB2758694-enu.LOG
2014-01-10 22:55 - 2014-01-14 12:21 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-10 22:55 - 2014-01-10 22:55 - 00001741 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-10 22:53 - 2014-01-10 22:54 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-10 21:57 - 2014-01-10 21:57 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Secunia PSI
2014-01-10 21:56 - 2014-01-10 21:56 - 00000000 ____D C:\Program Files\Secunia
2014-01-10 12:51 - 2014-01-10 12:51 - 00509440 _____ (Tech Support Guy System) C:\Documents and Settings\Linda Bal\Desktop\SysInfo.exe
2014-01-09 23:05 - 2014-01-09 23:05 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\backups
2014-01-07 19:50 - 2014-01-05 21:04 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Linda Bal\Desktop\HijackThis.exe
2014-01-03 22:49 - 2014-01-03 22:49 - 00000898 _____ C:\WINDOWS\KB927891.log
2014-01-03 18:01 - 2014-01-03 18:01 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Mozilla
2014-01-03 18:00 - 2014-01-03 18:00 - 00000737 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000731 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2013-12-30 14:54 - 2013-12-30 14:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2013-12-29 18:29 - 2013-12-29 18:29 - 00005673 _____ C:\WINDOWS\KB975558.log

==================== One Month Modified Files and Folders =======

2014-01-28 10:54 - 2013-01-15 17:20 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-28 10:53 - 2014-01-28 10:52 - 00017815 _____ C:\Documents and Settings\Linda Bal\Desktop\FRST.txt
2014-01-28 10:50 - 2014-01-28 10:50 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\FRST-OlderVersion
2014-01-28 10:50 - 2014-01-27 13:40 - 00000000 ____D C:\FRST
2014-01-28 10:50 - 2014-01-27 13:39 - 01136640 _____ (Farbar) C:\Documents and Settings\Linda Bal\Desktop\FRST.exe
2014-01-28 10:47 - 2004-12-28 14:47 - 01881751 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-28 10:41 - 2014-01-18 15:51 - 00720896 _____ C:\WINDOWS\system32\config\Nano.evt
2014-01-28 10:37 - 2013-03-31 08:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-28 10:32 - 2013-01-15 17:20 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-28 10:32 - 2004-12-28 14:45 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL
2014-01-28 10:32 - 2004-08-11 17:09 - 00000159 ____C C:\WINDOWS\WIADEBUG.LOG
2014-01-28 10:31 - 2009-01-10 15:43 - 00000000 ____D C:\Program Files\LogMeIn
2014-01-28 10:31 - 2004-12-28 14:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-28 10:31 - 2004-08-11 17:09 - 00000049 ____C C:\WINDOWS\WIASERVC.LOG
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k7
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k6
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k5
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k4
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k3
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k2
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k1
2014-01-27 23:56 - 2014-01-25 02:18 - 00000045 _____ C:\WINDOWS\system32\Drivers\kmxzone.u2k0
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k7
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k6
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k5
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k4
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k3
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k2
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k1
2014-01-27 23:56 - 2014-01-24 18:24 - 00000081 _____ C:\WINDOWS\system32\Drivers\kmxcfg.u2k0
2014-01-27 23:56 - 2004-12-28 14:47 - 00032522 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-27 23:55 - 2005-01-05 15:58 - 00000278 __SHC C:\Documents and Settings\Linda Bal\NTUSER.INI
2014-01-27 22:18 - 2013-01-15 17:24 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-27 21:38 - 2014-01-27 21:38 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-27 21:29 - 2013-01-27 17:02 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Paint.NET
2014-01-27 19:16 - 2008-10-14 12:35 - 00002497 _____ C:\Documents and Settings\Linda Bal\Desktop\Microsoft Office Word 2003.lnk
2014-01-27 14:54 - 2013-12-23 19:28 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-27 14:29 - 2014-01-27 14:28 - 04516552 _____ C:\Documents and Settings\Linda Bal\Desktop\jDiskCompleteScanFile.jdr
2014-01-27 14:11 - 2014-01-27 14:11 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\JGoodies
2014-01-27 14:07 - 2014-01-27 14:07 - 00001569 _____ C:\Documents and Settings\Linda Bal\Desktop\JDiskReport.lnk
2014-01-27 14:07 - 2014-01-27 14:07 - 00000000 ____D C:\Program Files\JGoodies
2014-01-27 14:05 - 2014-01-27 14:06 - 00627040 _____ C:\Documents and Settings\Linda Bal\Desktop\jdiskreport-1_4_0-win.exe
2014-01-26 14:22 - 2014-01-26 14:22 - 00030693 _____ C:\VEW.txt
2014-01-26 14:12 - 2014-01-26 14:15 - 00061440 _____ ( ) C:\Documents and Settings\Linda Bal\Desktop\VEW.exe
2014-01-25 18:49 - 2014-01-25 16:45 - 00000000 ____D C:\AdwCleaner
2014-01-25 17:36 - 2014-01-19 20:19 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\purchases
2014-01-25 17:30 - 2013-05-31 12:09 - 00000000 ____D C:\My Publications
2014-01-25 17:24 - 2013-05-31 12:46 - 00000000 ____D C:\Documents and Settings\Linda Bal\My Documents\My Publications
2014-01-25 17:22 - 2013-06-06 15:44 - 00000000 ____D C:\Documents and Settings\Linda Bal\My Documents\My Kindle Content
2014-01-25 16:42 - 2014-01-25 16:44 - 01236282 _____ C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
2014-01-25 02:10 - 2014-01-23 17:28 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\DDSscans
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\Linda Bal\Start Menu\Programs\Notepad++
2014-01-24 23:35 - 2014-01-24 23:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
2014-01-24 23:35 - 2013-01-16 16:29 - 00000000 ____D C:\Program Files\Notepad++
2014-01-24 23:35 - 2013-01-16 16:29 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Notepad++
2014-01-24 23:35 - 2005-01-05 15:58 - 00000000 ____D C:\Documents and Settings\Linda Bal
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-24 23:35 - 2004-12-28 14:36 - 00000000 ____D C:\Documents and Settings\Administrator
2014-01-24 18:01 - 2004-12-28 14:35 - 00000000 ____D C:\WINDOWS\system32\Restore
2014-01-24 10:24 - 2009-01-10 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-01-23 20:15 - 2013-06-12 12:03 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\EPUBS
2014-01-23 18:20 - 2013-04-08 10:11 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\AboutTheAuthor--howto
2014-01-23 00:16 - 2013-11-15 17:14 - 00000000 ____D C:\Documents and Settings\Linda Bal\My Documents\Calibre Library
2014-01-22 19:58 - 2004-12-28 14:54 - 00000000 ____D C:\Program Files\Java
2014-01-22 19:58 - 2004-12-28 14:54 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-22 19:47 - 2014-01-18 23:45 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-22 19:46 - 2014-01-18 23:46 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-22 19:42 - 2014-01-22 19:42 - 00000079 _____ C:\WINDOWS\wininit.ini
2014-01-21 21:56 - 2014-01-21 21:56 - 00000924 _____ C:\Documents and Settings\Linda Bal\Desktop\Revo Uninstaller.lnk
2014-01-21 21:56 - 2014-01-21 21:56 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-21 13:23 - 2013-12-24 12:01 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\remittances
2014-01-19 14:10 - 2009-01-09 00:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-01-19 12:24 - 2013-05-26 11:59 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\BankOfAmericareceipts
2014-01-18 23:12 - 2004-08-11 17:20 - 00398344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-18 23:08 - 2014-01-18 23:08 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\LavasoftStatistics
2014-01-18 22:22 - 2013-05-30 12:29 - 00120593 _____ C:\WINDOWS\setupapi.log
2014-01-18 22:17 - 2014-01-18 22:14 - 00009045 _____ C:\WINDOWS\KB942288-v3.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00152281 _____ C:\WINDOWS\tsoc.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00111496 _____ C:\WINDOWS\comsetup.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00102622 _____ C:\WINDOWS\msmqinst.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00067598 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00058482 _____ C:\WINDOWS\netfxocm.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00022950 _____ C:\WINDOWS\MedCtrOC.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00018468 _____ C:\WINDOWS\ocmsn.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00016794 _____ C:\WINDOWS\tabletoc.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00016686 _____ C:\WINDOWS\msgsocm.log
2014-01-18 22:17 - 2013-04-10 19:37 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-18 22:17 - 2013-04-10 19:36 - 00362772 _____ C:\WINDOWS\iis6.log
2014-01-18 22:17 - 2013-04-10 19:36 - 00332583 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 22:17 - 2013-04-10 19:36 - 00159624 _____ C:\WINDOWS\ocgen.log
2014-01-18 22:17 - 2004-12-28 14:34 - 00000000 ____D C:\WINDOWS\system32\MUI
2014-01-18 22:16 - 2014-01-18 22:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-18 22:14 - 2014-01-18 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-01-18 21:57 - 2014-01-18 21:53 - 00000000 ____D C:\Program Files\SpywareBlaster
2014-01-18 21:54 - 2014-01-18 21:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2014-01-18 21:53 - 2014-01-18 21:53 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2014-01-18 21:53 - 2014-01-18 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-01-18 20:37 - 2014-01-18 20:37 - 00001685 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\SUPERAntiSpyware.com
2014-01-18 20:37 - 2014-01-18 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 20:37 - 2014-01-18 20:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-18 20:36 - 2014-01-18 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-01-18 15:52 - 2005-02-10 13:20 - 00113104 ____C C:\Documents and Settings\Linda Bal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Panda Security
2014-01-18 15:51 - 2014-01-18 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Program Files\Panda Security
2014-01-18 15:50 - 2014-01-18 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2014-01-18 15:18 - 2013-01-14 13:28 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-17 16:29 - 2013-03-31 08:39 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-17 16:29 - 2013-03-31 08:39 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-17 16:29 - 2008-01-13 14:12 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Adobe
2014-01-15 21:16 - 2013-08-14 11:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 21:12 - 2014-01-15 21:10 - 00004704 _____ C:\WINDOWS\KB2914368.log
2014-01-15 21:12 - 2013-04-10 19:37 - 00001374 _____ C:\WINDOWS\imsins.BAK
2014-01-15 21:12 - 2008-01-08 17:19 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 21:11 - 2014-01-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 21:50 - 2013-05-17 18:27 - 00000000 ____D C:\Documents and Settings\Linda Bal\.gimp-2.8
2014-01-14 21:48 - 2014-01-14 21:48 - 00021863 _____ C:\Documents and Settings\Linda Bal\Local Settings\Application Data\recently-used.xbel
2014-01-14 12:21 - 2014-01-10 22:55 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-13 22:52 - 2004-12-28 14:35 - 00000000 ____D C:\WINDOWS\SECURITY
2014-01-13 18:29 - 2014-01-13 18:29 - 00001774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00001768 _____ C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-01-13 18:29 - 2014-01-13 18:29 - 00000000 ____D C:\Program Files\Belarc
2014-01-11 19:56 - 2014-01-11 19:56 - 00287402 _____ C:\WINDOWS\msxml4-KB2758694-enu.LOG
2014-01-11 16:52 - 2013-12-11 03:03 - 00016440 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-10 23:09 - 2008-01-13 14:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-10 23:07 - 2008-01-13 13:50 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Adobe
2014-01-10 22:55 - 2014-01-10 22:55 - 00001741 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-10 22:54 - 2014-01-10 22:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-10 22:53 - 2011-01-19 14:23 - 00000000 ____D C:\Program Files\Adobe
2014-01-10 22:35 - 2009-10-22 13:41 - 00000000 ____D C:\Program Files\MSXML 4.0
2014-01-10 21:57 - 2014-01-10 21:57 - 00000000 ____D C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Secunia PSI
2014-01-10 21:56 - 2014-01-10 21:56 - 00000000 ____D C:\Program Files\Secunia
2014-01-10 12:51 - 2014-01-10 12:51 - 00509440 _____ (Tech Support Guy System) C:\Documents and Settings\Linda Bal\Desktop\SysInfo.exe
2014-01-09 23:17 - 2004-12-28 14:37 - 00000211 __RSH C:\BOOT.INI
2014-01-09 23:17 - 2004-08-11 17:15 - 00000689 _____ C:\WINDOWS\WIN.INI
2014-01-09 23:17 - 2004-08-11 17:07 - 00000227 _____ C:\WINDOWS\SYSTEM.INI
2014-01-09 23:05 - 2014-01-09 23:05 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\backups
2014-01-06 16:43 - 2013-11-16 13:04 - 00017982 _____ C:\WINDOWS\KB2868626.log
2014-01-06 16:40 - 2013-10-11 22:39 - 00028679 _____ C:\WINDOWS\KB2847311.log
2014-01-05 21:04 - 2014-01-07 19:50 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Linda Bal\Desktop\HijackThis.exe
2014-01-03 23:15 - 2008-01-08 14:46 - 00000000 __SHD C:\Documents and Settings\Linda Bal\UserData
2014-01-03 23:08 - 2004-08-11 17:15 - 00001514 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-01-03 22:49 - 2014-01-03 22:49 - 00000898 _____ C:\WINDOWS\KB927891.log
2014-01-03 18:01 - 2014-01-03 18:01 - 00000000 ____D C:\Documents and Settings\Linda Bal\Application Data\Mozilla
2014-01-03 18:00 - 2014-01-03 18:00 - 00000737 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000731 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 18:00 - 2014-01-03 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-03 18:00 - 2009-12-28 21:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 14:07 - 2013-05-31 10:47 - 00000000 ____D C:\Documents and Settings\Linda Bal\Desktop\RE-UPLOADINFO
2014-01-02 00:43 - 2013-10-23 22:14 - 00609640 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-12-30 20:00 - 2013-01-17 19:48 - 00000000 ____D C:\Documents and Settings\Linda Bal\.kindle
2013-12-30 14:54 - 2013-12-30 14:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2013-12-29 18:29 - 2013-12-29 18:29 - 00005673 _____ C:\WINDOWS\KB975558.log

Some content of TEMP:
====================
C:\Documents and Settings\Linda Bal\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-29c0e1f5.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Thank you.
P.S. The available space on C drive is now 5.26 (up from 4.73 yesterday).


----------



## Cookiegal (Aug 27, 2003)

Please download *TFC* by OldTimer to your desktop.

Double-click *TFC.exe* to run it. (If you are running Vista then right-click on the file and select *Run As Administrator*).
*Note: It will close all programs when you run it so make sure you have saved everything you may have been working on before you begin.*
Click the *Start* button to begin the process. It should only take a short time so let it run uninterrupted until it's finished. 
When it's finished it should reboot your machine. If it doesn't then please reboot manually to be sure everything is cleared.


----------



## Cookiegal (Aug 27, 2003)

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## GreggIllinois (Jan 5, 2014)

Ran the TFC by Old Timer and re-booted. Then ran the GMER scan. Was a little uncertain about saving it as ark.txt but I think it saved okay. (I've kept the GMER scan minimized if it didn't.) The available space on "C" drive is up to 7.76GB. Here is the GMER log--and thank you.

P.S. TechGuySupport is telling me: 'The text you have entered is too long (184172). Please shorten it to 100,000 characters long.' So I split it into thirds (roughly). Here is the first third and then there are two more posts with the remaining thirds.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-01-29 11:02:48
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75JHA0 rev.05.01C05 37.25GB
Running: su5sn7jm.exe; Driver: C:\DOCUME~1\LINDAB~1\LOCALS~1\Temp\kwlcafoc.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\PSINReg.sys ZwCreateKey [0xB00166B0]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwCreateSymbolicLinkObject [0xB09B4856]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwMakeTemporaryObject [0xB09B4BA7]
SSDT \SystemRoot\system32\DRIVERS\PSINReg.sys ZwOpenKey [0xB00165C8]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwOpenSection [0xB09B457B]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys ZwSetInformationProcess [0xB943776F]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwSetSystemInformation [0xB09B4983]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xB1039640]

---- User code sections - GMER 2.1 ----

.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] kernel32.dll!ExitProcess + 2 7C81D20C 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[176] ADVAPI32.dll!EnumServicesStatusW + 2  77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] kernel32.dll!ExitProcess + 2 7C81D20C 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!StartServiceW + 8  77DF3E9C 4 Bytes CALL 086FCF31 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E 
.text C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe[308] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] kernel32.dll!ExitProcess 7C81D20A 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe[720] SHELL32.dll!SHCreateProcessAsUserW 7CAC975C 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] kernel32.dll!ExitProcess 7C81D20A 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[832] SHELL32.dll!SHCreateProcessAsUserW 7CAC975C 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\HPZipm12.exe[952] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe[1044] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC975E 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!StartServiceW  77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1128] SHELL32.dll!SHCreateProcessAsUserW 7CAC975C 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] kernel32.dll!ExitProcess + 2 7C81D20C 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfigW  77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E 
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1212] shell32.dll!SHCreateProcessAsUserW 7CAC975C 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] kernel32.dll!ExitProcess + 2 7C81D20C 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ControlService  77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446


----------



## GreggIllinois (Jan 5, 2014)

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E 
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1380] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] kernel32.dll!ExitProcess 7C81D20A 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1400] SHELL32.dll!SHCreateProcessAsUserW 7CAC975C 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1448] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] kernel32.dll!ExitProcess + 2 7C81D20C 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2016] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC975E 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] kernel32.dll!ExitProcess + 2 7C81D20C 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!CreateProcessAsUserA + 2  77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] shell32.dll!SHCreateProcessAsUserW + 2 7CAC975E 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] kernel32.dll!ExitProcess + 2 7C81D20C 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E 
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2892] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] kernel32.dll!ExitProcess + 2 7C81D20C 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC975E 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E 
.text C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe[2984] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!ExitProcess + 2 7C81D20C 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenSCManagerW  77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E 
.text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\System32\alg.exe[3092] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC975E 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll


----------



## GreggIllinois (Jan 5, 2014)

.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] kernel32.dll!ExitProcess + 2 7C81D20C 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe[3252] SHELL32.dll!SHCreateProcessAsUserW 7CAC975C 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] kernel32.dll!ExitProcess + 2 7C81D20C 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E 
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[3472] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC975E 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] kernel32.dll!ExitProcess + 2 7C81D20C 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\Explorer.EXE[3492] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC975E 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] kernel32.dll!ExitProcess + 2 7C81D20C 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A  77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\ctfmon.exe[3608] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC975E 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] kernel32.dll!ExitProcess 7C81D20A 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!OpenServiceW  77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!CreateServiceA  77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3916] SHELL32.dll!SHCreateProcessAsUserW 7CAC975C 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll

---- Devices - GMER 2.1 ----

Device \Driver\Tcpip \Device\Ip kmxfw.sys
Device \Driver\Tcpip \Device\Tcp kmxfw.sys
Device \Driver\Tcpip \Device\Udp kmxfw.sys
Device \Driver\Tcpip \Device\RawIp kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys
Device mrxsmb.sys
Device \Driver\AFD \Device\Afd KmxCF.sys
Device rdpdr.sys
Device AF7C4D20

AttachedDevice fltmgr.sys

---- EOF - GMER 2.1 ----


----------



## Cookiegal (Aug 27, 2003)

There don't seem to be any problems there.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## GreggIllinois (Jan 5, 2014)

Hi Cookiegal. Read all the instructions, disabled Panda AV and Windows Firewall, started Combo Fix (renamed as puppy.exe). It got through the preliminary stages, but then I got a window that said, 'Can not run tool while CA antivirus is installed.' I clicked ok and turned my Panda back on and the Windows Firewall as well.


----------



## Cookiegal (Aug 27, 2003)

OK, let's try this instead for now:

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> OK, let's try this instead for now:
> 
> Please go  here and download the *TDSSKiller.exe* to your desktop.
> 
> ...


Hi Cookiegal. One little complication: The TDSSKiller asked me if I wanted to do an updated version, so I did. Here's a little log for that:

14:09:55.0000 0692 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:10:14.0328 0692 Perform update action was selected
14:10:14.0328 0828 Deinitialize success

Then the program ran and found no threats. (see screenshot)

Here's the main log:

14:11:59.0281 0x0e7c TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:12:25.0296 0x0e7c ============================================================
14:12:25.0296 0x0e7c Current date / time: 2014/01/31 14:12:25.0296
14:12:25.0296 0x0e7c SystemInfo:
14:12:25.0296 0x0e7c 
14:12:25.0296 0x0e7c OS Version: 5.1.2600 ServicePack: 3.0
14:12:25.0296 0x0e7c Product type: Workstation
14:12:25.0296 0x0e7c ComputerName: OLDPROCESSOR
14:12:25.0296 0x0e7c UserName: Linda Bal
14:12:25.0296 0x0e7c Windows directory: C:\WINDOWS
14:12:25.0296 0x0e7c System windows directory: C:\WINDOWS
14:12:25.0296 0x0e7c Processor architecture: Intel x86
14:12:25.0296 0x0e7c Number of processors: 1
14:12:25.0296 0x0e7c Page size: 0x1000
14:12:25.0296 0x0e7c Boot type: Normal boot
14:12:25.0296 0x0e7c ============================================================
14:12:28.0843 0x0e7c KLMD registered as C:\WINDOWS\system32\drivers\78060614.sys
14:12:30.0250 0x0e7c System UUID: {B951FB80-B59C-65D4-133A-D0BC63DA1971}
14:12:32.0671 0x0e7c Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:12:32.0703 0x0e7c ============================================================
14:12:32.0703 0x0e7c \Device\Harddisk0\DR0:
14:12:32.0703 0x0e7c MBR partitions:
14:12:32.0703 0x0e7c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x4A65CF8
14:12:32.0703 0x0e7c ============================================================
14:12:32.0968 0x0e7c C: <-> \Device\Harddisk0\DR0\Partition1
14:12:32.0968 0x0e7c ============================================================
14:12:32.0968 0x0e7c Initialize success
14:12:32.0968 0x0e7c ============================================================
14:13:03.0390 0x0538 ============================================================
14:13:03.0390 0x0538 Scan started
14:13:03.0390 0x0538 Mode: Manual; 
14:13:03.0390 0x0538 ============================================================
14:13:03.0390 0x0538 KSN ping started
14:13:18.0031 0x0538 KSN ping finished: true
14:13:20.0109 0x0538 ================ Scan system memory ========================
14:13:33.0750 0x0538 System memory - ok
14:13:33.0750 0x0538 ================ Scan services =============================
14:13:33.0937 0x0538 [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:13:33.0968 0x0538 !SASCORE - ok
14:13:34.0703 0x0538 Abiosdsk - ok
14:13:34.0750 0x0538 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:13:34.0765 0x0538 abp480n5 - ok
14:13:34.0859 0x0538 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:13:34.0921 0x0538 ACPI - ok
14:13:34.0968 0x0538 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:13:34.0968 0x0538 ACPIEC - ok
14:13:35.0140 0x0538 [ 8D268693A6DCE3D7319DF14834841BAF, 229C95FE2E6A692EBC2842823A1C7D438F8DF18F44691BD7AFE79DB76F092F9D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:13:35.0343 0x0538 AdobeFlashPlayerUpdateSvc - ok
14:13:35.0468 0x0538 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:13:35.0500 0x0538 adpu160m - ok
14:13:35.0562 0x0538 [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
14:13:35.0578 0x0538 aeaudio - ok
14:13:35.0640 0x0538 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:13:35.0703 0x0538 aec - ok
14:13:35.0765 0x0538 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:13:35.0812 0x0538 AFD - ok
14:13:35.0859 0x0538 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:13:35.0890 0x0538 agp440 - ok
14:13:35.0906 0x0538 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:13:35.0921 0x0538 agpCPQ - ok
14:13:35.0984 0x0538 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:13:36.0000 0x0538 Aha154x - ok
14:13:36.0031 0x0538 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:13:36.0046 0x0538 aic78u2 - ok
14:13:36.0093 0x0538 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:13:36.0109 0x0538 aic78xx - ok
14:13:36.0187 0x0538 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:13:36.0203 0x0538 Alerter - ok
14:13:36.0390 0x0538 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
14:13:36.0406 0x0538 ALG - ok
14:13:36.0453 0x0538 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:13:36.0484 0x0538 AliIde - ok
14:13:36.0515 0x0538 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:13:36.0531 0x0538 alim1541 - ok
14:13:36.0562 0x0538 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:13:36.0578 0x0538 amdagp - ok
14:13:36.0593 0x0538 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:13:36.0609 0x0538 amsint - ok
14:13:36.0703 0x0538 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:13:36.0765 0x0538 AppMgmt - ok
14:13:36.0828 0x0538 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:13:36.0843 0x0538 asc - ok
14:13:36.0859 0x0538 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:13:36.0875 0x0538 asc3350p - ok
14:13:36.0890 0x0538 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:13:36.0890 0x0538 asc3550 - ok
14:13:37.0093 0x0538 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:13:37.0156 0x0538 aspnet_state - ok
14:13:37.0375 0x0538 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:13:37.0375 0x0538 AsyncMac - ok
14:13:37.0437 0x0538 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:13:37.0453 0x0538 atapi - ok
14:13:37.0453 0x0538 Atdisk - ok
14:13:37.0515 0x0538 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:13:37.0546 0x0538 Atmarpc - ok
14:13:37.0609 0x0538 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:13:37.0625 0x0538 AudioSrv - ok
14:13:37.0671 0x0538 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:13:37.0687 0x0538 audstub - ok
14:13:37.0734 0x0538 [ 5D7BE7B19E827125E016325334E58FF1, 76AE80C91BF53DF4EE18C92D47EDC6541C2013E3669278166079D1A4A24F9FB6 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
14:13:37.0734 0x0538 BANTExt - ok
14:13:37.0796 0x0538 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:13:37.0796 0x0538 Beep - ok
14:13:37.0984 0x0538 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
14:13:38.0171 0x0538 BITS - ok
14:13:38.0390 0x0538 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
14:13:38.0421 0x0538 Browser - ok
14:13:38.0562 0x0538 [ 23C36F1828E3B4D1CBCBCD11376CE8A7, A3682BD6523F4700723DAFD51EA17A59D8C3AD113DC2FEAC142D27A7EF609159 ] CaCCProvSP C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
14:13:38.0656 0x0538 CaCCProvSP - ok
14:13:38.0781 0x0538 [ 53E04237168A294614251C9040656CB2, B81AF10EAEC65E8F4CF437D6B0F4D296AAD4495E1526BF5F03C6C3BC67205E6A ] CAISafe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
14:13:38.0859 0x0538 CAISafe - ok
14:13:38.0921 0x0538 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:13:38.0937 0x0538 cbidf - ok
14:13:38.0953 0x0538 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:13:38.0953 0x0538 cbidf2k - ok
14:13:39.0000 0x0538 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:13:39.0015 0x0538 CCDECODE - ok
14:13:39.0171 0x0538 [ A43CBAC02A2818D63EDB696E7510F4E5, 08C5082F790F64FFFBB48138D71C16F6D444860808A23E329830FCA6E3970BD8 ] ccSchedulerSVC C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
14:13:39.0359 0x0538 ccSchedulerSVC - ok
14:13:39.0437 0x0538 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:13:39.0437 0x0538 cd20xrnt - ok
14:13:39.0500 0x0538 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:13:39.0515 0x0538 Cdaudio - ok
14:13:39.0562 0x0538 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:13:39.0593 0x0538 Cdfs - ok
14:13:39.0656 0x0538 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:13:39.0671 0x0538 Cdrom - ok
14:13:39.0687 0x0538 Changer - ok
14:13:39.0718 0x0538 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:13:39.0718 0x0538 CiSvc - ok
14:13:39.0765 0x0538 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:13:39.0781 0x0538 ClipSrv - ok
14:13:39.0890 0x0538 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:13:40.0093 0x0538 clr_optimization_v2.0.50727_32 - ok
14:13:40.0171 0x0538 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:13:40.0500 0x0538  clr_optimization_v4.0.30319_32 - ok
14:13:40.0562 0x0538 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:13:40.0562 0x0538 CmdIde - ok
14:13:40.0578 0x0538 COMSysApp - ok
14:13:40.0609 0x0538 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:13:40.0625 0x0538 Cpqarray - ok
14:13:40.0671 0x0538 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:13:40.0703 0x0538 CryptSvc - ok
14:13:40.0781 0x0538 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:13:40.0796 0x0538 dac2w2k - ok
14:13:40.0812 0x0538 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:13:40.0828 0x0538 dac960nt - ok
14:13:40.0984 0x0538 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:13:41.0140 0x0538 DcomLaunch - ok
14:13:41.0218 0x0538 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:13:41.0375 0x0538 Dhcp - ok
14:13:41.0437 0x0538 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:13:41.0453 0x0538 Disk - ok
14:13:41.0468 0x0538 dmadmin - ok
14:13:41.0781 0x0538 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:13:42.0125 0x0538 dmboot - ok
14:13:42.0203 0x0538 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:13:42.0390 0x0538 dmio - ok
14:13:42.0421 0x0538 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:13:42.0421 0x0538 dmload - ok
14:13:42.0453 0x0538 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
14:13:42.0468 0x0538 dmserver - ok
14:13:42.0500 0x0538 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:13:42.0515 0x0538 DMusic - ok
14:13:42.0578 0x0538 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:13:42.0593 0x0538 Dnscache - ok
14:13:42.0671 0x0538 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:13:42.0718 0x0538 Dot3svc - ok
14:13:42.0750 0x0538 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:13:42.0750 0x0538 dpti2o - ok
14:13:42.0781 0x0538 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:13:42.0781 0x0538 drmkaud - ok
14:13:42.0890 0x0538 [ 98B46B331404A951CABAD8B4877E1276, DC683271BFF3BCC40D656E8190A4BA25E76B5876FE3C22C66ED789068C7017A7 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:13:42.0953 0x0538 E100B - ok
14:13:43.0015 0x0538 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:13:43.0031 0x0538 EapHost - ok
14:13:43.0078 0x0538 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:13:43.0093 0x0538 ERSvc - ok
14:13:43.0156 0x0538 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
14:13:43.0203 0x0538 Eventlog - ok
14:13:43.0453 0x0538 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
14:13:43.0531 0x0538 EventSystem - ok
14:13:43.0625 0x0538 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:13:43.0671 0x0538 Fastfat - ok
14:13:43.0750 0x0538 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:13:43.0796 0x0538 FastUserSwitchingCompatibility - ok
14:13:43.0921 0x0538 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe
14:13:44.0000 0x0538 Fax - ok
14:13:44.0031 0x0538 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:13:44.0046 0x0538 Fdc - ok
14:13:44.0109 0x0538 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:13:44.0125 0x0538 Fips - ok
14:13:44.0156 0x0538 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:13:44.0156 0x0538 Flpydisk - ok
14:13:44.0218 0x0538 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:13:44.0390 0x0538 FltMgr - ok
14:13:44.0484 0x0538 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:13:44.0546 0x0538 FontCache3.0.0.0 - ok
14:13:44.0625 0x0538 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:13:44.0640 0x0538 Fs_Rec - ok
14:13:44.0734 0x0538 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:13:44.0765 0x0538 Ftdisk - ok
14:13:44.0828 0x0538 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:13:44.0843 0x0538 Gpc - ok
14:13:44.0921 0x0538 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:13:44.0921 0x0538 gupdate - ok
14:13:44.0984 0x0538 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:13:44.0984 0x0538 gupdatem - ok
14:13:45.0078 0x0538 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:13:45.0093 0x0538 gusvc - ok
14:13:45.0187 0x0538 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:13:45.0203 0x0538 helpsvc - ok
14:13:45.0218 0x0538 HidServ - ok
14:13:45.0406 0x0538 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:13:45.0421 0x0538 HidUsb - ok
14:13:45.0484 0x0538 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:13:45.0515 0x0538 hkmsvc - ok
14:13:45.0546 0x0538 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:13:45.0546 0x0538 hpn - ok
14:13:45.0593 0x0538 [ 9F1D80908658EB7F1BF70809E0B51470, 84FD62D34BC63BA41027DD2164B1E4F86BC8783E8A601E9F189627A4B3D54AAA ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:13:45.0625 0x0538 HPZid412 - ok
14:13:45.0656 0x0538 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3, 886A5222940A6E14B359B45AA158390468B601FB58949E7F5BEC93B5459AF689 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:13:45.0656 0x0538 HPZipr12 - ok
14:13:45.0687 0x0538 [ CF1B7951B4EC8D13F3C93B74BB2B461B, 3A1B8A9A9AB0E916288AD6198C377E3A4D278DB3D8DCD4299F0ADC83973F0495 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:13:45.0703 0x0538 HPZius12 - ok
14:13:45.0812 0x0538 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:13:45.0906 0x0538 HTTP - ok
14:13:45.0953 0x0538 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:13:45.0968 0x0538 HTTPFilter - ok
14:13:46.0015 0x0538 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:13:46.0015 0x0538 i2omgmt - ok
14:13:46.0031 0x0538 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:13:46.0046 0x0538 i2omp - ok
14:13:46.0125 0x0538 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:13:46.0140 0x0538 i8042prt - ok
14:13:46.0609 0x0538 [ 0ACEBB31989CBF9A5663FE4A33D28D21, A56D11A09ED162E3865E69150A71E2462C818E558E4D2DCA0F27C6C67575EA4B ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:13:46.0953 0x0538 ialm - ok
14:13:47.0437 0x0538 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:13:47.0796 0x0538 idsvc - ok
14:13:47.0843 0x0538 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:13:47.0859 0x0538 Imapi - ok
14:13:47.0937 0x0538 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
14:13:48.0000 0x0538 ImapiService - ok
14:13:48.0031 0x0538 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:13:48.0031 0x0538 ini910u - ok
14:13:48.0062 0x0538 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:13:48.0062 0x0538 IntelIde - ok
14:13:48.0109 0x0538 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:13:48.0125 0x0538 intelppm - ok
14:13:48.0156 0x0538 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:13:48.0171 0x0538 Ip6Fw - ok
14:13:48.0234 0x0538 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:13:48.0250 0x0538 IpFilterDriver - ok
14:13:48.0312 0x0538 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:13:48.0437 0x0538 IpInIp - ok
14:13:48.0531 0x0538 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:13:48.0578 0x0538 IpNat - ok
14:13:48.0625 0x0538 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:13:48.0656 0x0538 IPSec - ok
14:13:48.0703 0x0538 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:13:48.0703 0x0538 IRENUM - ok
14:13:48.0765 0x0538 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:13:48.0781 0x0538 isapnp - ok
14:13:48.0906 0x0538 [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:13:48.0968 0x0538 JavaQuickStarterService - ok
14:13:49.0000 0x0538 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:13:49.0015 0x0538 Kbdclass - ok
14:13:49.0109 0x0538 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:13:49.0171 0x0538 kmixer - ok
14:13:49.0265 0x0538 [ DEC7FAEF763ACAECA684D01C4FB7DE2A, 389E1A60E2C133FA3304DE52B7C73C5F75D8C0241CFB3825F9FD700DD404504C ] KmxAgent C:\WINDOWS\system32\DRIVERS\kmxagent.sys
14:13:49.0281 0x0538 KmxAgent - ok
14:13:49.0468 0x0538 [ 93BC7AD3DCCC28A845F8B3C22ECC5470, FFE7667520E2B06A2F1D335EF17C225E1555FC41B6C734433E8F540041F704DC ] KmxAMRT C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
14:13:49.0515 0x0538 KmxAMRT - ok
14:13:49.0796 0x0538 [ 041B29C8E3BED6E833ADE367ECFA51F9, 65E0D2A30452E1549512700E805413888C7E8C4AB718041091AA6B961706E5A6 ] KmxAMVet C:\WINDOWS\system32\Drivers\KmxAMVet.sys
14:13:50.0000 0x0538 KmxAMVet - ok
14:13:50.0093 0x0538 [ 81D42F0B914FE85DA2035A77D065BF60, D404BDB5C5A59328D10E62DBB13AD1E9319751BEDB6297025D185E3053E47A1A ] KmxCF C:\WINDOWS\system32\DRIVERS\KmxCF.sys
14:13:50.0140 0x0538 KmxCF - ok
14:13:50.0250 0x0538 [ 0C14FC849EEBB15EA4DE6A62CCDD34E0, 31FDCCEF29A0D10BE98BD2EFA0013171F422868CB0AA0F2F1F6B3F46B9019C80 ] KmxCfg C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
14:13:50.0328 0x0538 KmxCfg - ok
14:13:50.0515 0x0538 [ 7DDE869392C0E309EE92F2CFC8E7E4E8, 5F2453C4C10E7A55988A13A1A91FB438A9E012F5D25E935845FB371F5F6E5239 ] KmxFile C:\WINDOWS\system32\DRIVERS\KmxFile.sys
14:13:50.0531 0x0538 KmxFile - ok
14:13:50.0593 0x0538 [ DB5FBF6EFD78A1718CD040DF23BD7D96, 5393636C2714A183CC192CBD9FC59F28BA6B87E41AA17CBB493B5C7D189670E0 ] KmxFw C:\WINDOWS\system32\DRIVERS\kmxfw.sys
14:13:50.0640 0x0538 KmxFw - ok
14:13:50.0703 0x0538 [ FD8A6AA0CBB8E7BDB97CB163BC3A8F27, DAAA7C66882E009B6FB97C4369270CB04F25D06A1C7AC284BAC1C6A6A4CA99B6 ] KmxSbx C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
14:13:50.0718 0x0538 KmxSbx - ok
14:13:50.0765 0x0538 [ 9E0891EB24FF3E01A5802CC6E2219E98, 2AF860A0393DC761D5510192BDC9F2980D02D610F8B61E341FF5687BF019A5D1 ] KmxStart C:\WINDOWS\system32\DRIVERS\kmxstart.sys
14:13:50.0812 0x0538 KmxStart - ok
14:13:50.0859 0x0538 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:13:50.0906 0x0538 KSecDD - ok
14:13:50.0968 0x0538 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:13:51.0000 0x0538 lanmanserver - ok
14:13:51.0062 0x0538 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:13:51.0125 0x0538 lanmanworkstation - ok
14:13:51.0140 0x0538 lbrtfdc - ok
14:13:51.0718 0x0538 [ BCDF72DCE41874B3AD9143D537B493B2, C048C773137DD94C980179E90FAE7D90A6902DA0153342B33E784DB04C16385A ] Linksys_adapter_H C:\WINDOWS\system32\DRIVERS\AE2500xp.sys
14:13:52.0109 0x0538 Linksys_adapter_H - ok
14:13:52.0265 0x0538 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:13:52.0281 0x0538 LmHosts - ok
14:13:52.0500 0x0538 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC, D3F8B51609BACE85BF3762B07B895B5F737550F44689773FCE3792AE951075A1 ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
14:13:52.0500 0x0538 LMIInfo - ok
14:13:52.0593 0x0538 [ 500F1E4461075D602CE77109A9A3D634, F6D50B9BE7FEE421B04BA38C46AFEF68C1D260402E3CD872D00A9139F3E0F727 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
14:13:52.0640 0x0538 LMIMaint - ok
14:13:52.0687 0x0538 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
14:13:52.0703 0x0538 lmimirr - ok
14:13:52.0718 0x0538 LMIRfsClientNP - ok
14:13:52.0765 0x0538 [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
14:13:52.0796 0x0538 LMIRfsDriver - ok
14:13:52.0859 0x0538 [ 9015122D04C195BDAB88FEBCBAE229DB, 1F49437E54641062EC4DF0A1AA696765B2ED6B559A490A2FE20C89AC5D83A106 ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
14:13:52.0875 0x0538 LogMeIn - ok
14:13:52.0937 0x0538 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:13:52.0953 0x0538 Messenger - ok
14:13:52.0984 0x0538 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:13:52.0984 0x0538 mnmdd - ok
14:13:53.0015 0x0538 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:13:53.0031 0x0538 mnmsrvc - ok
14:13:53.0078 0x0538 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:13:53.0109 0x0538 Modem - ok
14:13:53.0140 0x0538 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:13:53.0156 0x0538 Mouclass - ok
14:13:53.0187 0x0538 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:13:53.0187 0x0538 mouhid - ok
14:13:53.0234 0x0538 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:13:53.0250 0x0538 MountMgr - ok
14:13:53.0328 0x0538 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:13:53.0500 0x0538 MozillaMaintenance - ok
14:13:53.0546 0x0538 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:13:53.0546 0x0538 mraid35x - ok
14:13:53.0625 0x0538 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:13:53.0687 0x0538 MRxDAV - ok
14:13:53.0875 0x0538 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:13:54.0031 0x0538 MRxSmb - ok
14:13:54.0062 0x0538 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:13:54.0078 0x0538 MSDTC - ok
14:13:54.0125 0x0538 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:13:54.0125 0x0538 Msfs - ok
14:13:54.0140 0x0538 MSIServer - ok
14:13:54.0187 0x0538 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:13:54.0187 0x0538 MSKSSRV - ok
14:13:54.0203 0x0538 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:13:54.0203 0x0538 MSPCLOCK - ok
14:13:54.0265 0x0538 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:13:54.0265 0x0538 MSPQM - ok
14:13:54.0296 0x0538 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:13:54.0312 0x0538 mssmbios - ok
14:13:54.0531 0x0538 MSSQL$LIBTAX - ok
14:13:54.0593 0x0538 [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:13:54.0625 0x0538 MSSQLServerADHelper - ok
14:13:54.0703 0x0538 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:13:54.0718 0x0538 MSTEE - ok
14:13:54.0796 0x0538 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:13:54.0843 0x0538 Mup - ok
14:13:54.0921 0x0538 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:13:54.0953 0x0538 NABTSFEC - ok
14:13:55.0109 0x0538 [ D2CB4581FFDFE8BE3EEE16649753F4EE, 8EBE734DCEDAB699C0A19E87EFEB3BBDABB534088B0FE3EC71044C7FAEEDF0B0 ] NanoServiceMain C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
14:13:55.0156 0x0538 NanoServiceMain - ok
14:13:55.0312 0x0538 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:13:55.0578 0x0538 napagent - ok
14:13:55.0687 0x0538 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:13:55.0750 0x0538 NDIS - ok
14:13:55.0796 0x0538 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:13:55.0812 0x0538 NdisIP - ok
14:13:55.0859 0x0538 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:13:55.0859 0x0538 NdisTapi - ok
14:13:55.0890 0x0538 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:13:55.0890 0x0538 Ndisuio - ok
14:13:55.0953 0x0538 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:13:55.0984 0x0538 NdisWan - ok
14:13:56.0031 0x0538 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:13:56.0046 0x0538 NDProxy - ok
14:13:56.0093 0x0538 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:13:56.0109 0x0538 NetBIOS - ok
14:13:56.0218 0x0538 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:13:56.0265 0x0538 NetBT - ok
14:13:56.0406 0x0538 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
14:13:56.0515 0x0538 NetDDE - ok
14:13:56.0562 0x0538 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:13:56.0578 0x0538 NetDDEdsdm - ok
14:13:56.0640 0x0538 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:13:56.0640 0x0538 Netlogon - ok
14:13:56.0734 0x0538 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
14:13:56.0812 0x0538 Netman - ok
14:13:56.0937 0x0538 [ 737351F39FEF765234037770ABDD72BD, 12928F0B9230BFCCA9848217DC3470E302CD28006092A5C02EEE446BCDFFDC0C ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
14:13:56.0984 0x0538 NetSvc - ok
14:13:57.0062 0x0538 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:13:57.0171 0x0538 NetTcpPortSharing - ok
14:13:57.0296 0x0538 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
14:13:57.0359 0x0538 Nla - ok
14:13:57.0437 0x0538 [ 47BE15BF4956BD347F6777C8C652B140, C8F815B2BCF024FF80B6457FCB60CA15EB4BDEFD20084968EFD4632B64CC292F ] NNSALPC C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys
14:13:57.0468 0x0538 NNSALPC - ok
14:13:57.0531 0x0538 [ 1C1DD165A0C83CD873C80FA7F81144A1, CC0A8090B9886EDDAB159CB6EAF740F3D579FE23482B081EF7D9B582312A82F1 ] NNSHTTP C:\WINDOWS\system32\DRIVERS\NNSHttp.sys
14:13:57.0578 0x0538 NNSHTTP - ok
14:13:57.0625 0x0538 [ F02E8B6AEB900958647D8D6797CD017D, CBC439744D99574760AFCB35ADC4567E534150297CF5EF7AB969D46925311602 ] NNSHTTPS C:\WINDOWS\system32\DRIVERS\NNSHttps.sys
14:13:57.0656 0x0538 NNSHTTPS - ok
14:13:57.0718 0x0538 [ 37B51977634EF312EE7E4988D5D6FA43, 8CD7C7BD6A33E9C1525F7D94E866E746B4845A24EE87C0147CE7A5936653CC4C ] NNSIDS C:\WINDOWS\system32\DRIVERS\NNSIds.sys
14:13:57.0765 0x0538 NNSIDS - ok
14:13:57.0812 0x0538 [ BE16750EFF0DB102FBF4E366F5151B7B, 17ECD6CFC408681AB10C7664F4DF8D70666373199695C9B4DAC161F7BBEADDD9 ] NNSPICC C:\WINDOWS\system32\DRIVERS\NNSPicc.sys
14:13:57.0859 0x0538 NNSPICC - ok
14:13:57.0921 0x0538 [ DD72B458BEA2AAFB17F23313DD551CA1, 6E008A5109A990AB32EFC7425961D56F86E146B45FD5BF14DC9DF65FBA2F46A5 ] NNSPIHS C:\WINDOWS\system32\DRIVERS\NNSPihs.sys
14:13:57.0937 0x0538 NNSPIHS - ok
14:13:58.0000 0x0538 [ C08CF30BA0F90C50CDC7A9EE8D4C4850, F236B3FE28984FC2A3FE2395A8FC894E2E27F80908ECA0B311A5AAD47E0FF833 ] NNSPOP3 C:\WINDOWS\system32\DRIVERS\NNSPop3.sys
14:13:58.0046 0x0538 NNSPOP3 - ok
14:13:58.0250 0x0538 [ 0F556C86CF535494652D36A35E1A872B, AC86AB7BEBDAEAD0813849F7FF921198C3FA3C12AED6D3DDFE50B2F1F376C3DA ] NNSPROT C:\WINDOWS\system32\DRIVERS\NNSProt.sys
14:13:58.0359 0x0538 NNSPROT - ok
14:13:58.0421 0x0538 [ DA4454BB1BDBFCB3E721DFC31C5C03EC, E97B41881D15A0747314DD0EFF5741222040778397472BCBB6CBB0D71D4754FD ] NNSPRV C:\WINDOWS\system32\DRIVERS\NNSPrv.sys
14:13:58.0484 0x0538 NNSPRV - ok
14:13:58.0546 0x0538 [ 23B44C4DEBF8D097F412C1360CC7EA13, 2CAB9DF1F8DCA72C0BF1FA75F51931714AA8F9A182730CADCD78975766140AC4 ] NNSSMTP C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys
14:13:58.0593 0x0538 NNSSMTP - ok
14:13:58.0687 0x0538 [ A99BED55F9B9FBA18B965D558D3BAEF7, 9B1041E20AB691166187B60649F1DEFE119A3FF020883464BCE05B99E83CEEEA ] NNSSTRM C:\WINDOWS\system32\DRIVERS\NNSStrm.sys
14:13:58.0781 0x0538 NNSSTRM - ok
14:13:58.0843 0x0538 [ 6569B9A289E3594FF3AF5A5DD4131AC3, 11DF5957B486EA1BADF962B18A49040245F30DEB4FF81A8F26E0567671E12910 ] NNSTLSC C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys
14:13:58.0875 0x0538 NNSTLSC - ok
14:13:58.0906 0x0538 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:13:58.0921 0x0538 Npfs - ok
14:13:59.0140 0x0538 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:13:59.0375 0x0538 Ntfs - ok
14:13:59.0406 0x0538 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:13:59.0406 0x0538 NtLmSsp - ok
14:13:59.0593 0x0538 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:13:59.0781 0x0538 NtmsSvc - ok
14:13:59.0812 0x0538 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
14:13:59.0812 0x0538 Null - ok
14:14:00.0312 0x0538 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:14:00.0781 0x0538 nv - ok
14:14:00.0828 0x0538 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:14:00.0828 0x0538 NwlnkFlt - ok
14:14:00.0890 0x0538 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:14:00.0906 0x0538 NwlnkFwd - ok
14:14:01.0015 0x0538 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:14:01.0062 0x0538 ose - ok
14:14:01.0125 0x0538 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:14:01.0156 0x0538 Parport - ok
14:14:01.0187 0x0538 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:14:01.0203 0x0538 PartMgr - ok
14:14:01.0265 0x0538 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:14:01.0265 0x0538 ParVdm - ok
14:14:01.0328 0x0538 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:14:01.0359 0x0538 PCI - ok
14:14:01.0375 0x0538 PCIDump - ok
14:14:01.0406 0x0538 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:14:01.0406 0x0538 PCIIde - ok
14:14:01.0484 0x0538 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:14:01.0531 0x0538 Pcmcia - ok
14:14:01.0546 0x0538 PDCOMP - ok
14:14:01.0562 0x0538 PDFRAME - ok
14:14:01.0578 0x0538 PDRELI - ok
14:14:01.0578 0x0538 PDRFRAME - ok
14:14:01.0609 0x0538 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:14:01.0609 0x0538 perc2 - ok
14:14:01.0625 0x0538 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:14:01.0640 0x0538 perc2hib - ok
14:14:01.0718 0x0538 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
14:14:01.0718 0x0538 PlugPlay - ok
14:14:01.0781 0x0538 [ 9D84376931440F3679BEEF2A414FA493, C800227A67C3C10A26114DB54F5390D2A475D36BE65E87CB890A6819B0BB4884 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:14:01.0796 0x0538 Pml Driver HPZ12 - ok
14:14:01.0828 0x0538 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:14:01.0828 0x0538 PolicyAgent - ok
14:14:01.0875 0x0538 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:14:01.0890 0x0538 PptpMiniport - ok
14:14:01.0921 0x0538 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:14:01.0921 0x0538 ProtectedStorage - ok
14:14:01.0984 0x0538 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:14:02.0015 0x0538 PSched - ok
14:14:02.0109 0x0538 [ 9A186F0634A885659A17A554E75CA576, 3274DFA3899BFDB9FE052E7A777232E2F2E72AFF859BAD9B7B27B2647CFC53BE ] PSINAflt C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
14:14:02.0156 0x0538 PSINAflt - ok
14:14:02.0234 0x0538 [ F4660122139A5EC6A5F02F6F3533F6B4, E480233CB7E49481F47D949D8DF82245AD7A29644036ECCDDFD8FFAFA0C987AF ] PSINFile C:\WINDOWS\system32\DRIVERS\PSINFile.sys
14:14:02.0265 0x0538 PSINFile - ok
14:14:02.0343 0x0538 [ 1E8B16674CFFF2262D63B04E7D5F6462, 474F1353DC9937BE905004F24C115C960B21EC840E1390225EFDD042A50576FC ] PSINKNC C:\WINDOWS\system32\DRIVERS\psinknc.sys
14:14:02.0531 0x0538 PSINKNC - ok
14:14:02.0609 0x0538 [ 2145E2AEF1E6FD2B10D43C7E5AACBE71, 64450B72A48A4C7F5378231BCB2364821D727342EA836130384221151A559CA9 ] PSINProc C:\WINDOWS\system32\DRIVERS\PSINProc.sys
14:14:02.0640 0x0538 PSINProc - ok
14:14:02.0703 0x0538 [ 8FB66725846CA37627D6F835EDF41233, ECB120086129C50D57A8B9C8D2958527D14A835F376A1DD17E99F397226274CE ] PSINProt C:\WINDOWS\system32\DRIVERS\PSINProt.sys
14:14:02.0750 0x0538 PSINProt - ok
14:14:02.0828 0x0538 [ E772FA3E7031F5094BD294FF6F3566B8, A2211DB7C755D58CC67BA4496EDAD0A7C9FEB2C9C968BD4ECBFCD0BA03EA6B28 ] PSINReg C:\WINDOWS\system32\DRIVERS\PSINReg.sys
14:14:02.0859 0x0538 PSINReg - ok
14:14:02.0906 0x0538 [ 05A0C2744CEAC6F1B723EC469B650EF0, D9F2E0E4431217C6A7CDE38D36362CD5A06E93B9F45F92638120EF151089B370 ] PSKMAD C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
14:14:02.0921 0x0538 PSKMAD - ok
14:14:02.0968 0x0538 [ 06F5EFBE02C40E3BE7E916EBAB387F6D, 21741628F307387C42FAB8B37C8F9D58E02533AA4D96004B166455CBCDF117A1 ] PSUAService C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
14:14:02.0984 0x0538 PSUAService - ok
14:14:03.0000 0x0538 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:14:03.0015 0x0538 Ptilink - ok
14:14:03.0078 0x0538 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:14:03.0093 0x0538 ql1080 - ok
14:14:03.0171 0x0538 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:14:03.0187 0x0538 Ql10wnt - ok
14:14:03.0203 0x0538 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:14:03.0218 0x0538 ql12160 - ok
14:14:03.0265 0x0538 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:14:03.0281 0x0538 ql1240 - ok
14:14:03.0312 0x0538 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:14:03.0328 0x0538 ql1280 - ok
14:14:03.0343 0x0538 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:14:03.0359 0x0538 RasAcd - ok
14:14:03.0437 0x0538 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:14:03.0468 0x0538 RasAuto - ok
14:14:03.0531 0x0538 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:14:03.0546 0x0538 Rasl2tp - ok
14:14:03.0640 0x0538 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:14:03.0703 0x0538 RasMan - ok
14:14:03.0734 0x0538 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:14:03.0750 0x0538 RasPppoe - ok
14:14:03.0781 0x0538 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:14:03.0796 0x0538 Raspti - ok
14:14:03.0875 0x0538 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:14:03.0937 0x0538 Rdbss - ok
14:14:03.0968 0x0538 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:14:03.0968 0x0538 RDPCDD - ok
14:14:04.0046 0x0538 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:14:04.0140 0x0538 rdpdr - ok
14:14:04.0234 0x0538 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:14:04.0281 0x0538 RDPWD - ok
14:14:04.0375 0x0538 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:14:04.0421 0x0538 RDSessMgr - ok
14:14:04.0484 0x0538 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:14:04.0500 0x0538 redbook - ok
14:14:04.0578 0x0538 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:14:04.0593 0x0538 RemoteAccess - ok
14:14:04.0671 0x0538 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:14:04.0703 0x0538 RemoteRegistry - ok
14:14:04.0781 0x0538 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
14:14:04.0812 0x0538 RpcLocator - ok
14:14:04.0968 0x0538 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:14:04.0984 0x0538 RpcSs - ok
14:14:05.0062 0x0538 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:14:05.0109 0x0538 RSVP - ok
14:14:05.0171 0x0538 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
14:14:05.0171 0x0538 SamSs - ok
14:14:05.0218 0x0538 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:14:05.0234 0x0538 SASDIFSV - ok
14:14:05.0265 0x0538 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:14:05.0296 0x0538 SASKUTIL - ok
14:14:05.0359 0x0538 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:14:05.0390 0x0538 SCardSvr - ok
14:14:05.0500 0x0538 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:14:05.0578 0x0538 Schedule - ok
14:14:05.0625 0x0538 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:14:05.0625 0x0538 Secdrv - ok
14:14:05.0671 0x0538 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:14:05.0671 0x0538 seclogon - ok
14:14:05.0718 0x0538 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
14:14:05.0734 0x0538 SENS - ok
14:14:05.0765 0x0538 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:14:05.0765 0x0538 serenum - ok
14:14:05.0812 0x0538 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:14:05.0828 0x0538 Serial - ok
14:14:05.0890 0x0538 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:14:05.0890 0x0538 Sfloppy - ok
14:14:06.0031 0x0538 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:14:06.0171 0x0538 SharedAccess - ok
14:14:06.0250 0x0538 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:14:06.0265 0x0538 ShellHWDetection - ok
14:14:06.0281 0x0538 Simbad - ok
14:14:06.0328 0x0538 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:14:06.0343 0x0538 sisagp - ok
14:14:06.0437 0x0538 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:14:06.0515 0x0538 SkypeUpdate - ok
14:14:06.0546 0x0538 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:14:06.0546 0x0538 SLIP - ok
14:14:06.0812 0x0538 [ 5018A9DB5EB62E3EDB3110F82F556285, 5C90FF4609F6FC77C91FD820DF73C43A7FD72533B8522C78067E7F1EBB09FA65 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:14:07.0046 0x0538 smwdm - ok
14:14:07.0156 0x0538 [ 3BB48F7E33C2B76184DDF233000C09CD, D1AAE5B0425047CA0C2D376D3E59324D35A90DF9074CD442DFD0ED6E434D3C84 ] Sony SCSI Helper Service C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
14:14:07.0203 0x0538 Sony SCSI Helper Service - ok
14:14:07.0281 0x0538 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:14:07.0296 0x0538 Sparrow - ok
14:14:07.0328 0x0538 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:14:07.0328 0x0538 splitter - ok
14:14:07.0375 0x0538 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:14:07.0406 0x0538 Spooler - ok
14:14:07.0531 0x0538 [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:14:07.0609 0x0538 SQLBrowser - ok
14:14:07.0687 0x0538 [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:14:07.0718 0x0538 SQLWriter - ok
14:14:07.0765 0x0538 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:14:07.0796 0x0538 sr - ok
14:14:07.0875 0x0538 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
14:14:07.0937 0x0538 srservice - ok
14:14:08.0109 0x0538 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:14:08.0265 0x0538 Srv - ok
14:14:08.0328 0x0538 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:14:08.0359 0x0538 SSDPSRV - ok
14:14:08.0515 0x0538 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:14:08.0625 0x0538 stisvc - ok
14:14:08.0671 0x0538 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:14:08.0687 0x0538 streamip - ok
14:14:08.0750 0x0538 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:14:08.0750 0x0538 swenum - ok
14:14:08.0796 0x0538 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:14:08.0812 0x0538 swmidi - ok
14:14:08.0828 0x0538 SwPrv - ok
14:14:08.0875 0x0538 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:14:08.0890 0x0538 symc810 - ok
14:14:08.0921 0x0538 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:14:08.0937 0x0538 symc8xx - ok
14:14:08.0968 0x0538 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:14:08.0968 0x0538 sym_hi - ok
14:14:09.0000 0x0538 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:14:09.0015 0x0538 sym_u3 - ok
14:14:09.0046 0x0538 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:14:09.0062 0x0538 sysaudio - ok
14:14:09.0125 0x0538 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:14:09.0171 0x0538 SysmonLog - ok
14:14:09.0296 0x0538 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:14:09.0375 0x0538 TapiSrv - ok
14:14:09.0531 0x0538 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:14:09.0656 0x0538 Tcpip - ok
14:14:09.0718 0x0538 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:14:09.0734 0x0538 TDPIPE - ok
14:14:09.0765 0x0538 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:14:09.0781 0x0538 TDTCP - ok
14:14:09.0828 0x0538 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:14:09.0843 0x0538 TermDD - ok
14:14:09.0968 0x0538 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
14:14:10.0078 0x0538 TermService - ok
14:14:10.0140 0x0538 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
14:14:10.0156 0x0538 Themes - ok
14:14:10.0250 0x0538 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:14:10.0281 0x0538 TlntSvr - ok
14:14:10.0312 0x0538 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:14:10.0312 0x0538 TosIde - ok
14:14:10.0375 0x0538 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:14:10.0406 0x0538 TrkWks - ok
14:14:10.0515 0x0538 [ 91445B1966F599EECF79CF281CD0C088, 83881BE1EE3E81BB69FE3AD778163A9B7A97F38B95B90A3AF7F97366DAD3C3EE ] UdfReadr C:\WINDOWS\system32\drivers\UdfReadr.sys
14:14:10.0593 0x0538 UdfReadr - ok
14:14:10.0640 0x0538 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:14:10.0656 0x0538 Udfs - ok
14:14:10.0687 0x0538 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:14:10.0703 0x0538 ultra - ok
14:14:11.0078 0x0538 [ F6F36DAD6D0511EE66997961F63EA723, BE5F67C3DAB608C50194FAC0B859C34F5DECF63B88D337C65F83000243B1D6B6 ] UmxAgent C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
14:14:11.0421 0x0538 UmxAgent - ok
14:14:11.0734 0x0538 [ 1AE04FE382671E377D3059F1F79F9E1C, EAE63DFEE7D2A53A8FE344037DADC77E9920F53B8F7AD81BC7FB3F60C55E6AB0 ] UmxCfg C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
14:14:11.0984 0x0538 UmxCfg - ok
14:14:12.0078 0x0538 [ FD474306EC2E583366F6FAB87C3D0958, 3046E1F65326535A58D7130903CC879E06EA6BF85EC229F8F3C6926033DDF74E ] UmxFwHlp C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
14:14:12.0140 0x0538 UmxFwHlp - ok
14:14:12.0234 0x0538 [ 274E158257E5A7252EA52293CA2E5D2D, 69ECB9DABB35C27E42BEF7BCAC6DC2B373A45813C68A7C3669693090BF7EE91C ] UmxPol C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
14:14:12.0328 0x0538 UmxPol - ok
14:14:12.0500 0x0538 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:14:12.0640 0x0538 Update - ok
14:14:12.0750 0x0538 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
14:14:12.0812 0x0538 upnphost - ok
14:14:12.0859 0x0538 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
14:14:12.0875 0x0538 UPS - ok
14:14:12.0921 0x0538 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:14:12.0953 0x0538 usbaudio - ok
14:14:13.0000 0x0538 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:14:13.0015 0x0538 usbccgp - ok
14:14:13.0046 0x0538 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:14:13.0062 0x0538 usbehci - ok
14:14:13.0109 0x0538 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:14:13.0140 0x0538 usbhub - ok
14:14:13.0171 0x0538 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:14:13.0187 0x0538 usbprint - ok
14:14:13.0265 0x0538 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:14:13.0281 0x0538 usbscan - ok
14:14:13.0328 0x0538 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:14:13.0343 0x0538 USBSTOR - ok
14:14:13.0375 0x0538 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:14:13.0375 0x0538 usbuhci - ok
14:14:13.0437 0x0538 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
14:14:13.0484 0x0538 usbvideo - ok
14:14:13.0515 0x0538 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:14:13.0531 0x0538 VgaSave - ok
14:14:13.0578 0x0538 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:14:13.0593 0x0538 viaagp - ok
14:14:13.0640 0x0538 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:14:13.0640 0x0538 ViaIde - ok
14:14:13.0671 0x0538 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:14:13.0687 0x0538 VolSnap - ok
14:14:13.0812 0x0538 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
14:14:13.0921 0x0538 VSS - ok
14:14:14.0015 0x0538 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll
14:14:14.0078 0x0538 w32time - ok
14:14:14.0109 0x0538 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:14:14.0125 0x0538 Wanarp - ok
14:14:14.0140 0x0538 WDICA - ok
14:14:14.0203 0x0538 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:14:14.0281 0x0538 wdmaud - ok
14:14:14.0343 0x0538 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
14:14:14.0359 0x0538 WebClient - ok
14:14:14.0515 0x0538 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:14:14.0578 0x0538 winmgmt - ok
14:14:14.0640 0x0538 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:14:14.0640 0x0538 WmdmPmSN - ok
14:14:14.0921 0x0538 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:14:15.0125 0x0538 Wmi - ok
14:14:15.0218 0x0538 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:14:15.0265 0x0538 WmiApSrv - ok
14:14:15.0640 0x0538 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:14:15.0984 0x0538 WMPNetworkSvc - ok
14:14:16.0343 0x0538 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:14:16.0640 0x0538 WPFFontCache_v0400 - ok
14:14:16.0703 0x0538 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:14:16.0718 0x0538 WS2IFSL - ok
14:14:16.0765 0x0538 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:14:16.0812 0x0538 wscsvc - ok
14:14:16.0859 0x0538 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:14:16.0859 0x0538 WSTCODEC - ok
14:14:16.0906 0x0538 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:14:16.0906 0x0538 wuauserv - ok
14:14:16.0984 0x0538 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:14:17.0015 0x0538 WudfPf - ok
14:14:17.0062 0x0538 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:14:17.0093 0x0538 WudfRd - ok
14:14:17.0140 0x0538 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:14:17.0171 0x0538 WudfSvc - ok
14:14:17.0468 0x0538 [ 326C012C7FE573829871FE9C9E41CF9B, DFB6F11D44B2B13466CB729745E76E1D056E57388FD69CC2161C4A4CCA345A18 ] WUSB54GCv3 C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
14:14:17.0703 0x0538 WUSB54GCv3 - ok
14:14:17.0890 0x0538 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:14:18.0078 0x0538 WZCSVC - ok
14:14:18.0140 0x0538 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:14:18.0203 0x0538 xmlprov - ok
14:14:18.0250 0x0538 ================ Scan global ===============================
14:14:18.0296 0x0538 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:14:18.0437 0x0538 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:14:18.0671 0x0538 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:14:18.0734 0x0538 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:14:18.0734 0x0538 [ Global ] - ok
14:14:18.0750 0x0538 ================ Scan MBR ==================================
14:14:18.0781 0x0538 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:14:19.0109 0x0538 \Device\Harddisk0\DR0 - ok
14:14:19.0109 0x0538 ================ Scan VBR ==================================
14:14:19.0125 0x0538 [ 99FF377CD0172A59768CCBB6A0CDB0B4 ] \Device\Harddisk0\DR0\Partition1
14:14:19.0125 0x0538 \Device\Harddisk0\DR0\Partition1 - ok
14:14:19.0125 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:20.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:21.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:22.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:23.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:24.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:25.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:26.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:27.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:28.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:29.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:30.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:31.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:32.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:33.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:34.0140 0x0538 Waiting for KSN requests completion. In queue: 300
14:14:35.0343 0x0538 AV detected via SS1: CA Anti-Virus Plus, 2.0.0.216, enabled, outofdate
14:14:35.0343 0x0538 AV detected via SS1: Panda Cloud Antivirus, 02.03.00.0000, enabled, updated
14:14:35.0343 0x0538 AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, outofdate
14:14:35.0359 0x0538 FW detected via SS1: Cloud Antivirus Firewall, 02.03.00.0000, disabled
14:14:35.0359 0x0538 FW detected via SS1: CA Personal Firewall, 11.0.0.604, disabled
14:14:35.0359 0x0538 Win FW state via NFM: enabled
14:14:38.0078 0x0538 ============================================================
14:14:38.0078 0x0538 Scan finished
14:14:38.0078 0x0538 ============================================================
14:14:38.0078 0x0d70 Detected object count: 0
14:14:38.0078 0x0d70 Actual detected object count: 0

Thanks!


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## GreggIllinois (Jan 5, 2014)

Hi Cookiegal. Here's the OTL.Txt scan:

OTL logfile created on: 2/1/2014 5:15:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Linda Bal\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 43.16% Memory free
1.38 Gb Paging File | 0.81 Gb Available in Paging File | 59.12% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 7.06 Gb Free Space | 18.97% Space Free | Partition Type: NTFS

Computer Name: OLDPROCESSOR | User Name: Linda Bal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/01 17:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Bal\Desktop\OTL.exe
PRC - [2014/01/06 15:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/10/18 23:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2013/10/18 23:19:34 | 000,032,736 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/10/03 00:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/10/22 12:44:18 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/22 12:43:31 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/06/08 10:02:02 | 000,154,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2009/02/16 03:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/07/24 18:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/12 11:23:30 | 000,612,664 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\sqlite3.dll
MOD - [2009/09/30 07:10:52 | 000,589,824 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll
MOD - [2009/09/15 17:07:50 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/01/17 16:29:18 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/18 23:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/03 00:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/10/22 12:44:18 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2009/10/07 13:17:06 | 000,251,120 | ---- | M] (CA, Inc.) [Disabled | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/10/07 13:17:06 | 000,206,064 | ---- | M] (Computer Associates International, Inc.) [Disabled | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2009/10/02 13:51:32 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Disabled | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) [Disabled | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) [Disabled | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) [Disabled | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/06/08 10:02:02 | 000,154,104 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/17 13:31:22 | 000,145,640 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINAflt.sys -- (PSINAflt)
DRV - [2013/10/11 03:47:23 | 000,097,896 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINReg.sys -- (PSINReg)
DRV - [2013/10/11 03:46:44 | 000,128,232 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINProt.sys -- (PSINProt)
DRV - [2013/10/11 03:46:43 | 000,115,048 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINProc.sys -- (PSINProc)
DRV - [2013/10/11 03:46:42 | 000,179,944 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINKNC.sys -- (PSINKNC)
DRV - [2013/10/11 03:46:42 | 000,103,528 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINFile.sys -- (PSINFile)
DRV - [2013/09/10 18:25:16 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BANTExt.sys -- (BANTExt)
DRV - [2013/05/28 21:55:11 | 000,230,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSStrm.sys -- (NNSSTRM)
DRV - [2013/05/28 21:55:11 | 000,108,904 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSSmtp.sys -- (NNSSMTP)
DRV - [2013/05/28 21:55:11 | 000,093,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNStlsc.sys -- (NNSTLSC)
DRV - [2013/05/28 21:55:10 | 000,287,336 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSProt.sys -- (NNSPROT)
DRV - [2013/05/28 21:55:10 | 000,161,384 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSPrv.sys -- (NNSPRV)
DRV - [2013/05/28 21:55:10 | 000,106,344 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSPop3.sys -- (NNSPOP3)
DRV - [2013/05/28 21:55:09 | 000,124,648 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSIds.sys -- (NNSIDS)
DRV - [2013/05/28 21:55:09 | 000,095,464 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSpicc.sys -- (NNSPICC)
DRV - [2013/05/28 21:55:09 | 000,052,328 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSpihs.sys -- (NNSPIHS)
DRV - [2013/05/28 21:55:08 | 000,126,184 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSHttp.sys -- (NNSHTTP)
DRV - [2013/05/28 21:55:08 | 000,107,752 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSHttps.sys -- (NNSHTTPS)
DRV - [2013/05/28 21:55:08 | 000,084,200 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NNSAlpc.sys -- (NNSALPC)
DRV - [2013/04/29 01:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSKMAD.sys -- (PSKMAD)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/30 00:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2009/10/22 12:43:39 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/30 16:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxCfg.sys -- (KmxCfg)
DRV - [2009/09/30 16:51:00 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxAgent.sys -- (KmxAgent)
DRV - [2009/08/27 10:14:48 | 000,143,352 | ---- | M] (CA) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2009/06/08 10:02:04 | 000,145,912 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxCF.sys -- (KmxCF)
DRV - [2009/06/08 10:02:04 | 000,115,704 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxFw.sys -- (KmxFw)
DRV - [2009/06/08 10:02:02 | 000,108,024 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxStart.sys -- (KmxStart)
DRV - [2009/04/28 09:52:46 | 000,055,288 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxFile.sys -- (KmxFile)
DRV - [2009/03/27 15:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/03/27 15:27:04 | 000,058,872 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxSbx.sys -- (KmxSbx)
DRV - [2008/12/04 07:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2004/01/09 17:51:10 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.irs.gov/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/14 12:21:37 | 000,000,000 | ---D | M]

[2014/01/03 18:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Extensions
[2014/01/16 17:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\extensions
[2014/01/04 22:31:36 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\extensions\[email protected]
[2014/01/16 17:31:34 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda Bal\Application Data\Mozilla\Firefox\Profiles\gjaz7bmp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/03 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/03 18:00:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Search = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HTTPS Everywhere = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/19 14:13:29 | 000,451,418 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15498 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://libertytax.webex.com/client/T27L/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1164DB00-24E4-4F81-AB8D-38902FB495F7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{395FE8BA-EC24-4BDC-9027-1C388AE800B7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C99EEE-D375-448F-93AF-7D13EE295AF7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFABA86A-A94C-482D-A6AD-AA47205684DE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5ccb0e0a-de00-11dd-94da-001111972f7f}\Shell\AutoRun\command - "" = E:\Software\FirefoxPortable\FirefoxPortable.exe
O33 - MountPoints2\{5ccb0e0a-de00-11dd-94da-001111972f7f}\Shell\label\command - "" = myapp.exe
O33 - MountPoints2\{83d5f684-cdfc-11dc-8452-001111972f7f}\Shell - "" = AutoRun
O33 - MountPoints2\{83d5f684-cdfc-11dc-8452-001111972f7f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83d5f684-cdfc-11dc-8452-001111972f7f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 17:13:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda Bal\Desktop\OTL.exe
[2014/01/31 14:06:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Linda Bal\Desktop\tdsskiller.exe
[2014/01/30 19:44:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/30 19:32:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/30 19:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/28 17:51:27 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2014/01/28 17:33:08 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda Bal\Desktop\TFC.exe
[2014/01/28 10:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Desktop\FRST-OlderVersion
[2014/01/27 14:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Application Data\JGoodies
[2014/01/27 14:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\JGoodies
[2014/01/27 13:40:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/27 13:39:21 | 001,136,640 | ---- | C] (Farbar) -- C:\Documents and Settings\Linda Bal\Desktop\FRST.exe
[2014/01/25 16:45:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/24 23:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Start Menu\Programs\Notepad++
[2014/01/24 23:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2014/01/23 13:54:25 | 000,079,368 | ---- | C] (CA) -- C:\WINDOWS\System32\UmxWNP.dll
[2014/01/21 21:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Start Menu\Programs\Revo Uninstaller
[2014/01/21 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/19 20:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Desktop\purchases
[2014/01/18 23:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/01/18 23:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Application Data\LavasoftStatistics
[2014/01/18 22:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2014/01/18 21:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2014/01/18 21:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/01/18 21:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2014/01/18 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2014/01/18 20:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Application Data\SUPERAntiSpyware.com
[2014/01/18 20:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/01/18 20:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/01/18 20:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/18 15:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2014/01/18 15:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Application Data\Panda Security
[2014/01/18 15:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2014/01/18 15:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2014/01/18 15:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2014/01/13 18:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2014/01/10 22:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/01/10 21:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Secunia PSI
[2014/01/10 21:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2014/01/10 12:51:34 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\Linda Bal\Desktop\SysInfo.exe
[2014/01/09 23:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Desktop\backups
[2014/01/07 19:50:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Linda Bal\Desktop\HijackThis.exe
[2014/01/03 18:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Bal\Application Data\Mozilla
[2014/01/03 18:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/01/03 18:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

========== Files - Modified Within 30 Days ==========

[2014/02/01 17:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Bal\Desktop\OTL.exe
[2014/02/01 16:53:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/01 16:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/01 13:08:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2014/02/01 13:06:58 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/01 13:05:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2014/02/01 13:05:29 | 1205,915,648 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/31 20:02:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2014/01/31 20:02:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2014/01/31 20:02:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2014/01/31 20:02:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2014/01/31 20:02:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2014/01/31 20:02:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2014/01/31 20:02:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2014/01/31 20:02:24 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2014/01/31 20:02:24 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2014/01/31 14:15:51 | 000,145,535 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\kaspersky.JPG
[2014/01/31 14:04:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Linda Bal\Desktop\tdsskiller.exe
[2014/01/28 18:08:35 | 000,380,416 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe
[2014/01/28 17:22:44 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Bal\Desktop\TFC.exe
[2014/01/28 10:50:34 | 001,136,640 | ---- | M] (Farbar) -- C:\Documents and Settings\Linda Bal\Desktop\FRST.exe
[2014/01/27 22:18:19 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/27 21:34:51 | 000,085,011 | ---- | M] () -- C:\untitled.JPG
[2014/01/27 21:30:54 | 000,181,436 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\NotGood.jpg
[2014/01/27 21:19:08 | 000,094,172 | ---- | M] () -- C:\SuperAntiSpwareLog#3.JPG
[2014/01/27 21:18:12 | 000,095,847 | ---- | M] () -- C:\SuperAntiSpwareLog#2.JPG
[2014/01/27 21:16:22 | 000,102,714 | ---- | M] () -- C:\SuperAntiSpwareLog#1.JPG
[2014/01/27 20:54:53 | 000,128,664 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\hacker.JPG
[2014/01/27 19:16:57 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\Microsoft Office Word 2003.lnk
[2014/01/27 14:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/01/27 14:07:35 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\JDiskReport.lnk
[2014/01/26 14:12:29 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Linda Bal\Desktop\VEW.exe
[2014/01/25 16:42:55 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
[2014/01/23 19:32:54 | 000,998,704 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\techSupprtTEST.PNG
[2014/01/22 23:58:18 | 000,820,536 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\The IWS Rules_ Book One_ Rise o - Gregg Bell.pdf
[2014/01/22 20:23:01 | 000,187,172 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\SuperDelete.JPG
[2014/01/22 19:42:45 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/21 21:56:09 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\Revo Uninstaller.lnk
[2014/01/20 20:46:14 | 000,044,112 | ---- | M] () -- C:\DeniedAcess2RemovalTool#1.JPG
[2014/01/20 20:44:39 | 000,039,781 | ---- | M] () -- C:\DeniedAcess2RemovalTool#2.JPG
[2014/01/19 14:13:29 | 000,451,418 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2014/01/18 23:12:25 | 000,398,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/18 21:53:48 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2014/01/18 20:37:12 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/18 15:18:53 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/01/17 16:29:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/01/17 16:29:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/01/15 21:12:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/14 21:48:44 | 000,021,863 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Local Settings\Application Data\recently-used.xbel
[2014/01/14 18:39:02 | 000,055,716 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\TweetTemplate.JPG
[2014/01/13 18:29:37 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/01/13 18:29:37 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2014/01/10 22:55:28 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/01/10 12:51:41 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\Linda Bal\Desktop\SysInfo.exe
[2014/01/09 23:17:00 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2014/01/05 21:04:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Linda Bal\Desktop\HijackThis.exe
[2014/01/03 19:17:09 | 000,024,362 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Desktop\The IWS RulesEXCERPT.rtf
[2014/01/03 18:00:56 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Linda Bal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/03 18:00:51 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2014/01/31 14:15:51 | 000,145,535 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\kaspersky.JPG
[2014/01/28 18:20:15 | 000,380,416 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\su5sn7jm.exe
[2014/01/27 21:34:51 | 000,085,011 | ---- | C] () -- C:\untitled.JPG
[2014/01/27 21:19:08 | 000,094,172 | ---- | C] () -- C:\SuperAntiSpwareLog#3.JPG
[2014/01/27 21:18:12 | 000,095,847 | ---- | C] () -- C:\SuperAntiSpwareLog#2.JPG
[2014/01/27 21:16:21 | 000,102,714 | ---- | C] () -- C:\SuperAntiSpwareLog#1.JPG
[2014/01/27 20:54:53 | 000,128,664 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\hacker.JPG
[2014/01/27 20:46:50 | 000,181,436 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\NotGood.jpg
[2014/01/27 14:07:35 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\JDiskReport.lnk
[2014/01/26 14:15:03 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Linda Bal\Desktop\VEW.exe
[2014/01/25 16:44:16 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\AdwCleaner.exe
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2014/01/25 02:18:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2014/01/24 18:24:25 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2014/01/23 19:32:54 | 000,998,704 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\techSupprtTEST.PNG
[2014/01/23 00:20:29 | 000,820,536 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\The IWS Rules_ Book One_ Rise o - Gregg Bell.pdf
[2014/01/22 20:23:01 | 000,187,172 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\SuperDelete.JPG
[2014/01/22 19:42:17 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/01/21 21:56:09 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\Revo Uninstaller.lnk
[2014/01/20 20:46:14 | 000,044,112 | ---- | C] () -- C:\DeniedAcess2RemovalTool#1.JPG
[2014/01/20 20:44:38 | 000,039,781 | ---- | C] () -- C:\DeniedAcess2RemovalTool#2.JPG
[2014/01/18 21:53:48 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2014/01/18 20:37:12 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/14 21:48:44 | 000,021,863 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Local Settings\Application Data\recently-used.xbel
[2014/01/14 18:39:02 | 000,055,716 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\TweetTemplate.JPG
[2014/01/13 18:29:37 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/01/13 18:29:37 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2014/01/13 18:29:37 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2014/01/13 18:29:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2014/01/10 22:55:28 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/10 22:55:28 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/01/03 19:17:09 | 000,024,362 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Desktop\The IWS RulesEXCERPT.rtf
[2014/01/03 18:00:55 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/03 18:00:51 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/03 18:00:51 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/23 19:23:00 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/06 23:09:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2013/12/06 23:05:22 | 000,211,464 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2013/11/30 23:44:15 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Linda Bal\.gtk-bookmarks
[2013/10/23 22:14:26 | 000,609,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/02/22 09:05:21 | 000,157,696 | ---- | C] () -- C:\WINDOWS\ERUNT.exe
[2013/01/20 23:03:52 | 002,791,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-656915689-1776118812-1309765798-1005-0.dat
[2013/01/20 23:03:51 | 000,290,674 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/14 19:21:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/01/14 13:05:22 | 000,053,299 | R--- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/01/28 17:56:47 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Local Settings\Application Data\FASTWiz.html
[2006/12/30 15:59:21 | 018,662,400 | ---- | C] () -- C:\Program Files\Common Files\InterviewPLUS Workstation.msi
[2005/12/22 09:50:04 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Linda Bal\Local Settings\Application Data\fusioncache.dat
[2005/12/22 09:48:26 | 018,662,912 | ---- | C] () -- C:\Program Files\Common Files\TaxWise Workstation.msi
[2005/01/05 18:48:10 | 018,448,384 | ---- | C] () -- C:\Program Files\Common Files\InterviewPLUS Workstation Setup.msi
[2005/01/05 18:45:27 | 018,448,384 | ---- | C] () -- C:\Program Files\Common Files\TaxWise Workstation Setup.msi

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Here's the Extras.Txt

OTL Extras logfile created on: 2/1/2014 5:15:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Linda Bal\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 43.16% Memory free
1.38 Gb Paging File | 0.81 Gb Available in Paging File | 59.12% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 7.06 Gb Free Space | 18.97% Space Free | Partition Type: NTFS

Computer Name: OLDPROCESSOR | User Name: Linda Bal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1434:UDP" = 1434:UDP:LocalSubNet:Enabled:SQL_UDP_PORT_1434
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Linda Bal\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Linda Bal\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:LocalSubNet:Enabled:sqlservr.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:LocalSubNet:Enabled:sqlbrowser.exe -- (Microsoft Corporation)
"C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Amazon\Kindle Previewer\lib\touchLibs\webreader.exe" = C:\Documents and Settings\Linda Bal\Local Settings\Application Data\Amazon\Kindle Previewer\lib\touchLibs\webreader.exe:*:Enabled:webreader -- ()
"C:\Program Files\LibreOffice 4\program\soffice.bin" = C:\Program Files\LibreOffice 4\program\soffice.bin:*:Enabled:LibreOffice -- (The Document Foundation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A3E75B-54C0-407F-8B95-B77705C7DCC4}" = AMRT
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{076B199D-B0B1-413C-914B-E04029503FAD}" = LibTax 2009
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C4E1AFF-779C-443A-9B96-91D0D3063061}" = ReportViewer
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (LIBTAX)
"{3331E34D-38D0-49CE-A395-B30B05FCCE6C}" = calibre
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.10
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D1E2D5B-7F99-4605-B9F2-3FF51D02FE62}" = LibTax 2006
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69833D2A-A3A1-449B-ADF7-5FEBFE48FC55}" = Panda Cloud Antivirus
"{6E8CF8EF-0B33-4D47-89ED-821E9F304896}" = Crystal Reports 9
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EF03F5-0507-4861-9A44-D99FD4C41417}" = Paint.NET v3.5.11
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AA60015-4BAD-4146-9DB2-8AA66762EC54}" = Microsoft SQLXML 4.0 SP1
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{8594A07D-6091-4104-B544-59546A148C92}" = InterviewPLUS Workstation Setup
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A85EA36D-420E-4E0B-9EE8-C76A74C38AB5}" = InterviewPLUS Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB9CC232-87B5-437B-90E8-AB5690E13135}" = LibTax 2008
"{DD3CB916-F91A-41B9-B276-CAC090E91021}" = LibreOffice 4.1.2.3
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6D60C1B-7500-4641-B9A6-2DEB751F99BE}" = LibTax 2010
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E79F34D1-578C-4AB8-922A-1667F87987D2}" = TaxWise Workstation
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F7558F8A-1448-482F-9919-1F96B0234727}" = TaxWise Workstation
"{FC88C8F6-507B-4150-B2B1-6F9A414300ED}" = TaxWise Workstation Setup
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF6FE3EC-F36E-4061-8B06-2429107BCDB0}" = LibreOffice 4.0 Help Pack (English)
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"ActiveTouchMeetingClient" = WebEx
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Amazon Kindle" = Amazon Kindle
"Balabolka" = Balabolka
"Belarc Advisor" = Belarc Advisor 8.4
"GIMP-2_is1" = GIMP 2.8.4
"Google Chrome" = Google Chrome
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"JDiskReport 1.4.0" = JDiskReport 1.4.0
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"Photo Pos Pro" = Photo Pos Pro
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Revo Uninstaller" = Revo Uninstaller 1.95
"Roxio UDF Reader" = Roxio UDF Reader
"Sigil_is1" = Sigil 0.7.2
"SpywareBlaster_is1" = SpywareBlaster 5.0
"VLC media player" = VLC media player 2.1.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b79466521ac97672" = ePubPack
"KindlePreviewer" = Kindle Previewer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2014 7:25:38 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x04124fe0.

Error - 1/24/2014 7:26:41 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04184fe0.

Error - 1/24/2014 8:13:26 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02e74fe0.

Error - 1/24/2014 8:37:22 PM | Computer Name = OLDPROCESSOR | Source = SQLWRITER | ID = 1
Description = SQL writer initialization error: the control dispatcher cannot be 
started [0x80070427].

Error - 1/24/2014 8:40:47 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02f34fe0.

Error - 1/24/2014 9:07:36 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x012c4fe0.

Error - 1/24/2014 9:44:34 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x012b4fe0.

Error - 1/24/2014 9:45:59 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x011b4fe0.

Error - 1/30/2014 3:17:31 PM | Computer Name = OLDPROCESSOR | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8409.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2014 8:10:17 PM | Computer Name = OLDPROCESSOR | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 32.0.1700.102, faulting module
chrome.dll, version 32.0.1700.102, fault address 0x003c398f.

[ System Events ]
Error - 1/28/2014 9:08:07 PM | Computer Name = OLDPROCESSOR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/28/2014 9:08:39 PM | Computer Name = OLDPROCESSOR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/29/2014 11:09:15 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 1/30/2014 2:24:14 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 1/30/2014 3:29:13 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 1/30/2014 5:54:02 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 1/30/2014 10:56:24 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 1/31/2014 1:56:12 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 1/31/2014 10:01:26 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 2/1/2014 3:05:54 PM | Computer Name = OLDPROCESSOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

< End of report >

Thank you!


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
[2014/01/18 23:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## Cookiegal (Aug 27, 2003)

Please navigate to this folder:

C:\Program Files\CA\CA Internet Security Suite

Open the CA Internet Security Suite folder and look for a file named caunst.exe. Is it there?


----------



## GreggIllinois (Jan 5, 2014)

Before I ran the OTL scan I checked for the caunst.exe file and it was there. I ran the scan and re-booted and checked again, and the caunst file was still there. The only questionable thing is the caunst thing did not have the .exe ending when I hovered over it. (see screenshot) (And it looks like I'm hovering over the wrong file but that is because the printscreen didn't pick up the little white arrow.) 

Here's the OTL log:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
C:\Program Files\Spybot - Search & Destroy 2 folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02022014_182429


Thanks!


----------



## Cookiegal (Aug 27, 2003)

Please right-click on caunst and select properties and upload a screenshot.


----------



## GreggIllinois (Jan 5, 2014)

Here's the screenshot. Thanks.


----------



## Cookiegal (Aug 27, 2003)

Try double-clicking on caunst to run the setup and see if there's an uninstall option in there and if so run it.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> Try double-clicking on caunst to run the setup and see if there's an uninstall option in there and if so run it.


No luck. When I tried to open the caunst file I only got this window (screenshot). And then the computer kept gyrating pretty erratically, eventually settling on nearly constant 100 CPU usage. I checked the Processes in the Task Manager and:

setup.exe SYSTEM

had 99% of the cpu usage.

Available space on "C" drive started at 7 something GB and I happened to check it after the attempt to open Caunst and it's now down to 6.92. CPU use has gone down to 20-40 range. It ran at 100 for about ten minutes.

Thanks.


----------



## Cookiegal (Aug 27, 2003)

OK. Please do the following.

Click *Start *then *My Computer*.

On the *Tools *menu click *Folder Options*.

On the *View tab* click *Show hidden files and folders*.

Clear the H*ide protected operating system files (Recommended)* check box. Click Yes when you are prompted to confirm the change.

Clear the *Use simple file sharing (Recommended)* check box.

Click OK.

Boot the machine to safe mode and then log in to your account. Now navigate to the C:\*System Volume Information* folder. Right-click on that folder and click on the Security tab.

Click *Add*, and then type your username as it appears in the box above from locations.

Then click OK, Apply and OK.

Now boot back to Windows normally and run JDiskReport again and post the new screenshot. This time it should show the amount of space that System Restore is occupying.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> OK. Please do the following.
> 
> Click *Start *then *My Computer*.
> 
> ...


No luck Cookiegal. I followed your instructions. I did run into one unexpected window in the Safe mode. It had the headline of "Desktop" and underneath it it said, "This special diagnostic mode of Windows enables you to fix a problem...If you prefer to use System Restore to restore your computer to a previous state click no." (If you need the full message let me know). I clicked Yes on that. But the System Volume Information folder was in shadow and when I right clicked on it it just gave me the typical window of 'open' 'delete' 'rename' etc. . Then when I hovered the cursor over the folder it said: "Folder is empty."

I rebooted and didn't run the JDisk scan because I figured nothing had changed. And I did restore those settings in the "View" tab of "Folder Options" (in "my computer") because I figured that's the way they were when I started.

Space on "C" drive is just over 7 GB.

Thanks.


----------



## Cookiegal (Aug 27, 2003)

When you right-click on the System Volume Information folder there was no option for "Properties"?


----------



## GreggIllinois (Jan 5, 2014)

Went back in and right clicked on properties and followed the instructions but when I got to the adding the username as it appeared in the box above from locations I got stuck with this window appearing (see screenshot). Thanks.


----------



## Cookiegal (Aug 27, 2003)

Try just typing Linda for the user and the rest of your name should appear.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> Try just typing Linda for the user and the rest of your name should appear.


Okay, when I put the full user name in it worked. I ran the Jdisk scan and the screenshot has the results. Cookiegal, I re-did the settings in the Folder Options of My Computer, but I did not go back into the Safe mode and re-do any of what I did in there. I was a little concerned since it was the Security tab. Do I need to go back in there and do anything? And I'll be curious to see what you have to say about the pie chart. Thanks.


----------



## Cookiegal (Aug 27, 2003)

OK, that's good. So System Restore is taking up a large chunk there.

Please go to Start - right-click on My Computer then select "properties" and then click on the System Restore tab. Pull the slider to the left so that System Restore only has 8% of the allocated space and then click "Apply" and OK. Hopefully, this will make some old restore points drop off to regain some free space.

Then reboot the machine and run JDiskReport again and post the new pie chart please.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> OK, that's good. So System Restore is taking up a large chunk there.
> 
> Please go to Start - right-click on My Computer then select "properties" and then click on the System Restore tab. Pull the slider to the left so that System Restore only has 8% of the allocated space and then click "Apply" and OK. Hopefully, this will make some old restore points drop off to regain some free space.
> 
> Then reboot the machine and run JDiskReport again and post the new pie chart please.


LOL My sliding scale went from 7-->9. (I couldn't select 8%.) So I took 9%. I ran the scan. Here's the pie chart.

And about what I asked in the last post, about going back into the Safe mode and un-doing what I did--do I have to do that?

And an observation. After I rebooted and signed in after the Jdisk scan, I got the blue Windows screen but on it was a lot of information. What I caught was something like, 'The "F" file FAT32 is dirty.' Then there were a bunch of numbers. Then, 'the file is ok.' Then the screen disappeared and the computer booted up. Does that signify anything?

Thanks.


----------



## Cookiegal (Aug 27, 2003)

So that didn't affect anything.

Did you have a flash drive inserted at the time when you got that FAT32 error message?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> So that didn't affect anything.
> 
> Did you have a flash drive inserted at the time when you got that FAT32 error message?


Yes, had a flash drive inserted when I got the FAT32 error message. And the going back into the SAFE mode and un-doing those changes--I don't need to do that, right? Thanks.


----------



## Cookiegal (Aug 27, 2003)

Do you mean adding your user account under the Security tab for System Restore? 

If so, it doesn't really matter. All it means is that you will be able to see the System Restore folder whereas before you couldn't.

Can you tell me what the free space is up to now and also if there are any other problems with the machine?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> Do you mean adding your user account under the Security tab for System Restore?
> 
> If so, it doesn't really matter. All it means is that you will be able to see the System Restore folder whereas before you couldn't.


Yes, that's what I was referring to. Thanks.



Cookiegal said:


> Can you tell me what the free space is up to now and also if there are any other problems with the machine?


The free space has actually been sinking the last few days. For a while it was over 7GB, then yesterday it was 6.8GB or so and today it's 6.63GB. And there are no other problems with the machine. Thanks.


----------



## Cookiegal (Aug 27, 2003)

In JDiskReport please click on + to the left of the System Volume Information folder and then on the + beside the folder beneath that that should start with *_restore* followed by a bunch of numbers inside brackets. The post a screenshot or two if needed to get all of the restore points listed below that start with RP.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> In JDiskReport please click on + to the left of the System Volume Information folder and then on the + beside the folder beneath that that should start with *_restore* followed by a bunch of numbers inside brackets. The post a screenshot or two if needed to get all of the restore points listed below that start with RP.


Here are the screenshots. Thanks.


----------



## Cookiegal (Aug 27, 2003)

I'm just wondering if those are displaying by file size or name. Generally, it should be the biggest one comes first in the list.

Please click on "View" and then select "sort by size" and just post a screenshot of the top portion of the list (the top part only is sufficient as those should be the biggest).


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> I'm just wondering if those are displaying by file size or name. Generally, it should be the biggest one comes first in the list.
> 
> Please click on "View" and then select "sort by size" and just post a screenshot of the top portion of the list (the top part only is sufficient as those should be the biggest).


Did as you said. And hovered the mouse over the first few files to see the size:

1076: 7.4GB
1075: 2.6GB
1074: 2.5GB
1072: 962MB
1073: 944MB
1090: 848MB
1043: 473MB
1070: 410MB

and it tapers down from there till you get to the bottom of the screen shot and

1085: 108MB

Thanks!


----------



## Cookiegal (Aug 27, 2003)

We can't delete them from the folder because that will likely corrupt all restore points so I think the best thing to do would be to turn off system restore and turn it back on. This will wipe out all restore points so you won't have any to go back to but it should give you back the missing space and then you'll start fresh with the system creating new restore points.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> We can't delete them from the folder because that will likely corrupt all restore points so I think the best thing to do would be to turn off system restore and turn it back on. This will wipe out all restore points so you won't have any to go back to but it should give you back the missing space and then you'll start fresh with the system creating new restore points.


Okay. I'm just wondering what the implications of turning off the system restore are. (It seems to me you considered turning it off before but decided against it because you didn't want to lose the restore points.) Especially with that Google Redirect virus. What does turning it off do? And after I turn it off, do I turn it back on? Thanks.

A little add-on. And I was reading about how to turn off system restore I came across this:

If you suspect that previous restore points contain copies of infected monitored files that your antivirus program was not able to clean, you can remove these files and all the related restore points from the System Restore archive. To do so, turn off System Restore, and then turn it on again.

Notes
When you turn off System Restore, you remove all the restore points. When you turn on System Restore again, new restore points are created as the schedule and events require.
_Verify that all the signature or the definition files are current. Make sure that your antivirus program is configured to exclude the System Volume Information (SVI) folder (a hidden computer folder that is located in the computer root, or %SYSTEMDRIVE%)._

To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
Click Start, and then click Control Panel.
Click Performance and Maintenance, and then double-click System.
Click the System Restore tab, and then click to select the Turn off System Restore for all drives check box.
Click OK, and then click Yes to initiate the restore point deletion.

To turn on System Restore again after the restore point deletion has completed, repeat these steps, but click to clear the Turn off System Restore for all drives check box.

Would I have to do the stuff in italics? Thanks.


----------



## Cookiegal (Aug 27, 2003)

It's always good to preserve restore points if possible because then if something goes wrong with the system you can take it back to a date before that happened. But sometimes it's good to clear them out and start fresh as infections can be in there too.

Turning off system restore will delete all of the restore points. So that means that you won't be able to take the system back to any earlier dates. You will have to turn it back on and then the system will start creating new system restore points so if you have a problem down the road there should be restore points to go back to (unless malware corrupts them as that can happen).


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> It's always good to preserve restore points if possible because then if something goes wrong with the system you can take it back to a date before that happened. But sometimes it's good to clear them out and start fresh as infections can be in there too.
> 
> Turning off system restore will delete all of the restore points. So that means that you won't be able to take the system back to any earlier dates. You will have to turn it back on and then the system will start creating new system restore points so if you have a problem down the road there should be restore points to go back to (unless malware corrupts them as that can happen).


Hi Cookiegal. (I guess we're almost live.) So do I have to do the stuff in the italics? (In the below section)

When you turn off System Restore, you remove all the restore points. When you turn on System Restore again, new restore points are created as the schedule and events require.
_Verify that all the signature or the definition files are current. Make sure that your antivirus program is configured to exclude the System Volume Information (SVI) folder (a hidden computer folder that is located in the computer root, or %SYSTEMDRIVE%)._


----------



## Cookiegal (Aug 27, 2003)

You shouldn't have to make any changes to your anti-virus program.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> You shouldn't have to make any changes to your anti-virus program.


And the bit about the signature files and definitions. Don't worry about that?


----------



## Cookiegal (Aug 27, 2003)

All that means is that your anti-virus program should be up to date.

Here are the instructions for turning off system restore and creating a new restore point manually. Sorry I didn't post this before but I thought you knew how to do that.

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> All that means is that your anti-virus program should be up to date.
> 
> Here are the instructions for turning off system restore and creating a new restore point manually. Sorry I didn't post this before but I thought you knew how to do that.
> 
> ...


That was kind of Murphy's Law-ish. I went ahead and did the turn off before I got your last email (I missed you by 20 minutes!). So I did My Computer, properties, system restore, I checked 'turn off system restore' and waited for the System Properties dialog window to close. Then I went back in and unchecked the 'turn off system restore' box. I figured I was done. THEN I got your post. Oi vey! So I decided to just do it all over again. One complication really was that the second time I turned off the system restore, the System Properties window stayed on. After a long time I just clicked on OK and it disappeared. I rebooted and followed your instructions about creating a restore point. So I'm hoping everything's okay. I looked at the C drive and there is 18.3 GB, which is more than I ever remember having. Your take on things? (And thanks!)


----------



## Cookiegal (Aug 27, 2003)

Well we've deleted the restore points so that is why you regained all of the space.

Please run JDiskReport again and post the scan of the C: drive without expanding any of the sub-directories.


----------



## GreggIllinois (Jan 5, 2014)

Sorry, Cookiegal. I somehow missed your email. Here's the scan. (The computer's been working well.) Thanks.


----------



## Cookiegal (Aug 27, 2003)

If there are no further problems then we can wrap this up. Let me if there's anything else that needs to be addressed please.


----------



## GreggIllinois (Jan 5, 2014)

I think we're good. The computer's running fine. The available space on C drive is restored and stable. And no signs of that Google redirect virus. Unless you've got anything else, next time I hear from you, I'll come back and mark it "solved." (If that's the way it's supposed to work.) And wow, this has been quite an adventure. I thank you most sincerely for all your help. Thank you!


----------



## Cookiegal (Aug 27, 2003)

You're welcome. 

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging in to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.









Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTL program.

Let me know what programs remain after that as some have specific uninstall instructions.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> You're welcome.
> 
> Here are some final instructions for you.
> 
> ...


Some slightly weird stuff. I did exactly what you said re: Combofix. (see first screenshot) and then screens came on acting as if it was _installing _Combofix. In fact, a window came on saying, 'you have an old version, would you like a new version?' (I clicked no.) Then it continued to install (actually I wasn't positive it was installing, but it seemed to be, the bar graph going across the screen, and then I got the CA warning (see screenshot) that I got before when we tried to use this before. Weird.

The second weird thing was when I double clicked on the AdwClr icon. (a bug). It asked if I wanted the new version and if I did I should go to the website. I clicked okay just to see what AdwClr was, and the IE browser came on but never opened the page. When I Xed out of the browser the AdwClr bug icon was gone from the desktop. Again, weird.

I did the OTL "cleanup" and that worked fine. (And it seemed to me a bunch of icons--like the TDSkiller (sp?)--were gone from the desktop (incl. OTL). Not weird. lol

What's left:

Revo Uninstaller (which I kind of like somehow but also am a little leery of because when I was doing the "advanced" uninstall that was around the time the Google redirect thing showed up. Do you think the Revo Uninstaller is safe to use? And if you do, I'll probably keep it.

TFC
VEW
GMTER
Hijack This
Jdisk Report

And looking for these things I went through the Program Files and deleted a bunch of folders that had piddly little amounts in them (like AVG) and I saw that the CA folder has 81.8 MB in it. Is there any reason I'm keeping that around or should I just delete it?

And I was thinking the Jdisk Report and HijackThis might be handy things to keep.

Thanks.


----------



## Cookiegal (Aug 27, 2003)

I forgot that we couldn't run ComboFix because there were a lot of remnants of CA. You can delete the CA folder.

These can be removed by dragging them to the Recycle bin.

TFC
VEW
GMER
Hijack This

I don't recommend keeping HijackThis as you can always download it again if needed and you shouldn't use it on yoru own.

It's fine to keep Jdisk Report if you want to use it.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> I forgot that we couldn't run ComboFix because there were a lot of remnants of CA. You can delete the CA folder.
> 
> These can be removed by dragging them to the Recycle bin.
> 
> ...


Thanks Cookiegal. I got rid of everything but the JDisk report. But my question about Revo Installer? (Here it is:

(All that's left is) Revo Uninstaller (which I kind of like somehow but also am a little leery of because when I was doing the "advanced" uninstall that was around the time the Google redirect virus showed up. Do you think the Revo Uninstaller is safe to use? And if you do, I'll probably keep it.)

And lastly (see screenshot) I couldn't get rid of the CA folder.


----------



## Cookiegal (Aug 27, 2003)

Sorry, I forgot to answer that question.

I don't really know if Revo is safe or not because the problems with disk space started when it was used although I've never heard of anyone having problems with it. But, I don't think there's any problem with keeping it but you should always try to uninstall things through the Control Panel first followed by a reboot and then if that fails see if that particular software has its own removal tool and then use that followed by a reboot. Sometimes the removal tool should be run a second time to see if anything got left behind. Then Revo can be used as a last resort.

Are there a lot of files in the CA folder? Because it's only saying access is denied on a file and not on the entire folder. You could try deleting one file at a time if there aren't too many then let me know which ones are left with access denied and we'll see if we can delete them.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> Sorry, I forgot to answer that question.
> 
> I don't really know if Revo is safe or not because the problems with disk space started when it was used although I've never heard of anyone having problems with it. But, I don't think there's any problem with keeping it but you should always try to uninstall things through the Control Panel first followed by a reboot and then if that fails see if that particular software has its own removal tool and then use that followed by a reboot. Sometimes the removal tool should be run a second time to see if anything got left behind. Then Revo can be used as a last resort.
> 
> Are there a lot of files in the CA folder? Because it's only saying access is denied on a file and not on the entire folder. You could try deleting one file at a time if there aren't too many then let me know which ones are left with access denied and we'll see if we can delete them.


I think the problem with Revo may have been using the "advanced" mode (for one thing it took a really long time to use it). I've read somewhere that if you use Revo, you should use the "moderate" mode (the "basic" mode is just the software's uninstaller). But that's great advice you gave me about after uninstalling via Control Panel, seeing if there's a removal tool from the software and _then_ trying Revo. Thanks!

In the CA folder was 81MB. After deleting a bunch of it (I, like you said, went into the individual files) I got this window (screenshot), kicking me out. But then I went back in and deleted more. Now the whole CA file has only 433KB.


----------



## Cookiegal (Aug 27, 2003)

Are you not able to delete any more of the file in that folder at all?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> Are you not able to delete any more of the file in that folder at all?


I did go back in the CA file and was able to delete a few more things. Only two files, not folders, remain. See screenshots. As soon as I deleted the latest round of files I got a low memory warning and the Task Manager showed a very high PF Usage for what I have open. (It wouldn't normally be above 1.2.) (It's still high (1.53) after ten minutes or so.


----------



## Cookiegal (Aug 27, 2003)

Please run DDS again and post the new log.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> Please run DDS again and post the new log.


The computer seems to have calmed down considerably (see screenshot). The PF usage is a bit high still. (I would say with what I had open it would normally be around 950 MB. And Chrome crashes every once in a while now--and it never used to.)
Here are the DDS logs. Thanks.

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Linda Bal at 11:39:05 on 2014-02-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.292 [GMT -6:00]
.
AV: CA Anti-Virus Plus *Enabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Cloud Antivirus Firewall *Disabled* 
FW: CA Personal Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.irs.gov/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://libertytax.webex.com/client/T27L/support/ieatgpc.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1164DB00-24E4-4F81-AB8D-38902FB495F7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{395FE8BA-EC24-4BDC-9027-1C388AE800B7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{41C99EEE-D375-448F-93AF-7D13EE295AF7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AFABA86A-A94C-482D-A6AD-AA47205684DE} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs= UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\linda bal\application data\mozilla\firefox\profiles\gjaz7bmp.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-8-27 143352]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-9-30 78840]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-4-28 55288]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-8 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-3-27 58872]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-10 47640]
R2 MSSQL$LIBTAX;SQL Server (LIBTAX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-3 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-4-1 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-6-15 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-4-1 207352]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
R3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-2-12 47632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2013-1-14 1034240]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-10-22 627072]
S4 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe --> c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [?]
S4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe --> c:\program files\ca\ca internet security suite\ccschedulersvc.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]
.
=============== Created Last 30 ================
.
2014-02-23 03:46:17	--------	d-----w-	c:\documents and settings\linda bal\application data\JGsoft
2014-02-23 03:45:44	--------	d-----w-	c:\program files\Just Great Software
2014-02-20 21:37:14	17858952	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2014-02-17 19:56:43	22776944	----a-w-	c:\program files\mozilla firefox\xul.dll
2014-02-17 19:56:39	225656	----a-w-	c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-02-17 19:56:39	17248	----a-w-	c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
2014-02-14 17:59:45	--------	d-----w-	c:\documents and settings\linda bal\application data\DonationCoder
2014-02-14 17:58:56	--------	d-----w-	c:\documents and settings\all users\application data\DonationCoder
2014-02-14 17:58:55	--------	d-----w-	c:\program files\ScreenshotCaptor
2014-02-12 23:30:06	47632	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2014-02-11 19:12:30	--------	d-----w-	c:\program files\Steam
2014-01-27 20:11:42	--------	d-----w-	c:\documents and settings\linda bal\application data\JGoodies
2014-01-27 20:07:34	--------	d-----w-	c:\program files\JGoodies
.
==================== Find3M ====================
.
2014-02-20 21:37:36	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-02-20 21:37:35	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:26:52	920064	----a-w-	c:\windows\system32\wininet.dll
2014-02-05 23:26:43	43520	----a-w-	c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37	18944	----a-w-	c:\windows\system32\corpol.dll
2014-02-05 22:24:05	385024	----a-w-	c:\windows\system32\html.iec
2014-01-04 03:13:05	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-12-07 05:09:56	22	----a-w-	c:\windows\system32\syoepk_lib0.dll
2013-12-05 11:26:06	1172992	----a-w-	c:\windows\system32\msxml3.dll
2013-11-27 20:21:06	40960	----a-w-	c:\windows\system32\drivers\ndproxy.sys
2006-12-03 02:53:08	18662400	-c----w-	c:\program files\common files\InterviewPLUS Workstation.msi
2006-12-03 02:50:42	18662912	------w-	c:\program files\common files\TaxWise Workstation.msi
2004-12-02 21:42:18	18448384	-c----w-	c:\program files\common files\InterviewPLUS Workstation Setup.msi
2004-12-02 21:32:48	18448384	-c----w-	c:\program files\common files\TaxWise Workstation Setup.msi
.
============= FINISH: 11:42:00.65 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2005 3:57:51 PM
System Uptime: 2/25/2014 11:12:24 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 17.062 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 2/12/2014 9:27:20 PM - System Checkpoint
RP2: 2/12/2014 9:30:12 PM - CompleteTurnOffOfSystemRestore
RP3: 2/14/2014 1:56:18 PM - System Checkpoint
RP4: 2/15/2014 2:22:25 PM - System Checkpoint
RP5: 2/17/2014 12:14:39 PM - System Checkpoint
RP6: 2/18/2014 3:36:24 PM - System Checkpoint
RP7: 2/19/2014 5:08:34 PM - System Checkpoint
RP8: 2/20/2014 7:29:53 PM - System Checkpoint
RP9: 2/21/2014 8:04:51 PM - System Checkpoint
RP10: 2/24/2014 4:20:45 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Digital Editions 2.0
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Amazon Kindle
AMRT
Apple Application Support
Apple Software Update
Balabolka
Belarc Advisor 8.4
CA Anti-Virus Plus
CA Personal Firewall
calibre
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Crystal Reports 9
Crystal Reports Basic Runtime for Visual Studio 2008
EditPad Lite 7.3.0
eSupportQFolder
GIMP 2.8.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterviewPLUS Workstation
InterviewPLUS Workstation Setup
Java 7 Update 45
Java Auto Updater
JDiskReport 1.4.0
Kindle Previewer
LaserJet 1018
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.1.2.3
LibTax 2006
LibTax 2008
LibTax 2009
LibTax 2010
Linksys Wireless Manager
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (LIBTAX)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft SQLXML 4.0 SP1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6 Service Pack 2 (KB954459)
OGA Notifier 2.0.0048.0
Paint.NET v3.5.11
Panda Cloud Antivirus
PRS-500 USB driver
QuickTime
Reader Library by Sony
ReportViewer
Revo Uninstaller 1.95
Roxio UDF Reader
Screenshot Captor 4.8
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sigil 0.7.4
Skype 6.10
SolutionCenter
SpywareBlaster 5.0
Steam
SUPERAntiSpyware
TaxWise Workstation
TaxWise Workstation Setup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.1.2
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
2/24/2014 7:40:21 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_child.dll. Reference error message: Error Message is unavailable .
2/24/2014 7:40:20 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_child.dll. Reference error message: The operation completed successfully. .
2/20/2014 12:17:09 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

You know it's very difficult and not the best to try to remove CA this way. There doesn't seem to be an uninstaller that will work on a product that no longer exists. MSE is also still showing on there and needs to be removed.

I think if you have the ability to reinstall Windows that would be the best thing to do to put everything right and start fresh, after backing up all your important stuff first though, such as documents, photographs, music, etc.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> You know it's very difficult and not the best to try to remove CA this way. There doesn't seem to be an uninstaller that will work on a product that no longer exists. MSE is also still showing on there and needs to be removed.
> 
> I think if you have the ability to reinstall Windows that would be the best thing to do to put everything right and start fresh, after backing up all your important stuff first though, such as documents, photographs, music, etc.


Thanks Cookiegal. I know, this has been crazy. The thing is I still have those files I deleted from CA in my Recycle Bin. (see screenshot) Do you think it would be wise to "restore" them to the Program Files and see if that improves things?

As far as the reinstall goes. Don't think I have the CD etc. Think I would pass on that as an option.


----------



## Cookiegal (Aug 27, 2003)

You shouldn't need to restore them. What "things" need improving?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> You shouldn't need to restore them. What "things" need improving?


Thanks Cookiegal. The "things" was that the PF Usage seemed higher than it was before I deleted the CA files and folders. But, keeping an eye on the PF Usage, I did an experiment. I restored the CA files and folders, and the PF Usage stayed the same. So my notion about the PF Usage being higher was mistaken. PF Usage still seems high to me (steadily at 1.25 GB with just a browser (two tabs open) and the task manager open) though. Or is this normal for a machine like mine?


----------



## Cookiegal (Aug 27, 2003)

What process is using the most resources?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> What process is using the most resources?


It's "System Idle Process" with activity in the 90s. Then Chrome.

The computer is really working well except for that. It's quick and I'm very happy with it. What it is is that in the past the computer only stressed out when I was doing something really demanding like editing my website or re-sizing a really large digital photo in a photo-editing software. Now it gets stressed out just having four or five tabs open, or in posting Tweets on Twitter (with multiple tabs open). Like in the screenshot. A couple of months ago with that much open the PF Usage might have approached 1.2GB. And my browser only crashed once or twice a year. Now it crashes probably once every two days.

I think a big part of it is that the computer is just old and getting a little bloated. And it could probably use more memory, but with the April 8th MS cutoff of support for XP looming I'm hesitant to do that.

The computer is really working well. And the occasional crash is no big deal. I'm absolutely delighted with all you've helped me with. If you should have some ideas about the current situation, great, but if not, I am a very happy camper with the way things are. Thanks!

An additional observation: As you know I did an experiment with restoring (from the Recycle Bin) the CA files I deleted. Well, this very high PF Usage really did seem to start when I first removed those files and folders, so, despite my experiment showing it made no difference, I decided to restore them once again. However, this time every time I went to restore a file or folder a window popped up saying that file or folder was already there. But when I checked in the Program Files, only the two files that could not be removed were there. And hovering the cursor over the CA Folder (which previously showed 81 mb) now showed 5mb, so clearly the files and folders are not there).

I don't know if this means anything but I figured I'd report it to you in case it did.

And now I just went and hit "Yes to all" when it asked if I wanted to overwrite all the CA Files. But when I looked in the CA folder, although the folders were indeed there, there was nothing in them (none of the files) and the total CA size was still 5mb. And come to think of it, a lot of the files I deleted individually (like that caunst file we dealt with earlier) were not even in the Recyle Bin, which I haven't emptied in ages, as if they'd just disappeared.

And I am starting to think something's wrong (beyond age and bloat). With just three very ordinary tabs open, the PFUsage (see "high" screenshot) is very high. (And again, the 'process' is mostly 'System Idle Process' (in the high 90s)).


----------



## Cookiegal (Aug 27, 2003)

It's normal that System Idle process be in the high 90s. This is what it should be when nothing else is using resources.

Can you post screenshots of the processes tab when the usage is high?

What do you plan on doing when XP support ends on April 8th? Will you be changing your computer?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> It's normal that System Idle process be in the high 90s. This is what it should be when nothing else is using resources.
> 
> Can you post screenshots of the processes tab when the usage is high?
> 
> What do you plan on doing when XP support ends on April 8th? Will you be changing your computer?


Thanks Cookiegal. This high PF usage is kind of a riddle to me because the computer is working as well and as quickly as ever (better than ever). Anyway, here are the Processes screenshots (I had to do it in two to get them the entire screen). At the time of the screenshots the PF usage was at 1.61GB.

I'm searching for options as to what to do April 8. (I am open to any suggestions!) I have access to two or three of these Dells that I'm using now. (I work in an office that will be getting new computers come April 8th and I can have the old ones.) With a friend's help,I have already converted one of them to Xubunutu 13.10. There are several software programs that supposedly do not function well on Xubuntu that I like (paint.net, Sigil etc) so I am thinking of keeping this computer (that you've been doing all the work on) and come April 8th using it off-line (to avoid a virus) when I need to use the programs that won't work on Xubuntu. As to what I will get to use on a regular basis instead of this computer (this computer is my computer for work and my life-line so to speak), I am not sure yet. I am thinking of perhaps converting another one of the Dells to Xubuntu 13.10, and Frank (Flavalee) here in the Tech Guy forum suggested perhaps getting a refurbished computer with maybe Windows 7 (and more memory!) on it from NewEgg or Overstock.com.


----------



## Cookiegal (Aug 27, 2003)

The second one is quite normal with System Idle at 97 and only two other applications, Chrome and the Task Manager using a bit.

But the first one is the Sql Server that using 17%. What do you use that for and do you really need it?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> The second one is quite normal with System Idle at 97 and only two other applications, Chrome and the Task Manager using a bit.
> 
> But the first one is the Sql Server that using 17%. What do you use that for and do you really need it?


I don't know what Sql Server was being used for. I just opened up three or four of the tabs I usually use (without remembering which exact ones). They were probably an email site, an online image editor and maybe Twitter.

Just now I Googled Sql Server.exe and they said it is used for 3rd party apps and such. I know I've got Adblocker Plus, Click and Clean and Screen Shot Captor, which is what I used to take the screen shots. And I've been looking at SqlServerer.exe as I open some tabs and it seems to go up (up to 28) every time I open a tab, but then it falls right back down to zero.


----------



## Cookiegal (Aug 27, 2003)

When the usage is very high then grab a screenshot and post it.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> When the usage is very high then grab a screenshot and post it.


The usage has calmed down substantially. I don't know how. When I turned on the computer today and it settled down PF Usage was 598! When I started doing stuff it of course went up and at times was a little high, but nothing like the last few days when it hit 1.65GB. I'll keep an eye on it and take that screenshot if it goes very high again. Thanks!


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> You're welcome.


Computer is working great. It's just the PF Usage again. I had five (pretty ordinary--not big CPU users) tabs open and MS Office Word 2003 and Task Manager. My only indication the PF Usage was high was when I went to open a new tab and Chrome showed that "Aw Snap!" icon and the tab wouldn't open. Checked PF Usage. 1.71 GB. Took the screenshots below. Thanks.


----------



## Cookiegal (Aug 27, 2003)

What specific problems are you seeing there?


----------



## GreggIllinois (Jan 5, 2014)

Cookiegal said:


> What specific problems are you seeing there?


I couldn't tell anything from the processes, but I had a revelation today: I used Firefox instead of Chrome and the PFUsage was much lower and I was never threatened with virtual memory warnings and no crashes. I think there may be something up with Chrome but I am not worried about it because I want to use Firefox more now anyway. I think things are looking very good now. :up:Thanks so much!


----------



## Cookiegal (Aug 27, 2003)

OK. Sounds good.


----------



## valis (Sep 24, 2004)

GreggIllinois said:


> I couldn't tell anything from the processes, but I had a revelation today: I used Firefox instead of Chrome and the PFUsage was much lower and I was never threatened with virtual memory warnings and no crashes. I think there may be something up with Chrome but I am not worried about it because I want to use Firefox more now anyway. I think things are looking very good now. :up:Thanks so much!


FYI, I have had the same issue with Chrome on my pc; I don't know why, but FF uses a ton less PF than Chrome does, and Chrome will also eventually tie up all the resources.

Just my plugged nickel's worth.


----------



## Cookiegal (Aug 27, 2003)

Yes, I've heard that Chrome can take up a lot of resources at least for some users.


----------

