Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
antivirus security pro
Message
<blockquote data-quote="arnoldbowman@aol.com" data-source="post: 145183" data-attributes="member: 15081"><p>It generated 2 documents. I will paste both of them</p><p>1-Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2013 01</p><p>Ran by abowman (administrator) on STATION3 on 22-11-2013 15:52:33</p><p>Running from G:\</p><p>Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Normal</p><p></p><p>==================== Processes (Whitelisted) ===================</p><p></p><p>(Symantec Corporation) D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe</p><p>(Symantec Corporation) D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe</p><p>(Symantec Corporation) D:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe</p><p>(SurfRight B.V.) D:\Program Files\HitmanPro\hmpsched.exe</p><p>(Symantec Corporation) D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>(Symantec Corporation) D:\Program Files\Common Files\Symantec Shared\ccApp.exe</p><p>(Realtek Semiconductor Corp.) D:\WINDOWS\RTHDCPL.EXE</p><p>(iCode Inc.) D:\Program Files\Icode\Everest\Client\Everest.exe</p><p>(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Mozilla Corporation) D:\Program Files\Mozilla Firefox\plugin-container.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [Adobe ARM] - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Synchronization Manager] - D:\WINDOWS\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)</p><p>HKLM\...\Run: [CanonSolutionMenu] - D:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [689488 2008-03-10] (CANON INC.)</p><p>HKLM\...\Run: [ccApp] - D:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-12-11] (Symantec Corporation)</p><p>HKLM\...\Run: [RTHDCPL] - D:\WINDOWS\RTHDCPL.EXE [18789920 2012-01-31] (Realtek Semiconductor Corp.)</p><p>HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1</p><p>HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0</p><p>HKCU\...\Run: [AS2014] - D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe</p><p>HKCU\...\Run: [gfkjhxxd] - "D:\Documents and Settings\ABowman\Local Settings\Application Data\njdprbwt.exe"</p><p>HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION </p><p>HKCU\...\Policies\Explorer: [DisablePersonalDirChange] 1</p><p>HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0</p><p>HKU\abowman.STATION3\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION </p><p>HKU\Administrator\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION </p><p>HKU\administrator.RIOGRANDESALES\...\Run: [AS2014] - D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe</p><p>HKU\administrator.RIOGRANDESALES\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION </p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC</p><p>BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File</p><p>DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1327095304203</p><p>Tcpip\..\Interfaces\{F7750B09-3B95-43F6-BC22-58ADEAF8F74D}: [NameServer]192.168.254.11,68.94.156.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: D:\Documents and Settings\ABowman\Application Data\Mozilla\Firefox\Profiles\msothoo6.default</p><p>FF user.js: detected! => D:\Documents and Settings\ABowman\Application Data\Mozilla\Firefox\Profiles\msothoo6.default\user.js</p><p>FF Homepage: hxxp://www.aol.com/</p><p>FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()</p><p>FF Plugin: @microsoft.com/WPF,version=3.5 - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF Plugin: Adobe Reader - D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\</p><p>FF Extension: Microsoft .NET Framework Assistant - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>R2 ccEvtMgr; D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-12-11] (Symantec Corporation)</p><p>R2 ccSetMgr; D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-12-11] (Symantec Corporation)</p><p>R2 HitmanProScheduler; D:\Program Files\HitmanPro\hmpsched.exe [106280 2013-11-22] (SurfRight B.V.)</p><p>S3 LiveUpdate; D:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)</p><p>R2 SmcService; D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-12-11] (Symantec Corporation)</p><p>S4 SNAC; D:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-12-11] (Symantec Corporation)</p><p>R2 Symantec AntiVirus; D:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-12-11] (Symantec Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 Ambfilt; D:\Windows\System32\drivers\Ambfilt.sys [1691480 2012-01-31] (Creative)</p><p>S3 COH_Mon; D:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2009-12-11] (Symantec Corporation)</p><p>R1 eeCtrl; D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)</p><p>R3 EraserUtilRebootDrv; D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)</p><p>S3 Monfilt; D:\Windows\System32\drivers\Monfilt.sys [1395800 2012-01-31] (Creative Technology Ltd.)</p><p>R3 NAVENG; D:\Program Files\Common Files\Symantec Shared\VirusDefs\20131121.023\NAVENG.SYS [93272 2013-11-19] (Symantec Corporation)</p><p>R3 NAVEX15; D:\Program Files\Common Files\Symantec Shared\VirusDefs\20131121.023\NAVEX15.SYS [1612376 2013-11-19] (Symantec Corporation)</p><p>R1 SPBBCDrv; D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-12-11] (Symantec Corporation)</p><p>R1 SRTSP; D:\Windows\System32\Drivers\SRTSP.SYS [281648 2009-12-11] (Symantec Corporation)</p><p>S3 SRTSPL; D:\Windows\System32\Drivers\SRTSPL.SYS [320560 2009-12-11] (Symantec Corporation)</p><p>R1 SRTSPX; D:\Windows\System32\Drivers\SRTSPX.SYS [43696 2009-12-11] (Symantec Corporation)</p><p>R3 SymEvent; D:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2012-01-26] (Symantec Corporation)</p><p>R3 SYMREDRV; D:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-12-11] (Symantec Corporation)</p><p>R1 SYMTDI; D:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-12-11] (Symantec Corporation)</p><p>S4 SysPlant; D:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-12-11] (Symantec Corporation)</p><p>R3 Teefer2; D:\Windows\System32\DRIVERS\teefer2.sys [50064 2009-12-11] (Symantec Corporation)</p><p>S3 TRCDR; D:\Windows\System32\DRIVERS\trcdr.sys [32092 2011-07-28] (Worth Data, Inc.)</p><p>R1 WPS; D:\WINDOWS\system32\drivers\wpsdrvnt.sys [42312 2009-12-11] (Symantec Corporation)</p><p>R3 WpsHelper; D:\WINDOWS\system32\drivers\WpsHelper.sys [174056 2013-05-30] (Symantec Corporation)</p><p>S4 IntelIde; No ImagePath</p><p>U1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-11-22 15:52 - 2013-11-22 15:52 - 00000000 ____D D:\FRST</p><p>2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Program Files\HitmanPro</p><p>2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Malwarebytes</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Malwarebytes</p><p>2013-11-22 10:15 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys</p><p>2013-11-21 11:10 - 2013-11-21 11:10 - 00000000 ____D D:\Documents and Settings\Administrator\Start Menu\Programs\Antivirus Security Pro</p><p>2013-11-20 18:38 - 2013-11-22 11:33 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-11-20 18:01 - 2013-11-20 18:01 - 00000000 __SHD D:\Documents and Settings\administrator.RIOGRANDESALES\PrivacIE</p><p>2013-11-20 17:49 - 2013-11-20 17:50 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Application Data\Adobe</p><p>2013-11-20 17:49 - 2013-11-20 17:49 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Application Data\Adobe</p><p>2013-11-20 17:43 - 2013-11-20 17:43 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Start Menu\Programs\Antivirus Security Pro</p><p>2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 _____ D:\Documents and Settings\ABowman\Application Data\SharedSettings.ccs</p><p>2013-11-20 17:36 - 2013-11-21 11:10 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\ngXgVar3</p><p>2013-11-20 17:36 - 2013-11-20 17:36 - 00000000 ____D D:\Documents and Settings\ABowman\Start Menu\Programs\Antivirus Security Pro</p><p>2013-11-15 11:56 - 2013-11-18 10:04 - 00000000 ____D D:\Program Files\Mozilla Firefox</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00008898 _____ D:\WINDOWS\KB2900986.log</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2900986$</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2876331$</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2868626$</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2862152$</p><p>2013-11-13 17:55 - 2013-11-13 17:56 - 00014617 _____ D:\WINDOWS\KB2888505-IE8.log</p><p>2013-11-13 10:27 - 2013-11-13 17:56 - 00014721 _____ D:\WINDOWS\KB2868626.log</p><p>2013-11-13 10:27 - 2013-11-13 17:56 - 00013630 _____ D:\WINDOWS\KB2862152.log</p><p>2013-11-13 10:27 - 2013-11-13 17:56 - 00013154 _____ D:\WINDOWS\KB2876331.log</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-11-22 15:52 - 2013-11-22 15:52 - 00000000 ____D D:\FRST</p><p>2013-11-22 15:33 - 2012-04-03 09:08 - 00000830 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2013-11-22 15:13 - 2012-01-24 14:51 - 00000152 _____ D:\WINDOWS\system32\config\netlogon.ftl</p><p>2013-11-22 12:33 - 2012-01-03 15:52 - 00032466 _____ D:\WINDOWS\SchedLgU.Txt</p><p>2013-11-22 12:23 - 2012-01-03 15:50 - 01452320 _____ D:\WINDOWS\WindowsUpdate.log</p><p>2013-11-22 11:45 - 2012-01-24 15:07 - 00000426 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{E19F1FCB-8C97-4D2C-A1A1-951C031EDCBC}.job</p><p>2013-11-22 11:44 - 2003-06-20 04:00 - 00002206 _____ D:\WINDOWS\system32\wpa.dbl</p><p>2013-11-22 11:43 - 2012-01-03 15:59 - 00000178 ___SH D:\Documents and Settings\Administrator\ntuser.ini</p><p>2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Program Files\HitmanPro</p><p>2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro</p><p>2013-11-22 11:33 - 2013-11-20 18:38 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-11-22 11:25 - 2012-01-03 08:37 - 00513832 _____ D:\WINDOWS\system32\PerfStringBackup.INI</p><p>2013-11-22 11:21 - 2012-01-03 15:52 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT</p><p>2013-11-22 11:21 - 2012-01-03 08:44 - 00000159 _____ D:\WINDOWS\wiadebug.log</p><p>2013-11-22 11:21 - 2012-01-03 08:44 - 00000050 _____ D:\WINDOWS\wiaservc.log</p><p>2013-11-22 11:20 - 2012-01-20 14:55 - 00000000 ____D D:\WINDOWS\ie8updates</p><p>2013-11-22 10:26 - 2012-01-03 15:49 - 00000000 ____D D:\WINDOWS\srchasst</p><p>2013-11-22 10:25 - 2012-01-03 15:59 - 00000000 ____D D:\Documents and Settings\Administrator</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Malwarebytes</p><p>2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Malwarebytes</p><p>2013-11-22 09:47 - 2012-01-03 08:33 - 00000000 ____D D:\WINDOWS\security</p><p>2013-11-21 11:25 - 2012-01-24 14:52 - 00000000 __SHD D:\WINDOWS\CSC</p><p>2013-11-21 11:10 - 2013-11-21 11:10 - 00000000 ____D D:\Documents and Settings\Administrator\Start Menu\Programs\Antivirus Security Pro</p><p>2013-11-21 11:10 - 2013-11-20 17:36 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\ngXgVar3</p><p>2013-11-21 11:10 - 2012-01-25 13:47 - 00046840 _____ D:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT</p><p>2013-11-21 11:08 - 2012-01-25 13:46 - 00000178 ___SH D:\Documents and Settings\administrator.RIOGRANDESALES\ntuser.ini</p><p>2013-11-21 09:49 - 2012-01-24 15:01 - 00000278 ___SH D:\Documents and Settings\ABowman\ntuser.ini</p><p>2013-11-20 18:01 - 2013-11-20 18:01 - 00000000 __SHD D:\Documents and Settings\administrator.RIOGRANDESALES\PrivacIE</p><p>2013-11-20 18:01 - 2012-01-25 13:45 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES</p><p>2013-11-20 17:50 - 2013-11-20 17:49 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Application Data\Adobe</p><p>2013-11-20 17:49 - 2013-11-20 17:49 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Application Data\Adobe</p><p>2013-11-20 17:43 - 2013-11-20 17:43 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Start Menu\Programs\Antivirus Security Pro</p><p>2013-11-20 17:43 - 2012-01-25 13:46 - 00046840 _____ D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Application Data\GDIPFONTCACHEV1.DAT</p><p>2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 _____ D:\Documents and Settings\ABowman\Application Data\SharedSettings.ccs</p><p>2013-11-20 17:36 - 2013-11-20 17:36 - 00000000 ____D D:\Documents and Settings\ABowman\Start Menu\Programs\Antivirus Security Pro</p><p>2013-11-19 10:45 - 2013-03-15 13:23 - 00000000 ____D D:\Program Files\Mozilla Maintenance Service</p><p>2013-11-18 18:10 - 2012-01-24 15:01 - 00000000 ____D D:\Documents and Settings\ABowman</p><p>2013-11-18 10:04 - 2013-11-15 11:56 - 00000000 ____D D:\Program Files\Mozilla Firefox</p><p>2013-11-15 10:19 - 2012-04-03 09:08 - 00692616 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe</p><p>2013-11-15 10:19 - 2012-01-27 16:58 - 00071048 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl</p><p>2013-11-15 10:19 - 2012-01-24 18:01 - 00000000 ____D D:\Documents and Settings\ABowman\Local Settings\Application Data\Adobe</p><p>2013-11-14 16:15 - 2012-01-25 13:37 - 00046840 _____ D:\Documents and Settings\ABowman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00008898 _____ D:\WINDOWS\KB2900986.log</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2900986$</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2876331$</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2868626$</p><p>2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2862152$</p><p>2013-11-13 17:56 - 2013-11-13 17:55 - 00014617 _____ D:\WINDOWS\KB2888505-IE8.log</p><p>2013-11-13 17:56 - 2013-11-13 10:27 - 00014721 _____ D:\WINDOWS\KB2868626.log</p><p>2013-11-13 17:56 - 2013-11-13 10:27 - 00013630 _____ D:\WINDOWS\KB2862152.log</p><p>2013-11-13 17:56 - 2013-11-13 10:27 - 00013154 _____ D:\WINDOWS\KB2876331.log</p><p>2013-11-13 17:56 - 2012-01-20 14:30 - 00089589 _____ D:\WINDOWS\updspapi.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 01405636 _____ D:\WINDOWS\iis6.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 01266633 _____ D:\WINDOWS\FaxSetup.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00654107 _____ D:\WINDOWS\ocgen.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00583418 _____ D:\WINDOWS\tsoc.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00431288 _____ D:\WINDOWS\comsetup.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00393680 _____ D:\WINDOWS\msmqinst.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00259686 _____ D:\WINDOWS\ntdtcsetup.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00222639 _____ D:\WINDOWS\netfxocm.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00087762 _____ D:\WINDOWS\MedCtrOC.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00070311 _____ D:\WINDOWS\ocmsn.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00064385 _____ D:\WINDOWS\tabletoc.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00063598 _____ D:\WINDOWS\msgsocm.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00001393 _____ D:\WINDOWS\imsins.log</p><p>2013-11-13 17:56 - 2012-01-03 08:37 - 00001393 _____ D:\WINDOWS\imsins.BAK</p><p>2013-11-13 17:55 - 2013-08-13 17:00 - 00000000 ____D D:\WINDOWS\system32\MRT</p><p>2013-11-13 17:54 - 2012-01-20 14:57 - 80340640 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe</p><p>2013-11-11 16:35 - 2012-01-27 16:59 - 00000664 _____ D:\WINDOWS\system32\d3d9caps.dat</p><p>2013-10-31 04:51 - 2012-01-03 08:36 - 00491302 _____ D:\WINDOWS\setupapi.log</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>D:\Documents and Settings\ABowman\Local Settings\Temp\applnch.exe</p><p>D:\Documents and Settings\ABowman\Local Settings\Temp\fp_pl_pfs_installer.exe</p><p>D:\Documents and Settings\ABowman\Local Settings\Temp\MSETUP4.EXE</p><p>D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Temp\applnch.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>D:\Windows\explorer.exe => MD5 is legit</p><p>D:\Windows\System32\winlogon.exe => MD5 is legit</p><p>D:\Windows\System32\svchost.exe => MD5 is legit</p><p>D:\Windows\System32\services.exe => MD5 is legit</p><p>D:\Windows\System32\User32.dll => MD5 is legit</p><p>D:\Windows\System32\userinit.exe => MD5 is legit</p><p>D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== End Of Log ============================</p><p>2-Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2013 01</p><p>Ran by abowman at 2013-11-22 15:52:59</p><p>Running from G:\</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}</p><p>FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>Adobe AIR (Version: 3.1.0.4880)</p><p>Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)</p><p>Adobe Flash Player 11 Plugin (Version: 11.9.900.152)</p><p>Adobe Reader X (10.1.8) (Version: 10.1.8)</p><p>ArcSoft PhotoStudio 5.5</p><p>Canon CanoScan LiDE 200 User Registration</p><p>Canon MP Navigator EX 2.0</p><p>Canon Utilities Solution Menu</p><p>CanoScan LiDE 200 Scanner Driver</p><p>Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)</p><p>Everest Advanced Edition 5.0.2.6 (Client) (Version: 1.00.0000)</p><p>GhostMouse 2.0</p><p>GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880)</p><p>Hardware Utilities 1.0</p><p>HitmanPro 3.7 (Version: 3.7.8.208)</p><p>KwikCountEX 2.0</p><p>LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)</p><p>Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)</p><p>Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)</p><p>Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)</p><p>Microsoft .NET Framework 3.5 SP1</p><p>Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)</p><p>Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)</p><p>Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)</p><p>Mozilla Maintenance Service (Version: 25.0.1)</p><p>MSN</p><p>MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)</p><p>MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)</p><p>novaPDF Standard Desktop 7.7 printer</p><p>Realtek High Definition Audio Driver (Version: 5.10.0.6024)</p><p>Symantec Endpoint Protection (Version: 11.0.5002.333)</p><p>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)</p><p>Update for Windows XP (KB2345886) (Version: 1)</p><p>Update for Windows XP (KB2541763) (Version: 1)</p><p>Update for Windows XP (KB2641690) (Version: 1)</p><p>Update for Windows XP (KB2661254-v2) (Version: 2)</p><p>Update for Windows XP (KB2718704) (Version: 1)</p><p>Update for Windows XP (KB2736233) (Version: 1)</p><p>Update for Windows XP (KB2749655) (Version: 1)</p><p>Update for Windows XP (KB2863058) (Version: 1)</p><p>Update for Windows XP (KB898461) (Version: 1)</p><p>Update for Windows XP (KB951978) (Version: 1)</p><p>Update for Windows XP (KB955759) (Version: 1)</p><p>Update for Windows XP (KB968389) (Version: 1)</p><p>Update for Windows XP (KB971029) (Version: 1)</p><p>Update for Windows XP (KB971737) (Version: 1)</p><p>Update for Windows XP (KB973687) (Version: 1)</p><p>Update for Windows XP (KB973815) (Version: 1)</p><p>WebFldrs XP (Version: 9.50.7523)</p><p>Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)</p><p>Windows Genuine Advantage Validation Tool (KB892130)</p><p>Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)</p><p>Windows Internet Explorer 8 (Version: 20090308.140743)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>23-08-2013 23:28:27 System Checkpoint</p><p>25-08-2013 04:32:05 System Checkpoint</p><p>26-08-2013 04:40:11 System Checkpoint</p><p>27-08-2013 19:25:19 System Checkpoint</p><p>28-08-2013 23:41:06 System Checkpoint</p><p>28-08-2013 23:59:34 Software Distribution Service 3.0</p><p>30-08-2013 17:24:46 System Checkpoint</p><p>31-08-2013 17:56:40 System Checkpoint</p><p>01-09-2013 17:58:45 System Checkpoint</p><p>02-09-2013 18:36:48 System Checkpoint</p><p>03-09-2013 19:14:27 System Checkpoint</p><p>04-09-2013 19:15:06 System Checkpoint</p><p>05-09-2013 20:00:37 System Checkpoint</p><p>06-09-2013 20:27:58 System Checkpoint</p><p>07-09-2013 20:29:56 System Checkpoint</p><p>08-09-2013 21:06:33 System Checkpoint</p><p>09-09-2013 21:19:47 System Checkpoint</p><p>10-09-2013 21:40:02 System Checkpoint</p><p>11-09-2013 23:20:12 System Checkpoint</p><p>11-09-2013 23:58:57 Software Distribution Service 3.0</p><p>13-09-2013 16:21:12 System Checkpoint</p><p>14-09-2013 16:23:31 System Checkpoint</p><p>15-09-2013 17:35:02 System Checkpoint</p><p>16-09-2013 18:09:07 System Checkpoint</p><p>17-09-2013 19:16:04 System Checkpoint</p><p>18-09-2013 19:30:16 System Checkpoint</p><p>19-09-2013 20:03:01 System Checkpoint</p><p>20-09-2013 22:03:26 System Checkpoint</p><p>21-09-2013 23:05:04 System Checkpoint</p><p>22-09-2013 23:58:48 System Checkpoint</p><p>24-09-2013 19:48:11 System Checkpoint</p><p>25-09-2013 22:30:28 System Checkpoint</p><p>26-09-2013 23:35:11 System Checkpoint</p><p>27-09-2013 23:36:07 System Checkpoint</p><p>28-09-2013 23:37:13 System Checkpoint</p><p>30-09-2013 01:53:45 System Checkpoint</p><p>01-10-2013 20:00:29 System Checkpoint</p><p>02-10-2013 20:08:52 System Checkpoint</p><p>03-10-2013 20:16:41 System Checkpoint</p><p>05-10-2013 00:15:59 System Checkpoint</p><p>06-10-2013 00:23:27 System Checkpoint</p><p>07-10-2013 01:09:27 System Checkpoint</p><p>08-10-2013 17:13:52 System Checkpoint</p><p>09-10-2013 17:17:34 System Checkpoint</p><p>10-10-2013 17:32:27 System Checkpoint</p><p>11-10-2013 00:03:28 Software Distribution Service 3.0</p><p>12-10-2013 00:35:52 System Checkpoint</p><p>13-10-2013 01:22:31 System Checkpoint</p><p>14-10-2013 01:34:30 System Checkpoint</p><p>15-10-2013 19:34:44 System Checkpoint</p><p>16-10-2013 19:41:01 System Checkpoint</p><p>17-10-2013 21:28:29 System Checkpoint</p><p>18-10-2013 00:01:22 Software Distribution Service 3.0</p><p>19-10-2013 00:24:22 System Checkpoint</p><p>19-10-2013 09:00:13 Software Distribution Service 3.0</p><p>20-10-2013 09:43:53 System Checkpoint</p><p>21-10-2013 09:52:53 System Checkpoint</p><p>22-10-2013 19:09:09 System Checkpoint</p><p>24-10-2013 18:45:17 System Checkpoint</p><p>25-10-2013 19:44:36 System Checkpoint</p><p>26-10-2013 19:52:34 System Checkpoint</p><p>27-10-2013 19:57:23 System Checkpoint</p><p>28-10-2013 21:06:28 System Checkpoint</p><p>29-10-2013 21:37:18 System Checkpoint</p><p>30-10-2013 22:25:17 System Checkpoint</p><p>31-10-2013 22:26:21 System Checkpoint</p><p>02-11-2013 00:40:00 System Checkpoint</p><p>03-11-2013 01:16:12 System Checkpoint</p><p>04-11-2013 02:15:07 System Checkpoint</p><p>05-11-2013 20:19:16 System Checkpoint</p><p>06-11-2013 21:15:22 System Checkpoint</p><p>07-11-2013 21:49:34 System Checkpoint</p><p>09-11-2013 01:17:32 System Checkpoint</p><p>10-11-2013 01:53:33 System Checkpoint</p><p>11-11-2013 02:02:02 System Checkpoint</p><p>12-11-2013 20:21:44 System Checkpoint</p><p>13-11-2013 20:22:49 System Checkpoint</p><p>14-11-2013 00:54:53 Software Distribution Service 3.0</p><p>15-11-2013 19:13:05 System Checkpoint</p><p>16-11-2013 19:19:08 System Checkpoint</p><p>17-11-2013 20:19:08 System Checkpoint</p><p>18-11-2013 21:25:19 System Checkpoint</p><p>20-11-2013 18:52:09 System Checkpoint</p><p>21-11-2013 19:34:43 System Checkpoint</p><p>22-11-2013 20:30:48 System Checkpoint</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>2003-06-20 04:00 - 2003-06-20 04:00 - 00000734 ____A D:\WINDOWS\system32\Drivers\etc\hosts</p><p>127.0.0.1 localhost</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{E19F1FCB-8C97-4D2C-A1A1-951C031EDCBC}.job => D:\WINDOWS\system32\msfeedssync.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2005-10-17 22:53 - 2005-10-17 22:53 - 01191936 _____ () D:\Program Files\Icode\Everest\Client\prompt.dll</p><p>2005-08-04 01:43 - 2005-08-04 01:43 - 01429504 _____ () D:\Program Files\Icode\Everest\Client\crlov.dll</p><p>2013-11-15 11:56 - 2013-11-15 11:56 - 03363952 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll</p><p>2013-11-15 10:19 - 2013-11-15 10:19 - 16237448 _____ () D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Video Controller (VGA Compatible)</p><p>Description: Video Controller (VGA Compatible)</p><p>Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}</p><p>Manufacturer: </p><p>Service: </p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p>Name: SM Bus Controller</p><p>Description: SM Bus Controller</p><p>Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}</p><p>Manufacturer: </p><p>Service: </p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (11/21/2013 10:03:33 AM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 700)</p><p>Time: Thursday, November 21, 2013 10:03:33 AM</p><p></p><p>Error: (11/20/2013 05:56:12 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:12 PM</p><p></p><p>Error: (11/20/2013 05:56:04 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:04 PM</p><p></p><p>Error: (11/20/2013 05:56:02 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:02 PM</p><p></p><p>Error: (11/20/2013 05:56:01 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:01 PM</p><p></p><p>Error: (11/20/2013 05:55:59 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:59 PM</p><p></p><p>Error: (11/20/2013 05:55:57 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:57 PM</p><p></p><p>Error: (11/20/2013 05:55:53 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:53 PM</p><p></p><p>Error: (11/20/2013 05:55:50 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:50 PM</p><p></p><p>Error: (11/20/2013 05:55:49 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:49 PM</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (11/22/2013 00:02:27 PM) (Source: DCOM) (User: RIOGRANDESALES)</p><p>Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""</p><p>in order to run the server:</p><p>{E60687F7-01A1-40AA-86AC-DB1CBF673334}</p><p></p><p>Error: (11/22/2013 00:00:29 PM) (Source: DCOM) (User: RIOGRANDESALES)</p><p>Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""</p><p>in order to run the server:</p><p>{E60687F7-01A1-40AA-86AC-DB1CBF673334}</p><p></p><p>Error: (11/22/2013 11:39:20 AM) (Source: 0) (User: )</p><p>Description: \Device\Ide\IdePort2</p><p></p><p>Error: (11/22/2013 11:38:39 AM) (Source: 0) (User: )</p><p>Description: \Device\Ide\IdePort2</p><p></p><p>Error: (11/22/2013 11:36:44 AM) (Source: 0) (User: )</p><p>Description: \Device\Ide\IdePort2</p><p></p><p>Error: (11/22/2013 11:36:42 AM) (Source: 0) (User: )</p><p>Description: \Device\Ide\IdePort2</p><p></p><p>Error: (11/22/2013 11:21:27 AM) (Source: 0) (User: )</p><p>Description: 0xC0000001HarddiskVolume4</p><p></p><p>Error: (11/22/2013 10:27:11 AM) (Source: 0) (User: )</p><p>Description: 0xC0000001HarddiskVolume4</p><p></p><p>Error: (11/21/2013 11:22:18 AM) (Source: DCOM) (User: NT AUTHORITY)</p><p>Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""</p><p>in order to run the server:</p><p>{1BE1F766-5536-11D1-B726-00C04FB926AF}</p><p></p><p>Error: (11/21/2013 11:19:18 AM) (Source: DCOM) (User: NT AUTHORITY)</p><p>Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""</p><p>in order to run the server:</p><p>{1BE1F766-5536-11D1-B726-00C04FB926AF}</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (11/21/2013 10:03:33 AM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 700)</p><p>Time: Thursday, November 21, 2013 10:03:33 AM</p><p></p><p>Error: (11/20/2013 05:56:12 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:12 PM</p><p></p><p>Error: (11/20/2013 05:56:04 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:04 PM</p><p></p><p>Error: (11/20/2013 05:56:02 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:02 PM</p><p></p><p>Error: (11/20/2013 05:56:01 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:56:01 PM</p><p></p><p>Error: (11/20/2013 05:55:59 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:59 PM</p><p></p><p>Error: (11/20/2013 05:55:57 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:57 PM</p><p></p><p>Error: (11/20/2013 05:55:53 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:53 PM</p><p></p><p>Error: (11/20/2013 05:55:50 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:50 PM</p><p></p><p>Error: (11/20/2013 05:55:49 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES)</p><p>Description: SYMANTEC TAMPER PROTECTION ALERT</p><p></p><p>Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>Event Info: Terminate Process</p><p>Action Taken: Logged</p><p>Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880)</p><p>Time: Wednesday, November 20, 2013 5:55:49 PM</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 39%</p><p>Total physical RAM: 2013.17 MB</p><p>Available physical RAM: 1221.93 MB</p><p>Total Pagefile: 3906.37 MB</p><p>Available Pagefile: 3310.85 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1950.3 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: () (Fixed) (Total:134.94 GB) (Free:119.69 GB) NTFS</p><p>Drive e: (DATA) (Fixed) (Total:135.04 GB) (Free:83.57 GB) NTFS</p><p>Drive g: () (Removable) (Total:3.72 GB) (Free:3.4 GB) FAT32</p><p>Drive z: (Data) (Network) (Total:1 GB) (Free:0.52 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: E5E84A05)</p><p>Partition 1: (Not Active) - (Size=28 GB) - (Type=27)</p><p>Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=135 GB) - (Type=OF Extended)</p><p>Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 4 GB) (Disk ID: 00000000)</p><p>Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="arnoldbowman@aol.com, post: 145183, member: 15081"] It generated 2 documents. I will paste both of them 1-Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2013 01 Ran by abowman (administrator) on STATION3 on 22-11-2013 15:52:33 Running from G:\ Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Symantec Corporation) D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) D:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (SurfRight B.V.) D:\Program Files\HitmanPro\hmpsched.exe (Symantec Corporation) D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation) D:\Program Files\Common Files\Symantec Shared\ccApp.exe (Realtek Semiconductor Corp.) D:\WINDOWS\RTHDCPL.EXE (iCode Inc.) D:\Program Files\Icode\Everest\Client\Everest.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Synchronization Manager] - D:\WINDOWS\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [CanonSolutionMenu] - D:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [689488 2008-03-10] (CANON INC.) HKLM\...\Run: [ccApp] - D:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-12-11] (Symantec Corporation) HKLM\...\Run: [RTHDCPL] - D:\WINDOWS\RTHDCPL.EXE [18789920 2012-01-31] (Realtek Semiconductor Corp.) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKCU\...\Run: [AS2014] - D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe HKCU\...\Run: [gfkjhxxd] - "D:\Documents and Settings\ABowman\Local Settings\Application Data\njdprbwt.exe" HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION HKCU\...\Policies\Explorer: [DisablePersonalDirChange] 1 HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\abowman.STATION3\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION HKU\Administrator\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION HKU\administrator.RIOGRANDESALES\...\Run: [AS2014] - D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe HKU\administrator.RIOGRANDESALES\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1327095304203 Tcpip\..\Interfaces\{F7750B09-3B95-43F6-BC22-58ADEAF8F74D}: [NameServer]192.168.254.11,68.94.156.1 FireFox: ======== FF ProfilePath: D:\Documents and Settings\ABowman\Application Data\Mozilla\Firefox\Profiles\msothoo6.default FF user.js: detected! => D:\Documents and Settings\ABowman\Application Data\Mozilla\Firefox\Profiles\msothoo6.default\user.js FF Homepage: hxxp://www.aol.com/ FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @microsoft.com/WPF,version=3.5 - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 ccEvtMgr; D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-12-11] (Symantec Corporation) R2 ccSetMgr; D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-12-11] (Symantec Corporation) R2 HitmanProScheduler; D:\Program Files\HitmanPro\hmpsched.exe [106280 2013-11-22] (SurfRight B.V.) S3 LiveUpdate; D:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation) R2 SmcService; D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-12-11] (Symantec Corporation) S4 SNAC; D:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-12-11] (Symantec Corporation) R2 Symantec AntiVirus; D:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-12-11] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; D:\Windows\System32\drivers\Ambfilt.sys [1691480 2012-01-31] (Creative) S3 COH_Mon; D:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2009-12-11] (Symantec Corporation) R1 eeCtrl; D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation) S3 Monfilt; D:\Windows\System32\drivers\Monfilt.sys [1395800 2012-01-31] (Creative Technology Ltd.) R3 NAVENG; D:\Program Files\Common Files\Symantec Shared\VirusDefs\20131121.023\NAVENG.SYS [93272 2013-11-19] (Symantec Corporation) R3 NAVEX15; D:\Program Files\Common Files\Symantec Shared\VirusDefs\20131121.023\NAVEX15.SYS [1612376 2013-11-19] (Symantec Corporation) R1 SPBBCDrv; D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-12-11] (Symantec Corporation) R1 SRTSP; D:\Windows\System32\Drivers\SRTSP.SYS [281648 2009-12-11] (Symantec Corporation) S3 SRTSPL; D:\Windows\System32\Drivers\SRTSPL.SYS [320560 2009-12-11] (Symantec Corporation) R1 SRTSPX; D:\Windows\System32\Drivers\SRTSPX.SYS [43696 2009-12-11] (Symantec Corporation) R3 SymEvent; D:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2012-01-26] (Symantec Corporation) R3 SYMREDRV; D:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-12-11] (Symantec Corporation) R1 SYMTDI; D:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-12-11] (Symantec Corporation) S4 SysPlant; D:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-12-11] (Symantec Corporation) R3 Teefer2; D:\Windows\System32\DRIVERS\teefer2.sys [50064 2009-12-11] (Symantec Corporation) S3 TRCDR; D:\Windows\System32\DRIVERS\trcdr.sys [32092 2011-07-28] (Worth Data, Inc.) R1 WPS; D:\WINDOWS\system32\drivers\wpsdrvnt.sys [42312 2009-12-11] (Symantec Corporation) R3 WpsHelper; D:\WINDOWS\system32\drivers\WpsHelper.sys [174056 2013-05-30] (Symantec Corporation) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-22 15:52 - 2013-11-22 15:52 - 00000000 ____D D:\FRST 2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Program Files\HitmanPro 2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Program Files\Malwarebytes' Anti-Malware 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Malwarebytes 2013-11-22 10:15 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys 2013-11-21 11:10 - 2013-11-21 11:10 - 00000000 ____D D:\Documents and Settings\Administrator\Start Menu\Programs\Antivirus Security Pro 2013-11-20 18:38 - 2013-11-22 11:33 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\HitmanPro 2013-11-20 18:01 - 2013-11-20 18:01 - 00000000 __SHD D:\Documents and Settings\administrator.RIOGRANDESALES\PrivacIE 2013-11-20 17:49 - 2013-11-20 17:50 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Application Data\Adobe 2013-11-20 17:49 - 2013-11-20 17:49 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Application Data\Adobe 2013-11-20 17:43 - 2013-11-20 17:43 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Start Menu\Programs\Antivirus Security Pro 2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 _____ D:\Documents and Settings\ABowman\Application Data\SharedSettings.ccs 2013-11-20 17:36 - 2013-11-21 11:10 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\ngXgVar3 2013-11-20 17:36 - 2013-11-20 17:36 - 00000000 ____D D:\Documents and Settings\ABowman\Start Menu\Programs\Antivirus Security Pro 2013-11-15 11:56 - 2013-11-18 10:04 - 00000000 ____D D:\Program Files\Mozilla Firefox 2013-11-13 17:56 - 2013-11-13 17:56 - 00008898 _____ D:\WINDOWS\KB2900986.log 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2900986$ 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2876331$ 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2868626$ 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2862152$ 2013-11-13 17:55 - 2013-11-13 17:56 - 00014617 _____ D:\WINDOWS\KB2888505-IE8.log 2013-11-13 10:27 - 2013-11-13 17:56 - 00014721 _____ D:\WINDOWS\KB2868626.log 2013-11-13 10:27 - 2013-11-13 17:56 - 00013630 _____ D:\WINDOWS\KB2862152.log 2013-11-13 10:27 - 2013-11-13 17:56 - 00013154 _____ D:\WINDOWS\KB2876331.log ==================== One Month Modified Files and Folders ======= 2013-11-22 15:52 - 2013-11-22 15:52 - 00000000 ____D D:\FRST 2013-11-22 15:33 - 2012-04-03 09:08 - 00000830 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-11-22 15:13 - 2012-01-24 14:51 - 00000152 _____ D:\WINDOWS\system32\config\netlogon.ftl 2013-11-22 12:33 - 2012-01-03 15:52 - 00032466 _____ D:\WINDOWS\SchedLgU.Txt 2013-11-22 12:23 - 2012-01-03 15:50 - 01452320 _____ D:\WINDOWS\WindowsUpdate.log 2013-11-22 11:45 - 2012-01-24 15:07 - 00000426 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{E19F1FCB-8C97-4D2C-A1A1-951C031EDCBC}.job 2013-11-22 11:44 - 2003-06-20 04:00 - 00002206 _____ D:\WINDOWS\system32\wpa.dbl 2013-11-22 11:43 - 2012-01-03 15:59 - 00000178 ___SH D:\Documents and Settings\Administrator\ntuser.ini 2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Program Files\HitmanPro 2013-11-22 11:35 - 2013-11-22 11:35 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro 2013-11-22 11:33 - 2013-11-20 18:38 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\HitmanPro 2013-11-22 11:25 - 2012-01-03 08:37 - 00513832 _____ D:\WINDOWS\system32\PerfStringBackup.INI 2013-11-22 11:21 - 2012-01-03 15:52 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT 2013-11-22 11:21 - 2012-01-03 08:44 - 00000159 _____ D:\WINDOWS\wiadebug.log 2013-11-22 11:21 - 2012-01-03 08:44 - 00000050 _____ D:\WINDOWS\wiaservc.log 2013-11-22 11:20 - 2012-01-20 14:55 - 00000000 ____D D:\WINDOWS\ie8updates 2013-11-22 10:26 - 2012-01-03 15:49 - 00000000 ____D D:\WINDOWS\srchasst 2013-11-22 10:25 - 2012-01-03 15:59 - 00000000 ____D D:\Documents and Settings\Administrator 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Program Files\Malwarebytes' Anti-Malware 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-11-22 10:15 - 2013-11-22 10:15 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Malwarebytes 2013-11-22 09:47 - 2012-01-03 08:33 - 00000000 ____D D:\WINDOWS\security 2013-11-21 11:25 - 2012-01-24 14:52 - 00000000 __SHD D:\WINDOWS\CSC 2013-11-21 11:10 - 2013-11-21 11:10 - 00000000 ____D D:\Documents and Settings\Administrator\Start Menu\Programs\Antivirus Security Pro 2013-11-21 11:10 - 2013-11-20 17:36 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\ngXgVar3 2013-11-21 11:10 - 2012-01-25 13:47 - 00046840 _____ D:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-11-21 11:08 - 2012-01-25 13:46 - 00000178 ___SH D:\Documents and Settings\administrator.RIOGRANDESALES\ntuser.ini 2013-11-21 09:49 - 2012-01-24 15:01 - 00000278 ___SH D:\Documents and Settings\ABowman\ntuser.ini 2013-11-20 18:01 - 2013-11-20 18:01 - 00000000 __SHD D:\Documents and Settings\administrator.RIOGRANDESALES\PrivacIE 2013-11-20 18:01 - 2012-01-25 13:45 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES 2013-11-20 17:50 - 2013-11-20 17:49 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Application Data\Adobe 2013-11-20 17:49 - 2013-11-20 17:49 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Application Data\Adobe 2013-11-20 17:43 - 2013-11-20 17:43 - 00000000 ____D D:\Documents and Settings\administrator.RIOGRANDESALES\Start Menu\Programs\Antivirus Security Pro 2013-11-20 17:43 - 2012-01-25 13:46 - 00046840 _____ D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 _____ D:\Documents and Settings\ABowman\Application Data\SharedSettings.ccs 2013-11-20 17:36 - 2013-11-20 17:36 - 00000000 ____D D:\Documents and Settings\ABowman\Start Menu\Programs\Antivirus Security Pro 2013-11-19 10:45 - 2013-03-15 13:23 - 00000000 ____D D:\Program Files\Mozilla Maintenance Service 2013-11-18 18:10 - 2012-01-24 15:01 - 00000000 ____D D:\Documents and Settings\ABowman 2013-11-18 10:04 - 2013-11-15 11:56 - 00000000 ____D D:\Program Files\Mozilla Firefox 2013-11-15 10:19 - 2012-04-03 09:08 - 00692616 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe 2013-11-15 10:19 - 2012-01-27 16:58 - 00071048 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-11-15 10:19 - 2012-01-24 18:01 - 00000000 ____D D:\Documents and Settings\ABowman\Local Settings\Application Data\Adobe 2013-11-14 16:15 - 2012-01-25 13:37 - 00046840 _____ D:\Documents and Settings\ABowman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-11-13 17:56 - 2013-11-13 17:56 - 00008898 _____ D:\WINDOWS\KB2900986.log 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2900986$ 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2876331$ 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2868626$ 2013-11-13 17:56 - 2013-11-13 17:56 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2862152$ 2013-11-13 17:56 - 2013-11-13 17:55 - 00014617 _____ D:\WINDOWS\KB2888505-IE8.log 2013-11-13 17:56 - 2013-11-13 10:27 - 00014721 _____ D:\WINDOWS\KB2868626.log 2013-11-13 17:56 - 2013-11-13 10:27 - 00013630 _____ D:\WINDOWS\KB2862152.log 2013-11-13 17:56 - 2013-11-13 10:27 - 00013154 _____ D:\WINDOWS\KB2876331.log 2013-11-13 17:56 - 2012-01-20 14:30 - 00089589 _____ D:\WINDOWS\updspapi.log 2013-11-13 17:56 - 2012-01-03 08:37 - 01405636 _____ D:\WINDOWS\iis6.log 2013-11-13 17:56 - 2012-01-03 08:37 - 01266633 _____ D:\WINDOWS\FaxSetup.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00654107 _____ D:\WINDOWS\ocgen.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00583418 _____ D:\WINDOWS\tsoc.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00431288 _____ D:\WINDOWS\comsetup.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00393680 _____ D:\WINDOWS\msmqinst.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00259686 _____ D:\WINDOWS\ntdtcsetup.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00222639 _____ D:\WINDOWS\netfxocm.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00087762 _____ D:\WINDOWS\MedCtrOC.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00070311 _____ D:\WINDOWS\ocmsn.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00064385 _____ D:\WINDOWS\tabletoc.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00063598 _____ D:\WINDOWS\msgsocm.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00001393 _____ D:\WINDOWS\imsins.log 2013-11-13 17:56 - 2012-01-03 08:37 - 00001393 _____ D:\WINDOWS\imsins.BAK 2013-11-13 17:55 - 2013-08-13 17:00 - 00000000 ____D D:\WINDOWS\system32\MRT 2013-11-13 17:54 - 2012-01-20 14:57 - 80340640 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe 2013-11-11 16:35 - 2012-01-27 16:59 - 00000664 _____ D:\WINDOWS\system32\d3d9caps.dat 2013-10-31 04:51 - 2012-01-03 08:36 - 00491302 _____ D:\WINDOWS\setupapi.log Some content of TEMP: ==================== D:\Documents and Settings\ABowman\Local Settings\Temp\applnch.exe D:\Documents and Settings\ABowman\Local Settings\Temp\fp_pl_pfs_installer.exe D:\Documents and Settings\ABowman\Local Settings\Temp\MSETUP4.EXE D:\Documents and Settings\administrator.RIOGRANDESALES\Local Settings\Temp\applnch.exe ==================== Bamital & volsnap Check ================= D:\Windows\explorer.exe => MD5 is legit D:\Windows\System32\winlogon.exe => MD5 is legit D:\Windows\System32\svchost.exe => MD5 is legit D:\Windows\System32\services.exe => MD5 is legit D:\Windows\System32\User32.dll => MD5 is legit D:\Windows\System32\userinit.exe => MD5 is legit D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ 2-Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2013 01 Ran by abowman at 2013-11-22 15:52:59 Running from G:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ==================== Installed Programs ====================== Adobe AIR (Version: 3.1.0.4880) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.9.900.152) Adobe Reader X (10.1.8) (Version: 10.1.8) ArcSoft PhotoStudio 5.5 Canon CanoScan LiDE 200 User Registration Canon MP Navigator EX 2.0 Canon Utilities Solution Menu CanoScan LiDE 200 Scanner Driver Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001) Everest Advanced Edition 5.0.2.6 (Client) (Version: 1.00.0000) GhostMouse 2.0 GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880) Hardware Utilities 1.0 HitmanPro 3.7 (Version: 3.7.8.208) KwikCountEX 2.0 LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0) Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1) Mozilla Maintenance Service (Version: 25.0.1) MSN MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) novaPDF Standard Desktop 7.7 printer Realtek High Definition Audio Driver (Version: 5.10.0.6024) Symantec Endpoint Protection (Version: 11.0.5002.333) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB2863058) (Version: 1) Update for Windows XP (KB898461) (Version: 1) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) WebFldrs XP (Version: 9.50.7523) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Internet Explorer 8 (Version: 20090308.140743) ==================== Restore Points ========================= 23-08-2013 23:28:27 System Checkpoint 25-08-2013 04:32:05 System Checkpoint 26-08-2013 04:40:11 System Checkpoint 27-08-2013 19:25:19 System Checkpoint 28-08-2013 23:41:06 System Checkpoint 28-08-2013 23:59:34 Software Distribution Service 3.0 30-08-2013 17:24:46 System Checkpoint 31-08-2013 17:56:40 System Checkpoint 01-09-2013 17:58:45 System Checkpoint 02-09-2013 18:36:48 System Checkpoint 03-09-2013 19:14:27 System Checkpoint 04-09-2013 19:15:06 System Checkpoint 05-09-2013 20:00:37 System Checkpoint 06-09-2013 20:27:58 System Checkpoint 07-09-2013 20:29:56 System Checkpoint 08-09-2013 21:06:33 System Checkpoint 09-09-2013 21:19:47 System Checkpoint 10-09-2013 21:40:02 System Checkpoint 11-09-2013 23:20:12 System Checkpoint 11-09-2013 23:58:57 Software Distribution Service 3.0 13-09-2013 16:21:12 System Checkpoint 14-09-2013 16:23:31 System Checkpoint 15-09-2013 17:35:02 System Checkpoint 16-09-2013 18:09:07 System Checkpoint 17-09-2013 19:16:04 System Checkpoint 18-09-2013 19:30:16 System Checkpoint 19-09-2013 20:03:01 System Checkpoint 20-09-2013 22:03:26 System Checkpoint 21-09-2013 23:05:04 System Checkpoint 22-09-2013 23:58:48 System Checkpoint 24-09-2013 19:48:11 System Checkpoint 25-09-2013 22:30:28 System Checkpoint 26-09-2013 23:35:11 System Checkpoint 27-09-2013 23:36:07 System Checkpoint 28-09-2013 23:37:13 System Checkpoint 30-09-2013 01:53:45 System Checkpoint 01-10-2013 20:00:29 System Checkpoint 02-10-2013 20:08:52 System Checkpoint 03-10-2013 20:16:41 System Checkpoint 05-10-2013 00:15:59 System Checkpoint 06-10-2013 00:23:27 System Checkpoint 07-10-2013 01:09:27 System Checkpoint 08-10-2013 17:13:52 System Checkpoint 09-10-2013 17:17:34 System Checkpoint 10-10-2013 17:32:27 System Checkpoint 11-10-2013 00:03:28 Software Distribution Service 3.0 12-10-2013 00:35:52 System Checkpoint 13-10-2013 01:22:31 System Checkpoint 14-10-2013 01:34:30 System Checkpoint 15-10-2013 19:34:44 System Checkpoint 16-10-2013 19:41:01 System Checkpoint 17-10-2013 21:28:29 System Checkpoint 18-10-2013 00:01:22 Software Distribution Service 3.0 19-10-2013 00:24:22 System Checkpoint 19-10-2013 09:00:13 Software Distribution Service 3.0 20-10-2013 09:43:53 System Checkpoint 21-10-2013 09:52:53 System Checkpoint 22-10-2013 19:09:09 System Checkpoint 24-10-2013 18:45:17 System Checkpoint 25-10-2013 19:44:36 System Checkpoint 26-10-2013 19:52:34 System Checkpoint 27-10-2013 19:57:23 System Checkpoint 28-10-2013 21:06:28 System Checkpoint 29-10-2013 21:37:18 System Checkpoint 30-10-2013 22:25:17 System Checkpoint 31-10-2013 22:26:21 System Checkpoint 02-11-2013 00:40:00 System Checkpoint 03-11-2013 01:16:12 System Checkpoint 04-11-2013 02:15:07 System Checkpoint 05-11-2013 20:19:16 System Checkpoint 06-11-2013 21:15:22 System Checkpoint 07-11-2013 21:49:34 System Checkpoint 09-11-2013 01:17:32 System Checkpoint 10-11-2013 01:53:33 System Checkpoint 11-11-2013 02:02:02 System Checkpoint 12-11-2013 20:21:44 System Checkpoint 13-11-2013 20:22:49 System Checkpoint 14-11-2013 00:54:53 Software Distribution Service 3.0 15-11-2013 19:13:05 System Checkpoint 16-11-2013 19:19:08 System Checkpoint 17-11-2013 20:19:08 System Checkpoint 18-11-2013 21:25:19 System Checkpoint 20-11-2013 18:52:09 System Checkpoint 21-11-2013 19:34:43 System Checkpoint 22-11-2013 20:30:48 System Checkpoint ==================== Hosts content: ========================== 2003-06-20 04:00 - 2003-06-20 04:00 - 00000734 ____A D:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{E19F1FCB-8C97-4D2C-A1A1-951C031EDCBC}.job => D:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2005-10-17 22:53 - 2005-10-17 22:53 - 01191936 _____ () D:\Program Files\Icode\Everest\Client\prompt.dll 2005-08-04 01:43 - 2005-08-04 01:43 - 01429504 _____ () D:\Program Files\Icode\Everest\Client\crlov.dll 2013-11-15 11:56 - 2013-11-15 11:56 - 03363952 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll 2013-11-15 10:19 - 2013-11-15 10:19 - 16237448 _____ () D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Video Controller (VGA Compatible) Description: Video Controller (VGA Compatible) Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus Controller Description: SM Bus Controller Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/21/2013 10:03:33 AM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 700) Time: Thursday, November 21, 2013 10:03:33 AM Error: (11/20/2013 05:56:12 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:12 PM Error: (11/20/2013 05:56:04 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:04 PM Error: (11/20/2013 05:56:02 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:02 PM Error: (11/20/2013 05:56:01 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:01 PM Error: (11/20/2013 05:55:59 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:59 PM Error: (11/20/2013 05:55:57 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:57 PM Error: (11/20/2013 05:55:53 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:53 PM Error: (11/20/2013 05:55:50 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:50 PM Error: (11/20/2013 05:55:49 PM) (Source: Symantec AntiVirus) (User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:49 PM System errors: ============= Error: (11/22/2013 00:02:27 PM) (Source: DCOM) (User: RIOGRANDESALES) Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (11/22/2013 00:00:29 PM) (Source: DCOM) (User: RIOGRANDESALES) Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (11/22/2013 11:39:20 AM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (11/22/2013 11:38:39 AM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (11/22/2013 11:36:44 AM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (11/22/2013 11:36:42 AM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (11/22/2013 11:21:27 AM) (Source: 0) (User: ) Description: 0xC0000001HarddiskVolume4 Error: (11/22/2013 10:27:11 AM) (Source: 0) (User: ) Description: 0xC0000001HarddiskVolume4 Error: (11/21/2013 11:22:18 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/21/2013 11:19:18 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions: ========================= Error: (11/21/2013 10:03:33 AM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 700) Time: Thursday, November 21, 2013 10:03:33 AM Error: (11/20/2013 05:56:12 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:12 PM Error: (11/20/2013 05:56:04 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:04 PM Error: (11/20/2013 05:56:02 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:02 PM Error: (11/20/2013 05:56:01 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:56:01 PM Error: (11/20/2013 05:55:59 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:59 PM Error: (11/20/2013 05:55:57 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:57 PM Error: (11/20/2013 05:55:53 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:53 PM Error: (11/20/2013 05:55:50 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:50 PM Error: (11/20/2013 05:55:49 PM) (Source: Symantec AntiVirus)(User: RIOGRANDESALES) Description: SYMANTEC TAMPER PROTECTION ALERT Target: D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged Actor Process: D:\Documents and Settings\All Users\Application Data\ngXgVar3\ngXgVar3.exe (PID 3880) Time: Wednesday, November 20, 2013 5:55:49 PM ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 2013.17 MB Available physical RAM: 1221.93 MB Total Pagefile: 3906.37 MB Available Pagefile: 3310.85 MB Total Virtual: 2047.88 MB Available Virtual: 1950.3 MB ==================== Drives ================================ Drive c: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:134.94 GB) (Free:119.69 GB) NTFS Drive e: (DATA) (Fixed) (Total:135.04 GB) (Free:83.57 GB) NTFS Drive g: () (Removable) (Total:3.72 GB) (Free:3.4 GB) FAT32 Drive z: (Data) (Network) (Total:1 GB) (Free:0.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: E5E84A05) Partition 1: (Not Active) - (Size=28 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=135 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
