Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tracur Gen 4 [Solved]


  • This topic is locked This topic is locked

#16
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
You should not have installed another antivirus, (AV). We normally try not to uninstall anything until the computer is clean but in this case it is already making your computer unstable so it needs to go.

Uninstall AVG and then try again.

If it still hangs, try running ComboFix in safe mode.

Boot to Safe mode with Networking and see if you can then run ComboFix

To enter Safe mode

  • go to Start> Shut off your Computer> Restart
  • as the computer starts to boot-up, tap the F8 key - this will bring up a menu
  • use the Up and Down arrow keys to scroll up to Safe mode with Networking
  • then press Enter on your keyboard

  • 0

Advertisements


#17
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Uninstalled all the AVG it would allow. Still have to Get the Search page it installed later.

Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.4
Blitzkrieg
Broadcom NetXtreme Ethernet Controller
Desert Storm
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java 7 Update 11
Java Auto Updater
Lander Demo
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
MechWarrior 3 Demo
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Combat Flight Simulator 3.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2003 Step by Step
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NETGEAR Genie
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA nView 135.70
NVIDIA nView Desktop Manager
Play Wireless USB Adapter
PowerDVD
Rollcage
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834902-v2)
Security Update for Windows Media Player (KB2834902)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
Spybot - Search & Destroy
Symantec AntiVirus
Tom Clancy's H.A.W.X
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual Studio 2012 x86 Redistributables
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
***********************************************
ComboFix 13-10-01.03 - Paul 10/02/2013 16:09:22.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1221 [GMT -7:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2013-09-02 to 2013-10-02 )))))))))))))))))))))))))))))))
.
.
2013-09-30 23:24 . 2013-09-30 23:24 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes
2013-09-30 23:23 . 2013-09-30 23:23 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-30 23:23 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-29 17:19 . 2013-09-29 17:19 -------- d-----w- c:\documents and settings\Paul\Application Data\TuneUp Software
2013-09-29 17:19 . 2013-10-02 22:48 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-09-29 17:18 . 2013-10-02 22:53 -------- dc----w- C:\$AVG
2013-09-29 17:18 . 2013-10-02 22:53 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2014
2013-09-29 17:09 . 2013-10-02 22:55 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData
2013-09-29 17:09 . 2013-09-29 17:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-09-29 17:09 . 2013-09-29 17:09 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\MFAData
2013-09-28 17:05 . 2013-09-28 17:05 -------- dc----w- C:\_OTL
2013-09-26 00:37 . 2013-09-26 00:37 -------- d-----w- c:\windows\ERUNT
2013-09-26 00:27 . 2013-09-26 00:29 -------- dc----w- C:\AdwCleaner
2013-09-17 01:22 . 2013-09-17 01:22 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-09-17 01:03 . 2013-09-17 01:24 -------- dc----w- c:\documents and settings\All Users\Application Data\iolo
2013-09-17 01:03 . 2013-09-17 01:03 -------- d-----w- c:\documents and settings\Paul\Application Data\iolo
2013-09-15 07:33 . 2013-09-15 07:35 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 19:45 . 2012-04-18 03:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 19:45 . 2012-04-18 03:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56 . 2004-08-04 05:56 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-04 05:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-04 05:56 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-04 05:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2004-08-04 04:17 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2004-08-04 03:59 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-08-04 05:56 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-01 02:26 . 2004-08-04 05:56 868528 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2004-08-04 05:56 406016 ----a-w- c:\windows\system32\usp10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2006-09-28 125168]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - e:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\NETGEAR Genie\\bin\\NETGEARGenie.exe"=
.
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
R2 MBAMScheduler;MBAMScheduler;e:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/30/2013 4:23 PM 418376]
R2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/30/2013 4:23 PM 701512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/2/2012 11:54 AM 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/30/2013 4:23 PM 22856]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [5/31/2008 6:33 PM 3968]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [9/24/2012 11:06 PM 195400]
S2 WLANBelkinService;Belkin WLAN service;e:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 5:25 PM 36864]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 8:26 AM 642432]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 19:45]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 17:46]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 17:46]
.
2013-10-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
mStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={173BFFE9-D178-11E2-A4D6-001185176E28}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-02 16:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-10-02 16:17:35
ComboFix-quarantined-files.txt 2013-10-02 23:17
ComboFix2.txt 2013-09-29 04:31
.
Pre-Run: 7,903,145,984 bytes free
Post-Run: 7,913,070,592 bytes free
.
- - End Of File - - C3DFA7F96DC478D9855DF3C82FE6F185
8F558EB6672622401DA993E1E865C861
************************************************************************
OTL Extras logfile created on: 10/2/2013 4:41:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.93% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 7.39 Gb Free Space | 25.22% Space Free | Partition Type: NTFS
Drive E: | 219.73 Gb Total Space | 204.18 Gb Free Space | 92.92% Space Free | Partition Type: NTFS
Drive F: | 216.74 Gb Total Space | 216.55 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: MEDIA | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" = E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe:*:Enabled:NETGEARGenie -- ()
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEA03C8-D820-411C-AB0C-9DD5EFAD1033}" = Nero 7 Essentials
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EA7D60ED-9ED3-48F5-8F18-5B5B6663B229}" = Desert Storm
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Blitzkrieg" = Blitzkrieg
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"Lander Demo" = Lander Demo
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MechWarrior 3 Demo" = MechWarrior 3 Demo
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NETGEAR Genie" = NETGEAR Genie
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PowerDVD" = PowerDVD
"Rollcage" = Rollcage
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2013 1:06:05 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Paul\Desktop\OTL.exe (PID 3096) Time: Saturday, September
28, 2013 10:06:05 AM

Error - 9/28/2013 1:06:05 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Paul\Desktop\OTL.exe (PID 3096) Time: Saturday, September
28, 2013 10:06:05 AM

Error - 9/28/2013 1:06:05 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Paul\Desktop\OTL.exe (PID 3096) Time: Saturday, September
28, 2013 10:06:05 AM

Error - 9/28/2013 1:06:05 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Paul\Desktop\OTL.exe (PID 3096) Time: Saturday, September
28, 2013 10:06:05 AM

Error - 9/29/2013 12:08:37 AM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 2644) Time: Saturday, September 28,
2013 9:08:37 PM

Error - 9/30/2013 7:32:23 PM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2013 7:38:06 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 5476) Time: Tuesday, October 01, 2013
4:38:06 PM

Error - 10/1/2013 8:25:13 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 5108) Time: Tuesday, October 01, 2013
5:25:13 PM

Error - 10/1/2013 8:59:47 PM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application NirCmd.3XE, version 2.3.5.189, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2013 7:06:25 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 488) Time: Wednesday, October 02, 2013
4:06:25 PM

[ System Events ]
Error - 10/1/2013 7:25:43 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Belkin WLAN service service
to connect.

Error - 10/1/2013 7:25:43 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7000
Description = The Belkin WLAN service service failed to start due to the following
error: %%1053

Error - 10/2/2013 12:16:11 AM | Computer Name = MEDIA | Source = DCOM | ID = 10010
Description = The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register
with DCOM within the required timeout.

Error - 10/2/2013 6:45:18 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service
to connect.

Error - 10/2/2013 6:45:18 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7000
Description = The NETGEARGenieDaemon service failed to start due to the following
error: %%1053

Error - 10/2/2013 6:45:28 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7034
Description = The Belkin WLAN service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/2/2013 6:57:02 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service
to connect.

Error - 10/2/2013 6:57:02 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7000
Description = The NETGEARGenieDaemon service failed to start due to the following
error: %%1053

Error - 10/2/2013 6:57:02 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Belkin WLAN service service
to connect.

Error - 10/2/2013 6:57:02 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7000
Description = The Belkin WLAN service service failed to start due to the following
error: %%1053


< End of report >
  • 0

#18
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hi GotNoTime

Apologies for the delay but I’ve had some unexpected family issues today.


There will still be some remnants of AVG on your computer even after the uninstall so please download and run AVG Removal Tool from here.

Uninstalled all the AVG it would allow. Still have to Get the Search page it installed later.

I don’t understand what you mean: do you mean AVG Secure Search? If so, running AdwCleaner again will remove it.

=============================================

Please copy all text in the code box below and paste it into Notepad:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

  • save the Notepad file to your desktop and name it fixfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on fixfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).
Try disabling your Windows firewall and try to update your antivirus again.

If the update problem is still there, can you tell me how old your Symantec antivirus is and apart from not being able to update it are there any other problems?

Thanks

Satchfan
  • 0

#19
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I tried to update Symantec again. It says my definition is up to date but the version still says 7/5/13 which is around when All this started happening. Not sure if I am really up to date or if the date is just stuck in June ?? This is a corporate addition which has been on the system since 2008. As far as I know everything was working fine untill i started Reviewing the CLSIDs and BHOs. I didnt touch anything related to Symantec.
Not sure how AntiVirus works when it quarentines a file. WHen AVG asked me what to do with the two files it quarentined I chose nothing. I wanted to be sure before deleting files. I see nvCPL container is still there but cant find the Feekjl2 file anymore. I didnt download the AVG unistaller I had found earlier because we were in the middle. I still have the self extractor on my desk top and a AVG vault on my "C" drive. The AVG start page is now gone but I didnt change it. I will use the link you provided now do clean the rest of those up.
  • 0

#20
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
PS,
No worries on the Delay. "Unexpected family issues" is reason why I got no time. I forgot to mention that on Boot up I get a warning message everytime stating "my Antivirus Definition is more than 30 days out of date".
  • 0

#21
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Please read this and let me know if this is your situation.
  • 0

#22
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Interesting. So 7/5/2013 is significant because my version 10.1.5.5000 went EOL on 7/4/12. What a coincidence. I guess I got support for one year and not sure If I will be able to update to version 12.x . If I had known that I could have just wiped the OS to kill my Trojan right? Ok, so does my system look clean then? It was really interesting how we went through all these downloads. Amazing skills you have. I wish I had time to understand the analysis better and your tactical plan. So I have a lot of log information posted here...I also have a lot of diagnostic things on my desktop that I dont know how to use. Worst of all I have a non-suported Antivirius. I was thinking I would run System Mechanic Premium as a clean up although the system is already a lot faster. Do my posts present vunerabilites? any suggestions as to what I need to keep and what can go going on(on the system) forward?
  • 0

#23
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
You’ve done a good job helping me come to these conclusions so it’s a two-way thing. :)

I was thinking I would run System Mechanic Premium as a clean up

That is not a good idea.

I will give you recommendations about security when we clean up what we have used during this process.

Meanwhile, I’d like an online scan to be sure that all is now well.

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button.
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o double click on the Eset installer icon on your desktop.

  • check Yes, I accept the Terms of Use
  • click the Start button.
  • accept any security warnings from your browser.
  • check Scan archives and Remove found threats.
  • click Advanced settings and select the following:


    o Scan potentially unwanted applications
    o Scan for potentially unsafe applications
    o Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
  • push the back button.
  • push Finish
If a log has been produced post it in your next reply.

Thanks

Satchfan
  • 0

#24
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Same 2 culprits:
C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll Win32/Boaxxe.G trojan
C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll Win32/TrojanDownloader.Tracur.V trojan
  • 0

#25
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
So I followed that path down into my hidden folders and ran both Mbam & Symantec on Feekjl2 and both reported it clean ?????
  • 0

Advertisements


#26
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Do you mean you manually deleted those files?
  • 0

#27
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
NO. Didnt do that.
When I first located the Feek DLL and renamed it before you so graciuosly decided to help me, I did right click, properties and then a scan for virus on the file using the Symantec. Didnt note anything un-ordinary about the file then. I did the same thing again last night, but also tried the right click- scan with MBam on just the Feek file and read nothing again. I took no other actions against either file.
  • 0

#28
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
I don't think either would have got rid of them.

Let’s get rid of what Eset found and then run another scan.

Please copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll” 
del /f /s /q “C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll” 
del %0

  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).
Please run Eset again and post the result.
  • 0

#29
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
No Changes:

10:11 PM 10/6/[email protected] off
del /f /s /q "C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll”
del /f /s /q “C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll”
del %0
C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll Win32/Boaxxe.G trojan
C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll Win32/TrojanDownloader.Tracur.V trojan
  • 0

#30
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
I don’t know quite what you did but that should have worked.

According to ComboFix, feekjl2.dll was removed so it could be a “false-positive” from Eset.

Let’s see if you can locate and manually delete them, (if they exist).


First:

Make all files and folders visible:

  • click Start, Setting, Control Panel
  • double-click on Folder Options
  • select the View tab
  • under the Hidden files and folders heading select Show hidden files and folders
  • uncheck the Hide protected operating system files (recommended) option
  • click Yes to confirm
  • click OK.
Next
  • open Windows Explorer, (Windows key+E)
  • in the left window, click on Local Disc (C:)

    Posted Image

  • below, double-click on these in turn: Documents and Settings, > Paul > Local Settings > Application Data > NVIDIA nvCpl Container
  • in the right window, right-click on igcuampe.dll and choose Delete
  • do the same for Application Data > Symantec > NETGEARGenie to delete feekjl2.dll.
Satchfan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP