Slow system boot and IE8 hangs and slows connection

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Slow system boot and IE8 hangs and slows connection dont know how to fix it

#1 keiferhelms

New Member

Group: Members
Posts: 8
Joined: 21-April 11

Posted 22 April 2011 - 09:21 AM

Hello. My computer used to run super fast but last week it started taking 5-15 mins to boot up and then when i use IE8 sometimes it hangs after loading like 30% of a site and i have to refresh to make it load.

This may be my ISP (dial-up NetZero) but i will be surfing just fine and fast and then my connection speed slows almost to a halt. I restart my computer and it usually fixes it.

I have Malwarebytes and SpyBot S&D and AVG PC Tuneup(full Version) and AVG AntiVirus and run all of them regularly.

All this started after Malwarebytes found 2 objects and removed them.

Also when i was running the GMER program it stopped and gave me a BSOD that said something about IRQ not equal or something. Here is the error codes it gave
0x0000000a (0xf70F6008, 0x00000005, 0x00000001, 0x806F78FE) I had to restart then i ran it again and this log is what i have attached.

I have attached the "attach.txt" and "ark.txt" as instructed. Below is the DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Keifer at 4:13:37.34 on Thu 04/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.647 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = https://my.screenname.aol.com/_cqr/login/login.psp?seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Awebmail.aol.com%7Crp%3ALite%252fToday.aspx%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A5ea4925c-6301-4ca7-b1e9-c9ba3b223559&authLev=0&sitedomain=sns.webmail.aol.com&lang=en
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} -
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoWinKeys = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299931607390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: freewat - freewat.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 0.0.0.0 mpa.one.microsoft.com genuine.microsoft.com sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\keifer\applic~1\mozilla\firefox\profiles\vvwjw098.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Awebmail.aol.com%7Crp%3ALite%252fToday.aspx%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A5ea4925c-6301-4ca7-b1e9-c9ba3b223559&authLev=0&sitedomain=sns.webmail.aol.com&lang=en
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-21 03:00:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-21 03:00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 02:55:37 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-21 02:55:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-21 02:55:17 -------- d-----w- c:\docume~1\keifer\applic~1\AVG10
2011-04-21 02:48:42 -------- d-----w- C:\AVGTemp
2011-04-19 11:29:54 78096 ----a-r- c:\docume~1\keifer\applic~1\microsoft\installer\{fe74c184-4939-4ffa-b8c9-8e0cd6a6aa57}\ARPPRODUCTICON.exe
2011-04-19 11:28:34 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-04-19 11:19:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\NetZero
2011-04-19 11:19:01 -------- d-----w- c:\program files\NetZero
2011-04-19 11:16:01 -------- d-----w- c:\program files\NetZero(2)(2)
2011-04-19 10:58:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\NetZero(3)
2011-04-19 10:51:42 -------- d-----w- c:\program files\NetZero(2)
2011-04-19 10:51:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\NetZero(2)
2011-04-19 10:36:50 -------- d-----w- c:\program files\NetZeroInstaller(2)
2011-04-19 09:54:02 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-04-19 04:01:24 -------- dc-h--w- c:\windows\ie8
2011-04-18 09:07:51 -------- d-----w- c:\program files\MSXML 4.0
2011-04-16 18:07:49 -------- d-----w- c:\program files\eBay
2011-04-16 18:07:49 -------- d-----w- c:\documents and settings\all users\eBay
2011-04-16 07:44:40 -------- d-----w- C:\AuctionSplash
2011-04-16 07:43:01 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\Deployment
2011-04-16 07:42:42 -------- d-----w- c:\program files\AuctionSplashSetup
2011-04-16 06:33:55 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\Sam Francke
2011-04-16 06:33:38 -------- d-----w- c:\program files\CSVed
2011-04-16 05:50:47 -------- d-----w- c:\docume~1\keifer\applic~1\GetRightToGo
2011-04-16 05:34:47 -------- d-----w- c:\docume~1\keifer\applic~1\OpenOffice.org
2011-04-16 05:29:26 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-16 05:28:26 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-11 20:37:21 -------- d-----w- c:\program files\Cablenut
2011-04-11 06:49:31 -------- d-----w- c:\docume~1\keifer\applic~1\Systweak
2011-04-09 03:59:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-09 03:59:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-04 20:20:41 -------- d-----w- c:\docume~1\keifer\applic~1\Serif
2011-04-04 20:19:26 -------- d-----w- c:\program files\Serif
2011-04-04 15:56:01 -------- d-----w- c:\windows\system32\aliedit
2011-04-04 15:55:44 -------- d-----w- c:\program files\trademanager
2011-04-03 05:48:42 -------- d-----w- c:\program files\Rummy.com
2011-04-02 03:00:03 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\Mozilla
2011-03-30 17:47:48 49152 ----a-r- c:\windows\system32\inetwh32.dll
2011-03-30 17:47:48 1044480 ----a-r- c:\windows\system32\roboex32.dll
.
==================== Find3M ====================
.
2011-04-08 03:41:02 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-04-08 03:41:00 356352 ----a-w- c:\windows\system32\wpdsp.dll
2011-04-08 03:39:57 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2011-04-08 03:38:45 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2011-04-08 03:38:41 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-04-08 03:38:39 577536 ----a-w- c:\windows\soundman.exe
2011-04-08 03:36:59 49152 ----a-w- c:\windows\InstFunc.exe
2011-04-08 03:36:59 12288 ----a-w- c:\windows\InstFunc.dll
2011-04-08 03:32:40 315392 ----a-w- c:\windows\alcupd.exe
2011-04-08 03:32:40 217088 ----a-w- c:\windows\Alcrmv.exe
2011-04-08 03:23:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-16 08:23:59 21768 ----a-w- c:\documents and settings\keifer\s
2011-03-15 21:37:23 5376 ----a-w- c:\windows\system32\freewat.dll
2011-03-12 10:44:47 218624 ----a-w- c:\windows\system32\uxtheme.dll.tmp
2011-03-12 10:44:47 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-03-12 10:44:47 218624 ----a-w- c:\windows\system32\uxtheme(2).dll
2011-03-12 10:41:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-11-22 16:59:04 4177272 ----a-w- c:\program files\procexp.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6E040L0 rev.NAR61HA0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x85FCDAB8]
3 CLASSPNP[0xF7719FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000055[0x85F332A0]
5 ACPI[0xF7690620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x85FCCD98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 80293246 (+245): user != kernel
.
============= FINISH: 4:15:15.64 ===============

Attached File(s)

ark.txt (8.9K)
Number of downloads: 2
Attach.txt (4.77K)
Number of downloads: 0

#2 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 May 2011 - 04:17 AM

Hello ,
And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
A detailed description of your problems
A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 keiferhelms

New Member

Group: Members
Posts: 8
Joined: 21-April 11

Posted 01 May 2011 - 10:49 AM

Hi Elise,
As you see above post i already posted those but i have been using my computer since then so should i make another one and post it?

#4 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 May 2011 - 11:03 AM

Hi again, since its been a while things may have changed. For that reason I'd like to see a new scan.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 keiferhelms

New Member

Group: Members
Posts: 8
Joined: 21-April 11

Posted 01 May 2011 - 11:16 AM

elise025, on 01 May 2011 - 11:03 AM, said:

Hi again, since its been a while things may have changed. For that reason I'd like to see a new scan.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Keifer at 11:13:07.10 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.402 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG10\avgui.exe
C:\Documents and Settings\Keifer\Desktop\dds.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = https://my.screenname.aol.com/_cqr/login/login.psp?seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Awebmail.aol.com%7Crp%3ALite%252fToday.aspx%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A5ea4925c-6301-4ca7-b1e9-c9ba3b223559&authLev=0&sitedomain=sns.webmail.aol.com&lang=en
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} -
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoWinKeys = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299931607390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {180A0945-FF0D-41A8-A9A4-1A04F36400E4} = 64.136.44.74 64.136.52.74
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: freewat - freewat.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: taskmgr.exe - "c:\program files\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 0.0.0.0 mpa.one.microsoft.com genuine.microsoft.com sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\keifer\applic~1\mozilla\firefox\profiles\vvwjw098.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Awebmail.aol.com%7Crp%3ALite%252fToday.aspx%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A5ea4925c-6301-4ca7-b1e9-c9ba3b223559&authLev=0&sitedomain=sns.webmail.aol.com&lang=en
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npww.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-27 22:40:05 -------- d-----w- c:\documents and settings\keifer\EurekaLog
2011-04-26 04:40:50 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\Google
2011-04-24 18:37:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-24 18:23:53 -------- d-----w- c:\program files\VS Revo Group
2011-04-23 19:31:32 -------- d-----w- c:\program files\JRE
2011-04-22 19:15:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Skype Extras
2011-04-22 19:14:44 -------- d-----r- c:\program files\Skype
2011-04-21 03:00:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-21 03:00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 02:55:37 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-21 02:55:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-21 02:55:17 -------- d-----w- c:\docume~1\keifer\applic~1\AVG10
2011-04-21 02:48:42 -------- d-----w- C:\AVGTemp
2011-04-19 11:29:54 78096 ----a-r- c:\docume~1\keifer\applic~1\microsoft\installer\{fe74c184-4939-4ffa-b8c9-8e0cd6a6aa57}\ARPPRODUCTICON.exe
2011-04-19 11:28:34 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-04-19 11:19:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\NetZero
2011-04-19 11:19:01 -------- d-----w- c:\program files\NetZero
2011-04-19 10:58:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\NetZero(3)
2011-04-19 10:51:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\NetZero(2)
2011-04-19 09:54:02 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-04-19 04:01:24 -------- dc-h--w- c:\windows\ie8
2011-04-18 09:07:51 -------- d-----w- c:\program files\MSXML 4.0
2011-04-16 18:07:49 -------- d-----w- c:\program files\eBay
2011-04-16 18:07:49 -------- d-----w- c:\documents and settings\all users\eBay
2011-04-16 07:44:40 -------- d-----w- C:\AuctionSplash
2011-04-16 07:43:01 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\Deployment
2011-04-16 07:42:42 -------- d-----w- c:\program files\AuctionSplashSetup
2011-04-16 06:33:55 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\Sam Francke
2011-04-16 06:33:38 -------- d-----w- c:\program files\CSVed
2011-04-16 05:50:47 -------- d-----w- c:\docume~1\keifer\applic~1\GetRightToGo
2011-04-16 05:34:47 -------- d-----w- c:\docume~1\keifer\applic~1\OpenOffice.org
2011-04-16 05:29:26 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-16 05:28:26 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-11 06:49:31 -------- d-----w- c:\docume~1\keifer\applic~1\Systweak
2011-04-09 03:59:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-09 03:59:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-04 20:20:41 -------- d-----w- c:\docume~1\keifer\applic~1\Serif
2011-04-04 20:19:26 -------- d-----w- c:\program files\Serif
2011-04-04 15:56:01 -------- d-----w- c:\windows\system32\aliedit
2011-04-04 15:55:44 -------- d-----w- c:\program files\trademanager
2011-04-03 05:48:42 -------- d-----w- c:\program files\Rummy.com
2011-04-02 03:00:03 -------- d-----w- c:\docume~1\keifer\locals~1\applic~1\Mozilla
.
==================== Find3M ====================
.
2011-04-24 18:36:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-08 03:41:02 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-04-08 03:41:00 356352 ----a-w- c:\windows\system32\wpdsp.dll
2011-04-08 03:39:57 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2011-04-08 03:38:45 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2011-04-08 03:38:41 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-04-08 03:38:39 577536 ----a-w- c:\windows\soundman.exe
2011-04-08 03:36:59 49152 ----a-w- c:\windows\InstFunc.exe
2011-04-08 03:36:59 12288 ----a-w- c:\windows\InstFunc.dll
2011-04-08 03:32:40 315392 ----a-w- c:\windows\alcupd.exe
2011-04-08 03:32:40 217088 ----a-w- c:\windows\Alcrmv.exe
2011-03-30 17:47:48 49152 ----a-r- c:\windows\system32\inetwh32.dll
2011-03-30 17:47:48 1044480 ----a-r- c:\windows\system32\roboex32.dll
2011-03-16 08:23:59 21768 ----a-w- c:\documents and settings\keifer\s
2011-03-15 21:37:23 5376 ----a-w- c:\windows\system32\freewat.dll
2011-03-12 10:44:47 218624 ----a-w- c:\windows\system32\uxtheme.dll.tmp
2011-03-12 10:44:47 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-03-12 10:44:47 218624 ----a-w- c:\windows\system32\uxtheme(2).dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-11-22 15:59:04 4177272 ----a-w- c:\program files\procexp.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6E040L0 rev.NAR61HA0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x85F49030]
3 CLASSPNP[0xF7719FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000057[0x85F85F18]
5 ACPI[0xF7690620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x85F38D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 80293246 (+245): user != kernel
.
============= FINISH: 11:13:57.39 ===============

Attached File(s)

Attach.txt (3.95K)
Number of downloads: 1

#6 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 May 2011 - 11:29 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer

ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 keiferhelms

New Member

Group: Members
Posts: 8
Joined: 21-April 11

Posted 01 May 2011 - 12:24 PM

I tried to run ComboFix but it told me i had to uninstall AVG. I uninstalled AVG from the control panel and used the AVG Remover from thier site but ComboFix still says i have to uninstall AVG before it can run.

#8 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 May 2011 - 12:44 PM

Please look for c:\Program Files\AVG and delete the AVG folder if it is still there. That should allow combofix to run.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#9 keiferhelms

New Member

Group: Members
Posts: 8
Joined: 21-April 11

Posted 01 May 2011 - 02:39 PM

OK here is the log. It fixed the slow boot but i will have to surf the net a bit to see if it fixed that but it seems like it did.

ComboFix 11-04-30.06 - Keifer 05/01/2011 14:10:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.729 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Keifer\s
c:\documents and settings\Keifer\WINDOWS
c:\windows\system32\freewat.dllfreewat.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-04-27 22:40 . 2011-04-27 22:40 -------- d-----w- c:\documents and settings\Keifer\EurekaLog
2011-04-26 04:40 . 2011-04-26 04:40 -------- d-----w- c:\documents and settings\Keifer\Local Settings\Application Data\Google
2011-04-24 18:37 . 2011-04-24 18:37 -------- d-----w- c:\program files\Common Files\Java
2011-04-24 18:37 . 2011-04-24 18:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-24 18:36 . 2011-04-24 18:36 -------- d-----w- c:\program files\Java
2011-04-24 18:23 . 2011-04-24 18:23 -------- d-----w- c:\program files\VS Revo Group
2011-04-23 19:31 . 2011-04-23 19:31 -------- d-----w- c:\program files\JRE
2011-04-22 19:16 . 2011-04-28 23:57 -------- d-----w- c:\documents and settings\Keifer\Application Data\skypePM
2011-04-22 19:15 . 2011-04-26 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-22 19:15 . 2011-04-28 23:58 -------- d-----w- c:\documents and settings\Keifer\Application Data\Skype
2011-04-22 19:14 . 2011-04-22 19:14 -------- d-----w- c:\program files\Common Files\Skype
2011-04-22 19:14 . 2011-04-24 18:45 -------- d-----r- c:\program files\Skype
2011-04-22 19:14 . 2011-04-22 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-04-21 03:00 . 2011-04-21 03:00 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 02:48 . 2011-04-21 02:48 -------- d-----w- C:\AVGTemp
2011-04-21 01:44 . 2011-04-21 01:44 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2011-04-20 01:44 . 2011-04-21 03:39 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-20 01:43 . 2011-04-21 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-19 11:29 . 2011-04-19 11:29 78096 ----a-r- c:\documents and settings\Keifer\Application Data\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2011-04-19 11:28 . 2011-04-19 11:28 -------- d-----w- c:\documents and settings\Keifer\Local Settings\Application Data\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-04-19 11:19 . 2011-04-19 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NetZero
2011-04-19 11:19 . 2011-04-19 11:30 -------- d-----w- c:\program files\NetZero
2011-04-19 09:54 . 2011-04-19 11:29 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-04-19 04:01 . 2011-04-19 11:36 -------- dc-h--w- c:\windows\ie8
2011-04-19 02:47 . 2011-04-19 02:47 -------- d-----w- c:\program files\Microsoft.NET
2011-04-18 09:07 . 2011-04-18 09:07 -------- d-----w- c:\program files\MSXML 4.0
2011-04-16 18:07 . 2011-04-16 18:07 -------- d-----w- c:\program files\eBay
2011-04-16 18:07 . 2011-04-16 18:07 -------- d-----w- c:\documents and settings\All Users\eBay
2011-04-16 07:44 . 2011-04-16 08:13 -------- d-----w- C:\AuctionSplash
2011-04-16 07:43 . 2011-04-16 22:57 -------- d-----w- c:\documents and settings\Keifer\Local Settings\Application Data\Deployment
2011-04-16 07:42 . 2011-04-16 07:42 -------- d-----w- c:\program files\AuctionSplashSetup
2011-04-16 06:33 . 2011-04-16 06:33 -------- d-----w- c:\documents and settings\Keifer\Local Settings\Application Data\Sam Francke
2011-04-16 06:33 . 2011-04-24 18:18 -------- d-----w- c:\program files\CSVed
2011-04-16 05:50 . 2011-04-16 05:50 -------- d-----w- c:\documents and settings\Keifer\Application Data\GetRightToGo
2011-04-16 05:34 . 2011-04-16 05:34 -------- d-----w- c:\documents and settings\Keifer\Application Data\OpenOffice.org
2011-04-16 05:29 . 2011-04-23 19:31 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-11 06:49 . 2011-04-17 09:46 -------- d-----w- c:\documents and settings\Keifer\Application Data\Systweak
2011-04-09 03:59 . 2011-04-19 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-09 03:59 . 2011-04-09 04:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-04 20:20 . 2011-04-04 20:20 -------- d-----w- c:\documents and settings\Keifer\Application Data\Serif
2011-04-04 20:19 . 2011-04-04 23:51 -------- d-----w- c:\program files\Serif
2011-04-04 15:56 . 2011-04-04 15:56 -------- d-----w- c:\windows\system32\aliedit
2011-04-04 15:55 . 2011-04-24 23:55 -------- d-----w- c:\program files\trademanager
2011-04-03 05:48 . 2011-04-26 03:14 -------- d-----w- c:\program files\Rummy.com
2011-04-02 03:00 . 2011-04-02 03:00 -------- d-----w- c:\documents and settings\Keifer\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-24 18:36 . 2011-03-12 10:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-08 03:41 . 2011-03-12 11:16 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-04-08 03:41 . 2009-01-31 02:35 356352 ----a-w- c:\windows\system32\wpdsp.dll
2011-04-08 03:40 . 2011-03-12 11:02 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-04-08 03:40 . 2009-01-31 02:34 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2011-04-08 03:40 . 2009-01-31 02:34 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2011-04-08 03:40 . 2008-04-14 07:00 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2011-04-08 03:40 . 2009-01-31 02:34 4096 ----a-w- c:\windows\system32\wdfapi.dll
2011-04-08 03:40 . 2008-04-14 07:00 28672 ----a-w- c:\windows\system32\verclsid.exe
2011-04-08 03:40 . 2008-04-14 07:00 8192 ----a-w- c:\windows\system32\tssoft32.acm
2011-04-08 03:40 . 2008-04-14 07:00 90112 ----a-w- c:\windows\system32\sqlsrv32.rll
2011-04-08 03:40 . 2008-04-14 07:00 442368 ----a-w- c:\windows\system32\sqlsrv32.dll
2011-04-08 03:40 . 2010-10-26 09:03 172032 ----a-w- c:\windows\system32\SiSInst.dll
2011-04-08 03:40 . 2010-10-26 09:03 258048 ----a-w- c:\windows\system32\SiSParse.dll
2011-04-08 03:40 . 2008-04-14 07:00 86016 ----a-w- c:\windows\system32\sl_anet.acm
2011-04-08 03:40 . 2010-10-26 09:02 49152 ----a-w- c:\windows\system32\SiSBase.dll
2011-04-08 03:39 . 2011-03-12 10:44 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2011-04-08 03:39 . 2008-04-14 07:00 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2011-04-08 03:39 . 2011-03-12 10:06 118784 ----a-w- c:\windows\system32\msg723.acm
2011-04-08 03:39 . 2011-03-12 10:06 188416 ----a-w- c:\windows\system32\msh261.drv
2011-04-08 03:39 . 2009-03-08 20:22 49152 ----a-w- c:\windows\system32\msrating.dll.mui
2011-04-08 03:39 . 2008-04-14 05:42 294912 ----a-w- c:\windows\system32\msh263.drv
2011-04-08 03:39 . 2009-01-31 02:33 212992 ----a-w- c:\windows\system32\MFPLAT.dll
2011-04-08 03:39 . 2011-03-12 10:56 40960 ----a-w- c:\windows\system32\lxblvs.dll
2011-04-08 03:39 . 2011-03-12 10:56 339968 ----a-w- c:\windows\system32\LXBLUTIL.DLL
2011-04-08 03:39 . 2011-03-12 10:55 544768 ----a-w- c:\windows\system32\LXBLLSNT.EXE
2011-04-08 03:39 . 2011-03-12 10:55 286720 ----a-w- c:\windows\system32\LXBLPMNT.DLL
2011-04-08 03:39 . 2011-03-12 10:56 86016 ----a-w- c:\windows\system32\LXBLIH.EXE
2011-04-08 03:39 . 2011-03-12 10:56 454656 ----a-w- c:\windows\system32\LXBLJSWR.DLL
2011-04-08 03:39 . 2011-03-12 10:55 77824 ----a-w- c:\windows\system32\LXBLLCNP.DLL
2011-04-08 03:39 . 2011-03-12 10:55 217088 ----a-w- c:\windows\system32\LXBLLCNT.DLL
2011-04-08 03:39 . 2011-03-12 10:56 286720 ----a-w- c:\windows\system32\lxblcomm.dll
2011-04-08 03:39 . 2011-03-12 10:55 90112 ----a-w- c:\windows\system32\LXBLCUR.DLL
2011-04-08 03:39 . 2011-03-12 10:55 69632 ----a-w- c:\windows\system32\LXBLCU.DLL
2011-04-08 03:39 . 2011-03-12 10:55 126976 ----a-w- c:\windows\system32\LXBLCFG.EXE
2011-04-08 03:39 . 2011-03-12 10:56 155648 ----a-w- c:\windows\system32\LEXPING.EXE
2011-04-08 03:39 . 2011-03-12 11:17 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-04-08 03:39 . 2008-04-14 07:00 65536 ----a-w- c:\windows\system32\jgsh400.dll
2011-04-08 03:39 . 2011-03-12 10:55 40960 ----a-w- c:\windows\system32\INSTMON.EXE
2011-04-08 03:39 . 2008-04-14 07:00 16384 ----a-w- c:\windows\system32\imaadp32.acm
2011-04-08 03:39 . 2009-03-08 20:22 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
2011-04-08 03:39 . 2009-03-08 20:21 4096 ----a-w- c:\windows\system32\ie4uinit.exe.mui
2011-04-08 03:39 . 2009-03-08 20:20 81920 ----a-w- c:\windows\system32\iedkcs32.dll.mui
2011-04-08 03:39 . 2009-01-30 23:23 249856 ----a-w- c:\windows\system32\drmupgds.exe
2011-04-08 03:39 . 2008-04-14 07:00 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-04-08 03:39 . 2008-04-14 07:00 28672 ----a-w- c:\windows\system32\dbnmpntw.dll
2011-04-08 03:39 . 2008-04-14 07:00 24576 ----a-w- c:\windows\system32\dbmsrpcn.dll
2011-04-08 03:39 . 2011-03-12 10:44 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-04-08 03:39 . 2008-04-14 07:00 77824 ----a-w- c:\windows\system32\cliconfg.dll
2011-04-08 03:39 . 2008-04-14 07:00 24576 ----a-w- c:\windows\system32\cliconfg.rll
2011-04-08 03:39 . 2008-04-14 07:00 20480 ----a-w- c:\windows\system32\cliconfg.exe
2011-04-08 03:38 . 2011-03-12 10:44 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2011-04-08 03:38 . 2011-03-12 11:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-04-08 03:38 . 2011-03-12 10:44 577536 ----a-w- c:\windows\soundman.exe
2011-04-08 03:36 . 2011-03-12 12:49 49152 ----a-w- c:\windows\InstFunc.exe
2011-04-08 03:36 . 2011-03-12 12:49 12288 ----a-w- c:\windows\InstFunc.dll
2011-04-08 03:32 . 2011-03-12 10:44 315392 ----a-w- c:\windows\alcupd.exe
2011-04-08 03:32 . 2011-03-12 10:44 217088 ----a-w- c:\windows\Alcrmv.exe
2011-03-30 17:47 . 2011-03-30 17:47 49152 ----a-r- c:\windows\system32\inetwh32.dll
2011-03-30 17:47 . 2011-03-30 17:47 1044480 ----a-r- c:\windows\system32\roboex32.dll
2011-03-15 21:37 . 2011-03-15 21:38 5376 ----a-w- c:\windows\system32\freewat.dll
2011-03-12 10:44 . 2008-04-14 07:00 218624 ----a-w- c:\windows\system32\uxtheme.dll.tmp
2011-03-12 10:44 . 2008-04-14 07:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-03-12 10:44 . 2008-04-14 07:00 218624 ----a-w- c:\windows\system32\uxtheme(2).dll
2011-03-07 05:33 . 2011-03-12 10:05 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21 . 2008-04-14 07:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 08:00 . 2011-03-12 11:16 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-17 13:18 . 2008-04-14 07:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 07:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-12 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 07:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 07:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 07:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 07:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 07:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2011-03-12 10:03 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-11-22 15:59 . 2011-03-12 10:40 4177272 ----a-w- c:\program files\procexp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2010-06-29 1776640]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-29 3727411]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoWinKeys"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
"HideSCABattery"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\trademanager\\AliIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
.
------- Supplementary Scan -------
.
uStart Page = https://my.screenname.aol.com/_cqr/login/login.psp?seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Awebmail.aol.com%7Crp%3ALite%252fToday.aspx%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A5ea4925c-6301-4ca7-b1e9-c9ba3b223559&authLev=0&sitedomain=sns.webmail.aol.com&lang=en
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
FF - ProfilePath - c:\documents and settings\Keifer\Application Data\Mozilla\Firefox\Profiles\vvwjw098.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Awebmail.aol.com%7Crp%3ALite%252fToday.aspx%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A5ea4925c-6301-4ca7-b1e9-c9ba3b223559&authLev=0&sitedomain=sns.webmail.aol.com&lang=en
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6E040L0 rev.NAR61HA0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 80293246 (+245): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (A B C D 2 3 5 6) (Everyone)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(400)
c:\windows\system32\freewat.dll
.
Completion time: 2011-05-01 14:20:54
ComboFix-quarantined-files.txt 2011-05-01 19:20
.
Pre-Run: 23,510,016,000 bytes free
Post-Run: 23,535,779,840 bytes free
.
- - End Of File - - 08C1EC394E68015035685793ABD890DA

#10 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 May 2011 - 03:42 PM

Hi, please let me know what problems you still are having.

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#11 keiferhelms

New Member

Group: Members
Posts: 8
Joined: 21-April 11

Posted 01 May 2011 - 05:19 PM

Malwarebytes came up clean. Can i reinstall AVG now?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6485

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/1/2011 5:15:31 PM
mbam-log-2011-05-01 (17-15-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 180617
Time elapsed: 35 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 May 2011 - 11:48 PM

Please wait with reinstalling AVG until we uninstall Combofix. Otherwise it will interfere again. Lets do one last scan to check for leftovers.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
  icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#13 keiferhelms

New Member

Group: Members
Posts: 8
Joined: 21-April 11

Posted 02 May 2011 - 03:43 PM

I downloaded ESET and installed but when it downloads the definition file it stops and says "Unexpected Error 2002". I am using dial-up and know it will take a long time to download it but it took almost 2 hours to get to 50%. I also tried the browser version in IE8 and after i allowed the security bar at the top the program wont even come up.

#14 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 02 May 2011 - 03:49 PM

Click Start > Run, type combofix /uninstall and press enter.

When done, reinstall AVG and run a full scan with that. No need to keep you occupied for hours to download this with dial up.