Malwarebytes and AVG updates have been disabled by possible virus.

[agnostida]

I am running XP and have been using AVG, Malwarebytes & SuperAntiSpyware for some time now.  I have the most current (free) versions of all three.  I am using Windows firewall.

Possible Mistake #1: Last night when given a warning by AVG that the website I was trying to access was unsafe, I chose to utilize google search on my toolbar to take me to another site INSTEAD of actually clicking on the iconed option to navigate away from the website provided by AVG.

FOR SURE Mistake #2: When shutting down my computer an hour later an error message popped up before everything turned off.  I did NOT take note of the number or message of the error.  I do know that I have never seen that message before.  Not helpful for you, I realize.

Today, turning my computer back on, I've noticed that AVG is not loaded onto my task bar as usual.  And, a little more digging around has uncovered the unfortunate fact that I cannot update AVG OR Malywarebytes -both claiming that a connection with the update server has failed.  I can, and have, updated my SuperAntiSpyware today, however.  All three programs are still able to scan and I have done this, but to no avail.  No infection was found.

Many more repeated attempts and I still cannot update AVG or Malwarebytes.

I am tempted to uninstall and then reinstall both programs and see what happens, but thought I should run this by the experts first before I start piddling around on my own.

Any thoughts?

I sure appreciate this expertise available on this site.  Y'all are lifesavers!

[evilfantasy]

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers.
* Search for any of the following:

- UACd.sys <- Or anything beginning with UAC
- gaopdxserv.sys <- Or anything beginning with gaopd
- gxvxcserv.sys <- Or anything beginning with gxvx
- Seneka.sys <- Or anything beginning with Seneka
- clbdriver.sys <- Or anything beginning with clbdriver
- TDSSserv.sys <- Or anything beginning with TDSS
- ovfst.sys <- Or anything beginning with ovfst

* If you do find it, right click on it, and select Disable. Do not try to uninstall them.

* Now reboot and see if you can update Malwarebytes.

Also do you have HijackThis installed?

[agnostida]

Wow! Thanks for the quick response.

Nothing that you had listed was in my non-plug and play drivers.

I do have HiJack this installed.

Awaiting further instructions.  Thanks!

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[agnostida]

Downloaded ComboFix and followed the instructions.  Clicked on the desktop icon - clicked run.  The run window disappeared but the word RUN stayed on my screen for 30 secs., then it too disappeared and my desktop was backed to normal.  Now 15 minutes later and nada.  No new windows: absolutely nothing to suggest ComboFix is running.  Is it?  How can I tell?  Should I be doing something else?

I did not touch my computer after clicking on run.  I am using a different computer for this post.

Hmmmm....

[agnostida]

So ComboFix did not run.  Should I try it again?

[agnostida]

Oh great.  And now my computer will not turn off.  I cannot log-off, restart, or anything.

Help?!

[agnostida]

Okay.  I am completely locked out.  Can't turn the computer off, can't access any application.  I CAN navigate my desktop but clicking on any icon is useless.

I give.  I'll await further instructions.

[evilfantasy]

If you have problems with ComboFix usage, see How to use ComboFix

[agnostida]

Yup.  Read it, did it.

Combofix will not run.  I cannot get past the first run command window.  Plus all my applications are locked and I cannot shut down my system.

So.  I am considering unplugging the power, disengaging the battery (laptop) and powering down that way.  Perhaps when I return power and boot back up I will have more control.

Should I?

Thanks for your attention!  I really appreciate the help.

[evilfantasy]

Hold the power button down until it shuts off.

Restart and try ComboFix again.

[agnostida]

Ummm....okay, WOW.  Boy am I embarrassed.   That was way easier than what I proposed.  Guess there is no doubt who is the computer expert and who is the computer idiot in this partnership.

Yes, I did power down like you suggested and everything is back and groovy!  Not only are my applications back, but AVG is back in my task bar and both it and Malwarebytes have been updated.  Problem solved and everything looks great!

So, do I still need to run Combofix or should I uninstall it?  Speaking of which, how DO I uninstall it?  That little instruction is not listed in their help topic.

You are a computer lifesaver!!!!

[evilfantasy]

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[agnostida]

Here goes:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/21/2005 4:32:42 PM
System Uptime: 5/5/2009 5:19:25 PM (0 hours ago)
Processor:         Intel(R) Pentium(R) M processor 1.20GHz | N/A | 1196/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 50 GiB total, 14.301 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VM Network Connection
Device ID: PCI\VEN_8086&DEV_1069&SUBSYS_81E2104D&REV_03\4&AD1B67F&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VM Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1069&SUBSYS_81E2104D&REV_03\4&AD1B67F&0&40F0
Service: E100B

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MX700 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX700 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP68: 2/4/2009 10:09:29 PM - System Checkpoint
RP69: 2/5/2009 10:30:32 PM - System Checkpoint
RP70: 2/6/2009 11:24:17 PM - System Checkpoint
RP71: 2/8/2009 12:45:07 AM - System Checkpoint
RP72: 2/9/2009 1:23:27 AM - System Checkpoint
RP73: 2/10/2009 2:08:55 AM - System Checkpoint
RP74: 2/10/2009 8:19:59 AM - Avg8 Update
RP75: 2/10/2009 10:21:54 PM - Software Distribution Service 3.0
RP76: 2/11/2009 10:19:37 PM - Restore Operation
RP77: 2/11/2009 10:32:23 PM - Restore Operation
RP78: 2/12/2009 9:53:16 AM - Avg8 Update
RP79: 2/12/2009 9:46:59 PM - Removed Google Earth.
RP80: 2/12/2009 9:49:53 PM - Removed Google Earth Pro.
RP81: 2/13/2009 10:49:35 PM - System Checkpoint
RP82: 2/15/2009 4:44:28 PM - System Checkpoint
RP83: 2/16/2009 6:11:57 PM - System Checkpoint
RP84: 2/17/2009 10:52:53 PM - System Checkpoint
RP85: 2/19/2009 10:41:05 AM - System Checkpoint
RP86: 2/20/2009 12:12:25 PM - System Checkpoint
RP87: 2/27/2009 3:29:49 PM - System Checkpoint
RP88: 2/28/2009 12:12:57 AM - Software Distribution Service 3.0
RP89: 3/1/2009 2:19:38 AM - Software Distribution Service 3.0
RP90: 3/2/2009 11:13:39 PM - System Checkpoint
RP91: 3/3/2009 11:20:03 PM - System Checkpoint
RP92: 3/4/2009 8:33:55 AM - Avg8 Update
RP93: 3/4/2009 2:13:30 PM - Removed Java(TM) 6 Update 10
RP94: 3/4/2009 2:14:15 PM - Installed Java(TM) 6 Update 12
RP95: 3/5/2009 6:52:44 PM - System Checkpoint
RP96: 3/7/2009 12:25:06 AM - System Checkpoint
RP97: 3/9/2009 11:18:42 AM - System Checkpoint
RP98: 3/10/2009 11:18:57 AM - System Checkpoint
RP99: 3/11/2009 11:46:24 AM - System Checkpoint
RP100: 3/11/2009 9:56:48 PM - Software Distribution Service 3.0
RP101: 3/13/2009 12:01:03 AM - System Checkpoint
RP102: 3/13/2009 12:29:58 AM - Software Distribution Service 3.0
RP103: 3/30/2009 7:25:13 PM - Avg8 Update
RP104: 3/30/2009 7:27:20 PM - Avg8 Update
RP105: 3/30/2009 10:51:53 PM - Software Distribution Service 3.0
RP106: 4/1/2009 9:01:23 AM - Software Distribution Service 3.0
RP107: 4/1/2009 9:25:23 AM - Printer Driver Microsoft XPS Document Writer Installed
RP108: 4/1/2009 9:28:14 AM - Installed Windows XP WgaNotify.
RP109: 4/1/2009 7:21:42 PM - Installed Java(TM) 6 Update 13
RP110: 4/3/2009 3:34:02 PM - Software Distribution Service 3.0
RP111: 4/4/2009 6:13:43 PM - System Checkpoint
RP112: 4/5/2009 6:34:26 PM - System Checkpoint
RP113: 4/8/2009 12:25:35 PM - System Checkpoint
RP114: 4/9/2009 1:59:43 PM - System Checkpoint
RP115: 4/12/2009 11:40:06 AM - Removed AVG 8.0
RP116: 4/12/2009 12:00:52 PM - Installed AVG Free 8.5
RP117: 4/14/2009 7:40:12 AM - Avg8 Update
RP118: 4/14/2009 4:48:26 PM - Removed OverDrive Media Console
RP119: 4/14/2009 4:58:48 PM - Installed OverDrive Media Console
RP120: 4/16/2009 2:13:53 PM - System Checkpoint
RP121: 4/20/2009 2:38:45 PM - Software Distribution Service 3.0
RP122: 4/21/2009 8:49:35 AM - Avg8 Update
RP123: 4/22/2009 5:02:17 PM - System Checkpoint
RP124: 4/23/2009 5:58:57 PM - System Checkpoint
RP125: 4/24/2009 6:16:43 PM - System Checkpoint
RP126: 4/25/2009 6:33:41 PM - System Checkpoint
RP127: 4/26/2009 7:07:22 PM - System Checkpoint
RP128: 4/27/2009 8:58:25 PM - System Checkpoint
RP129: 4/29/2009 5:56:02 PM - System Checkpoint
RP130: 5/1/2009 12:09:06 AM - System Checkpoint
RP131: 5/2/2009 6:35:25 PM - System Checkpoint
RP132: 5/3/2009 8:11:25 PM - System Checkpoint
RP133: 5/4/2009 8:34:46 PM - System Checkpoint

==== Installed Programs ======================

Abacast Client
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.1
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements 5.0
Adobe Reader 7.0
Amazon MP3 Downloader 1.0.3
Audible Download Manager
AV Mode Button Utility
AVG 8.5
Bluetooth Stack for Windows by Toshiba
Business Contact Manager for Outlook 2003
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 3.0
Canon MP600
Canon MP600 User Registration
Canon MX700 series
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Cingular Connection Manager
CONNECT
Critical Update for Windows Media Player 11 (KB959772)
DivX Content Uploader
DivX Web Player
DVgate Plus
EA Download Manager
Easy-WebPrint
EuroTalk Multimedia Dictionary
FileMaker Pro 6
FileMaker Pro 8
FreeAgent Go Tools
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Image Converter 2
Instant Mode
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
ISScript
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 13
KawaiiRiver
KODAK EASYSHARE Gallery Upload ActiveX Control
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mMHouse
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.11)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MVision
mWlsSafe
mXML
Netscape Internet Service Setup
OpenMG Secure Module 4.2.00
OverDrive Media Console
Picasa 3
PokerStars
Quicken 2005
RealPlayer
Realtek High Definition Audio Driver
Rosetta Stone 2.1.4.1A
ScanSoft OmniPage SE 4.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Setting Utility Series
Skype™ 3.8
SmartWi Connection Utility
SonicStage 3.2
SonicStage Mastering Studio 1.4
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony Ericsson Wireless Modem
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
SPORE™
SUPERAntiSpyware Free Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URGE
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Long Battery Life Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.2
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Support Central
VAIO Survey Standalone
VAIO Update 3
VAIO Wireless Utility
VPN Client
Wal-Mart Music Downloads Store
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

5/4/2009 8:11:56 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer PAKNOTEBOOK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A05829E7-52E2-40. The master browser is stopping or an election is being forced.
4/29/2009 4:23:48 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.103 for the Network Card with network address 0013CE9248FB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/29/2009 4:11:50 PM, error: Dhcp [1002]  - The IP address lease 192.168.0.65 for the Network Card with network address 0013CE9248FB has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/29/2009 11:57:44 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.103 for the Network Card with network address 0013CE9248FB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================




DDS (Ver_09-03-16.01) - NTFSx86 
Run by Denise Kelsey at 17:26:29.03 on Tue 05/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1526.1019 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Denise Kelsey\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Easy-WebPrint: {03c1c47f-0538-4645-8372-d3109b9fc636} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [WCULauncher] c:\program files\sony\smartwi connection utility\WCULauncher.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe"  /Stationary
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-12 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-8-20 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-20 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 298264]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2005-8-5 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-8-5 214272]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-20 7408]
S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [2005-11-6 114944]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2005-11-6 53248]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-9-19 280344]
S4 gupdate1c98da01636e570;Google Update Service (gupdate1c98da01636e570);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S4 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]

=============== Created Last 30 ================

2009-05-04 20:18   389,120   a-------   c:\windows\system32\cmd.execf
2009-04-16 12:19   284,160   -c------   c:\windows\system32\dllcache\pdh.dll
2009-04-16 12:19   473,600   -c------   c:\windows\system32\dllcache\fastprox.dll
2009-04-16 12:19   401,408   -c------   c:\windows\system32\dllcache\rpcss.dll
2009-04-16 12:19   227,840   -c------   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 12:19   110,592   -c------   c:\windows\system32\dllcache\services.exe
2009-04-16 12:19   35,328   -c------   c:\windows\system32\dllcache\sc.exe
2009-04-16 12:19   729,088   -c------   c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 12:19   617,472   -c------   c:\windows\system32\dllcache\advapi32.dll
2009-04-16 12:19   453,120   -c------   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 12:19   714,752   -c------   c:\windows\system32\dllcache\ntdll.dll
2009-04-16 12:18   2,560   --------   c:\windows\system32\xpsp4res.dll
2009-04-16 12:18   1,203,922   -c------   c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 12:18   215,552   -c------   c:\windows\system32\dllcache\wordpad.exe
2009-04-12 12:01   10,520   a-------   c:\windows\system32\avgrsstx.dll
2009-04-12 12:01   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
2009-04-12 12:01   325,640   a-------   c:\windows\system32\drivers\avgldx86.sys
2009-04-12 12:01   <DIR>   --d-----   c:\windows\system32\drivers\Avg
2009-04-12 12:00   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M  ====================

2009-04-06 15:32   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-03-20 11:50   3,358,720   a-------   c:\windows\system32\GPhotos.scr
2009-03-09 05:19   410,984   a-------   c:\windows\system32\deploytk.dll
2009-03-06 07:22   284,160   a-------   c:\windows\system32\pdh.dll
2009-03-02 17:18   826,368   a-------   c:\windows\system32\wininet.dll
2009-02-20 11:09   78,336   a-------   c:\windows\system32\ieencode.dll
2009-02-09 05:10   729,088   a-------   c:\windows\system32\lsasrv.dll
2009-02-09 05:10   714,752   a-------   c:\windows\system32\ntdll.dll
2009-02-09 05:10   617,472   a-------   c:\windows\system32\advapi32.dll
2009-02-09 05:10   401,408   a-------   c:\windows\system32\rpcss.dll
2009-02-09 04:13   1,846,784   a-------   c:\windows\system32\win32k.sys
2009-02-07 19:02   2,066,048   a-------   c:\windows\system32\ntkrnlpa.exe
2009-02-06 04:11   110,592   a-------   c:\windows\system32\services.exe
2009-02-06 04:08   2,189,056   a-------   c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39   35,328   a-------   c:\windows\system32\sc.exe
2007-12-25 16:13   32   --------   c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-12-15 00:19   888   --------   c:\docume~1\denise~1\applic~1\wklnhst.dat
2008-09-09 12:28   32,768   a--sh---   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 17:27:32.14 ===============

[evilfantasy]

There are a few suspicious files so you should try to update and run MBAM.

Please Run Malwarebytes' Anti-Malware.

• Click the Update tab.
• Click Check for Updates
  
• If an update is found, it will download and install.
• Click the Scanner tab.
  
• Select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[agnostida]

Did it.  The quick scan found no malicious items.

While everything else seems to be back to normal - as in I can update Malwarebytes and AVG - the volume icon has disappeared from my taskbar.  When I go to it manually I find that the pin to taskbar box is already checked.  Restarting the computer doesn't help.  Not only that but the volume doesn't completely work.  My VAIO screen makes its normal sound when rebooting, but Windows does not.  Windows Media player works, but nothing online (YouTube etc...) does.  I can watch, but no sound.

Everything in the Sounds and Audio box seems normal.  Nothing is muted.  This started last night.

What now?

[evilfantasy]

Right click 'My Computer' on the desktop and select Properties > Device Manager.

Right click the sound card driver and choose to Repair or Roll back. If neither of those work then choose Uninstall. Restart the computer and Windows will re-install it automatically.

[agnostida]

Under System Properties > Hardware > Device Manager    the only thing close to sound card driver is Sound Video and Game Controller.  When I click on this I get a bunch of options - the audio ones are legacy audio drivers, audio codex, and realtek high definition audio.  Which one of these should I be focusing on?

When I right click the realtek high definition audio it does not give me the option to repair or roll back.  My options are update, disable, scan for hardware changes, and uninstall.

Am I in the right place?  Is realtek what I want?

Thank you!

[evilfantasy]

Is there a (+) that you can click to expand a list of more options?

Expand that and see if there are any yellow question marks. If not then use repair or roll back on each one If that doesn't work use the Uninstall option.

[agnostida]

No + sign or yellow question marks.  I did try and rollback the items to no avail.  However, a system restore cured my problems.  Volume icon back in the system tray and sound is working for everything.  Yay!

Thank you so much for everything!