Unable to access the internet and very slow response times

[mattp]

Over the past week my laptop has started to have problems accessing the internet. It seems to connect okay but has issues opening a browser and subsequently connecting to any websites.

Here are the logs requested - can anyone offer me any advice??

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2010 at 08:17 PM

Application Version : 4.39.1002

Core Rules Database Version : 5097
Trace Rules Database Version: 2909

Scan type       : Complete Scan
Total Scan Time : 00:36:12

Memory items scanned      : 588
Memory threats detected   : 0
Registry items scanned    : 7132
Registry threats detected : 0
File items scanned        : 153449
File threats detected     : 6

Adware.Flash Tracking Cookie
   C:\Users\laptop\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246QARM6\S0.2MDN.NET

Adware.Tracking Cookie
   s0.2mdn.net [ C:\Users\laptop\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\246QARM6 ]
   C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\laptop@apmebf[1].txt
   C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\laptop@doubleclick[1].txt
   C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\laptop@mediaplex[2].txt
   C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\laptop@revsci[1].txt

--------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

21/06/2010 20:50:49
mbam-log-2010-06-21 (20-50-49).txt

Scan type: Quick scan
Objects scanned: 117151
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:30, on 22/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{73EE080C-CB95-4D6C-9473-75054A237F6A}: NameServer = 217.171.132.1 217.171.135.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8947 bytes

[Dr Jay]

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[mattp]

Thanks for getting back to me. Here's the log as requested:

ComboFix 10-06-22.03 - laptop 23/06/2010  14:08:39.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.44.1033.18.2814.1838 [GMT 1:00]
Running from: c:\users\laptop\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-05-23 to 2010-06-23  )))))))))))))))))))))))))))))))
.

2010-06-21 22:52 . 2010-06-21 22:52   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-06-21 22:52 . 2010-06-22 19:10   242896   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-06-21 22:52 . 2010-06-21 22:52   216200   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-06-21 22:52 . 2010-06-22 19:10   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-06-21 22:52 . 2010-06-22 19:05   --------   d-----w-   c:\windows\system32\drivers\Avg
2010-06-21 22:49 . 2010-06-21 22:49   --------   d-----w-   c:\programdata\avg9
2010-06-21 20:52 . 2010-06-21 20:52   --------   d-----w-   c:\program files\Trend Micro
2010-06-21 20:22 . 2010-06-21 20:22   --------   d-----w-   c:\program files\TrendMicro
2010-06-21 20:13 . 2010-06-21 20:13   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-06-21 19:39 . 2010-06-21 19:39   --------   d-----w-   c:\users\laptop\AppData\Roaming\Malwarebytes
2010-06-21 19:39 . 2010-04-29 14:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 19:39 . 2010-06-21 19:39   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-06-21 19:39 . 2010-06-21 19:39   --------   d-----w-   c:\programdata\Malwarebytes
2010-06-21 19:39 . 2010-04-29 14:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-21 19:20 . 2010-06-21 19:20   63488   ----a-w-   c:\users\laptop\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-21 19:20 . 2010-06-21 19:20   52224   ----a-w-   c:\users\laptop\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-21 19:20 . 2010-06-21 19:20   117760   ----a-w-   c:\users\laptop\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-21 18:28 . 2010-06-21 18:28   --------   d-----w-   c:\users\laptop\AppData\Roaming\SUPERAntiSpyware.com
2010-06-21 18:28 . 2010-06-21 18:28   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-06-21 18:28 . 2010-06-21 18:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-06-21 18:22 . 2010-06-21 18:22   --------   d-----w-   c:\program files\CCleaner
2010-06-20 14:57 . 2010-06-20 14:57   --------   d-----w-   c:\users\laptop\AppData\Roaming\Birdstep Technology
2010-06-20 14:56 . 2009-02-17 19:38   112128   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2010-06-20 14:56 . 2008-12-30 10:57   103040   ----a-w-   c:\windows\system32\drivers\ewusbfake.sys
2010-06-20 14:56 . 2008-12-13 10:27   102784   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2010-06-20 14:56 . 2008-04-14 08:36   621056   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2010-06-20 14:56 . 2007-08-09 03:06   23424   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2010-06-20 14:54 . 2010-06-20 14:54   --------   d-----w-   c:\program files\3 Mobile Broadband
2010-06-19 20:20 . 2010-06-19 20:20   --------   d-----w-   c:\users\laptop\AppData\Roaming\Birdstep Technology(69)
2010-06-19 20:18 . 2010-06-19 20:18   --------   d-----w-   c:\program files\Huawei Modems(19)
2010-06-19 20:17 . 2010-06-19 20:17   --------   d-----w-   c:\program files\3 Mobile Broadband(12)
2010-06-12 19:54 . 2010-06-12 20:39   --------   d-----w-   c:\users\laptop\Tracing

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 19:33 . 2009-08-24 16:55   12   ----a-w-   c:\windows\bthservsdp.dat
2010-06-21 20:14 . 2008-10-25 18:07   --------   d-----w-   c:\program files\Common Files\Java
2010-06-21 20:13 . 2008-10-25 18:07   --------   d-----w-   c:\program files\Java
2010-06-20 20:44 . 2009-09-13 21:20   --------   d-----w-   c:\program files\Google
2010-06-20 14:55 . 2010-02-28 14:04   --------   d-----w-   c:\program files\Huawei Modems
2010-06-20 14:55 . 2010-02-28 14:04   70667   ----a-w-   c:\windows\Huawei ModemsUninstall.exe
2010-06-20 14:54 . 2008-10-25 16:46   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-06-20 14:45 . 2010-02-27 13:23   --------   d-----w-   c:\programdata\Birdstep Technology
2010-06-20 14:40 . 2009-07-17 19:13   75264   ----a-w-   c:\users\laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-20 14:35 . 2010-01-01 21:06   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-06-20 14:16 . 2009-07-18 11:28   63174   ----a-w-   c:\programdata\nvModes.dat
2010-06-19 22:01 . 2009-03-12 15:43   --------   d-----w-   c:\programdata\NVIDIA
2010-05-21 13:14 . 2009-11-11 21:29   221568   ------w-   c:\windows\system32\MpSigStub.exe
2008-10-25 17:09 . 2008-10-25 16:56   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-21 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-22 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-06-21 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-21 308064]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-13 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 14:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-23  14:20:52
ComboFix-quarantined-files.txt  2010-06-23 13:20

Pre-Run: 107,157,884,928 bytes free
Post-Run: 107,095,113,728 bytes free

- - End Of File - - 1066C404D85255BC9A9E5A9C83539AB2

[Dr Jay]

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

[mattp]

As requested:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4235

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

25/06/2010 00:00:20
mbam-log-2010-06-25 (00-00-20).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 277122
Time elapsed: 1 hour(s), 20 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Dr Jay]

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[mattp]

This is all the log seemed to produce:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Have I looked in the wrong place or done something wrong?

When I started the laptop my AVG started one of it's automatic scans and seemed to find the following, could this be a problem? I stopped the scan so it didn't interfere with the ESET one:

"Infection";"Virus found Win32/Heur";"C:\Windows\System32\wbem\fastprox.dll";"";"01/07/2010, 22:21:02"

[Dr Jay]

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
• Copy and paste that information in your next post.

[mattp]

As requested:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Saturday, July 3, 2010
 Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Friday, July 02, 2010 15:19:16
 Records in database: 4259887
--------------------------------------------------------------------------------

Scan settings:
   scan using the following database: extended
   Scan archives: yes
   Scan e-mail databases: yes

Scan area - My Computer:
   C:\
   D:\
   E:\
   F:\
   G:\

Scan statistics:
   Objects scanned: 161311
   Threats found: 0
   Infected objects found: 0
   Suspicious objects found: 0
   Scan duration: 03:00:49

No threats found. Scanned area is clean.

Selected area has been scanned.

[Dr Jay]

If there are no more issues, then it is time to clean up.

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[mattp]

I get an error message when trying to create a new restore point. Any ideas or advice? The message reads:

The writer experienced a transient error. If the backup process is retried, the error may not reoccur (0x800423F3)

[Dr Jay]

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

[mattp]

I've tried this several times and it just says it's scanning, but doesn't actually seem to do anything. I don't get any form of progress bars as shown in your screenshot - I even left it running overnight once and nothing seemed to happen. Any ideas?

[Dr Jay]

Go ahead and run Security Check for now.

[mattp]

Ok, this is what I get:

 Results of screen317's Security Check version 0.99.4 
 Windows Vista Service Pack 1 (UAC is enabled)
 Out of date service pack!!
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 AVG Free 9.0   
 ESET Online Scanner v3   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 CCleaner     
 Java(TM) 6 Update 20 
 Java(TM) 6 Update 7 
 Out of date Java installed!
 Adobe Flash Player   
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````