0

Seems I have contracted the same bug that a lot of others have with the search engine re-directs. There are 5 computers on my network and only my main computer has this problem. I have run everthing under the sun to find and eliminate this problem but everything comes up clean yet I still get re-directs for every search no matter the engine I use. I have gone through and used all these programs in both normal and safe mode but the results are always clean. I have shut down my system restoe until I can get this fixed.

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:37, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.navyfcu.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: astnscsi - Voyetra Turtle Beach, Inc. - C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\Voyetra\AUDIOS~1\x10nets.exe

--
End of file - 5812 bytes

ESET log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3515 (20081011)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=bfbf22167d91534db376eedcec0024c7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-11 08:48:36
# local_time=2008-10-11 04:48:36 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=171628
# found=0
# scan_time=1315

Uninstall List

Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Ahead NeroMediaPlayer
Apple Mobile Device Support
Apple Software Update
ATI Display Driver (Omega 3.8.421)
avast! Antivirus
Battleground Europe: WWIIOL
BroadJump Client Foundation
DAEMON Tools
EA Download Manager
EA SPORTS online 2007
ESET Online Scanner
HijackThis 2.0.2
IL-2 Sturmovik
iTunes
Logitech GamePanel Software 2.00
Logitech MouseWare 9.41 .1
Madden NFL 07
Madden NFL 08
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
MultiRes (remove only)
NavFit98A
Nero - Burning Rom
Pacific Fighters
Picture Package Music Transfer
PlayGATE Setup
PowerDVD
QuickTime
Radeon Omega Drivers v3.8.421 Setup Files and Tools
Realtek AC'97 Audio
Sony Picture Utility
SPOREā„¢
SUPERAntiSpyware Professional
Supportsoft Web Controls
Turtle Beach Santa Cruz Driver
Ventrilo Client
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Voyetra AudioStation 6
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
XoftSpySE

If you need anything else lety me know. I cannot find anything wrong with my computer other than search engine re-directs. HELP!

3
Contributors
6
Replies
7
Views
8 Years
Discussion Span
Last Post by caperjack
0

Please download ComboFix by sUBs

* You must download it to and run it from your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
* Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Here are the new logs as requested.

ComboFix
ComboFix 08-10-09.02 - Randy 2008-10-12 17:10:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1628 [GMT -4:00]
Running from: C:\Documents and Settings\Randy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-11 16:24 . 2008-10-11 16:48 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-11 16:10 . 2008-10-11 16:10 10,098 --a------ C:\logfile
2008-10-11 01:00 . 2008-10-11 01:29 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-10-11 00:56 . 2008-10-11 00:56 <DIR> d-------- C:\Documents and Settings\Randy\DoctorWeb
2008-10-11 00:42 . 2008-10-11 00:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-11 00:42 . 2008-10-11 00:42 <DIR> d-------- C:\Documents and Settings\Randy\Application Data\SUPERAntiSpyware.com
2008-10-11 00:42 . 2008-10-11 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-11 00:37 . 2008-10-11 00:38 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-10-11 00:20 . 2008-10-11 00:22 2,520 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-11 00:11 . 2008-10-11 00:11 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-11 00:10 . 2008-10-11 00:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-11 00:10 . 2008-10-11 00:16 <DIR> d-------- C:\SDFix
2008-10-11 00:03 . 2008-10-11 00:03 <DIR> d-------- C:\Malware
2008-10-06 14:02 . 2008-10-06 14:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 14:02 . 2008-10-06 14:02 <DIR> d-------- C:\Documents and Settings\Randy\Application Data\Malwarebytes
2008-10-06 14:02 . 2008-10-06 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 14:02 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-06 14:02 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-06 13:31 . 2008-10-06 13:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 17:24 . 2008-09-21 17:24 <DIR> d-------- C:\Documents and Settings\Randy\Application Data\Sony Corporation
2008-09-20 23:11 . 2008-09-20 23:11 <DIR> d-------- C:\Program Files\Sony
2008-09-20 23:11 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2008-09-20 23:11 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2008-09-20 23:11 . 2006-11-02 16:57 36,624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-20 23:11 . 2006-08-28 21:48 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-20 23:11 . 2006-08-28 21:48 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-20 23:10 . 2008-09-20 23:10 <DIR> d-------- C:\Documents and Settings\Randy\Application Data\InstallShield
2008-09-12 14:14 . 2008-09-13 23:25 <DIR> d-------- C:\Documents and Settings\Randy\Application Data\SPORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 20:11 --------- d-----w C:\Program Files\KODAK
2008-10-11 20:10 --------- d-----w C:\Program Files\Common Files\KODAK
2008-10-11 04:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 14:30 --------- d-----w C:\Program Files\XoftSpySE
2008-09-27 22:50 --------- d-----w C:\Program Files\World of Warcraft
2008-09-12 18:13 4,612 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-12 18:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-12 18:03 --------- d-----w C:\Program Files\Electronic Arts
2008-09-07 21:37 --------- d-----w C:\Program Files\QuickTime
2008-09-07 21:27 --------- d-----w C:\Program Files\NavFit98A
2008-09-07 21:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-09-07 21:26 249,856 ------w C:\WINDOWS\Setup1.exe
2008-09-07 21:24 --------- d-----w C:\Program Files\Nav
2008-08-30 07:18 --------- d-----w C:\Documents and Settings\Randy\Application Data\SPORE Creature Creator
2007-04-29 05:50 24,192 ----a-w C:\Documents and Settings\Randy\usbsermptxp.sys
2007-04-29 05:50 22,768 ----a-w C:\Documents and Settings\Randy\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-06_13.58.36.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-11 05:00:31 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-10-11 05:00:32 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-10-11 05:00:32 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-10-11 05:00:34 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-10-11 05:00:37 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-10-11 05:00:32 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-11 04:10:59 3,362,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-11 04:10:59 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-11 04:10:58 3,362,816 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-11 04:10:58 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-10-11 04:42:32 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2004-08-04 04:56:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\setup.exe
+ 2007-07-27 18:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 18:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 23:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 16:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2008-02-11 13:39:26 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2008-02-11 13:39:18 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2008-02-08 17:53:46 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2008-02-05 12:48:04 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 14:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2008-10-12 20:52:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_594.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 155648]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-17 2094352]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"TraySantaCruz"="C:\WINDOWS\system32\tbctray.exe" [2002-04-17 290816]
"AtiPTA"="atiptaxx.exe" [2006-02-21 C:\WINDOWS\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 C:\WINDOWS\soundman.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= sysaudio.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk
backup=C:\WINDOWS\pss\KODAK Picture Transfer Software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\Program Files\\EA SPORTS\\Madden NFL 07\\Updater.exe"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\Playnet\\CRS\\WW2OL\\WW2_sse2.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27015:TCP"= 27015:TCP:WWIIOL
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17920]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [2007-10-16 17824]
R2 astnscsi;astnscsi;C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe [2002-08-05 208472]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-16 42496]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-17 144768]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-17 545088]
S3 SaiH0464;SaiH0464;C:\WINDOWS\system32\DRIVERS\SaiH0464.sys [2007-05-01 132232]
.
Contents of the 'Scheduled Tasks' folder

2008-09-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-12 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 11:43]

2008-09-12 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 11:43]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.navyfcu.org/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 17:12:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-12 17:12:38
ComboFix-quarantined-files.txt 2008-10-12 21:12:35
ComboFix2.txt 2008-10-10 04:51:31
ComboFix3.txt 2008-10-06 17:58:49

Post-Run: 460,528,885,760 bytes free

174


HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:43, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.navyfcu.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: astnscsi - Voyetra Turtle Beach, Inc. - C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\Voyetra\AUDIOS~1\x10nets.exe

--
End of file - 5453 bytes

0

A little update.

The computer is getting slower and slower to boot up in normal mode and slower and slower to shut down as well.

Safe mode with networking still boots up quickly and shuts down quickly.

0

A little update.

The computer is getting slower and slower to boot up in normal mode and slower and slower to shut down as well.

Safe mode with networking still boots up quickly and shuts down quickly.

Then this tells me there are a lot of programs starting unnecessarily at boot up which can easily be run manually when needed and then also shut down manually.
When you boot in Safe Mode with or without networking only those programs necessary for the actual running of the computer are started up at boot time. This is why the computer boots and also shuts down fast when using the Safe Mode with networking but is very slow in normal mode.
I compiled a list of auto start programs showing in your HJT log which are NOT required to run at boot up and can easily be run manually when needed. Some of these you may still want to start automatically at boot time, you will have to stop all from auto starting and then re-enable one at a time to see which ones are causing the slow down. For most of these it is advised that you disable the program so that it does not take up necessary resources. which of course would cause slow downs.
To make this easier I recommend using a program called CodeStuff Starter
With this program you can control Start up programs you don't need, Services which start that you don't need and also it also shows running processes, similar to the Task Manager but it also shows what additional processes may be running because of each process.

Here is the list and explanation of each;

AtiPTA>>>Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start ->Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
SoundMan>>>System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
EM_EXEC>>>Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled.
iTunesHelper>>>Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled or deleted from the registry it will re-instate itself after running iTunes a few times.However I do have this on my machine for when my grandkids visit. If they remember to turn if off when they are finished with it then it seems to stay out of auto starting.
NeroCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Launch LCDMon>>>Related to Logitech LCD G-Series software drivers, in this case for the Game Panel Manager
Launch LGDCore>>>Related to Logitech LCD G-Series software drivers, again for for the Game Panel Manager
DAEMON Tools-1033>>>Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards. This WILL launch when needed. I have it on my computer but I have this disabled. When needed, it launches. You just have to remember to close it completely after use and stop the processes in Task Manager, otherwise it puts itself back into auto starts.
TraySantaCruz>>>Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel. It is advised that you disable this program so that it does not take up necessary resources.
MSMSGS>>> Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
EA Core>>>way to download EA PC games and patches, as well as other exclusive content. EA Core is not necessary for startup. It is usually run infrequently and can be started manually if needed.
SUPERAntiSpyware>>>SuperAntiSpyware's real-time protection process. If you are not running the Pro, PAID version and this is the FREE version then this doesn't need to auto start. Real time protection is only available for the PRO version. The FREE version is for scanning and removal only
And auto starting Services:
iPodService.exe>>>This service is used by Itunes for using your Ipod. If you do not use Itunes you can disable this service.It is advised that you disable this program so that it does not take up necessary resources. I also have this on my computer for the grandkids but disable it when they are not here. When they visit I just re-enable it.
I would advise that you disable all of these to start. Then reboot the computer and see if it is faster. If so, then go back into the CodeStuff Starter program and re-enable one at a time, restarting each time. Leave that one enabled and then re-enable the next one and reboot. Continue to do this until you notice a marked slow down, then you will have found the culprit or culprits. Have to note that there are a couple listed here that you may feel you have to have running all the time for whatever reasons, that is fine. But if it is one of those that causes a marked slowdown then you have to choose if you live with it like that or make do with running whatever it is manually.

0

Yup all that junk that I've been adding to fix the computer is what slowed it down. She boots up just fine now but the computer is still totally useless if I want to do any searches on the internet.

0

Yup all that junk that I've been adding to fix the computer is what slowed it down. She boots up just fine now but the computer is still totally useless if I want to do any searches on the internet.

Not!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.