My father's Dell Vostro 1500 laptop has several problems. The OS is XP Professional.
(1) Google is redirecting to other sites. An example: I go to the Google homepage and type "bleeping computer" into the search, then hit enter. Google will provide the normal search results with "bleepingcomputer.com" as the first result. But when I click on that link it will say, "This page has moved, redirecting..." and then take me to some other site such as "c*mputersh*pp*r.com".
(2) Strange programs with odd characters appear in the start up tab of msconfig. Here is a screen shot:
http://stashbox.org/1038966/SCU.JPG
If I disable these programs I receive errors messages relating to them. I cannot find a way to remove them.
(3) The computer gives an error message at the log-on screen: "SQLDUMPER failed initialization. Your installation is either corrupt or has been tampered with. Please uninstall then rerun setup to correct the problems."
(4) The computer is extremely slow and will hang for minutes at a time. Most virus scans cannot finish in normal Windows so I have had to run them in safe mode. Clicking on the start menu can cause the computer to freeze up for several minutes.
Please note that while problem (1) and (3) occur all of the time, problem (2) does not occur when I am logged in as "administrator", only when I log in with my father's user account. Problem (4) is much worse when I am logged in with my father's account than it is when I am logged in as "administrator".
All logs posted are from scans run while logged in as "administrator" because DeFogger would not run otherwise. Do I need to run the scans while logged in with the user account as well? Also: When I go to log on I am given the option of logging on to "this computer" or what I assume is my father's business domain. Does it matter which I am on when I run the scans? I was logged on to "this computer" as administrator when these logs were generated. This is a business computer, and I have no experience with XP Professional, which is making things much more difficult.
Thank you so much.
MVB
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 23:22:37.81 on Sun 12/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.235 [GMT -5:00]
AV: Internet Security Suite *Enabled/Updated* {5F5E9608-83BD-4137-8C22-DA6683F0F087}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Internet Security Suite *Enabled*
FW: PC-cillin Internet Security - Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe
C:\WINDOWS\system32\lxdmcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6070818
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdmmon.exe] "c:\program files\lexmark 5000 series\lxdmmon.exe"
mRun: [lxdmamon] "c:\program files\lexmark 5000 series\lxdmamon.exe"
mRun: [lxamsp32.exe] lxamsp32.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Logitech Utility] LOGI_MWX.EXE
mRun: [Lexmark 5000 Series Fax Server] "c:\program files\lexmark 5000 series\fm3032.exe" /s
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANQAwADkAOQA2ADIAOQA2ADgALQBGAEwAKwA5AC0ARgA5AE0ANwBBACsAMwA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2010sp01/cab//eModelsStandard.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://servermain/connectcomputer/nshelp.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270051969482
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270051961826
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://amazonindustrial.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 nwprovau
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\c5cl2eyz.default\
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension
============= SERVICES / DRIVERS ===============
R0 68391462;68391462 Boot Guard Driver;c:\windows\system32\drivers\68391462.sys [2010-12-7 37392]
R1 68391461;68391461;c:\windows\system32\drivers\68391461.sys [2010-12-7 128016]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-2-22 95872]
R1 setup_9.0.0.722_08.12.2010_06-19[1]drv;setup_9.0.0.722_08.12.2010_06-19[1]drv;c:\windows\system32\drivers\6839146.sys [2010-12-7 315408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-19 24652]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\tmpfw.exe --> c:\progra~1\trendm~1\intern~1\TmPfw.exe [?]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]
S3 AMoniterDriver;Antiy Labs Process creation detector.;\??\c:\program files\antiy labs\amodule\amonitordriver.sys --> c:\program files\antiy labs\amodule\AMonitorDriver.sys [?]
S3 Antiy-Product-Protect;Antiy-Product-Protect;\??\c:\program files\antiy labs\amodule\proantiy.sys --> c:\program files\antiy labs\amodule\ProAntiy.sys [?]
S3 AntiyFirewall;AntiyFirewall;\??\c:\windows\system32\drivers\antiyfw.sys --> c:\windows\system32\drivers\AntiyFW.sys [?]
S3 Boonty Games;Boonty Games;"c:\program files\common files\boonty shared\service\boonty.exe" --> c:\program files\common files\boonty shared\service\Boonty.exe [?]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2010-1-16 110592]
=============== Created Last 30 ================
2010-12-13 04:13:31 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-12-13 04:13:10 -------- d-----w- c:\docume~1\admini~1\applic~1\Windows Search
2010-12-13 04:12:48 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2010-12-13 04:07:19 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2010-12-12 15:06:36 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
2010-12-11 02:28:51 -------- d-----w- c:\program files\Haunted Legends - The Queen of Spades Collector's Edition
2010-12-08 23:54:32 -------- d-----w- c:\program files\bfgclient
2010-12-08 23:52:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2010-12-08 04:54:37 37392 ----a-w- c:\windows\system32\drivers\68391462.sys
2010-12-08 04:54:37 315408 ----a-w- c:\windows\system32\drivers\6839146.sys
2010-12-08 04:54:37 128016 ----a-w- c:\windows\system32\drivers\68391461.sys
2010-12-08 04:35:45 78040 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-12-07 21:21:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-06 23:50:53 -------- d-----w- c:\windows\system32\NtmsData
2010-12-05 20:46:37 -------- d--h--w- C:\$AVG
2010-12-05 20:41:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-12-05 20:29:39 -------- d-----w- C:\AQrtArea
2010-12-05 20:21:02 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-12-05 20:20:44 -------- d-----w- c:\program files\Antiy Labs
2010-12-05 16:19:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-05 06:43:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-02 02:01:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\LittleGamesCompany
2010-12-02 01:30:45 -------- d-----w- c:\program files\Time Mysteries - Inheritance
2010-12-01 00:57:34 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\ISZHCQS
2010-12-01 00:54:12 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\1f1425
2010-11-20 03:28:39 -------- d-----w- c:\program files\Deadtime Stories
2010-11-20 03:00:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\ScreenSeven
2010-11-17 14:36:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-17 14:36:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-11-17 14:36:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-11-17 14:36:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-11-17 14:36:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-11-17 14:36:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-11-17 14:36:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
==================== Find3M ====================
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
============= FINISH: 23:24:01.65 ===============