Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Amazon - trouble opening windows


  • Please log in to reply
14 replies to this topic

#1 peterusa

peterusa

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 28 April 2012 - 12:48 PM

Hello,
This is my first post, but I have used the site in the past to resolve other issues.
I am using IE 7 under Windows XP. The problem I am having seems to be limited to amazon.com. I can go to the site and select a category such as "Movies". Then I can open a result in new tab. But if I attempt to open another result I receive a message box titled "File Download - Security Warning". The window contains a message saying "Do you want to save this file, or find a program online to open it?" It then lists Name: ref=s9_simh_gw_p74_d0_g74_i1 (this varies from attempt to attempt) Type: Unknown File Type and From: www.amazon.com. This is followed by three buttons: Find, Save, Cancel. Of course I don't want to save anything, I'm just trying to open a window.
Thank-you very much for any help you can offer.

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:11 PM

Posted 28 April 2012 - 01:13 PM

Hello,

I will be helping you with your problems

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.


Step 2

Please download Farbar Service Scanner to your Desktop and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 3

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Step 4

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 peterusa

peterusa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 28 April 2012 - 06:44 PM

Hello,
I've followed the instructions, removed some malware (via MBAM), rebooted, but the problem persists.

Here are the requested logs.
Thank-you for your assistance.


Step 1: Security Check by screen317
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Internet Security 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java 2 Runtime Environment, SE v1.4.2_03
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
``````````End of Log````````````

Step 2 Farbar Service Scanner:
Farbar Service Scanner Version: 24-04-2012
Ran by Peter xxxxxxxx(administrator) on 28-04-2012 at 14:52:44
Running from "C:\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) kl2(11) NEOFLTR_710_19757(13) NetBT(5) PSched(7) Tcpip(3)
0x0C0000000B000000040000000100000002000000030000000D00000009000000080000000500000006000000070000000A000000


**** End of log ****

Step 3: Mini Tool Box:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Peter xxxxxxxx(administrator) on 28-04-2012 at 15:00:40
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

PlayLinc Adapter = PlayLinc Connection (Disconnected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DB47HG51

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0F-1F-81-CB-1B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, April 27, 2012 8:51:03 PM

Lease Expires . . . . . . . . . . : Saturday, April 28, 2012 8:51:03 PM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.193, 74.125.226.192, 74.125.226.206, 74.125.226.200
74.125.226.201, 74.125.226.194, 74.125.226.197, 74.125.226.196, 74.125.226.199
74.125.226.198, 74.125.226.195



Pinging google.com [74.125.226.199] with 32 bytes of data:



Reply from 74.125.226.199: bytes=32 time=6ms TTL=52

Reply from 74.125.226.199: bytes=32 time=7ms TTL=52



Ping statistics for 74.125.226.199:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 6ms, Maximum = 7ms, Average = 6ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=96ms TTL=53

Reply from 72.30.38.140: bytes=32 time=121ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 96ms, Maximum = 121ms, Average = 108ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 1f 81 cb 1b ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/26/2012 08:45:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/26/2012 08:38:49 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2012 10:20:30 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2012 10:20:30 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2012 10:20:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2012 06:26:47 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2012 06:26:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/01/2012 06:54:16 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/31/2012 04:08:44 PM) (Source: Application Error) (User: )
Description: Faulting application dlbtaiox.exe, version 1.0.4.0, faulting module unknown, version 0.0.0.0, fault address 0x006002b3.
Processing media-specific event for [dlbtaiox.exe!ws!]

Error: (03/31/2012 04:08:36 PM) (Source: Application Error) (User: )
Description: Faulting application dlbtaiox.exe, version 1.0.4.0, faulting module dlbtaiox.exe, version 1.0.4.0, fault address 0x000652b2.
Processing media-specific event for [dlbtaiox.exe!ws!]


System errors:
=============
Error: (04/19/2012 08:21:53 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.2 on the
Network Card with network address 000F1F81CB1B.

Error: (04/11/2012 09:40:55 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.2 on the
Network Card with network address 000F1F81CB1B.

Error: (04/04/2012 09:32:52 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.2 on the
Network Card with network address 000F1F81CB1B.

Error: (04/03/2012 06:03:53 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.2 on the
Network Card with network address 000F1F81CB1B.

Error: (03/31/2012 07:26:50 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.2 on the
Network Card with network address 000F1F81CB1B.

Error: (03/31/2012 08:09:21 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (03/02/2012 00:17:07 AM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by +2531932 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time-a.timefreq.bldrdoc.gov (ntp.m|0x1|192.168.1.2:123->132.163.4.101:123) is working properly.

Error: (03/02/2012 00:15:39 AM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by +2531932 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time-a.timefreq.bldrdoc.gov (ntp.m|0x1|192.168.1.2:123->132.163.4.101:123) is working properly.

Error: (03/28/2012 06:08:22 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9E56F6C1-D00C-46D3-B69F-EB0F3A4849FC} because another computer on the network has the same name. The server could not start.

Error: (03/22/2012 06:04:20 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverVCSNetBT_Tcpip_{9E56F6C1-D00C-46D3-B69F


Microsoft Office Sessions:
=========================
Error: (04/26/2012 08:45:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.17109hungapp0.0.0.000000000

Error: (04/26/2012 08:38:49 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.17109hungapp0.0.0.000000000

Error: (04/24/2012 10:20:30 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.17109hungapp0.0.0.000000000

Error: (04/24/2012 10:20:30 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.17109hungapp0.0.0.000000000

Error: (04/24/2012 10:20:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.17109hungapp0.0.0.000000000

Error: (04/24/2012 06:26:47 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.17109hungapp0.0.0.000000000

Error: (04/24/2012 06:26:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.17109hungapp0.0.0.000000000

Error: (04/01/2012 06:54:16 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/31/2012 04:08:44 PM) (Source: Application Error)(User: )
Description: dlbtaiox.exe1.0.4.0unknown0.0.0.0006002b3

Error: (03/31/2012 04:08:36 PM) (Source: Application Error)(User: )
Description: dlbtaiox.exe1.0.4.0dlbtaiox.exe1.0.4.0000652b2


=========================== Installed Programs ============================

ABBYY FineReader 5.0 Sprint Plus (Version: 5.0.0.3262)
Across Lite 2.0 (Version: 2.0)
Ad-Aware SE Personal (Version: 1.06)
Adobe AIR (Version: 1.1.0.5790)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
Adobe Photoshop.com Inspiration Browser (Version: 2.61)
Adobe Reader 7.0 (Version: 7.0.0)
altcompare (Version: 1.137.1.31)
Amazon Kindle
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Software Suite (Version: 1.0)
Banctec Service Agreement (Version: 1.00.00)
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 4.01.0000)
Business Contact Manager for Outlook 2003 (Version: 1.0.2002.1)
Canon Camera Access Library (Version: 8.3.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.5.0.8)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.19.43)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Collectorz.com Movie Collector
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide (Version: 1.00.0001)
Dell Photo AIO Printer 922
Dell Solution Center (Version: 1.00.0000)
DellSupport (Version: 6.0.3062)
Documents To Go (Version: 7.003.850)
EarthLink Setup Files (Version: 2003.3.84.0)
EPSON Print CD (Version: 1.50.000)
EPSON Printer Software
EPSON SP1400 Reference Guide
EPSON Web-To-Page
Get High Speed Internet! (Version: 1.00.0000)
Help and Support Customization (Version: 1.00.0000)
IHA_MessageCenter (Version: 1.1.0)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics Driver
Internet Explorer Default Page (Version: 1.00.03)
iTunes (Version: 10.5.3.3)
Jasc Paint Shop Photo Album (Version: 4.0.4)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Juniper Citrix Services Client (Version: 7.1.0.19757)
Juniper Networks Secure Application Manager (Version: 7.1.0.19757)
Juniper Networks Setup Client Activex Control (Version: 2.0.0.3)
Juniper Networks, Inc. Setup Client (Version: 7.1.5.14305)
Kaspersky Internet Security 2011 (Version: 11.0.2.556)
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger (Version: 2.52.18)
Logitech MouseWare 9.79
Logitech Resource Center
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Streets & Trips 2010 (Version: 17.0.18.2200)
Microsoft Streets and Trips 2005 (Version: 12.00.07.1200)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable Package (Version: 1.0.0)
Modem Event Monitor
Modem Helper (Version: 2.25)
Modem On Hold (Version: 1.12)
MUSICMATCH® Jukebox
palmOne (Version: 4.1.0420)
Pdf995
PHOTOfunSTUDIO 4.0 HD Edition (Version: 4.00.262)
PhotoshopdotcomInspirationBrowser (Version: 0.0.0)
PlayLinc (Version: 2.0.8)
PowerDVD 5.1
Qualxserve Service Agreement (Version: 1.00.0004)
QuickTime (Version: 7.71.80.42)
Rand McNally Road Atlas
RealPlayer Basic
SAPI Wrapper (Version: 1.0.0.0)
SILKYPIX Developer Studio 3.0 SE (Version: 3)
Sonic DLA (Version: 4.90)
Sonic RecordNow! (Version: 7.10)
Sonic Update Manager (Version: 2.9)
Sound Blaster Live!
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
TTS Wrapper (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Help and Support Tool
Verizon Online DSL
Verizon Online Help and Support
Verizon Servicepoint 1.3.21 (Version: 1.3.21)
Viewpoint Media Player
Vz In Home Agent (Version: 8.03.53)
Weather Display 10.37f
WebFldrs XP (Version: 9.50.6513)
WexTech AnswerWorks (Version: 1.00.000)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 2.05.00.0000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Install Manager

========================= Devices: ================================

Name: ACPI Uniprocessor PC
Description: ACPI Uniprocessor PC
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPI

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® Pentium® 4 CPU 2.80GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm

Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI bus
Description: PCI bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Intel® 82845G/GL/GE/PE/GV Processor to I/O Controller - 2560
Description: Intel® 82845G/GL/GE/PE/GV Processor to I/O Controller - 2560
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: Intel® 82845G/GL/GE/PE/GV Graphics Controller
Description: Intel® 82845G/GL/GE/PE/GV Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard monitor types)
Service:

Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C2
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C2
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C4
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C4
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: Dell Photo AIO Printer 922
Description: Dell Photo AIO Printer 922
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Dell
Service: usbscan

Name: USB Printing Support
Description: USB Printing Support
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Microsoft
Service: usbprint

Name: Dell Photo AIO Printer 922
Description: Dell Photo AIO Printer 922
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: Dell Inkjet Drivers
Service:

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service:

Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C7
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C7
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Description: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Seagate FreeAgentDesktop USB Device
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Intel® 82801DB PCI Bridge - 244E
Description: Intel® 82801DB PCI Bridge - 244E
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pci

Name: Intel® 537EP V9x DF PCI Modem
Description: Intel® 537EP V9x DF PCI Modem
Class Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: Modem

Name: Unimodem Half-Duplex Audio Device
Description: Unimodem Half-Duplex Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: MODEMCSA

Name: Creative SB Live! Series (WDM)
Description: Creative SB Live! Series (WDM)
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Creative Technology Ltd.
Service: P16X

Name: Game Port for SB Live! Series
Description: Game Port for SB Live! Series
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Creative
Service: gameenum

Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: bcm4sbxp

Name: Intel® 82801DB LPC Interface Controller - 24C0
Description: Intel® 82801DB LPC Interface Controller - 24C0
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: isapnp

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System speaker
Description: System speaker
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc

Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: Logitech-compatible Mouse PS/2
Description: Logitech-compatible Mouse PS/2
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service: i8042prt

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial

Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Parport

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® 82801DB Ultra ATA Storage Controller - 24CB
Description: Intel® 82801DB Ultra ATA Storage Controller - 24CB
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pciide

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Maxtor 6Y160P0
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: HL-DT-ST DVD-ROM GDR8163B
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: HL-DT-ST CD-RW GCE-8483B
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel® 82801DB/DBM SMBus Controller - 24C3
Description: Intel® 82801DB/DBM SMBus Controller - 24C3
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: SoundMAX Integrated Digital Audio
Description: SoundMAX Integrated Digital Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Analog Devices, Inc.
Service: smwdm

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Compbatt

Name: Volume Manager
Description: Volume Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: ftdisk

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: PlayLinc Adapter - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5

Name: Broadcom 440x 10/100 Integrated Controller - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5

Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5

Name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: ASCTRM
Description: ASCTRM
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ASCTRM

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: Citrix USB Monitor Driver
Description: Citrix USB Monitor Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctxusbm

Name: dmboot
Description: dmboot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmboot

Name: dmload
Description: dmload
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmload

Name: DellSupport UniDriver
Description: DellSupport UniDriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dsunidrv

Name: Symantec Eraser Control driver
Description: Symantec Eraser Control driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: eeCtrl

Name: Fips
Description: Fips
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fips

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Gpc

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: i2omgmt
Description: i2omgmt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: i2omgmt

Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpFilterDriver

Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpNat

Name: IPSEC driver
Description: IPSEC driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IPSec

Name: kl1
Description: kl1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kl1

Name: kl2
Description: kl2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kl2

Name: ksecdd
Description: ksecdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ksecdd

Name: mnmdd
Description: mnmdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mnmdd

Name: mountmgr
Description: mountmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: MRENDIS5 NDIS Protocol Driver
Description: MRENDIS5 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MRENDIS5

Name: MRESP50 NDIS Protocol Driver
Description: MRESP50 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MRESP50

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NdisTapi

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: Juniper Networks TDI Filter Driver (NEOFLTR_710_19757)
Description: Juniper Networks TDI Filter Driver (NEOFLTR_710_19757)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NEOFLTR_710_19757

Name: NetBios over Tcpip
Description: NetBios over Tcpip
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: PartMgr
Description: PartMgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PartMgr

Name: ParVdm
Description: ParVdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ParVdm

Name: Pcmcia
Description: Pcmcia
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Pcmcia

Name: PfModNT
Description: PfModNT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PfModNT

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: SymEvent
Description: SymEvent
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymEvent

Name: symlcbrd
Description: symlcbrd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: symlcbrd

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: VolSnap
Description: VolSnap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VolSnap

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarp

Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: PlayLinc Adapter - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Direct Parallel
Description: Direct Parallel
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Raspti

Name: PlayLinc Adapter
Description: PlayLinc Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Super Computer Inc.
Service: hamachi_oem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Terminal Server Device Redirector
Description: Terminal Server Device Redirector
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: rdpdr

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: wdmaud

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio

Name: RAS Async Adapter
Description: RAS Async Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: AsyncMac

Name: Microsoft Kernel Wave Audio Mixer
Description: Microsoft Kernel Wave Audio Mixer
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: kmixer

Name: Microcode Update Device
Description: Microcode Update Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: update

Name: OpenManage Client Instrumentation device driver
Description: OpenManage Client Instrumentation device driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Dell Computer Corporation
Service: omci

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: mssmbios


========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1022 MB
Available physical RAM: 435.79 MB
Total Pagefile: 2456.33 MB
Available Pagefile: 1744.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.11 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:145.47 GB) (Free:53.81 GB) NTFS
3 Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:415.92 GB) NTFS

========================= Users: ========================================

User accounts for \\DB47HG51

Administrator ASPNET Guest
HelpAssistant Peter xxxxxxxx SUPPORT_388945a0
SUPPORT_3f151ab9

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini011212-01.dmp
C:\WINDOWS\Minidump\Mini013112-01.dmp
C:\WINDOWS\Minidump\Mini020507-01.dmp
C:\WINDOWS\Minidump\Mini022712-01.dmp
C:\WINDOWS\Minidump\Mini030112-01.dmp
C:\WINDOWS\Minidump\Mini030212-01.dmp
C:\WINDOWS\Minidump\Mini040312-01.dmp
C:\WINDOWS\Minidump\Mini040412-01.dmp
C:\WINDOWS\Minidump\Mini040612-01.dmp
C:\WINDOWS\Minidump\Mini040612-02.dmp
C:\WINDOWS\Minidump\Mini041212-01.dmp
C:\WINDOWS\Minidump\Mini041212-02.dmp
C:\WINDOWS\Minidump\Mini120103-01.dmp
C:\WINDOWS\Minidump\Mini121611-01.dmp
C:\WINDOWS\Minidump\Mini121711-01.dmp
C:\WINDOWS\Minidump\Mini123111-01.dmp

**** End of log ****

Step 4: MBAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Peter xxxxxxxx :: DB47HG51 [administrator]

4/28/2012 3:25:23 PM
mbam-log-2012-04-28 (15-25-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224710
Time elapsed: 2 hour(s), 1 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DD1APJEZAI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\altcompare (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Peter xxxxxxxx\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peter xxxxxxxx\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\altcmd\altcmd.inf (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peter xxxxxxxx\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:11 PM

Posted 28 April 2012 - 07:53 PM

Hi peterusa,

We've cleaned up some nasties :), let's see if there are any more:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 2

Please downloadSUPERAntiSpyware Free to your desktop

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Programs > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.

Now boot your computer into Safe Mode.

  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • Make sure that Enable Rescue Scan is not checked.
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
Reboot your PC (if not done so in previous instruction)

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
Note: Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.

Step 3

How is your computer running now?



Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 peterusa

peterusa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 29 April 2012 - 01:23 PM

Hello again,
Well, I ran the TDSSKiller, but it found nothing. I then ran SUPERAntiSpyware and it found 1 trojan. However, removing it did not fix the original problem with Amazon.
As always, thanks for your help!

Here is the SASW log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/29/2012 at 01:57 PM

Application Version : 5.0.1148

Core Rules Database Version : 8528
Trace Rules Database Version: 6340

Scan type : Complete Scan
Total Scan Time : 02:43:18

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 220
Memory threats detected : 0
Registry items scanned : 35361
Registry threats detected : 0
File items scanned : 69764
File threats detected : 241

Adware.Tracking Cookie

{{240 cookies deleted, but not shown here}}

Trojan.Agent/Gen
C:\FSQWR.BMP

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:11 PM

Posted 29 April 2012 - 03:20 PM

Hi peterusa,

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That's right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log.
However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the
computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan,
the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what
information can be accessed from it.

Knowing the above, if you wish to proceed with cleaning the malware from the computer, please follow the instructions below:



Step 1

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Step 2

Your version of Internet Explorer is outdated.

Step 3

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 peterusa

peterusa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 29 April 2012 - 07:50 PM

Hello,
That doesn't sound good. But which one is the backdoor trojan?
Thanks

#8 peterusa

peterusa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 30 April 2012 - 04:52 AM

Before I continue, I just want to verify that I need to leave the anti-virus program turned off during the entire scan.
Thanks

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:11 PM

Posted 30 April 2012 - 05:26 AM

Hi peterusa,

That doesn't sound good. But which one is the backdoor trojan?

Whilst we cannot be sure of exactly what each detected item does, you can sure that they're malicious and the likelihood is that at least one of them has backdoor functionality.

Before I continue, I just want to verify that I need to leave the anti-virus program turned off during the entire scan.

Yes, please ensure that Kaspersky Internet Security (in your case) is disabled while the ESET scan in in progress.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 peterusa

peterusa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 30 April 2012 - 08:45 PM

Good news!
The ESET scan and fix seems to have done the trick. Windows in Amazon are now opening correctly. I did not upgrade to IE8 yet, but want to give the current configuration a least a day to settle in. I will post another reply within 48 hours to let you know how things are going. Also, the computer in general is running faster as a result of removing the various malware. I had used SUPERAntiSpyWare in the past, but not recently. I guess it's good practice to use these products on occasion and not rely entirely on the active anti-virus package to catch everything.


Meanwhile, THANK-YOU (yes, I'll shout it!) for helping me out. It is a true testament to the generosity of the computing population that there are individuals like you who are willing to help others. Too often the "baddies" get all the headlines, but they are really the very few.

Here is the ESET log:
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\help.jar-40bb5c0c-61bb3619.zip multiple threats deleted - quarantined
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\help.jar-6b3b6a53-3f3a86b1.zip multiple threats deleted - quarantined
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\help.jar-6b3b6a93-3d0eae53.zip multiple threats deleted - quarantined
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\help.jar-6b3b6b11-14f33ba0.zip multiple threats deleted - quarantined

#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:11 PM

Posted 01 May 2012 - 03:07 PM

Step 1

Ad-Aware is no longer recommended

  • mvps.org is no longer recommending Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).
  • Therefore, I strongly recommend uninstalling Ad-Aware.

Step 2

The Java version you have installed is very old - released in 2004!

Uninstall Programs
  • Click the Start button (windows XP) or "windows Orb" button (Windows Vista / 7) on your desktop
  • Type "control" in the search box and press enter
  • Double click "Programs and Features" (Vista / Win7) or "Add / Remove Programs" (Win XP)
  • Please uninstall the following programs:

    Java 2 Runtime Environment, SE v1.4.2_03
  • After the programs have been uninstalled, make sure you restart the computer.

Step 3

Adobe Flash is outdated

Step 4

How is your computer running now? If there are no further problems then I will give you clean up speech in next post.


edit: removed erronous instruction

Edited by dev00790, 01 May 2012 - 03:08 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 peterusa

peterusa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 01 May 2012 - 07:58 PM

Well, everything seems to be in order. As I said in my last post, the Amazon site is now behaving properly, and the system as a whole is running better. I've uninstalled Ad-Aware and will upgrade to Internet Explorer 8 and the latest Adobe Flash shortly. The reason I'm still on IE7 is that when IE8 first came out, I heard lots of negative talk about it, so I avoided it. I'm sure it's ok now, especially now that 9 is out. As is often the case, the negative feedback often sticks in the head more strongly that the positive.

Removing Java is more unsettling to me. I realize it is from 2004, but if I take it off I'll have no Java at all, although the system said I use it "rarely". I would prefer to upgrade it.

I am awaiting the "clean up speech"!

Thanks, again.

#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:11 PM

Posted 02 May 2012 - 06:08 AM

Hi peterusa,

Step 1


Please clear the java cache by following the instructions on link

Step 2

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Select your Platform.
  • Under Which should I choose?, check the box for Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u32-windows-i586.exe (or jre-6u32-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
------------------------

Good stuff, your computer appears to be clean! :thumbup2:

Let's do some clearing up

Please set your system to hide all hidden files.

  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading,
    • Uncheck Show hidden files and folders.
    • Check: Hide file extensions for known file types.
    • Check: Hide protected operating system files (recommended) option.
  • Click Yes to confirm.

Here's some advice on how you can keep your PC clean

Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

That's it, happy surfing!
Cheers,


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 peterusa

peterusa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 02 May 2012 - 07:27 PM

So my final to do list -
hide various system files
upgrade Adobe
upgrade Internet Explorer
upgrade Java and remove the old version.
I will do all this propmptly and once again want to thank you across the pond, and all the other great contributers at Bleeping Computer. One final comment - I was quite impressed with the step-by-step instructions given in running the various tools as well as the references to other documentation. Keep up the good work!
Gratefully,
peterusa

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:11 PM

Posted 03 May 2012 - 02:55 PM

Hi peterusa,

I will do all this propmptly and once again want to thank you across the pond, and all the other great contributers at Bleeping Computer. One final comment - I was quite impressed with the step-by-step instructions given in running the various tools as well as the references to other documentation. Keep up the good work!


You're welcome :).

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users