Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

view.atdmt.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

view.atdmt.com

Unread postby theglobal » June 1st, 2011, 8:56 pm

Greetings,

It appearss after a little searching I have a re-direct. On certain links when accessed, I receive the following message: "view.atdmt.com" is not set up to establish a conneciton on port "World Wide Wev service (HTTP)" with this computer.

Greatly appreciate your help.

ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-01.06)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2007 1:15:03 AM
System Uptime: 6/1/2011 4:08:14 PM (2 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 292 GiB total, 147.145 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.589 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 416.494 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop Elements
Adobe Reader 8.2.6
Adobe SVG Viewer
Amazon Kindle For PC v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bejeweled 2 Deluxe
Bing Bar
Bonjour
Canon CanoScan LiDE 110 User Registration
Canon MP Navigator EX 4.0
Canon RAW Codec
Canon Solution Menu EX
CanoScan LiDE 110 Scanner Driver
Compatibility Pack for the 2007 Office system
D3DX10
DHTML Editing Component
DIGOpt
DivX
DVD Shrink 3.2
DVDStyler v1.7.1
Enhanced Multimedia Keyboard Solution
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Picasso Media Center Add-In
HP Product Detection
HP Update
HPAsset component for HP Active Support Library
HPSSupply
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
LG USB Modem driver
LightScribe System Software
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.17)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Norton 360
NVIDIA Drivers
OcxSetup
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PayPal Plug-In
PhotoScape
Python 2.4.3
Quicken Basic 99
QuickTime
Qwest Installer
Qwest QuickAssist Desktop Tools
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Segoe UI
Shipping Assistant 3.6
Shop for HP Supplies
SlingHealth ActiveX
Soft Data Fax Modem with SmartCP
Sony DVD Architect Studio 4.5
Sony Vegas Movie Studio 6.0b
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.2
Symantec Technical Support Web Controls
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 Idaho
TaxACT 2009
TaxACT 2009 Idaho
TaxACT 2010
TaxACT 2010 Idaho
TaxACT Idaho 2006
TaxACT Idaho 2007
TrueCredit Messenger
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WD SmartWare
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/1/2011 5:48:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission

settings do not grant Local Activation permission for the COM Server application with CLSID

{9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Mike-PC\Mike SID (S-1-5-21-1959515732-1368181927-

1497173536-1000) from address LocalHost (Using LRPC). This security permission can be modified using

the Component Services administrative tool.
6/1/2011 4:12:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was

reached while waiting for a transaction response from the ShellHWDetection service.
6/1/2011 4:09:20 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed

to start due to the following error: The service cannot be started, either because it is disabled or

because it has no enabled devices associated with it.
6/1/2011 3:26:18 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction

Coordinator service hung on starting.
6/1/2011 3:23:54 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service

hung on starting.
5/26/2011 4:22:11 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken

in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

DDS

.
DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_11
Run by Mike at 18:40:37 on 2011-06-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.643 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\TrueCredit Messenger\TCMTray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\hp\KBD\kbd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\adobe media player\adobe media player.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\hsplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows

live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m

"c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TrueCredit Messenger Tray] "c:\program files\truecredit messenger\TCMTray.exe" /Start
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0346.1\mswinext.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media

player\Adobe Media Player.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe

Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive

manager\WDDMStatus.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows

live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: atdmt.com
Trusted Zone: foxnews.com\www
Trusted Zone: mpccorp.com\owa
Trusted Zone: sprintpcs.com\manage
Trusted Zone: taxactonline.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://208.0.229.146/SysCamInst.cab
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/ ... Health.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... den-us.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\y3wkg559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-

3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-

ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-

08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29

\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\n360_5.1.0.29\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-20 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-26 28544]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-15 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110518.001

\BHDrvx86.sys [2011-5-18 802936]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110531.001\IDSvix86.sys

[2011-6-1 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-15 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-15 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-7 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2151128]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-15 130008]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-31 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-31 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-01 22:33:29 -------- d-----w- c:\users\mike\appdata\roaming\Tific
2011-06-01 21:24:35 -------- d-----w- c:\users\mike\appdata\local\CrashDumps
2011-05-15 19:41:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-15 19:39:51 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2011-05-15 19:39:51 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-05-15 19:39:51 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-05-15 19:39:51 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2011-05-15 19:39:51 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-05-15 19:39:51 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-05-15 19:39:51 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2011-05-15 19:39:41 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-05-13 05:46:18 -------- d-----w- c:\users\mike\appdata\local\Western_Digital
2011-05-13 05:28:48 -------- d-----w- c:\programdata\Western Digital
2011-05-13 05:26:48 -------- d-----w- c:\program files\Western Digital
2011-05-13 05:24:00 -------- d-----w- c:\users\mike\appdata\local\Western Digital
2011-05-13 01:47:16 -------- d--h--w- c:\programdata\CanonIJScan
2011-05-13 01:23:21 -------- d-----w- c:\programdata\CanonIJWSpt
2011-05-13 01:18:03 438272 ----a-w- c:\windows\system32\CNQ2414L.dll
2011-05-13 01:18:03 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-05-13 01:18:03 1335296 ----a-w- c:\windows\system32\CNQ2414C.dll
2011-05-13 01:18:03 114688 ----a-w- c:\windows\system32\CNQ2414I.dll
2011-05-13 01:18:03 106496 ----a-w- c:\windows\system32\CNQ2414U.dll
2011-05-13 01:17:53 180224 ----a-w- c:\windows\system32\CNQ2414Y.dll
2011-05-13 01:17:51 94208 ----a-w- c:\windows\system32\CNQ2414O.dll
2011-05-11 12:11:11 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-11 05:30:57 -------- d-----w- c:\users\mike\appdata\roaming\Sling Media
2011-05-11 05:30:57 -------- d-----w- c:\programdata\Sling Media
.
==================== Find3M ====================
.
2011-05-15 19:41:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
============= FINISH: 18:42:53.00 ===============
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am
Advertisement
Register to Remove

Re: view.atdmt.com

Unread postby Dakeyras » June 4th, 2011, 5:46 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Enable System Restore:

Follow the instructions here to ensure the aforementioned is active.

When checked, click on the Create tab.

Wordwrap Check:

  • Click on Start(Vista Orb) >> All Programs >> Accessories >> Notepad
  • Click on Format ensure that Wordwrap is unchecked.
  • If it isn't, uncheck it.

Next:

Now please go to Start(Vista orb) >> Control Panel >> Programs and Features and remove the following (if present):

Ad-Aware <-- Not particularly effective at all plus it will hinder the Malware Removal process.
Adobe Reader 8.2.6 <-- We will update this in due course.
Java(TM) 6 Update 11 <-- We will update this in due course.
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1


To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: view.atdmt.com

Unread postby theglobal » June 4th, 2011, 12:02 pm

Hi Dkreyas

I greatly appreciate your help! I completed the steps noted above. I still have the view.atdmt.com issue.

The OTL log is posted below:

OTL logfile created on: 6/4/2011 9:51:11 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 36.74% Memory free
3.99 Gb Paging File | 2.76 Gb Available in Paging File | 69.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 158.86 Gb Free Space | 54.44% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.59 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
Drive F: | 465.73 Gb Total Space | 413.02 Gb Free Space | 88.68% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatroluac.exe (BillP Studios)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TrueCredit Messenger\TCMTray.exe (TransUnion Interactive)
PRC - C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\asOEHook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


========== Win32 Services (SafeList) ==========

SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sprtlisten) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110603.038\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110603.038\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110603.003\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/09/20 10:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/16 18:17:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/05/15 14:14:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\ [2011/05/15 13:39:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 08:21:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 08:21:20 | 000,000,000 | ---D | M]

[2008/09/02 15:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/06/02 07:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y3wkg559.default\extensions
[2010/06/29 17:39:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y3wkg559.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/04 09:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/02 15:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2011/05/15 13:39:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN
[2011/05/15 14:14:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN

O1 HOSTS File: ([2008/11/17 18:10:42 | 000,568,956 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 adserver.adbunker.com
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[IE-SpyAd]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 14613 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSN Toolbar] File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueCredit Messenger Tray] C:\Program Files\TrueCredit Messenger\TCMTray.exe (TransUnion Interactive)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: atdmt.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: foxnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: mpccorp.com ([owa] https in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: sprintpcs.com ([manage] https in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: taxactonline.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://208.0.229.146/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/ ... Health.cab (SlingHealth Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/ph ... den-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mike\Desktop\Canada Trip Aug 2010\IMG_4436.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mike\Desktop\Canada Trip Aug 2010\IMG_4436.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/26 03:21:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
O33 - MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\Shell\Explore\command - "" = system.exe
O33 - MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\Shell\Open\command - "" = system.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 08:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2011/06/04 08:17:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/06/04 03:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/04 00:34:29 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/01 16:33:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Tific
[2011/06/01 15:24:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\CrashDumps
[2011/05/22 10:23:49 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Scanned Documents
[2011/05/15 13:31:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/05/15 12:06:15 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/15 12:06:15 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/15 12:06:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/15 12:06:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/15 12:06:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/15 12:06:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/15 12:06:14 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/15 12:06:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/15 12:06:14 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/15 12:06:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/15 12:06:14 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/15 12:06:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/15 12:06:13 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/15 12:06:13 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/15 12:06:13 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/15 12:06:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/15 12:06:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/15 12:06:13 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/15 12:06:13 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/15 12:06:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/15 12:06:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/15 12:06:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/15 12:06:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/15 12:06:12 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/15 12:06:12 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/15 12:06:12 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/15 12:06:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/15 12:06:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/15 12:06:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/15 12:06:12 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/15 12:06:11 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/15 12:06:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/15 12:06:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/15 12:06:11 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/15 12:06:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/15 12:06:11 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/15 12:06:11 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/15 12:06:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/15 12:06:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/12 23:46:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Western_Digital
[2011/05/12 23:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/05/12 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/05/12 23:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/05/12 23:24:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Western Digital
[2011/05/12 19:47:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/05/12 19:46:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Canon
[2011/05/12 19:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 110 User Registration
[2011/05/12 19:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011/05/12 19:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 110 Manual
[2011/05/12 19:19:16 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011/05/12 19:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 110
[2011/05/12 19:18:03 | 001,335,296 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2414C.dll
[2011/05/12 19:18:03 | 000,438,272 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2414L.dll
[2011/05/12 19:18:03 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2414I.dll
[2011/05/12 19:18:03 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2414U.dll
[2011/05/12 19:18:03 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2011/05/12 19:17:53 | 000,180,224 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2414Y.dll
[2011/05/12 19:17:51 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNQ2414O.dll
[2011/05/12 19:17:50 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/05/10 23:30:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Sling Media
[2011/05/10 23:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sling Media
[2008/07/15 13:07:51 | 000,308,600 | ---- | C] (Symantec Corporation) -- C:\ProgramData\NortonProtectionMemo.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 09:32:38 | 000,000,890 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
[2011/06/04 09:30:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 09:29:42 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 09:29:42 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 09:29:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/04 09:29:35 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 09:14:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/04 09:14:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (Daily Smart Scan).job
[2011/06/04 09:14:26 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (Weekly Full Scan).job
[2011/06/04 09:09:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 08:17:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/06/04 03:23:20 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/04 03:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Mike - Full System Scan.job
[2011/06/04 00:34:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/03 23:14:45 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/03 23:14:45 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/01 15:28:01 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/01 15:28:01 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/05/15 14:24:40 | 002,423,228 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/05/15 14:04:19 | 000,000,850 | ---- | M] () -- C:\Users\Mike\Desktop\Norton Installation Files.lnk
[2011/05/15 13:50:13 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/15 13:41:19 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/15 13:41:19 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/15 13:41:19 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/05/15 12:29:29 | 000,000,945 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/15 12:06:44 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/15 12:06:44 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/15 12:06:15 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/15 12:06:15 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/15 12:06:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/15 12:06:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/15 12:06:15 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/15 12:06:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/15 12:06:14 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/15 12:06:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/15 12:06:14 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/15 12:06:14 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/15 12:06:14 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/15 12:06:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/15 12:06:13 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/15 12:06:13 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/15 12:06:13 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/15 12:06:13 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/15 12:06:13 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/15 12:06:13 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/15 12:06:13 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/15 12:06:13 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/15 12:06:13 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/15 12:06:13 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/15 12:06:13 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/15 12:06:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/15 12:06:12 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/15 12:06:12 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/15 12:06:12 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/15 12:06:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/15 12:06:12 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/15 12:06:12 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/15 12:06:12 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/15 12:06:11 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/15 12:06:11 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/15 12:06:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/15 12:06:11 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/15 12:06:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/15 12:06:11 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/15 12:06:11 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/15 12:06:11 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/15 12:06:10 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/12 23:28:25 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/05/12 19:23:23 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/05/12 19:20:08 | 000,002,153 | ---- | M] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 110 On-screen Manual.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 08:48:38 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/04 08:48:38 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Scan (Daily Smart Scan).job
[2011/06/04 08:48:37 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Scan (Weekly Full Scan).job
[2011/06/04 03:23:19 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/15 13:31:15 | 000,000,850 | ---- | C] () -- C:\Users\Mike\Desktop\Norton Installation Files.lnk
[2011/05/15 12:06:13 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/12 23:28:25 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/05/12 19:23:23 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/05/12 19:20:08 | 000,002,153 | ---- | C] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 110 On-screen Manual.lnk
[2011/05/12 19:18:03 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2011/04/23 16:25:48 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 16:25:48 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/01/02 14:32:51 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/02/15 11:33:21 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT09.ini
[2009/10/11 12:51:51 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/09/18 00:51:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 00:51:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/03 22:41:16 | 000,000,075 | ---- | C] () -- C:\Windows\TaxACT08.ini
[2009/02/02 10:55:25 | 000,000,780 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/02/02 10:55:25 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
[2009/02/02 10:55:24 | 000,006,472 | ---- | C] () -- C:\Windows\ICOADB32.DAT
[2008/12/11 17:31:04 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/09/23 05:00:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/28 01:21:00 | 000,201,098 | ---- | C] () -- C:\Windows\hpqins16.dat
[2007/12/28 15:44:32 | 000,000,070 | ---- | C] () -- C:\Windows\TaxACT07.ini
[2007/12/05 09:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/23 17:51:53 | 000,015,373 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/07/19 14:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/05/23 20:56:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/03/18 00:10:04 | 000,000,123 | ---- | C] () -- C:\Windows\TaxACT06.ini
[2007/03/15 19:54:35 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat
[2007/03/12 00:54:55 | 000,112,640 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/26 03:16:09 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/12/26 03:10:56 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2006/12/26 03:10:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,306,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Desktop\MVI_2716.AVI:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby theglobal » June 4th, 2011, 12:10 pm

Of Note... When I was in the process of copying the Extras log, WinPatrol alerted me that an addition of 2 scheduled tasks for Ad-Aware Scan for a "Weekly Full Scan" and a "Daily Smart Scan" were seeking my permission to be included in my scheduled tasks. Insofar as I removed Ad-Aware, I did not give permission for the addition of the scheduled tasks. Thought you should know...

EXTRAS LOG:

OTL Extras logfile created on: 6/4/2011 9:51:11 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 36.74% Memory free
3.99 Gb Paging File | 2.76 Gb Available in Paging File | 69.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 158.86 Gb Free Space | 54.44% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.59 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
Drive F: | 465.73 Gb Total Space | 413.02 Gb Free Space | 88.68% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1464C-A19A-47F5-BFC8-5AA188996BF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{103FE0FE-8112-4400-9F54-65C6D59015AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{33B49F66-2129-4290-908B-24526C89E9E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE4937B2-2A60-4DA7-B32A-67DAE86BCF57}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39639EC0-BF10-40AF-8DE6-54F756E6D127}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{484130D7-422B-4250-B460-1394E3DF9DB4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5FBA4DCF-33DD-486D-A69E-26A1FE27D11B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{60630779-EF4C-400F-B255-C080D84966EF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{65172870-B3B9-45DD-8392-24BB7F16F427}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{665EBA41-183A-439F-AE07-23C69D3408C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{66CA405A-4FB3-4F13-A51E-6ABF589C8460}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{67451CB7-7672-49FA-906F-936AF54E5C3E}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{7713A639-A165-4B29-B886-33D17EC4ABD0}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{7C9AEDE3-F71D-4F95-AF57-E4B96EEE0B05}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82B63355-FBD8-4BF5-9AFA-FA6BE55984A9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{85D8DEA7-54B7-4E57-90F1-44885D845F6F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{89915B1A-CF69-4DBD-B832-CC4554523624}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8E164F4C-DCF2-4EB5-B7FF-A621A9B56308}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9361A385-3A03-48A0-B453-6BF7CBEA4F83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{96689331-CC4B-4A90-9C58-3AA7467A1E46}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9BC28CF7-1A16-422A-A8B1-BC1889DFE805}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{C98C9A07-C4EF-4311-A623-8FD5217C26A5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DFCA0D3D-0629-4CB4-8BB2-93DD725857F3}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{E809D976-C44A-46D5-8EB1-11798B75C9D7}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4744EEEC-C6E9-4893-85C8-2DE7F59800CA}" = Symantec Technical Support Web Controls
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{66100AC2-E525-42C9-8B60-7E500C9C274B}" = TrueCredit Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0b
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Canon CanoScan LiDE 110 User Registration" = Canon CanoScan LiDE 110 User Registration
"Canon RAW Codec" = Canon RAW Codec
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.7.1
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSNINST" = MSN
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoScape" = PhotoScape
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SlingHealth ActiveX" = SlingHealth ActiveX
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Idaho" = TaxACT 2008 Idaho
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Idaho" = TaxACT 2009 Idaho
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Idaho" = TaxACT 2010 Idaho
"TaxACT Idaho 2006" = TaxACT Idaho 2006
"TaxACT Idaho 2007" = TaxACT Idaho 2007
"TrueCredit Messenger" = TrueCredit Messenger
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Quicken Basic 99" = Quicken Basic 99

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby Dakeyras » June 6th, 2011, 5:28 pm

Hi. :)

Please except my sincere apology for the delay...unfortunately I have been experiencing ISP(Internet Service Provider) problems, which thankfully appear to have been rectified so far...

When I was in the process of copying the Extras log, WinPatrol alerted me that an addition of 2 scheduled tasks for Ad-Aware Scan for a "Weekly Full Scan" and a "Daily Smart Scan" were seeking my permission to be included in my scheduled tasks. Insofar as I removed Ad-Aware, I did not give permission for the addition of the scheduled tasks. Thought you should know...
Absolutely fine and you took the correct course of action with regard to WinPatrol, speaking of which the aforementioned is out of date but not a cause for concern and will be addressed in due course.

Hard-Drive Free Space Advice:

Drive D: | 6.26 Gb Total Space | 0.59 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

This is just some basic friendly advice be it a say USB Drive and or a partition for example.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset Vista Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select Off(not recommended) >> Apply >> OK.

Note: No need for it to be active after the reset becuse the Norton 360 application installed has a firewall component...

Next:

Temporarily disable WinPatrol(so it will not hinder the custom OTL script, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
O3 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: atdmt.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: foxnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: mpccorp.com ([owa] https in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: sprintpcs.com ([manage] https in Trusted sites)
O15 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..Trusted Domains: taxactonline.com ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O33 - MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
O33 - MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\Shell\Explore\command - "" = system.exe
O33 - MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\Shell\Open\command - "" = system.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/06/04 09:14:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/04 09:14:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (Daily Smart Scan).job
[2011/06/04 09:14:26 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (Weekly Full Scan).job
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup.exe and select Run as Administratorthen follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: view.atdmt.com

Unread postby theglobal » June 7th, 2011, 12:10 am

Hi,

I ran into a few issues. The OTL using the script you supplied stopped running and I had to restart the computer. It did create a small log (included herein). I re-ran OTL using the script, and it completed and rebooted the computer. A much longer log was generated (included herein).

******Partial OTL log (program stopped working- log created when I rebooted the computer)

Files\Folders moved on Reboot...
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFF144.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFF150.tmp not found!

Registry entries deleted on Reboot...

******OTL log - After I restarted the computer and ran OTL again.
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\atdmt.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\foxnews.com\www\ not found.
Registry key HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mpccorp.com\owa\ not found.
Registry key HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sprintpcs.com\manage\ not found.
Registry key HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taxactonline.com\www\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770926b8-5bb0-11de-a36d-001a9229bc34}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770926b8-5bb0-11de-a36d-001a9229bc34}\ not found.
File system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{770926b8-5bb0-11de-a36d-001a9229bc34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770926b8-5bb0-11de-a36d-001a9229bc34}\ not found.
File system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\setup.exe not found.
File/Folder C:\Windows\*.tmp not found.
File C:\Windows\tasks\Ad-Aware Update (Weekly).job not found.
File C:\Windows\tasks\Ad-Aware Scan (Daily Smart Scan).job not found.
File C:\Windows\tasks\Ad-Aware Scan (Weekly Full Scan).job not found.
Unable to delete ADS C:\ProgramData\TEMP:5C321E34 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 456 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 2099120 bytes
->Temporary Internet Files folder emptied: 269889523 bytes
->Java cache emptied: 15720731 bytes
->FireFox cache emptied: 43040459 bytes
->Apple Safari cache emptied: 8866816 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 548653 bytes
RecycleBin emptied: 17200237189 bytes

Total Files Cleaned = 16,728.00 mb



OTL by OldTimer - Version 3.2.23.0 log created on 06062011_212343

Files\Folders moved on Reboot...
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF2007.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF24AE.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF2BD1.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF2E6C.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF3B8F.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF4B65.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF5ABC.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF5BCF.tmp not found!

Registry entries deleted on Reboot...

***********************************************************

I will post MBAM in a separate post after this.

Thanks!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby theglobal » June 7th, 2011, 12:49 am

Hi :)
See prior post for additional information of your recent instructions.

I was a bit concerned that if I had to reboot the computer, I may not have access to the MBAM log file. So, thought I would post after I ran it. I was not exactly sure how it would work. The scan came up with a few tracking cookies and Traces found in Files/Folders. The Traces exact name: (Core2) W32-MalewareF.DSWL.
Location: C:\Users|Mike|Desktop\HPUpdates\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe. When I clicked on "Remove Selected Items" I was taken to a purchase option. That is why I typed the info for you, instead of posting a log. So, the file was not removed. Of course, it is possible I did something wrong, and I am not particularly opposed to purchasing the software, if you think that is something I should do.

Computer Status:

As of now, I no longer see the "view.atdmt.com" re-direct. I was seeing it on Microsoft's website when I clicked on the Microsoft Upgrade Advisor. However, if we are not entirely finished, it could come back, right?

Hard Drive Free Space Advice:

The Drive D is a recovery drive that came with my HP computer. It has always been nearly full since I purchased the computer. I am not exactly sure how it works...thankfully, I have not yet had to recover the computer.

Let me know next steps.

Thanks,
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby Dakeyras » June 7th, 2011, 5:14 am

Hi. :)

I ran into a few issues. The OTL using the script you supplied stopped running and I had to restart the computer. It did create a small log (included herein). I re-ran OTL using the script, and it completed and rebooted the computer. A much longer log was generated (included herein).
OK please check if Windows Defender is disabled or not as follows, if it isn't temp' disable it as that would account for the problems you mentioned...

  • Launch Windows Defender via Start(Vista Orb), Control Panel, Windows Defender and go to Tools >> Options.
  • There will be a list of configuration options.
  • Scroll down to the end of the list to Administrator options.
  • Deselect the Use Windows Defender box and press the Save button.
  • Now you will receive a notification saying that Windows Defender is turned off.
  • Click on Save then Close on the Notification that appears.

A graphical tutorial explaining the above can be viewed here.

You may re-enable this when I give the all clear, though personally I would leave it disabled as it is not a particularly effective application and unfortunately it cannot be uninstalled because it is a integral part of the Vista Operating System.

Next:

The Drive D is a recovery drive that came with my HP computer. It has always been nearly full since I purchased the computer. I am not exactly sure how it works...thankfully, I have not yet had to recover the computer.
Ah I see, thank you for the clarification. For future reference this article explains how to use the aforementioned partition:-

Performing an HP System Recovery in Windows XP

Even though just states for XP the principle is pretty much the same for Vista if memory serves correctly.

As of now, I no longer see the "view.atdmt.com" re-direct. I was seeing it on Microsoft's website when I clicked on the Microsoft Upgrade Advisor. However, if we are not entirely finished, it could come back, right?
Hopefully not but as of yet we have not completed the Malware Removal process, so please bare with myself.

Next:

I was a bit concerned that if I had to reboot the computer, I may not have access to the MBAM log file.
Actually even if your machine would have been rebooted you would still be able to retrieve the log manually.

When I clicked on "Remove Selected Items" I was taken to a purchase option. That is why I typed the info for you, instead of posting a log. So, the file was not removed. Of course, it is possible I did something wrong, and I am not particularly opposed to purchasing the software, if you think that is something I should do.
Most strange and not encountered that one before, even if you say downloaded the Malwarebytes Anti-Malware PRO version by mistake you should have a 14-day trial version...however the generic download link I provided your good self should only go to one of several free-ware only downloads. I will inquire about this in the Malwarebytes' Anti-Malware support forum, in the mean time please post the log from the last run, it can be located as follows:-

1 - Launch Malwarebytes' Anti-Malware
2 - Click on the Logs radio tab.

Next:

Re-run Malwarebytes' Anti-Malware again as follows please and post the new log created in your next reply, thank you.

Click on Start(Vista Orb) >> Run... >> (or the Windows key and R together) to bring up the Run box and and copy and paste in:

Code: Select all
mbam.exe /developer
  • Allow the UAC prompt, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: view.atdmt.com

Unread postby theglobal » June 8th, 2011, 3:26 am

Hi :?

I admit, something very odd happened. I just discovered that when I downloaded what I thought was MBAM (per your post prior to your last post), it was in fact, a product called CyberDefender. I did not give much thought to the fact that the names were different, insofar as I used the link provided in your post to download the setup file. Tonight, I downloaded the correct file, using the link you provided in your last post. For the life of me, I am not sure at all how CyberDefender was downloaded. I installed it thinking it was the correct file. ...That is the program I mentioned that wants me to purchase it before it will remove any malware. The MBAM is now loaded and it does have a 14-Day trial period. Very strange...yes? Should I remove the CyberDefender? WinPatrol, CyberDefender and Norton are all popping up trying to do mortal battle with each other... ;)

Windows Defender:
It is turned off.

MBAM Log:

Malwarebytes' Anti-Malware 1.51.0.1200
http://ww ran this:w.malwarebytes.org

Database version: 6805

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/8/2011 12:08:53 AM
mbam-log-2011-06-08 (00-08-52).txt

Scan type: Quick scan
Objects scanned: 157188
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
********************************************

Computer Operation:

It's rather ironic, but when I noticed the atdmt.com issue, I was trying to download the Microsoft Windows Upgrade tool to see if all of my hardware and programs on Vista would work on Windows 7. I have never really liked Vista. I don't know too much about Windows 7 yet. Now, that Microsoft link is again pointed to view.atdmt.com. It was ok, yesterday, but the view.atdmt.com came back. Not surprising, given the sinister nature of the malware slugs. I certainly appreciate your patience and understanding.
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby Dakeyras » June 8th, 2011, 5:45 am

Hi. :)

I admit, something very odd happened. I just discovered that when I downloaded what I thought was MBAM (per your post prior to your last post), it was in fact, a product called CyberDefender. I did not give much thought to the fact that the names were different, insofar as I used the link provided in your post to download the setup file. Tonight, I downloaded the correct file, using the link you provided in your last post. For the life of me, I am not sure at all how CyberDefender was downloaded. I installed it thinking it was the correct file. ...That is the program I mentioned that wants me to purchase it before it will remove any malware. The MBAM is now loaded and it does have a 14-Day trial period. Very strange...yes? Should I remove the CyberDefender? WinPatrol, CyberDefender and Norton are all popping up trying to do mortal battle with each other... ;)
I was reliably infomed by some well respected colleagues of mine this may have been the case as in it was not MBAM downloaded(my personal thanks to both melboy & screen317). We will deal with this shortly and MBAM will revert to the freeware version after the trial period expires.

It's rather ironic, but when I noticed the atdmt.com issue, I was trying to download the Microsoft Windows Upgrade tool to see if all of my hardware and programs on Vista would work on Windows 7. I have never really liked Vista. I don't know too much about Windows 7 yet. Now, that Microsoft link is again pointed to view.atdmt.com. It was ok, yesterday, but the view.atdmt.com came back. Not surprising, given the sinister nature of the malware slugs. I certainly appreciate your patience and understanding.
Once I give the all clear you should be able to download and run the Windows 7 Upgrade Advisor. Also you are are most welcome!

Download/run Rkill:

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Right-click on Rkill and select Run as Administrator
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive.

EG: C:\rkill.txt. Please do not delete this unless I advise otherwise.

Next:

Download AppRemover and right-click on the excutible and select Run as Administrator.

Click Next >>

Image

Ensure "Remove Security Application" is collected and click Next >>

Image

AppRemover will scan all the security applications on your PC

Image

Select Any CyberDefender entries from the applications offered and click Next >> twice.

Image

Follow any further on-screen instructions. If asked to reboot, please do so.

Next:

Let myself know when completed the above and if any problems encountered and we will go from there, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: view.atdmt.com

Unread postby theglobal » June 10th, 2011, 10:15 pm

Hi :)

Rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/10/2011 at 19:44:55.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Users\Mike\Downloads\eXplorer.exe
C:\Windows\SMINST\remind.exe


Rkill completed on 06/10/2011 at 19:51:53.

*************************

AppRemover:

I ran this app and it identified CyberDefender. It indicated that CyberDefender was removed. However, it still shows up in my "installed programs" list.

Hope all is well with you.

Thanks,
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby Dakeyras » June 11th, 2011, 3:54 pm

Hi. :)

I ran this app and it identified CyberDefender. It indicated that CyberDefender was removed.
Good.

However, it still shows up in my "installed programs" list.
We should be able to deal with this, my research did reveal that CyberDefender is not easy uninstalled hence I advised the download and running of the specialist removal tool. Anyway what has probably occurred here is the Programs and Features entry has been left behind even though the actual software has been removed/uninstalled etc.

Hope all is well with you.
Fine thank you and likewise!

Add Remove Program Cleaner:

Please download Add Remove Program Cleaner to your desktop.

  • Right-click on addremovecleaner.exe and select Run as Administrator.
  • Locate CyberDefender in the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list.
  • At the prompt click on Yes then Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.

Scan With RKUnHooker:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select Run as Administratorto run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: view.atdmt.com

Unread postby theglobal » June 13th, 2011, 2:10 am

Greetings!

Add Remove Program Cleaner:

Done.. After rebooting, I still had a CyberDefender directory with some files in it. I deleted the directory, and again emptied the recycle bin, and then rebooted the computer a second time. It "appears" there are no CyberDefender files...

Scan With RKUnHooker:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C20A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7467008 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 )
0x8201F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8201F000 PnpManager 3907584 bytes
0x8201F000 RAW 3907584 bytes
0x8201F000 WMIxWDM 3907584 bytes
0x91400000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x9AE50000 Win32k 2113536 bytes
0x9AE50000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB1607000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110612.002\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0x87C0D000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82C09000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D204000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8DA92000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x82E04000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80466000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA18ED000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x92403000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx86.sys 819200 bytes (Symantec Corporation, BASH Driver)
0x8267A000 C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS 765952 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x8D306000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA0806000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C929000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8DA05000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xB140B000 C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0x80546000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8273E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA08D9000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x91D45000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x91CE8000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110604.001\IDSvix86.sys 380928 bytes (Symantec Corporation, IDS Core Driver)
0x91725000 C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x82604000 C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
0xA1882000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x9B0A0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x82FAA000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x806A3000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x917B8000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80607000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80425000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8074B000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x82F36000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x91CA2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82D3F000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA1809000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87D1D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x827AF000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x823D9000 ACPI_HAL 208896 bytes
0x823D9000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807A9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91C0A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DBB5000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x91637000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82D14000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x82D7A000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA185A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x87D70000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8065E000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9177E000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x91664000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x91C73000 C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0x82DA4000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x87DA8000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA0991000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x916BC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA09B2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80720000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x91DA3000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x92578000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x8078C000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0xA0946000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82EEE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x925AE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA0963000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x82F74000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA1842000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x925C9000 C:\Windows\system32\DRIVERS\CDAVFS.sys 94208 bytes (CyberDefender Corp., Antivirus Driver)
0x91DC1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D3C8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x924E5000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA09D1000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x91C3C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9170F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA097C000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x82DDB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x924CB000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA19E1000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xB177E000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110612.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x82DC7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x917A4000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8DB92000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA08C6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x91C60000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x92513000 C:\Windows\system32\drivers\RTSTOR.SYS 73728 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0xA18D1000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x87D97000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x827E4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82F26000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x8265B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9252E000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA08B6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80702000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x82F8C000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D3EE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8266B000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x9259F000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87D60000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80685000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D3DF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C9DF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80694000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x82F9C000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9B090000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x91C52000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x916F8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806F4000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x92561000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D3BB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8073E000 C:\Windows\system32\DRIVERS\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x87C00000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x92506000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x805C2000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA19D5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x916B0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C9C9000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8DBAA000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C9F4000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x916ED000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DBEF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x92556000 C:\Windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32.sys)
0x91C97000 C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0x8DBE4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x87DE9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x9256E000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x92595000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8C200000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x91CDE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA19CB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C9D5000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x924FC000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xB179F000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x87DC9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x91689000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x92525000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9253E000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x82735000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x91706000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9B070000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87DF4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8064D000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80718000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8041D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9254E000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80656000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x916DD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x916E5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87D56000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA19F6000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x91699000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x916A9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80405000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x92547000 C:\Windows\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0x91692000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806ED000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8C9EE000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x80712000 C:\Windows\system32\drivers\pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0x8DBA5000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xB1792000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xA18E9000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x924E2000 C:\Windows\system32\DRIVERS\wdcsam.sys 12288 bytes (Western Digital Technologies, WD SCSI Architecture Model (SAM) driver)
0x87D5E000 C:\Windows\system32\speedfan.sys 8192 bytes (Windows (R) 2000 DDK provider, SpeedFan Device Driver)
0x8DBFA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x924E0000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x87D6F000 C:\Windows\system32\giveio.sys 4096 bytes
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x820C77AA-->820C77B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC8B4, Type: Inline - RelativeJump 0x820CB8B4-->820CB8EB [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC9A0, Type: Inline - RelativeJump 0x820CB9A0-->820CB9D5 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB74, Type: Inline - RelativeJump 0x820CBB74-->820CBBF2 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACBB4, Type: Inline - RelativeJump 0x820CBBB4-->820CBBE9 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACD94, Type: Inline - RelativeJump 0x820CBD94-->820CBD9E [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACE04, Type: Inline - RelativeJump 0x820CBE04-->820CBE7E [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACE64, Type: Inline - RelativeJump 0x820CBE64-->820CBE99 [ntkrnlpa.exe]
[1408]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->73C34618 [shimeng.dll]
[1408]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->73C34618 [shimeng.dll]
[1408]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->73C34618 [shimeng.dll]
[1408]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->73C34618 [shimeng.dll]
[1408]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->73C34618 [shimeng.dll]
[3596]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->73C34618 [shimeng.dll]
[3596]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->73C34618 [shimeng.dll]
[3596]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->73C34618 [shimeng.dll]
[3596]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->73C34618 [shimeng.dll]


********************************

Thank you!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby Dakeyras » June 13th, 2011, 3:13 am

Hi. :)

Done.. After rebooting, I still had a CyberDefender directory with some files in it. I deleted the directory, and again emptied the recycle bin, and then rebooted the computer a second time. It "appears" there are no CyberDefender files...
Good...

Thank you!
You're welcome!

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Next:

Click Start(Vista Orb) >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
Code: Select all
C:\Qoobox\Add-Remove Programs.txt
A text file should open. Post the contents of that file in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • Add-Remove Programs.txt.
  • A new DDS Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: view.atdmt.com

Unread postby theglobal » June 15th, 2011, 2:17 am

Hi :D

Computer Performance:

At this moment, when I place my cursor over the Microsoft Upgrade Advisor link, it no longer points to "view.atdmt.com." Good news! There were no problems running any of the tools you requested I run.

ComboFix Log:

ComboFix 11-06-14.03 - Mike 06/14/2011 23:02:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.953 [GMT -6:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\system
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-15 05:12 . 2011-06-15 05:12 -------- d-----w- c:\users\Mike\AppData\Local\temp
2011-06-15 05:12 . 2011-06-15 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-07 02:53 . 2011-06-07 02:53 -------- d-----w- c:\program files\ERUNT
2011-06-06 21:59 . 2011-06-10 01:03 -------- d-----w- c:\users\Mike\AppData\Roaming\SecondLife
2011-06-06 21:59 . 2011-06-10 02:03 -------- d-----w- c:\users\Mike\AppData\Local\SecondLife
2011-06-06 21:58 . 2011-06-06 21:59 -------- d-----w- c:\program files\SecondLifeViewer2
2011-06-04 14:40 . 2011-06-04 14:40 -------- d-----w- c:\program files\Microsoft ATS
2011-06-04 06:34 . 2011-06-04 06:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 22:33 . 2011-06-01 22:33 -------- d-----w- c:\users\Mike\AppData\Roaming\Tific
2011-06-01 21:24 . 2011-06-13 04:53 -------- d-----w- c:\users\Mike\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 19:41 . 2009-09-25 07:46 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-15 18:06 . 2011-05-15 18:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-15 18:06 . 2011-05-15 18:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-15 18:06 . 2011-05-15 18:06 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-15 18:06 . 2011-05-15 18:06 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-15 18:06 . 2011-05-15 18:06 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-15 18:06 . 2011-05-15 18:06 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-15 18:06 . 2011-05-15 18:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-15 18:06 . 2011-05-15 18:06 367104 ----a-w- c:\windows\system32\html.iec
2011-05-15 18:06 . 2011-05-15 18:06 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-15 18:06 . 2011-05-15 18:06 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-15 18:06 . 2011-05-15 18:06 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-15 18:06 . 2011-05-15 18:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-15 18:06 . 2011-05-15 18:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-15 18:06 . 2011-05-15 18:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-15 18:06 . 2011-05-15 18:06 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-15 18:06 . 2011-05-15 18:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-15 18:06 . 2011-05-15 18:06 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-15 18:06 . 2011-05-15 18:06 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-15 18:06 . 2011-05-15 18:06 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-15 18:06 . 2011-05-15 18:06 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-05-15 18:06 . 2011-05-15 18:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-31 03:00 . 2011-05-15 19:39 516216 ----a-r- c:\windows\system32\drivers\N360\0501000.01D\srtsp.sys
2011-03-31 03:00 . 2011-05-15 19:39 50168 ----a-r- c:\windows\system32\drivers\N360\0501000.01D\srtspx.sys
2011-03-22 00:39 . 2011-05-15 19:39 331384 ----a-r- c:\windows\system32\drivers\N360\0501000.01D\symtdiv.sys
2011-03-22 00:39 . 2011-05-15 19:39 296568 ----a-r- c:\windows\system32\drivers\N360\0501000.01D\symnets.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-13 517768]
"TrueCredit Messenger Tray"="c:\program files\TrueCredit Messenger\TCMTray.exe" [2008-12-30 379392]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-08-27 45992]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-02 44168]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-12-11 261120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-3 113664]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CDLauncher;CyberDefender Launcher;c:\users\Mike\AppData\Local\CyberDefender Internet Security\AntiSpyware\CDLauncherWS.exe [x]
R4 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-04-08 117288]
R4 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-04-08 117288]
R4 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-04-08 154152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-20 28544]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110519.002\BHDrvx86.sys [2011-05-19 810616]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110614.001\IDSvix86.sys [2011-06-03 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2011-06-07 96200]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 07:56]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 07:56]
.
2011-06-14 c:\windows\Tasks\Norton Internet Security - Mike - Full System Scan.job
- c:\program files\Norton 360\Engine\5.1.0.29\Navw32.exe [2011-05-15 00:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://208.0.229.146/SysCamInst.cab
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/ ... Health.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y3wkg559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-14 23:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-14 23:15:54
ComboFix-quarantined-files.txt 2011-06-15 05:15
.
Pre-Run: 203,311,161,344 bytes free
Post-Run: 203,236,548,608 bytes free
.
- - End Of File - - 72EF681563FB8BA0DB06DB5E4EB7655C

Add/Remove Programs Log:

ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop Elements
Adobe SVG Viewer
Amazon Kindle For PC v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVSDK5
Bejeweled 2 Deluxe
Bing Bar
Bonjour
Canon CanoScan LiDE 110 User Registration
Canon MP Navigator EX 4.0
Canon RAW Codec
Canon Solution Menu EX
CanoScan LiDE 110 Scanner Driver
Compatibility Pack for the 2007 Office system
D3DX10
DHTML Editing Component
DIGOpt
DivX
DVD Shrink 3.2
DVDStyler v1.7.1
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Picasso Media Center Add-In
HP Product Detection
HP Update
HPAsset component for HP Active Support Library
HPSSupply
iTunes
Japanese Fonts Support For Adobe Reader 8
Junk Mail filter update
LG USB Modem driver
LightScribe System Software
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.17)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Norton 360
NVIDIA Drivers
OcxSetup
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PayPal Plug-In
PhotoScape
Python 2.4.3
Quicken Basic 99
QuickTime
Qwest Installer
Qwest QuickAssist Desktop Tools
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
SecondLifeViewer2 (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Segoe UI
Shipping Assistant 3.6
Shop for HP Supplies
SlingHealth ActiveX
Soft Data Fax Modem with SmartCP
Sony DVD Architect Studio 4.5
Sony Vegas Movie Studio 6.0b
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.2
Symantec Technical Support Web Controls
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 Idaho
TaxACT 2009
TaxACT 2009 Idaho
TaxACT 2010
TaxACT 2010 Idaho
TaxACT Idaho 2006
TaxACT Idaho 2007
TrueCredit Messenger
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WD SmartWare
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver

*****

DDS Log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mike at 23:53:12 on 2011-06-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.698 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\TrueCredit Messenger\TCMTray.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TrueCredit Messenger Tray] "c:\program files\truecredit messenger\TCMTray.exe" /Start
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://208.0.229.146/SysCamInst.cab
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/ ... Health.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... den-us.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\y3wkg559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-20 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-26 28544]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-15 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110519.002\BHDrvx86.sys [2011-5-19 810616]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110614.001\IDSvix86.sys [2011-6-14 367736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-15 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-15 331384]
R2 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2011-6-6 96200]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-7 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-8 366640]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-15 130008]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22712]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-31 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-31 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CDLauncher;CyberDefender Launcher;"c:\users\mike\appdata\local\cyberdefender internet security\antispyware\cdlauncherws.exe" --> c:\users\mike\appdata\local\cyberdefender internet security\antispyware\CDLauncherWS.exe [?]
S4 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
S4 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
S4 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-15 05:16:04 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-15 05:15:56 -------- d-----w- c:\users\mike\appdata\local\temp
2011-06-15 04:58:58 98816 ----a-w- c:\windows\sed.exe
2011-06-15 04:58:58 518144 ----a-w- c:\windows\SWREG.exe
2011-06-15 04:58:58 256512 ----a-w- c:\windows\PEV.exe
2011-06-15 04:58:58 208896 ----a-w- c:\windows\MBR.exe
2011-06-08 06:00:47 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2011-06-08 06:00:26 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 06:00:26 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 06:00:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 06:00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 03:38:55 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-06-07 03:38:34 -------- d-----w- c:\program files\common files\Authentium
2011-06-07 03:04:13 -------- d-----w- C:\_OTL
2011-06-06 21:59:26 -------- d-----w- c:\users\mike\appdata\local\SecondLife
2011-06-06 21:58:15 -------- d-----w- c:\program files\SecondLifeViewer2
2011-06-04 14:40:38 -------- d-----w- c:\program files\Microsoft ATS
2011-06-04 06:34:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 22:33:29 -------- d-----w- c:\users\mike\appdata\roaming\Tific
2011-06-01 21:24:35 -------- d-----w- c:\users\mike\appdata\local\CrashDumps
.
==================== Find3M ====================
.
2011-05-15 19:41:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-31 03:00:09 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-03-31 03:00:09 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-03-22 00:39:49 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-03-22 00:39:49 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
.
============= FINISH: 23:54:12.28 ===============

That's it for now. Please let me know if I need to do anything more. I wonder if there is any way to know where I may have picked up the view.atdmt.com malware? It seems that Norton had no protection for it.

Thanks!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware