Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

view.atdmt.com Redirect Back Again

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

view.atdmt.com Redirect Back Again

Unread postby theglobal » June 29th, 2011, 1:08 am

Hi :)

After working with Dakeyras for a lengthy period of time, it appeared that we had cleaned up the view.atdmt.com redirect problem. The computer is re-infected or it was residing somewhere in the computer to reappear...which seems unlikely. In any event, I would be grateful for additional help.

DDS LOG:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Mike at 23:01:25 on 2011-06-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.639 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrueCredit Messenger\TCMTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TrueCredit Messenger Tray] "c:\program files\truecredit messenger\TCMTray.exe" /Start
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://208.0.229.146/SysCamInst.cab
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/ ... Health.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan ... stubie.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... den-us.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\y3wkg559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-20 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-26 28552]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-15 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110628.050\IDSvix86.sys [2011-6-28 367736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-15 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-15 331384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-7 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-8 366640]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-15 130008]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22712]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-31 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-31 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-27 06:38:35 -------- d-----w- c:\programdata\InstallMate
2011-06-25 07:49:18 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-25 07:49:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-24 03:39:34 -------- d-----w- c:\users\mike\appdata\local\temp
2011-06-24 03:38:21 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-16 11:47:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 11:47:56 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-16 11:47:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 05:42:38 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-06-16 04:17:33 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 04:17:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 04:17:29 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 04:17:29 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 04:17:27 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 04:17:25 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:17:22 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 04:17:22 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 04:17:22 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 04:17:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-08 06:00:47 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2011-06-08 06:00:26 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 06:00:26 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 06:00:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 06:00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-06 21:59:26 -------- d-----w- c:\users\mike\appdata\local\SecondLife
2011-06-06 21:58:15 -------- d-----w- c:\program files\SecondLifeViewer2
2011-06-06 18:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 18:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-04 14:40:38 -------- d-----w- c:\program files\Microsoft ATS
2011-06-04 06:34:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 22:33:29 -------- d-----w- c:\users\mike\appdata\roaming\Tific
2011-06-01 21:24:35 -------- d-----w- c:\users\mike\appdata\local\CrashDumps
.
==================== Find3M ====================
.
2011-05-15 19:41:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 23:02:55.98 ===============

Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2007 1:15:03 AM
System Uptime: 6/27/2011 12:33:17 AM (47 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 292 GiB total, 163.072 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.589 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 409.593 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1220: 6/13/2011 6:35:57 AM - Scheduled Checkpoint
RP1221: 6/14/2011 1:35:16 AM - Scheduled Checkpoint
RP1222: 6/15/2011 2:11:24 AM - Scheduled Checkpoint
RP1223: 6/15/2011 9:34:22 PM - Scheduled Checkpoint
RP1224: 6/16/2011 5:03:59 AM - Windows Update
RP1225: 6/17/2011 6:48:11 PM - Scheduled Checkpoint
RP1226: 6/19/2011 12:00:10 AM - Scheduled Checkpoint
RP1228: 6/23/2011 9:11:00 PM - ComboFix created restore point
RP1229: 6/25/2011 1:25:40 AM - Installed Adobe Reader X (10.1.0).
RP1230: 6/25/2011 1:47:55 AM - Installed Java(TM) 6 Update 26
RP1231: 6/26/2011 12:00:22 AM - Scheduled Checkpoint
RP1233: 6/28/2011 12:32:35 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop Elements
Adobe Reader X (10.1.0)
Adobe SVG Viewer
Amazon Kindle For PC v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVSDK5
Bejeweled 2 Deluxe
Bing Bar
Bonjour
Canon CanoScan LiDE 110 User Registration
Canon MP Navigator EX 4.0
Canon RAW Codec
Canon Solution Menu EX
CanoScan LiDE 110 Scanner Driver
Compatibility Pack for the 2007 Office system
D3DX10
DHTML Editing Component
DIGOpt
DivX
DVD Shrink 3.2
DVDStyler v1.7.1
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Picasso Media Center Add-In
HP Product Detection
HP Update
HPAsset component for HP Active Support Library
HPSSupply
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
LG USB Modem driver
LightScribe System Software
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.18)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Norton 360
NVIDIA Drivers
OcxSetup
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PayPal Plug-In
PhotoScape
Python 2.4.3
Quicken Basic 99
QuickTime
Qwest Installer
Qwest QuickAssist Desktop Tools
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
SecondLifeViewer2 (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Segoe UI
Shipping Assistant 3.6
Shop for HP Supplies
SlingHealth ActiveX
Soft Data Fax Modem with SmartCP
Sony DVD Architect Studio 4.5
Sony Vegas Movie Studio 6.0b
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.2
Symantec Technical Support Web Controls
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 Idaho
TaxACT 2009
TaxACT 2009 Idaho
TaxACT 2010
TaxACT 2010 Idaho
TaxACT Idaho 2006
TaxACT Idaho 2007
TrueCredit Messenger
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WD SmartWare
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/27/2011 12:34:23 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/26/2011 11:39:39 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
6/25/2011 1:28:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/25/2011 1:28:03 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/25/2011 1:28:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/23/2011 9:28:51 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Thank you!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am
Advertisement
Register to Remove

Re: view.atdmt.com Redirect Back Again

Unread postby MWR 3 day Mod » July 2nd, 2011, 4:02 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: view.atdmt.com Redirect Back Again

Unread postby deltalima » July 4th, 2011, 3:56 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: view.atdmt.com Redirect Back Again

Unread postby deltalima » July 4th, 2011, 4:07 pm

Hi theglobal,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: view.atdmt.com Redirect Back Again

Unread postby theglobal » July 5th, 2011, 2:31 am

Hi deltalima:)

Thank you for your help. Much appreciated.

OTL Log

OTL logfile created on: 7/5/2011 12:01:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 39.03% Memory free
3.99 Gb Paging File | 1.93 Gb Available in Paging File | 48.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 165.88 Gb Free Space | 56.84% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.59 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
Drive F: | 465.73 Gb Total Space | 405.94 Gb Free Space | 87.16% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TrueCredit Messenger\TCMTray.exe (TransUnion Interactive)
PRC - C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\asOEHook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110704.017\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110704.017\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110704.050\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/09/20 10:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/16 18:17:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/06/23 21:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\ [2011/05/15 13:39:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:14:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 01:49:18 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/09/20 10:15:27 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/16 18:17:51 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/06/23 21:54:34 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\ [2011/05/15 13:39:40 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:14:45 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 01:49:18 | 000,000,000 | ---D | M]

[2008/09/02 15:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/07/04 08:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y3wkg559.default\extensions
[2010/06/29 17:39:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y3wkg559.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/25 01:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/25 01:49:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/09/02 15:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/05/15 13:39:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN
[2011/06/23 21:54:34 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2011/06/25 01:48:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/15 14:16:26 | 000,618,793 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 http://www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 http://www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 http://www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16379 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueCredit Messenger Tray] C:\Program Files\TrueCredit Messenger\TCMTray.exe (TransUnion Interactive)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://208.0.229.146/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/ ... Health.cab (SlingHealth Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/ph ... den-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mike\Desktop\Canada Trip Aug 2010\IMG_4436.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mike\Desktop\Canada Trip Aug 2010\IMG_4436.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/26 03:21:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 23:57:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/06/28 22:58:59 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
[2011/06/27 00:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/06/27 00:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/06/25 01:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/25 01:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/25 01:49:18 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/06/25 01:49:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/25 01:49:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/25 01:49:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/25 01:23:26 | 039,697,816 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Mike\Desktop\AdbeRdr1010_en_US.exe
[2011/06/23 21:39:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/23 21:39:34 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp
[2011/06/23 21:38:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/16 05:47:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/16 05:47:54 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/16 05:47:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/16 05:47:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 23:42:38 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/06/14 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\New Folder (5)
[2011/06/08 00:00:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/06/08 00:00:26 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/08 00:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/08 00:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/08 00:00:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/08 00:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/07 23:56:11 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mike\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 21:38:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberDefender
[2011/06/06 20:55:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/06 20:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/06/06 20:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/06 15:59:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SecondLife
[2011/06/06 15:59:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\SecondLife
[2011/06/06 15:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer 2
[2011/06/06 15:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLifeViewer2
[2008/07/15 13:07:51 | 000,308,600 | ---- | C] (Symantec Corporation) -- C:\ProgramData\NortonProtectionMemo.exe

========== Files - Modified Within 30 Days ==========

[2011/07/04 23:57:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/07/04 22:32:26 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 22:32:26 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/03 18:09:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/03 03:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Mike - Full System Scan.job
[2011/07/02 22:30:42 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 07:40:15 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/01 07:40:15 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/30 07:44:56 | 000,000,890 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
[2011/06/30 06:28:41 | 000,306,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/30 06:28:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/30 06:27:53 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 22:59:00 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
[2011/06/27 00:19:38 | 000,000,134 | ---- | M] () -- C:\Users\Mike\Desktop\Noscript.url
[2011/06/26 12:58:06 | 000,303,221 | ---- | M] () -- C:\Users\Mike\Desktop\IMG_0800.JPG
[2011/06/25 01:48:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/25 01:48:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/25 01:48:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/25 01:48:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/06/25 01:27:48 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/25 01:23:50 | 039,697,816 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Mike\Desktop\AdbeRdr1010_en_US.exe
[2011/06/15 20:10:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2011/06/15 14:16:26 | 000,618,793 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2011/06/08 00:00:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/07 23:55:42 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mike\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 21:40:31 | 000,000,065 | ---- | M] () -- C:\Windows\av_affiliate.ini
[2011/06/06 21:40:17 | 000,000,065 | ---- | M] () -- C:\Windows\as_affiliate.ini
[2011/06/06 21:38:56 | 000,000,257 | R--- | M] () -- C:\Users\Mike\Desktop\Live PC Help.url
[2011/06/06 20:53:28 | 000,000,759 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2011/06/06 20:53:28 | 000,000,740 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/06/06 20:53:28 | 000,000,735 | ---- | M] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
[2011/06/06 20:53:28 | 000,000,716 | ---- | M] () -- C:\Users\Mike\Desktop\ERUNT.lnk
[2011/06/06 15:59:04 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk

========== Files Created - No Company Name ==========

[2011/06/27 00:19:38 | 000,000,134 | ---- | C] () -- C:\Users\Mike\Desktop\Noscript.url
[2011/06/26 12:56:43 | 000,303,221 | ---- | C] () -- C:\Users\Mike\Desktop\IMG_0800.JPG
[2011/06/25 01:27:47 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/25 01:27:46 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/23 22:01:09 | 000,000,890 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
[2011/06/08 00:00:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 21:40:31 | 000,000,065 | ---- | C] () -- C:\Windows\av_affiliate.ini
[2011/06/06 21:40:17 | 000,000,065 | ---- | C] () -- C:\Windows\as_affiliate.ini
[2011/06/06 21:38:55 | 000,000,257 | R--- | C] () -- C:\Users\Mike\Desktop\Live PC Help.url
[2011/06/06 20:53:28 | 000,000,759 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2011/06/06 20:53:28 | 000,000,740 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/06/06 20:53:28 | 000,000,735 | ---- | C] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
[2011/06/06 20:53:28 | 000,000,716 | ---- | C] () -- C:\Users\Mike\Desktop\ERUNT.lnk
[2011/06/06 15:59:04 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2011/05/12 19:18:03 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2011/04/23 16:25:48 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 16:25:48 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/01/02 14:32:51 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/02/15 11:33:21 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT09.ini
[2009/10/11 12:51:51 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/09/18 00:51:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 00:51:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/03 22:41:16 | 000,000,075 | ---- | C] () -- C:\Windows\TaxACT08.ini
[2009/02/02 10:55:25 | 000,000,780 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/02/02 10:55:25 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
[2009/02/02 10:55:24 | 000,006,472 | ---- | C] () -- C:\Windows\ICOADB32.DAT
[2008/12/11 17:31:04 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/09/23 05:00:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/28 01:21:00 | 000,201,098 | ---- | C] () -- C:\Windows\hpqins16.dat
[2007/12/28 15:44:32 | 000,000,070 | ---- | C] () -- C:\Windows\TaxACT07.ini
[2007/12/05 09:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/23 17:51:53 | 000,015,373 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/07/19 14:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/05/23 20:56:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/03/18 00:10:04 | 000,000,123 | ---- | C] () -- C:\Windows\TaxACT06.ini
[2007/03/15 19:54:35 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat
[2007/03/12 00:54:55 | 000,112,640 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/26 03:16:09 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/12/26 03:10:56 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2006/12/26 03:10:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,306,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Desktop\MVI_2716.AVI:TOC.WMV

< End of report >

Extras Log:

OTL Extras logfile created on: 7/5/2011 12:01:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 39.03% Memory free
3.99 Gb Paging File | 1.93 Gb Available in Paging File | 48.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 165.88 Gb Free Space | 56.84% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.59 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
Drive F: | 465.73 Gb Total Space | 405.94 Gb Free Space | 87.16% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4744EEEC-C6E9-4893-85C8-2DE7F59800CA}" = Symantec Technical Support Web Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{66100AC2-E525-42C9-8B60-7E500C9C274B}" = TrueCredit Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0b
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Canon CanoScan LiDE 110 User Registration" = Canon CanoScan LiDE 110 User Registration
"Canon RAW Codec" = Canon RAW Codec
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.7.1
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSNINST" = MSN
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoScape" = PhotoScape
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"SlingHealth ActiveX" = SlingHealth ActiveX
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Idaho" = TaxACT 2008 Idaho
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Idaho" = TaxACT 2009 Idaho
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Idaho" = TaxACT 2010 Idaho
"TaxACT Idaho 2006" = TaxACT Idaho 2006
"TaxACT Idaho 2007" = TaxACT Idaho 2007
"TrueCredit Messenger" = TrueCredit Messenger
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Quicken Basic 99" = Quicken Basic 99

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2011 8:17:56 PM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

Error - 7/1/2011 12:26:21 AM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

Error - 7/1/2011 12:26:54 AM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

Error - 7/1/2011 6:51:14 PM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

Error - 7/1/2011 6:51:56 PM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

Error - 7/2/2011 11:28:00 AM | Computer Name = Mike-PC | Source = sprtlisten | ID = 0
Description =

Error - 7/2/2011 11:33:14 AM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

Error - 7/2/2011 11:35:25 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 7/4/2011 10:09:44 AM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

Error - 7/4/2011 10:10:27 AM | Computer Name = Mike-PC | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 8/28/2008 11:59:02 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/25/2011 3:28:02 AM | Computer Name = Mike-PC | Source = DCOM | ID = 10005
Description =

Error - 6/25/2011 3:28:03 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/25/2011 3:28:03 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/25/2011 3:44:24 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/25/2011 11:06:40 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/27/2011 1:39:39 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/27/2011 1:52:42 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/27/2011 2:34:23 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/30/2011 8:23:42 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 6/30/2011 8:29:13 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

GMER Log:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-05 00:13:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 WDC_WD32 rev.21.0
Running: ejjvjy7p.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kwldypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Thanks!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com Redirect Back Again

Unread postby deltalima » July 5th, 2011, 3:34 pm

Hi theglobal,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please follow the instructions here to set you computer to use OpenDNS.

Now Reboot and let me know if the browser redirects have stopped.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: view.atdmt.com Redirect Back Again

Unread postby theglobal » July 6th, 2011, 12:51 am

Hi deltalima,

OTL Log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 2105275 bytes
->Temporary Internet Files folder emptied: 71617603 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42605618 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 68815 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 51645676 bytes

Total Files Cleaned = 160.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.0 log created on 07052011_193641

Files\Folders moved on Reboot...
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFBEDF.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFBEEB.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFBF00.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFBF0C.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFBF20.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFBF2C.tmp not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E1QV1GP5\geo[2].js moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E1QV1GP5\normal[1].css moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6WKCFHLB\large[1].css moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6WKCFHLB\viewtopic[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39A9O3KM\medium[1].css moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

*************************************************

OpenDNS
I set up OpenDNS per your instruction.

Computer Operating Status
Of note is that the redirect "appears" to be still pointing to http://view.atdmt.com/action/windows_downloads_Upgrade_CTA?href=http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1b544e90-7659-4bd9-9e51-2497c146af15&displaylang=en (I copied this off the Microsoft website. It is a Windows 7 upgrade advisor link. In the beginning, I would receive the following message: "view.atdmt.com" is not set up to establish a connection on port "World Wide Web service (HTTP)" with this computer. However, now when I click on the link I do not get the same message, but rather I am properly directed to http://www.microsoft.com/download/en/de ... g=en&id=20. So, even though the view.atdmt.com is still showing in the link, it does not return the error message, and I am directed to the correct Microsoft page, thus begging the question of whether the issue is fixed or not.

Thanks,
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com Redirect Back Again

Unread postby deltalima » July 6th, 2011, 5:48 am

Hi theglobal,

Of note is that the redirect "appears" to be still pointing to


Please give more details, how often does the redirect happen? Does it happen from within a search or from particular web pages?

Please download SystemLook from one of the links below and save it to your Desktop.

Download links for 32 bit Windows:
Download Mirror #1
Download Mirror #2



  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *atlassolutions*
    *atdmt*
    
    :folderfind
    *atlassolutions*
    *atdmt*
    
    :Regfind
    atlassolutions
    atdmt
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: view.atdmt.com Redirect Back Again

Unread postby theglobal » July 6th, 2011, 10:32 pm

Hi deltalima,

I recall seeing view.atdmt.com on at least two web links, one of them being Microsoft (I cannot remember the other). Prior to getting the error message "view.atdmt.com" is not set up to establish a connection on port "World Wide Web service (HTTP)" with the "view.atdmt.com" embedded in the link, I was able to click on the same link without the "veiw.atdmt.com" embedded in the link. Of course, it was the error message that made me look up the error message on Google. In several places it noted that it was malware. Upon further looking, I see that Microsoft uses the atdmt service. So, frankly, I am not really sure how it operates, but did observe that it was harmless to a severe maleware that must be removed. That is why I have always gone to Malware Removal for help. As I noted before, now I can click on the Microsoft link, even though it has the atdmt in it, and I do not get the error message, but go to the desired webpage at Microsoft. I defer to your and your assoicates advice with respect to this matter.

System Look Log:
SystemLook 04.09.10 by jpshortstuff
Log created at 19:29 on 06/07/2011 by Mike
Administrator - Elevation successful

========== filefind ==========

Searching for "*atlassolutions*"
No files found.

Searching for "*atdmt*"
No files found.

========== folderfind ==========

Searching for "*atlassolutions*"
No folders found.

Searching for "*atdmt*"
No folders found.

========== Regfind ==========

Searching for "atlassolutions"
No data found.

Searching for "atdmt"
[HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"anon"="@fmt|A=EFDDC03B5ED816B0297D838CFFFFFFFF&E=89c&W=15|bing.com;atdmt.com|Tue, 02-Feb-2010 08:21:54 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"nap"="@fmt|V=1.9&E=842&C=FdSWSyq9bOdS3E2m8RX1_ASSMUNipoSQPH3z2-0sJw2iWX7YwBerCQ&W=16|bing.com;atdmt.com|Sun, 25-Oct-2009 07:21:54 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"anon"="@fmt|A=60CD5E7F40A8E9A06C4D4658FFFFFFFF&E=8b4&W=15|bing.com;atdmt.com|Fri, 26-Feb-2010 12:04:44 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"nap"="@fmt|V=1.9&E=85a&C=79cPJxTNUwBqUC1fMOCr3jlWmEXIC50nHDwJW--bKpKa1bO-qgZwwA&W=2|bing.com;atdmt.com|Wed, 18-Nov-2009 12:04:44 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties\youcomet@live.com]
"anon"="@fmt|A=1F98444CEAD7BCF3A8B86EABFFFFFFFF&E=947&W=1|bing.com;atdmt.com|Fri, 23-Jul-2010 15:12:57 GMT||false"
[HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties\youcomet@live.com]
"nap"="@fmt|V=1.9&E=8ed&C=3x8rbc1AAv0DcX_-95p8XT6xXJwW22Xgp7dG-rKxQ8lwhWQDjLl_eQ&W=1|bing.com;atdmt.com|Wed, 14-Apr-2010 15:12:57 GMT||false"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"anon"="@fmt|A=EFDDC03B5ED816B0297D838CFFFFFFFF&E=89c&W=15|bing.com;atdmt.com|Tue, 02-Feb-2010 08:21:54 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"nap"="@fmt|V=1.9&E=842&C=FdSWSyq9bOdS3E2m8RX1_ASSMUNipoSQPH3z2-0sJw2iWX7YwBerCQ&W=16|bing.com;atdmt.com|Sun, 25-Oct-2009 07:21:54 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"anon"="@fmt|A=60CD5E7F40A8E9A06C4D4658FFFFFFFF&E=8b4&W=15|bing.com;atdmt.com|Fri, 26-Feb-2010 12:04:44 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"nap"="@fmt|V=1.9&E=85a&C=79cPJxTNUwBqUC1fMOCr3jlWmEXIC50nHDwJW--bKpKa1bO-qgZwwA&W=2|bing.com;atdmt.com|Wed, 18-Nov-2009 12:04:44 GMT|"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\atdmt.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\atdmt.com]
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"anon"="@fmt|A=EFDDC03B5ED816B0297D838CFFFFFFFF&E=89c&W=15|bing.com;atdmt.com|Tue, 02-Feb-2010 08:21:54 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"nap"="@fmt|V=1.9&E=842&C=FdSWSyq9bOdS3E2m8RX1_ASSMUNipoSQPH3z2-0sJw2iWX7YwBerCQ&W=16|bing.com;atdmt.com|Sun, 25-Oct-2009 07:21:54 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"anon"="@fmt|A=60CD5E7F40A8E9A06C4D4658FFFFFFFF&E=8b4&W=15|bing.com;atdmt.com|Fri, 26-Feb-2010 12:04:44 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"nap"="@fmt|V=1.9&E=85a&C=79cPJxTNUwBqUC1fMOCr3jlWmEXIC50nHDwJW--bKpKa1bO-qgZwwA&W=2|bing.com;atdmt.com|Wed, 18-Nov-2009 12:04:44 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\youcomet@live.com]
"anon"="@fmt|A=1F98444CEAD7BCF3A8B86EABFFFFFFFF&E=947&W=1|bing.com;atdmt.com|Fri, 23-Jul-2010 15:12:57 GMT||false"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\youcomet@live.com]
"nap"="@fmt|V=1.9&E=8ed&C=3x8rbc1AAv0DcX_-95p8XT6xXJwW22Xgp7dG-rKxQ8lwhWQDjLl_eQ&W=1|bing.com;atdmt.com|Wed, 14-Apr-2010 15:12:57 GMT||false"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"anon"="@fmt|A=EFDDC03B5ED816B0297D838CFFFFFFFF&E=89c&W=15|bing.com;atdmt.com|Tue, 02-Feb-2010 08:21:54 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\elysoung@vandals.uidaho.edu]
"nap"="@fmt|V=1.9&E=842&C=FdSWSyq9bOdS3E2m8RX1_ASSMUNipoSQPH3z2-0sJw2iWX7YwBerCQ&W=16|bing.com;atdmt.com|Sun, 25-Oct-2009 07:21:54 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"anon"="@fmt|A=60CD5E7F40A8E9A06C4D4658FFFFFFFF&E=8b4&W=15|bing.com;atdmt.com|Fri, 26-Feb-2010 12:04:44 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\IdentityCRL\UserExtendedProperties\twdleumber@hotmail.com]
"nap"="@fmt|V=1.9&E=85a&C=79cPJxTNUwBqUC1fMOCr3jlWmEXIC50nHDwJW--bKpKa1bO-qgZwwA&W=2|bing.com;atdmt.com|Wed, 18-Nov-2009 12:04:44 GMT|"
[HKEY_USERS\S-1-5-21-1959515732-1368181927-1497173536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\atdmt.com]

-= EOF =-

Thanks again for your valuable help.

theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com Redirect Back Again

Unread postby deltalima » July 7th, 2011, 4:00 am

Hi theglobal,

Please use the instructions here to remove OpenDNS and return the computer to use automatic settings.

As I noted before, now I can click on the Microsoft link, even though it has the atdmt in it, and I do not get the error message, but go to the desired webpage at Microsoft.


The logs look to be clean, let's do a final scan.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: view.atdmt.com Redirect Back Again

Unread postby theglobal » July 8th, 2011, 2:22 am

Hi deltalima,

I ran the scan until it appeared to hang up. Because it looks like it will take several hours, I will re-run again on Saturday so I can better monitor the scan.
Thanks,
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com Redirect Back Again

Unread postby deltalima » July 8th, 2011, 3:27 am

OK, thanks for letting me know.

Please post the log when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: view.atdmt.com Redirect Back Again

Unread postby theglobal » July 9th, 2011, 2:19 am

Hi deltalima,

Here's the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=eff9f570fe8ad141b15b0f1616bf216d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-08 06:11:22
# local_time=2011-07-08 12:11:22 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3589 16777213 100 84 26597 60674978 0 0
# compatibility_mode=5892 16776574 100 100 55300255 146706410 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=150122
# found=0
# cleaned=0
# scan_time=6600
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=eff9f570fe8ad141b15b0f1616bf216d
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-09 04:04:06
# local_time=2011-07-08 10:04:06 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3589 16777213 100 84 111857 60760238 0 0
# compatibility_mode=5892 16776574 100 100 55385515 146791670 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=4929
# found=0
# cleaned=0
# scan_time=103
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=eff9f570fe8ad141b15b0f1616bf216d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-09 06:13:27
# local_time=2011-07-09 12:13:27 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3589 16777213 100 84 112013 60760394 0 0
# compatibility_mode=5892 16776574 100 100 55385671 146791826 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=265238
# found=0
# cleaned=0
# scan_time=7708


Thanks,
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com Redirect Back Again

Unread postby deltalima » July 9th, 2011, 10:13 am

Hi theglobal,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Here are some additional utilities that will enhance your safety


Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: view.atdmt.com Redirect Back Again

Unread postby theglobal » July 10th, 2011, 11:41 am

Hi deltalima,

I cannot thank you enough for your help, and the help of your associates in making Malwareremoval.com possible, and especially to Chris for his vision and determination.

Cheers!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware