Results 1 to 2 of 2

Thread: "Personal Security Program"

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    10

    Default "Personal Security Program"

    Hello,
    I am trying to help out a relative with a computer program. They have on their computer a program called Personal Security. I know this is a malware program, but do not know how to uninstall it. Some other issues with the computer are:
    1. I cannot run any .exe or antivirus programs. I have to run them in safemode because they will not load regular.
    2. GMER gets stuck on the atapi.sys file
    3. Internet redirects some (but not all sites).
    4. Norton Antivirus is out of date, so I would like to uninstall it and reinstall a better program.
    5. I ran Malwarebytes and Spybot and Hijack This already and have had no success in fixing the problem.

    I am only at my relatives house till Saturday night. I will appreciate any help in this matter.

  2. #2
    Junior Member
    Join Date
    Oct 2009
    Posts
    10

    Default

    I ran combo fix in Safe Mode with Networking. Here are the results of the logfile
    ComboFix 09-12-25.02 - Marian 12/25/2009 17:23:02.1.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.378 [GMT -5:00]
    Running from: c:\documents and settings\Marian\Desktop\programs\ComboFix.exe
    AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\PersonalSec
    c:\program files\PersonalSec\psecurity.exe
    c:\recycler\NPROTECT
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\MailSwitch.ocx
    c:\windows\system32\Data
    c:\windows\system32\dc801221-2dc0-8b1e-8e1d-500d4670b725.exe

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE


    ((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
    .

    2009-12-25 18:49 . 2009-12-25 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-25 18:49 . 2009-12-25 18:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-25 18:36 . 2009-12-25 18:36 -------- d-----w- c:\program files\Trend Micro
    2009-12-25 17:25 . 2009-12-25 17:25 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2009-12-25 17:03 . 2009-12-25 17:03 -------- d-----w- c:\documents and settings\Marian\Application Data\Malwarebytes
    2009-12-25 17:03 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-25 17:03 . 2009-12-25 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-25 17:03 . 2009-12-25 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-25 17:03 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-22 21:58 . 2009-12-22 21:58 -------- d-----w- c:\program files\Common Files\PersonalSecUninstall
    2009-12-10 01:21 . 2009-12-10 01:21 -------- d-----w- c:\program files\iPod
    2009-12-10 01:12 . 2009-12-10 01:13 -------- d-----w- c:\program files\QuickTime
    2009-12-07 02:26 . 2009-12-07 02:26 -------- d-----w- c:\windows\system32\scripting
    2009-12-07 02:26 . 2009-12-07 02:26 -------- d-----w- c:\windows\l2schemas
    2009-12-07 02:26 . 2009-12-07 02:26 -------- d-----w- c:\windows\system32\en
    2009-12-07 02:26 . 2009-12-07 02:26 -------- d-----w- c:\windows\system32\bits
    2009-12-02 21:26 . 2009-12-02 21:26 -------- d-----w- c:\program files\MSECache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-25 22:12 . 2005-11-19 08:15 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
    2009-12-25 22:12 . 2005-11-19 08:15 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
    2009-12-25 16:37 . 2009-06-21 20:21 -------- d-----w- c:\documents and settings\Marian\Application Data\FrostWire
    2009-12-25 16:37 . 2009-11-24 23:31 79488 ----a-w- c:\documents and settings\Marian\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-23 21:22 . 2006-01-13 21:45 -------- d-----w- c:\program files\Dl_cats
    2009-12-22 21:49 . 2005-11-21 04:00 -------- d-----w- c:\program files\Norton SystemWorks
    2009-12-18 21:06 . 2005-11-21 04:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-12-10 22:29 . 2008-06-10 17:29 56464 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-10 01:23 . 2007-11-11 02:52 -------- d-----w- c:\program files\iTunes
    2009-12-10 01:21 . 2007-09-10 21:47 -------- d-----w- c:\program files\Common Files\Apple
    2009-12-10 01:08 . 2009-12-10 01:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-12-10 01:06 . 2008-06-10 16:39 -------- d-----w- c:\program files\Safari
    2009-12-10 01:01 . 2009-12-10 01:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2009-12-07 02:31 . 2005-11-19 06:24 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
    2009-12-03 01:40 . 2005-11-19 06:54 72872 ----a-w- c:\documents and settings\Marian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-11 14:42 . 2006-08-23 19:20 1961720 ----a-w- c:\documents and settings\Marian\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-10-29 07:45 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2005-11-19 06:42 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-21 05:38 . 2005-11-19 06:42 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-20 16:20 . 2005-11-19 06:43 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2001-08-18 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2001-08-18 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2001-08-18 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
    2007-05-13 00:13 . 2007-05-13 00:13 46332 ----a-w- c:\program files\Fulcomer Award 015.jpg
    2006-08-05 01:28 . 2006-08-05 01:27 133120 ----a-w- c:\program files\Tibetan_test.pps
    2006-08-03 17:33 . 2006-08-03 17:33 92426 ----a-w- c:\program files\Silhouette.rm
    2006-07-30 22:05 . 2006-07-30 22:05 3790842 ----a-w- c:\program files\SmartStart.exe
    2005-12-24 20:44 . 2005-12-24 20:44 774144 ----a-w- c:\program files\RngInterstitial.dll
    2005-12-24 20:43 . 2005-12-24 20:43 482328 ----a-w- c:\program files\realarcade_ambient_stub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2002-07-02 24576]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-11-21 684032]
    "HostManager"="c:\program files\Common Files\AOL\1135779733\ee\AOLSoftware.exe" [2006-05-10 50760]
    "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
    "DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
    "DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
    "dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
    "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
    "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-06 26248]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "atapi"="c:\windows\Regedit.exe" [2008-04-14 146432]

    c:\documents and settings\Marian\Start Menu\Programs\Startup\
    TrueAssistant.lnk - c:\program files\TrueAssistant\TrueAssistant.exe [2005-4-2 372224]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Gateway\\HPA\\gwmenu.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1135779733\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1135779733\\ee\\aim6.exe"=
    "c:\\WINDOWS\\system32\\dlcdcoms.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [11/3/2005 10:08 PM 95832]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/6/2007 5:39 PM 24652]
    S3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/13/2009 12:27 PM 102448]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Search
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://comcast.oberon-media.com/online2/diner_dash/DinerDash.1.0.0.80.cab
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Aim6 - (no file)
    HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\ApcMain.exe
    HKCU-Run-PersonalSec - c:\program files\PersonalSec\psecurity.exe
    HKLM-RunOnce-ComboFix_Pre - c:\combofix\Res.bat
    AddRemove-Creative Driver - c:\windows\system32\ctdrvins
    AddRemove-dc801221-2dc0-8b1e-8e1d-500d4670b725 - c:\windows\system32\dc801221-2dc0-8b1e-8e1d-500d4670b725.exe
    AddRemove-PersonalSec - c:\program files\PersonalSec\psecurity.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-25 17:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(676)
    c:\windows\system32\l3codecx.acm

    - - - - - - - > 'explorer.exe'(1272)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2009-12-25 17:39:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-25 22:38

    Pre-Run: 170,007,560,192 bytes free
    Post-Run: 170,061,225,984 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - 503C8A1499112FA6E3C808C27E15CDC7


    I also ran Hijack this in Safe Mode with Networking

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:41:59 PM, on 12/25/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135779733\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [atapi] C:\WINDOWS\Regedit.exe /s "C:\ComboFix\SW_atapi.reg"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4773AC35-5EC9-4C86-82AA-78F3BE563194} (AtlBoxWordCtlAttrib Class) - http://playgames.comcast.net/online2...e/aquacade.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://comcast.oberon-media.com/onli...h.1.0.0.80.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9003 bytes
    ======================
    Edit
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Do NOT run 'FIXES' (ComboFix etc) without being asked
    Last edited by tashi; 2009-12-26 at 01:28. Reason: Moved from Spybot-S&D forum, provided link to malware forum FAQs

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •