Maleware Defense

ComboFix 10-01-11.03 - Owner 01/12/2010 0:12.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.298 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
.

((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 04:27 . 2010-01-12 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-12 04:27 . 2010-01-12 04:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-12 04:19 . 2010-01-12 04:19 -------- d-----w- c:\program files\SpywareBlaster
2010-01-12 04:16 . 2010-01-12 04:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-12 04:16 . 2005-08-26 00:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-01-11 17:41 . 2010-01-12 03:46 -------- d-----w- c:\windows\system32\NtmsData
2010-01-11 15:10 . 2010-01-11 15:10 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-11 15:10 . 2010-01-11 15:10 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 04:22 . 2010-01-06 04:22 -------- d-----w- c:\program files\CCleaner
2010-01-06 03:58 . 2010-01-06 03:58 0 ----a-w- c:\windows\nsreg.dat
2010-01-06 03:58 . 2010-01-06 03:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-01-03 13:45 . 2010-01-11 14:00 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 16:47 . 2009-12-30 16:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-12-30 03:48 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 03:48 . 2010-01-11 14:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 03:48 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 03:48 . 2009-12-30 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 05:47 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-29 00:40 . 2009-12-29 00:40 -------- d-----w- c:\windows\EHome
2009-12-26 05:45 . 2009-12-26 18:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-12-26 05:45 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-26 05:36 . 2009-12-26 05:43 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 05:36 . 2009-12-26 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-26 05:36 . 2009-12-26 05:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-12-21 22:01 . 2009-12-21 22:01 16504 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 05:16 . 2009-10-05 03:50 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-01-11 15:11 . 2009-09-11 02:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 04:32 . 2009-09-11 02:52 -------- d-----w- c:\program files\McAfee
2009-12-29 23:29 . 2004-08-12 13:55 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-29 01:05 . 2009-09-11 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-29 01:05 . 2009-09-11 02:52 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-29 00:35 . 2009-09-18 00:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-26 18:00 . 2009-12-26 05:42 -------- d-----w- c:\program files\iTunes
2009-12-26 05:45 . 2009-12-26 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 05:43 . 2009-12-26 05:43 -------- d-----w- c:\program files\iPod
2009-12-26 05:42 . 2009-12-26 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-26 05:42 . 2009-12-26 05:42 -------- d-----w- c:\program files\Bonjour
2009-12-26 05:41 . 2009-12-26 05:39 -------- d-----w- c:\program files\QuickTime
2009-12-26 05:38 . 2009-12-26 05:38 -------- d-----w- c:\program files\Apple Software Update
2009-12-05 13:22 . 2009-09-11 02:50 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-05 13:10 . 2009-12-05 13:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-12-04 18:19 . 2009-09-11 03:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-19 04:25 . 2009-11-19 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-11-19 04:24 . 2009-11-19 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-11-19 04:24 . 2009-11-19 04:24 -------- d-----w- c:\program files\AIM
2009-11-19 04:24 . 2009-11-19 04:24 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-19 04:24 . 2009-11-19 04:24 -------- d-----w- c:\program files\Common Files\AOL
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-12 14:06 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-12 13:57 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-12 13:57 263552 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-31_05.56.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-12 03:46 . 2010-01-12 03:46 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-01-06 04:03 . 2010-01-06 04:03 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-01-01 04:34 . 2010-01-12 03:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-11 02:14 . 2009-12-31 05:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-11 02:14 . 2009-12-31 05:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-11 02:14 . 2010-01-12 03:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-11 02:14 . 2009-12-31 05:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-01 04:34 . 2010-01-12 03:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-01-11 15:11 . 2010-01-11 15:11 149280 c:\windows\system32\javaws.exe
- 2009-09-11 12:29 . 2009-07-25 09:23 149280 c:\windows\system32\javaws.exe
+ 2010-01-11 15:11 . 2010-01-11 15:11 145184 c:\windows\system32\javaw.exe
- 2009-09-11 12:29 . 2009-07-25 09:23 145184 c:\windows\system32\javaw.exe
+ 2010-01-11 15:11 . 2010-01-11 15:11 145184 c:\windows\system32\java.exe
- 2009-09-11 12:29 . 2009-07-25 09:23 145184 c:\windows\system32\java.exe
+ 2009-09-10 21:25 . 2010-01-11 17:41 107808 c:\windows\system32\FNTCACHE.DAT
- 2009-09-10 21:25 . 2009-12-21 14:24 107808 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-11 15:11 . 2010-01-11 15:11 537600 c:\windows\Installer\38e4a9.msi
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-28 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-28 289584]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-05 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-11 149280]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S3 FA101;NETGEAR FA101 USB Fast Ethernet Adapter;c:\windows\system32\drivers\FA101ND5.SYS [9/10/2009 9:18 PM 24555]
.
Contents of the 'Scheduled Tasks' folder

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-813497703-854245398-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 17:17]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-813497703-854245398-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 17:17]

2009-09-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-11 16:22]

2009-09-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-11 16:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xejwm5fu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 00:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-12 00:18:16
ComboFix-quarantined-files.txt 2010-01-12 05:18
ComboFix2.txt 2009-12-31 06:01

Pre-Run: 85,255,344,128 bytes free
Post-Run: 85,233,242,112 bytes free

- - End Of File - - 0E6E832FAC5383F18DD2F28C198BDCFA

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
*malware defense*
*malwaredefense*
mdefense.exe
mdext.dll
md.db
atapi*
atapi.*
*atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

==

Please open Notepad and paste the following text inside of it:

Click File > Save as
Save as fixDefense.reg
Save as type: All Files
Click Save.

Exit Notepad. Double-click on fixDefense.reg and confirm the prompts.

Restart your computer, and please post the SystemLook log in your next reply.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:36 on 12/01/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "*malware defense*"
No files found.

Searching for "*malwaredefense*"
No files found.

Searching for "mdefense.exe"
No files found.

Searching for "mdext.dll"
No files found.

Searching for "md.db"
No files found.

Searching for "atapi*"
C:\cmdcons\ATAPI.SY_ --a--- 49558 bytes [03:59 04/08/2004] [03:59 04/08/2004] 28541D14647BB58502D09D1CEAEE6684
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [06:00 31/12/2009] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 95360 bytes [13:55 12/08/2004] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [13:55 12/08/2004] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "atapi.*"
C:\cmdcons\ATAPI.SY_ --a--- 49558 bytes [03:59 04/08/2004] [03:59 04/08/2004] 28541D14647BB58502D09D1CEAEE6684
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [06:00 31/12/2009] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 95360 bytes [13:55 12/08/2004] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [13:55 12/08/2004] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "*atapi.sys"
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [06:00 31/12/2009] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 95360 bytes [13:55 12/08/2004] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [13:55 12/08/2004] [23:29 29/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

Please open SystemLook!

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :folderfind
*malwaredefense*
*malware defense*

:regfind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center /s

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:12 on 13/01/2010 by Owner (Administrator - Elevation successful)

========== folderfind ==========

Searching for "*malwaredefense*"
No folders found.

Searching for "*malware defense*"
No folders found.

========== regfind ==========

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center /s"
No data found.

-=End Of File=-

Odd.

Please open SystemLook!

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :regfind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:59 on 13/01/2010 by Owner (Administrator - Elevation successful)

========== regfind ==========

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
No data found.

-=End Of File=-

http://virusscan.jotti.org/en/scanresult/32b93f8bba66fd86f4f22b66d9b6efe8d3b2a7c2/a7c18b533fde84d8f9d6681a39a8eb5e97b812d1

Your computer is clean. Not sure what the deal is, but I cannot find anything.

If thats the case then I believe it is removed. I did a restart and now Windows Securty Center doesn't detect Malware Defense anymore

Thanks for the help

good