Help

[EvilUrges]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:42 PM, on 5/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7057 bytes

 

[Osiris]

Well whats wrong?

 

[EvilUrges]

Well when i run malwarebytes it came up clean. When i run microsoft essentials is finds nothing but when i ran spydoctor it finds rogueantispyware.xp antispyware every time and i cant get it off. this is a friends laptop so im trying to help him out.
would you like me to run your full scan? maybe get more info?

 

[Osiris]

Yes, but run combofix first and post its log

 

[EvilUrges]

ComboFix 10-05-01.04 - K-DILL 05/02/2010 8:55.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.336 [GMT -5:00]
Running from: f:\documents\Videos\ComboFix.exe
AV: General Antivirus *On-access scanning disabled* (Updated) {BD7397D8-F0E4-4B35-844B-D83450B0116B}
SP: General Antivirus *disabled* (Updated) {F467D744-D1DA-4CA7-BEEB-ADEF6B48D6DA}
.

((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 14:04 . 2010-05-02 14:05 -------- d-----w- c:\users\K-DILL\AppData\Local\temp
2010-05-02 14:04 . 2010-05-02 14:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-02 14:04 . 2010-05-02 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 03:17 . 2010-05-02 03:17 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-02 03:11 . 2010-05-02 03:11 -------- d-----w- c:\program files\Microsoft
2010-05-02 03:10 . 2010-05-02 03:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-02 02:51 . 2010-05-02 02:51 -------- d-----w- c:\program files\Trend Micro
2010-05-01 21:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 21:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 21:02 . 2010-05-01 21:02 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-01 20:12 . 2010-05-01 20:12 -------- d-----w- c:\programdata\XoftSpySE
2010-05-01 08:08 . 2010-05-01 08:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-01 08:05 . 2010-05-01 08:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-05-01 02:05 . 2010-05-01 02:05 -------- d-----w- c:\users\K-DILL\AppData\Local\Threat Expert
2010-05-01 01:35 . 2010-05-01 01:45 -------- d-----w- c:\windows\system32\catroot2
2010-05-01 01:19 . 2010-05-01 01:19 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-01 01:07 . 2010-05-01 01:11 35781 ----a-w- C:\BdUninstallTool2010.04.30-08.07.52.reg
2010-04-30 21:18 . 2010-05-01 00:57 -------- d-----w- c:\programdata\avg9
2010-04-29 22:02 . 2010-04-29 22:02 -------- d-----w- c:\users\K-DILL\AppData\Roaming\muvee Technologies
2010-04-29 22:02 . 2010-04-29 22:02 -------- d-----w- c:\programdata\muvee Technologies
2010-04-16 20:15 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-16 20:15 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-16 20:15 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-16 20:14 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-16 20:14 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 20:14 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-16 20:14 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-16 20:14 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-16 20:14 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 21:12 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 21:10 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-09 20:41 . 2010-04-09 20:41 -------- d-----w- c:\program files\iPod
2010-04-09 20:41 . 2010-04-09 20:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-09 20:41 . 2010-04-09 20:42 -------- d-----w- c:\program files\iTunes
2010-04-09 20:35 . 2010-04-09 20:36 -------- d-----w- c:\program files\QuickTime
2010-04-09 20:29 . 2010-04-09 20:29 -------- d-----w- c:\program files\Bonjour
2010-04-09 20:26 . 2010-04-09 20:26 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 03:45 . 2006-12-07 04:19 -------- d-----w- c:\programdata\Microsoft Help
2010-05-01 21:14 . 2010-03-04 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 13:46 . 2007-04-12 05:05 92584 ----a-w- c:\users\K-DILL\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-01 08:04 . 2006-12-07 04:17 -------- d-----w- c:\program files\Microsoft Works
2010-04-30 02:11 . 2010-03-04 21:42 -------- d-----w- c:\program files\CCleaner
2010-04-30 01:31 . 2006-12-07 04:51 -------- d-----w- c:\program files\Yahoo!
2010-04-30 01:30 . 2008-07-21 02:56 -------- d-----w- c:\programdata\Yahoo!
2010-04-30 01:30 . 2008-07-21 02:55 -------- d-----w- c:\users\K-DILL\AppData\Roaming\Yahoo!
2010-04-30 01:29 . 2006-12-07 04:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 01:22 . 2006-12-07 04:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-30 01:19 . 2006-12-07 04:05 -------- d-----w- c:\programdata\Symantec
2010-04-17 17:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-09 20:41 . 2007-12-24 00:19 -------- d-----w- c:\program files\Common Files\Apple
2010-04-07 16:45 . 2010-02-28 14:11 404 ----a-w- c:\users\K-DILL\AppData\Roaming\wklnhst.dat
2010-04-07 16:45 . 2010-01-17 16:40 -------- d-----w- c:\programdata\Lx_cats
2010-03-05 04:51 . 2010-02-27 15:51 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-05 02:49 . 2006-12-07 03:48 -------- d-----w- c:\program files\CONEXANT
2010-03-05 01:14 . 2010-03-05 01:14 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-05 01:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-05 01:14 . 2010-03-05 01:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-05 01:13 . 2010-03-05 01:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-05 01:08 . 2010-03-05 01:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 01:08 . 2006-12-07 05:11 -------- d-----w- c:\program files\Java
2010-03-05 00:50 . 2007-04-28 00:28 -------- d-----w- c:\program files\epson
2010-03-04 22:27 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-03-04 22:27 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-03-04 22:27 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-03-04 22:27 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-04 22:27 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-03-04 22:19 . 2010-03-04 22:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-04 21:24 . 2010-03-04 21:24 -------- d-----w- c:\users\K-DILL\AppData\Roaming\Malwarebytes
2010-03-04 21:24 . 2010-03-04 21:24 -------- d-----w- c:\programdata\Malwarebytes
2010-03-04 21:24 . 2010-03-04 21:23 -------- d-----w- c:\users\K-DILL\AppData\Roaming\U3
2010-03-04 21:23 . 2010-03-04 21:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-02-27 03:48 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-02-27 03:48 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-02-26 20:16 . 2010-02-26 20:16 331680 ----a-w- c:\programdata\SPLF849.tmp
2010-02-26 20:14 . 2010-02-26 20:14 331680 ----a-w- c:\programdata\SPL2BA6.tmp
2010-02-26 00:10 . 2010-02-26 00:10 1113364 ----a-w- c:\programdata\SPL90F9.tmp
2010-02-25 23:24 . 2010-02-25 23:24 1571602 ----a-w- c:\programdata\SPLC3DB.tmp
2010-02-25 23:03 . 2010-02-25 23:03 1571602 ----a-w- c:\programdata\SPL66AE.tmp
2010-02-25 21:54 . 2010-02-25 21:54 4929059 ----a-w- c:\programdata\SPL43AC.tmp
2010-02-25 21:51 . 2010-02-25 21:51 4927091 ----a-w- c:\programdata\SPLEFA1.tmp
2010-02-24 15:16 . 2010-01-01 02:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-02 23:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-02 23:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-02 23:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-02 23:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-10 01:19 . 2010-02-10 01:19 22372 ----a-w- c:\programdata\SPL3064.tmp
2010-02-10 01:14 . 2010-02-10 01:14 22372 ----a-w- c:\programdata\SPLE530.tmp
2010-02-10 01:04 . 2010-02-10 01:04 22372 ----a-w- c:\programdata\SPLC807.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-05 149280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040]
"lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2008-03-27 16040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

c:\users\K-DILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2006-12-6 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AVPath"="\\\\.\\root\\SecurityCenter:AntiVirusProduct.instanceGuid=\"{BD7397D8-F0E4-4B35-844B-D83450B0116B}\""
"ASPath"="\\\\.\\root\\SecurityCenter:AntiSpywareProduct.instanceGuid=\"{F467D744-D1DA-4CA7-BEEB-ADEF6B48D6DA}\""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):19,f2,41,f7,ea,bb,ca,01

S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [2008-02-27 594600]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [2009-04-28 94208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\HPCeeScheduleForK-DILL.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-12-07 00:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo!
FF - ProfilePath - c:\users\K-DILL\AppData\Roaming\Mozilla\Firefox\Profiles\yw0oq01d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-02 09:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-02 09:09:58
ComboFix-quarantined-files.txt 2010-05-02 14:09
ComboFix2.txt 2010-05-02 00:57
ComboFix3.txt 2010-05-01 02:01

Pre-Run: 42,968,526,848 bytes free
Post-Run: 42,941,968,384 bytes free

- - End Of File - - D408A35A115B516761E4C50B60D808CF

 

[Osiris]

Im gona call a False Positive on this one.

Both logs look fine and Combofix and malwarebytes will find the entry you are talking about but they didnt.

 

[EvilUrges]

So you think its okay?

 

[Osiris]

You should run CCleaner and Cleanup! and then super antispyware and see if it still shows up.