Heres the Combo-Fix Log:
====================================================================================================
===
ComboFix 09-06-14.02 - Dave 06/16/2009 2:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2550 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\Combo-Fix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Seekapp
c:\program files\Seekapp
c:\windows\system32\drivers\MSIVXbrsunttkylqpqmowkjxlqhdlvrodlsmi.sys
c:\windows\system32\MSIVXemxaejxuiyvtftaqbiveklymypkyutmw.dll
c:\windows\system32\MSIVXondeqrduypuwprcrultpqgknbtrlvekx.dll
c:\program files\Seekapp\readme.html
c:\program files\Seekapp\seekapp.dll
c:\program files\Seekapp\uninstall.exe
c:\windows\system32\drivers\MSIVXbrsunttkylqpqmowkjxlqhdlvrodlsmi.sys
c:\windows\system32\mdm.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXemxaejxuiyvtftaqbiveklymypkyutmw.dll
c:\windows\system32\MSIVXondeqrduypuwprcrultpqgknbtrlvekx.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSIVXserv.sys
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 14:54 . 2009-05-26 03:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 14:54 . 2009-06-15 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 14:54 . 2009-06-15 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 14:54 . 2009-05-26 03:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 14:37 . 2009-06-15 14:56 -------- d-----w- c:\program files\Trend Micro
2009-06-15 13:32 . 2008-12-10 22:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-15 13:32 . 2009-04-03 01:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-15 13:32 . 2008-12-18 02:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-15 13:32 . 2009-06-15 16:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-15 13:32 . 2009-06-15 13:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-15 13:32 . 2008-12-10 01:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-15 13:32 . 2009-06-15 13:33 -------- d-----w- c:\program files\Spyware Doctor
2009-06-15 13:32 . 2009-06-15 13:32 -------- d-----w- c:\documents and settings\Dave\Application Data\PC Tools
2009-06-15 13:32 . 2009-06-15 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-14 14:47 . 2009-06-14 14:47 -------- d-----w- c:\program files\BlueRaTech
2009-06-14 11:11 . 2009-02-18 14:26 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-06-14 11:11 . 2009-06-14 11:11 10134 ----a-r- c:\documents and settings\Dave\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2009-06-14 11:11 . 2009-06-14 11:12 -------- d-----w- c:\program files\Common Files\Logishrd
2009-06-13 02:01 . 2009-04-22 09:13 98304 ----a-w- c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\uouau129.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-06-13 02:01 . 2009-04-22 09:13 77824 ----a-w- c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\uouau129.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-06-10 03:33 . 2009-06-10 03:33 -------- d-----w- c:\program files\iPod
2009-06-10 03:32 . 2009-06-10 03:33 -------- d-----w- c:\program files\iTunes
2009-06-10 03:32 . 2009-06-10 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 03:31 . 2009-06-10 03:31 -------- d-----w- c:\program files\QuickTime
2009-06-10 03:30 . 2009-06-05 01:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 03:28 . 2009-06-10 03:28 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-08 00:36 . 2009-06-08 00:36 -------- d-----w- c:\program files\Web Publish
2009-05-30 03:09 . 2009-05-30 04:03 -------- d-----w- C:\VideoOutput
2009-05-30 00:43 . 2007-04-12 04:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-05-30 00:43 . 2006-09-26 03:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-05-30 00:43 . 2009-05-30 00:44 -------- d-----w- c:\program files\Ultra Video Splitter
2009-05-30 00:23 . 2009-05-30 00:23 -------- d-----w- c:\program files\Easy Video Splitter
2009-05-28 10:45 . 2009-06-11 15:29 -------- d-----w- c:\program files\SpeedFan
2009-05-17 04:18 . 2009-05-17 04:18 -------- d-----w- c:\documents and settings\Dave\Application Data\vlc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 16:10 . 2009-01-09 14:42 -------- d-----w- c:\program files\PeerGuardian2
2009-06-15 15:59 . 2009-01-09 07:53 -------- d-----w- c:\documents and settings\Dave\Application Data\uTorrent
2009-06-15 11:33 . 2009-01-06 23:35 -------- d-----w- c:\program files\Steam
2009-06-14 11:12 . 2009-06-14 11:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-06-14 11:12 . 2009-01-07 00:45 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-14 11:11 . 2009-01-06 23:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 03:33 . 2009-02-22 13:17 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 03:31 . 2009-01-31 00:39 -------- d-----w- c:\program files\Bonjour
2009-06-08 00:22 . 2009-06-08 00:22 2678 ----a-w- c:\windows\java\Packages\Data\HR7ZR9F5.DAT
2009-06-08 00:22 . 2009-06-08 00:22 2678 ----a-w- c:\windows\java\Packages\Data\Z5JDBXRP.DAT
2009-06-08 00:22 . 2009-06-08 00:22 2678 ----a-w- c:\windows\java\Packages\Data\TV9FVHJX.DAT
2009-06-08 00:22 . 2009-06-08 00:22 2678 ----a-w- c:\windows\java\Packages\Data\42EYJRPV.DAT
2009-06-05 01:42 . 2009-02-22 13:17 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-26 06:42 . 2009-02-19 10:13 -------- d-----w- c:\program files\Xfire
2009-05-25 11:43 . 2009-02-19 10:13 -------- d-----w- c:\documents and settings\Dave\Application Data\Xfire
2009-05-24 02:10 . 2009-03-19 12:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-13 11:23 . 2009-05-13 04:54 -------- d-----w- c:\program files\CIRCLY5
2009-05-13 04:54 . 2009-05-13 04:54 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2009-05-12 21:47 . 2009-05-12 21:39 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-05-12 21:39 . 2009-05-12 21:39 -------- d-----w- c:\documents and settings\Dave\Application Data\Crayon Physics Deluxe
2009-05-10 14:12 . 2009-01-07 01:21 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-10 13:48 . 2009-01-07 01:21 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-10 00:39 . 2009-05-10 00:39 -------- d-----w- c:\program files\Hercules
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-04-29 04:56 . 2008-04-14 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-20 21:21 . 2009-04-20 12:32 -------- d-----w- c:\program files\Crysis Warhead
2009-04-20 21:21 . 2009-04-20 14:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-17 12:26 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 13:00 . 2009-01-06 23:17 49704 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 23:33 . 2009-03-29 23:33 157712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-26 07:04 . 2009-05-13 09:17 110592 ----a-w- c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\uouau129.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-03-19 06:32 . 2009-03-19 06:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 06:32 . 2009-01-17 04:59 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-07 08:30 . 2009-02-07 08:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-12-11 2245992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-07 30192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-03 1182088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-14 809488]
ThingToStickInStartUpFolder4AllUsers.lnk - c:\windows\regedit.exe [2008-4-14 146432]
UltraMon.lnk - c:\windows\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2009-1-10 29310]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 14:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Seekapp Service"=2 (0x2)
"SymSnapService"=3 (0x3)
"SgtSch2Svc"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\demaxy\\half-life blue shift\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tom clancy's h.a.w.x - demo\\HAWX.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/15/2009 11:32 PM 130936]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/15/2009 11:32 PM 348752]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [4/14/2008 10:00 PM 5120]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 8:22 PM 11776]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [1/7/2009 9:10 AM 93696]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2/16/2009 4:43 PM 109440]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 8:23 PM 3584]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/7/2009 6:30 PM 30192]
S3 hercspud;Hercules ® WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys [5/10/2009 10:39 AM 130176]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2/4/2009 5:43 PM 194304]
S4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
S4 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1558000]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PGFILTER
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-06-15 c:\windows\Tasks\ThingToStickInTasksFolder.job
- c:\documents and settings\All Users\Start Menu\Programs\Startup\ThingToStickInStartUpFolder4AllUsers.lnk [2009-02-18 10:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-16 02:09
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{20B04F2F-E5C2-8B05-479C-7086EEB9D5EE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfmdkgbholpbbejpakphmdcibficnfkhi"=hex:61,61,00,00
"bbfmdkgbholpbbejpanpikchboiakbilicin"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1408)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(4736)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\ASUS\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Canon\MultiPASS4\mpservic.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\UltraMon\UltraMon.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Logitech\SetPoint\LU\LuLnchr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2009-06-15 2:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-15 16:11
Pre-Run: 203,857,440,768 bytes free
Post-Run: 204,570,656,768 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
272 --- E O F --- 2009-06-14 06:27
====================================================================================================
====
And that got the HJT working as im sure u knew:
Heres the Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:27 AM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ThingToStickInStartUpFolder4AllUsers.lnk = C:\WINDOWS\regedit.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8673 bytes
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Thanks for your prompt reply and help.