HijackThis v1.99.1
Scan saved at 10:02:55 PM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\svchost.exe
C:\WINDOWS\system32\v6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
c:\program files\internet explorer\iexplore.exe
J:\Programs\Not installed\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [nfqypli.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Dea\Local Settings\Application Data\nfqypli.dll",jiuiibe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlex.dll,startup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lqanedxq.dll",setvm
O4 - HKCU\..\Run: [Logitech SetPoint Event Manager (UNICODE)] C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - HKCU\..\Run: [AutoHotkey] C:\Program Files\AutoHotkey\AutoHotkey.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152814889250
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
HiJack log,
I have already run VundoFix and restarted. When I tried to start Combofix I was told there was a rootkit error, and not to try to run ComboFix again.