Ok I ran ComboFix, here is the log file:
"Sean" - 2007-05-19 9:34:20 Service Pack 2
ComboFix 07-05.19.5.V - Running from: "C:\Program Files\Mozilla Firefox\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\cbxwtqo.dll
C:\WINDOWS\system32\cbxxwuu.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-19 ))))))))))))))))))))))))))))))))))
2007-05-18 22:37 <DIR> d-------- C:\VundoFix Backups
2007-05-17 09:17 <DIR> d-------- C:\Program Files\PC Cleanup
2007-05-17 00:04 <DIR> d-------- C:\!KillBox
2007-05-14 00:27 3,236 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-14 00:07 <DIR> d-------- C:\DOCUME~1\Sean\DoctorWeb
2007-05-13 10:02 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-05-12 12:21 11,264 --a------ C:\pvdsjfp.exe
2007-05-10 10:20 <DIR> d-------- C:\Program Files\SpeedFan
2007-04-28 15:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\eBay
2007-04-23 18:53 <DIR> d-------- C:\DOCUME~1\Sean\APPLIC~1\Ahead
2007-04-23 18:52 <DIR> d-------- C:\Program Files\Nero
2007-04-23 18:52 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-23 18:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-04-22 11:28 <DIR> d-------- C:\DOCUME~1\Sean\APPLIC~1\GameHouse
2007-04-22 11:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-04-22 11:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-04-22 10:20 <DIR> d-------- C:\DOCUME~1\Sean\APPLIC~1\uTorrent
2007-04-19 23:35 <DIR> d-------- C:\Program Files\LimeWire
2007-04-19 23:35 <DIR> d-------- C:\DOCUME~1\Sean\.limewire
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-19 16:35:37 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-05-17 18:18:23 -------- d-----w C:\DOCUME~1\Sean\APPLIC~1\U3
2007-05-08 02:39:22 -------- d--h--r C:\DOCUME~1\Sean\APPLIC~1\yahoo!
2007-04-22 18:55:43 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-04-10 20:18:13 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-10 18:33:19 -------- d-----w C:\Program Files\Everest Ultimate
2007-04-10 17:05:45 -------- d-----w C:\Program Files\hp deskjet 656c series
2007-04-04 15:32:05 -------- d-----w C:\Program Files\iTunes
2007-04-04 15:32:00 -------- d-----w C:\Program Files\iPod
2007-04-03 02:20:08 -------- d-----w C:\Program Files\SPSS 14
2007-04-03 02:19:03 336 ----a-w C:\WINDOWS\system32\lsprst7.dll
2007-03-17 18:55:27 0 ----a-w C:\WINDOWS\system32\ssprs.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-11 21:23:01 376 ----a-w C:\WINDOWS\mozregistry.dat
2007-03-11 21:22:32 -------- d-----w C:\Program Files\Hewlett-Packard
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 04:01:20 -------- d-----w C:\Program Files\QuickTime
2007-03-06 05:47:15 2,877 ----a-w C:\WINDOWS\system32\qwavecache.dat
2007-02-08 19:13:21 1,024 ----a-w C:\WINDOWS\system32\clauth2.dll
2007-02-08 19:13:21 1,024 ----a-w C:\WINDOWS\system32\clauth1.dll
2007-02-08 19:13:21 0 ----a-w C:\WINDOWS\system32\serauth2.dll
2007-02-08 19:13:21 0 ----a-w C:\WINDOWS\system32\serauth1.dll
2007-02-08 19:13:21 0 ----a-w C:\WINDOWS\system32\nsprs.dll
2007-02-08 19:11:47 1,025 ----a-w C:\WINDOWS\system32\sysprs7.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-03-20 14:39]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" []
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 C:\WINDOWS\system32\CTXFIHLP.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 13:42]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 14:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 04:00 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTXFIREG]
CTxfiReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
"C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]
rundll32.exe "C:\WINDOWS\system32\gikloggb.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
bthsvcs BthServ
QWAVE QWAVE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070519-065148-264
O2 - BHO: (no name) - {539825C7-49B2-404B-B930-058E06465B9D} - C:\WINDOWS\system32\iiiihfe.dll (file missing)
backup-20070519-065148-223
O2 - BHO: (no name) - {51719B3E-E540-4F94-A426-7FC0BFC44493} - C:\WINDOWS\system32\ddcyw.dll (file missing)
backup-20070517-161153-268
O2 - BHO: (no name) - {BCB39B4F-A0BD-4C67-B52D-3C116EC0A8C3} - C:\WINDOWS\system32\pmkhg.dll (file missing)
Contents of the 'Scheduled Tasks' folder
2007-05-16 15:23:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-04-28 01:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DELL-3GHZ-Sean).job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-05-19 09:36:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-05-19 9:38:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-19 09:38
--- E O F ---
