I am having a problem removing Smitfraud.

Here is the log for Combofix.

"Owner" - 2007-07-07 13:00:59 - ComboFix 07-07-07.3 - Service Pack 2

C:\WINNT\system32\bgyjkylr.dll
C:\WINNT\system32\cgcxssld.dll
C:\WINNT\system32\pplhnkio.dll
C:\WINNT\system32\sachwtvq.dll
C:\WINNT\system32\syfesdym.dll
C:\WINNT\system32\vcguqunm.dll
C:\WINNT\system32\hjkkj.bak1
C:\WINNT\system32\hjkkj.bak2
C:\WINNT\system32\hjkkj.ini
C:\WINNT\system32\hjkkj.ini2
C:\WINNT\system32\hjkkj.tmp
C:\WINNT\system32\rlykjygb.ini
C:\WINNT\system32\dlssxcgc.ini
C:\WINNT\system32\mnuqugcv.ini
C:\WINNT\system32\hjkkj.bak1
C:\WINNT\system32\hjkkj.bak2
C:\WINNT\system32\hjkkj.ini
C:\WINNT\system32\hjkkj.ini2
C:\WINNT\system32\hjkkj.tmp
C:\WINNT\system32\hjkkj.bak1
C:\WINNT\system32\hjkkj.bak2
C:\WINNT\system32\hjkkj.ini
C:\WINNT\system32\hjkkj.ini2
C:\WINNT\system32\hjkkj.tmp
C:\WINNT\system32\jkkjh.dll
C:\WINNT\system32\byxwwur.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\Owner.\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\TTC.dll
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINNT\system32\drivers\core.cache.dsk
C:\WINNT\system32\drivers\core.sys
C:\WINNT\system32\drivers\fopn.sys
C:\WINNT\system32\o02PrEz
C:\WINNT\system32\o02PrEz\o02PrEz1065.exe
C:\WINNT\system32\win
C:\WINNT\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 13:00 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-07 11:33 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-07 11:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-06 19:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-01 22:47 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-07-01 22:44 129,784 --a------ C:\WINNT\system32\pxafs.dll
2007-07-01 22:44 <DIR> d-------- C:\Program Files\DivX
2007-07-01 19:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Smith Micro
2007-06-24 19:02 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-24 10:48 2,624 --a------ C:\WINNT\system32\jrldaich.exe
2007-06-24 10:45 4,672 --a------ C:\WINNT\system32\osrccfge.exe
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G4
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G3
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G2
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G1
2007-06-21 13:28 5,020 --a------ C:\WINNT\system32\ealregsnapshot1.reg
2007-06-21 13:28 <DIR> d-------- C:\ProgramData
2007-06-20 19:04 <DIR> d-------- C:\95d0cb7812ba5284635ceb2ab354
2007-06-10 14:13 <DIR> d-------- C:\Program Files\support.com
2007-06-10 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-06-07 16:41 93,872 --a------ C:\WINNT\system32\drivers\sscdmdm.sys
2007-06-07 16:41 8,272 --a------ C:\WINNT\system32\drivers\sscdmdfl.sys
2007-06-07 16:41 73,696 --a------ C:\WINNT\system32\drivers\sscdserd.sys
2007-06-07 16:41 6,176 --a------ C:\WINNT\system32\drivers\sscdcmnt.sys
2007-06-07 16:41 6,176 --a------ C:\WINNT\system32\drivers\sscdcm.sys
2007-06-07 16:41 58,352 --a------ C:\WINNT\system32\drivers\sscdbus.sys
2007-06-07 16:41 5,840 --a------ C:\WINNT\system32\drivers\sscdwhnt.sys
2007-06-07 16:41 5,840 --a------ C:\WINNT\system32\drivers\sscdwh.sys
2007-06-07 16:41 <DIR> d-------- C:\Program Files\Samsung
2007-06-07 16:39 <DIR> d-------- C:\Program Files\Sprint music manager
2007-06-07 16:37 <DIR> d-------- C:\WINNT\system32\LogFiles
2007-06-07 16:37 <DIR> d-------- C:\WINNT\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 15:50:51 -------- d-----w C:\Program Files\Viewpoint
2007-07-07 15:49:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 15:40:59 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-06-30 00:15:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 10:19:17 -------- d-----w C:\Program Files\GatInst
2007-06-24 20:19:58 1,086 ----a-w C:\WINNT\checkip.dat
2007-06-24 20:17:24 1,235 ----a-w C:\WINNT\ipconfig.dat
2007-06-24 01:31:19 -------- d-----w C:\Program Files\WildTangent
2007-06-24 01:29:45 -------- d-----w C:\Program Files\Yahoo! Games
2007-06-24 01:29:33 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-24 01:29:09 -------- d-----w C:\Program Files\Playboy - The Mansion
2007-06-24 01:21:10 -------- d-----w C:\Program Files\IrfanView
2007-06-24 01:20:16 -------- d-----w C:\Program Files\Gateway
2007-06-24 01:13:29 -------- d-----w C:\Program Files\Electronic Arts
2007-06-24 01:11:55 -------- d-----w C:\Program Files\Critical Seeker
2007-06-20 00:09:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-06-14 18:37:15 4,500 ----a-w C:\WINNT\mozver.dat
2007-06-10 19:14:21 -------- d-----w C:\Program Files\BroadJump
2007-06-09 02:56:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-06-07 21:43:18 -------- d-----w C:\Program Files\AIM6
2007-05-31 06:45:07 524,288 ----a-w C:\WINNT\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINNT\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINNT\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINNT\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINNT\system32\DivX.dll
2007-05-27 23:45:50 32,520 ----a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINNT\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINNT\system32\qt-dx331.dll
2007-04-23 00:15:24 118,520 ----a-w C:\WINNT\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ----a-w C:\WINNT\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINNT\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINNT\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINNT\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINNT\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINNT\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINNT\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINNT\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINNT\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINNT\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINNT\system32\DivXCodecUpdateChecker.exe
2007-04-20 16:32:05 4 ----a-w C:\WINNT\uccspecb.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ADBE2BD-80F9-45F8-9556-41FC23DB8E53}]
C:\WINNT\System32\ikmcib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
2005-08-02 13:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2003-09-06 11:31 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2003-12-04 18:22 103368 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-06-26 18:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-02-28 17:46]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 19:35]
"HiJackThis3"="WINDOWSUPDATER.EXE" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-25 14:08]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 17:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 17:56]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saie]
c:\winnt\system32\saie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhrmy]
C:\WINNT\Xhrmy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-06 03:13:01 C:\WINNT\tasks\AppleSoftwareUpdate.job
2004-03-04 04:45:00 C:\WINNT\tasks\ISP signup reminder 1.job
2004-03-12 04:15:00 C:\WINNT\tasks\ISP signup reminder 2.job
2004-03-17 04:45:00 C:\WINNT\tasks\ISP signup reminder 3.job
2007-07-07 17:11:11 C:\WINNT\tasks\MP Scheduled Scan.job
2007-07-07 01:34:30 C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
2007-07-07 16:18:57 C:\WINNT\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 13:12:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 13:15:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 13:15

--- E O F ---

Here is the log for Hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:27:41 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\lxczcoms.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {6ADBE2BD-80F9-45F8-9556-41FC23DB8E53} - C:\WINNT\System32\ikmcib.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v45/blockwerx/blockwerx.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://207.67.84.157/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119721970906
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple.com/TSWeb/msrdp.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcz_device - - C:\WINNT\system32\lxczcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 11086 bytes


Any help would be appreciated.

Thanks

Delete your current copy of combofix

Download the latest version of ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

"Owner" - 2007-07-07 13:58:31 - ComboFix 07-07-07.3 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 13:00 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-07 11:33 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-07 11:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-06 19:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-01 22:47 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-07-01 22:44 129,784 --a------ C:\WINNT\system32\pxafs.dll
2007-07-01 22:44 <DIR> d-------- C:\Program Files\DivX
2007-07-01 19:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Smith Micro
2007-06-24 19:02 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-24 10:48 2,624 --a------ C:\WINNT\system32\jrldaich.exe
2007-06-24 10:45 4,672 --a------ C:\WINNT\system32\osrccfge.exe
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G4
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G3
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G2
2007-06-23 19:10 <DIR> d-------- C:\WINNT\system32\G1
2007-06-21 13:28 5,020 --a------ C:\WINNT\system32\ealregsnapshot1.reg
2007-06-21 13:28 <DIR> d-------- C:\ProgramData
2007-06-20 19:04 <DIR> d-------- C:\95d0cb7812ba5284635ceb2ab354
2007-06-10 14:13 <DIR> d-------- C:\Program Files\support.com
2007-06-10 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-06-07 16:41 93,872 --a------ C:\WINNT\system32\drivers\sscdmdm.sys
2007-06-07 16:41 8,272 --a------ C:\WINNT\system32\drivers\sscdmdfl.sys
2007-06-07 16:41 73,696 --a------ C:\WINNT\system32\drivers\sscdserd.sys
2007-06-07 16:41 6,176 --a------ C:\WINNT\system32\drivers\sscdcmnt.sys
2007-06-07 16:41 6,176 --a------ C:\WINNT\system32\drivers\sscdcm.sys
2007-06-07 16:41 58,352 --a------ C:\WINNT\system32\drivers\sscdbus.sys
2007-06-07 16:41 5,840 --a------ C:\WINNT\system32\drivers\sscdwhnt.sys
2007-06-07 16:41 5,840 --a------ C:\WINNT\system32\drivers\sscdwh.sys
2007-06-07 16:41 <DIR> d-------- C:\Program Files\Samsung
2007-06-07 16:39 <DIR> d-------- C:\Program Files\Sprint music manager
2007-06-07 16:37 <DIR> d-------- C:\WINNT\system32\LogFiles
2007-06-07 16:37 <DIR> d-------- C:\WINNT\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 15:50:51 -------- d-----w C:\Program Files\Viewpoint
2007-07-07 15:49:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 15:40:59 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-06-30 00:15:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 10:19:17 -------- d-----w C:\Program Files\GatInst
2007-06-24 20:19:58 1,086 ----a-w C:\WINNT\checkip.dat
2007-06-24 20:17:24 1,235 ----a-w C:\WINNT\ipconfig.dat
2007-06-24 01:31:19 -------- d-----w C:\Program Files\WildTangent
2007-06-24 01:29:45 -------- d-----w C:\Program Files\Yahoo! Games
2007-06-24 01:29:33 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-24 01:29:09 -------- d-----w C:\Program Files\Playboy - The Mansion
2007-06-24 01:21:10 -------- d-----w C:\Program Files\IrfanView
2007-06-24 01:20:16 -------- d-----w C:\Program Files\Gateway
2007-06-24 01:13:29 -------- d-----w C:\Program Files\Electronic Arts
2007-06-24 01:11:55 -------- d-----w C:\Program Files\Critical Seeker
2007-06-20 00:09:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-06-14 18:37:15 4,500 ----a-w C:\WINNT\mozver.dat
2007-06-10 19:14:21 -------- d-----w C:\Program Files\BroadJump
2007-06-09 02:56:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-06-07 21:43:18 -------- d-----w C:\Program Files\AIM6
2007-05-31 06:45:07 524,288 ----a-w C:\WINNT\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINNT\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINNT\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINNT\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINNT\system32\DivX.dll
2007-05-27 23:45:50 32,520 ----a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINNT\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINNT\system32\qt-dx331.dll
2007-04-23 00:15:24 118,520 ----a-w C:\WINNT\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ----a-w C:\WINNT\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINNT\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINNT\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINNT\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINNT\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINNT\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINNT\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINNT\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINNT\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINNT\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINNT\system32\DivXCodecUpdateChecker.exe
2007-04-20 16:32:05 4 ----a-w C:\WINNT\uccspecb.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ADBE2BD-80F9-45F8-9556-41FC23DB8E53}]
C:\WINNT\System32\ikmcib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
2005-08-02 13:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2003-09-06 11:31 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2003-12-04 18:22 103368 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-06-26 18:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-02-28 17:46]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 19:35]
"HiJackThis3"="WINDOWSUPDATER.EXE" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-25 14:08]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 17:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 17:56]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saie]
c:\winnt\system32\saie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhrmy]
C:\WINNT\Xhrmy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe"

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-06 03:13:01 C:\WINNT\tasks\AppleSoftwareUpdate.job
2004-03-04 04:45:00 C:\WINNT\tasks\ISP signup reminder 1.job
2004-03-12 04:15:00 C:\WINNT\tasks\ISP signup reminder 2.job
2004-03-17 04:45:00 C:\WINNT\tasks\ISP signup reminder 3.job
2007-07-07 18:15:17 C:\WINNT\tasks\MP Scheduled Scan.job
2007-07-07 01:34:30 C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
2007-07-07 16:18:57 C:\WINNT\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 14:02:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 14:02:37
C:\ComboFix-quarantined-files.txt ... 2007-07-07 14:02
C:\ComboFix2.txt ... 2007-07-07 13:15

--- E O F ---

Open a new notepad window (Start>All programs>accessories>notepad)
Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard

Folder::
C:\WINNT\system32\G1
C:\WINNT\system32\G2
C:\WINNT\system32\G3
C:\WINNT\system32\G4
C:\Program Files\Web_Rebates


File::
C:\WINNT\system32\jrldaich.exe
C:\WINNT\system32\osrccfge.exe
C:\WINNT\System32\ikmcib.dll
c:\winnt\system32\saie.exe
C:\WINNT\Xhrmy.exe


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ADBE2BD-80F9-45F8-9556-41FC23DB8E53}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saie]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhrmy]

Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
Save it to the desktop as ComboFix-Do.txt
Now drag and drop ComboFix-Do.txt onto combofix.exe as in the picture below and follow the prompts:
http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif
When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

"Owner" - 2007-07-07 17:38:17 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\G1
C:\WINNT\system32\G1\wbb22.exe
C:\WINNT\system32\G2
C:\WINNT\system32\G2\wen2.exe
C:\WINNT\system32\G3
C:\WINNT\system32\G3\wr620.exe
C:\WINNT\system32\G4
C:\WINNT\system32\G4\mwspasrt83122.exe
C:\WINNT\system32\jrldaich.exe
C:\WINNT\system32\osrccfge.exe


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 13:00 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-07 11:33 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-07 11:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-06 19:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-01 22:47 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-07-01 22:44 129,784 --a------ C:\WINNT\system32\pxafs.dll
2007-07-01 22:44 <DIR> d-------- C:\Program Files\DivX
2007-07-01 19:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Smith Micro
2007-06-24 19:02 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-21 13:28 5,020 --a------ C:\WINNT\system32\ealregsnapshot1.reg
2007-06-21 13:28 <DIR> d-------- C:\ProgramData
2007-06-20 19:04 <DIR> d-------- C:\95d0cb7812ba5284635ceb2ab354
2007-06-10 14:13 <DIR> d-------- C:\Program Files\support.com
2007-06-10 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-06-07 16:41 93,872 --a------ C:\WINNT\system32\drivers\sscdmdm.sys
2007-06-07 16:41 8,272 --a------ C:\WINNT\system32\drivers\sscdmdfl.sys
2007-06-07 16:41 73,696 --a------ C:\WINNT\system32\drivers\sscdserd.sys
2007-06-07 16:41 6,176 --a------ C:\WINNT\system32\drivers\sscdcmnt.sys
2007-06-07 16:41 6,176 --a------ C:\WINNT\system32\drivers\sscdcm.sys
2007-06-07 16:41 58,352 --a------ C:\WINNT\system32\drivers\sscdbus.sys
2007-06-07 16:41 5,840 --a------ C:\WINNT\system32\drivers\sscdwhnt.sys
2007-06-07 16:41 5,840 --a------ C:\WINNT\system32\drivers\sscdwh.sys
2007-06-07 16:41 <DIR> d-------- C:\Program Files\Samsung
2007-06-07 16:39 <DIR> d-------- C:\Program Files\Sprint music manager
2007-06-07 16:37 <DIR> d-------- C:\WINNT\system32\LogFiles
2007-06-07 16:37 <DIR> d-------- C:\WINNT\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 15:50:51 -------- d-----w C:\Program Files\Viewpoint
2007-07-07 15:49:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 15:40:59 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-06-30 00:15:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 10:19:17 -------- d-----w C:\Program Files\GatInst
2007-06-24 20:19:58 1,086 ----a-w C:\WINNT\checkip.dat
2007-06-24 20:17:24 1,235 ----a-w C:\WINNT\ipconfig.dat
2007-06-24 01:31:19 -------- d-----w C:\Program Files\WildTangent
2007-06-24 01:29:45 -------- d-----w C:\Program Files\Yahoo! Games
2007-06-24 01:29:33 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-24 01:29:09 -------- d-----w C:\Program Files\Playboy - The Mansion
2007-06-24 01:21:10 -------- d-----w C:\Program Files\IrfanView
2007-06-24 01:20:16 -------- d-----w C:\Program Files\Gateway
2007-06-24 01:13:29 -------- d-----w C:\Program Files\Electronic Arts
2007-06-24 01:11:55 -------- d-----w C:\Program Files\Critical Seeker
2007-06-20 00:09:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-06-14 18:37:15 4,500 ----a-w C:\WINNT\mozver.dat
2007-06-10 19:14:21 -------- d-----w C:\Program Files\BroadJump
2007-06-09 02:56:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-06-07 21:43:18 -------- d-----w C:\Program Files\AIM6
2007-05-31 06:45:07 524,288 ----a-w C:\WINNT\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINNT\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINNT\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINNT\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINNT\system32\DivX.dll
2007-05-27 23:45:50 32,520 ----a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINNT\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINNT\system32\qt-dx331.dll
2007-04-23 00:15:24 118,520 ----a-w C:\WINNT\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ----a-w C:\WINNT\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINNT\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINNT\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINNT\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINNT\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINNT\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINNT\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINNT\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINNT\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINNT\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINNT\system32\DivXCodecUpdateChecker.exe
2007-04-20 16:32:05 4 ----a-w C:\WINNT\uccspecb.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
2005-08-02 13:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2003-09-06 11:31 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2003-12-04 18:22 103368 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-06-26 18:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-02-28 17:46]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 19:35]
"HiJackThis3"="WINDOWSUPDATER.EXE" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-25 14:08]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 17:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 17:56]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe"

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-06 03:13:01 C:\WINNT\tasks\AppleSoftwareUpdate.job
2004-03-04 04:45:00 C:\WINNT\tasks\ISP signup reminder 1.job
2004-03-12 04:15:00 C:\WINNT\tasks\ISP signup reminder 2.job
2004-03-17 04:45:00 C:\WINNT\tasks\ISP signup reminder 3.job
2007-07-07 18:15:17 C:\WINNT\tasks\MP Scheduled Scan.job
2007-07-07 01:34:30 C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
2007-07-07 20:18:18 C:\WINNT\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 17:41:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 17:41:32
C:\ComboFix-quarantined-files.txt ... 2007-07-07 17:41
C:\ComboFix2.txt ... 2007-07-07 14:02
C:\ComboFix3.txt ... 2007-07-07 13:15

--- E O F ---

Please post a new HijackThis log

robbibj, still with us?

Due to lack of a response to helper this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.