I was here a few weeks ago, with smitfraud, ssk, coolwwwsearch.

I just ran spybot and had one finding "deskbar". I clicked to fix items. Then I ran Adaware, and it had 9 findings, 4 of which were registry related. Here is that log:
ArchiveData(auto-quarantine- 2006-09-12 21-57-22.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[10]=Regkey : inetctls.inet
obj[11]=Regkey : inetctls.inet.1
obj[12]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop
obj[13]=Regkey : software\system
obj[14]=Regkey : software\system\sysuid

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : S-1-5-21-3574495015-3637309456-1543869909-1004\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=RegData : S-1-5-21-3574495015-3637309456-1543869909-1004\Software\Microsoft\Internet Explorer\Main "Start Page"

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[5]=IECache Entry : Cookie:jennifer@as-us.falkag.net/
obj[6]=IECache Entry : Cookie:jennifer@2o7.net/
obj[7]=IECache Entry : Cookie:jennifer@ads.pointroll.com/
obj[8]=IECache Entry : Cookie:jennifer@trafficmp.com/
obj[9]=IECache Entry : Cookie:jennifer@bluestreak.com/


Then I did a panda scan online, and had one finding...here is the log:[/B][/COLOR]


Incident Status Location

Adware:adware/ucmore Not disinfected Windows Registry


Finally, I ran HiJackThis....and here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 10:07:26 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Backup995\res\ntservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\ePad995\ePad995.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.164.78.109:4853
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ePad995.lnk = C:\Program Files\ePad995\ePad995.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Backup995 Automatic Backup - Unknown owner - C:\Program Files\Backup995\res\ntservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hello

Run SpyBot update, check for and fix any problems found, then check again this time get a results reports

Post a SpyBot results report.
Run SpyBot check for problems, when its finished right click and choose copy results
(not full report) to clipboard and past that back here please.


Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Thank you for the help.

I checked for updates on spybot, then ran it in safe mode. There were no problems found.

I then ran Combofix (log pasted in this message)

*UPDATE: The past couple of days I went thru and uninstalled a bunch of programs that I didn't need on this computer, and cleaned up all folders and files of all the extra junk that was unneccessary. I backed up all of my files and was thinking of just using the Recovery Disk and reformatting the hard drive. I've only had this computer a month, so I can do that without losing too much work. But maybe I am clean now?

Here is the combofix log.


Jennifer - 06-09-16 21:45:48.03 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Jennifer\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-16 to 2006-09-16 ))))))))))))))))))))))))))))))))))


2006-09-14 06:35 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2006-09-11 13:45 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-19 20:32 59,904 -ra------ C:\WINDOWS\system32\AoxSTIAp.exe
2006-08-19 20:32 59,904 -ra------ C:\WINDOWS\system32\AoxAMCap.exe
2006-08-19 20:32 21,124 -ra------ C:\WINDOWS\system32\aoxusd.dll
2006-08-16 23:38 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-08-16 23:38 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-08-16 23:38 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-08-16 23:38 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-08-16 23:38 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-08-16 23:38 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-08-16 23:38 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-08-16 23:38 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-08-16 21:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-16 21:14 249,856 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-16 21:47 -------- d-------- C:\Program Files\Prevx1
2006-09-15 09:40 -------- d-------- C:\Program Files\Yahoo!
2006-09-15 09:40 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-09-15 09:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-15 09:38 -------- d---s---- C:\Documents and Settings\Jennifer\Application Data\Microsoft
2006-09-15 09:38 -------- d-------- C:\Program Files\palmOne
2006-09-15 09:36 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Comcast
2006-09-15 09:34 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-15 09:11 -------- d-------- C:\Program Files\Google
2006-09-15 09:01 -------- d-------- C:\Program Files\Common Files
2006-09-15 09:01 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\COWON
2006-09-15 09:00 -------- d-------- C:\Program Files\GCDCreator
2006-09-15 08:59 -------- d-------- C:\Program Files\ePad995
2006-09-15 08:44 -------- d-------- C:\Program Files\pdf995
2006-09-15 08:44 -------- d-------- C:\Program Files\mIRC
2006-09-15 08:43 -------- d-------- C:\Program Files\PokerStars
2006-09-15 07:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-15 07:01 -------- d-------- C:\Program Files\Backup995
2006-09-15 06:29 -------- d-------- C:\Program Files\QuickTime
2006-09-15 06:29 -------- d-------- C:\Program Files\iTunes
2006-09-15 06:29 -------- d-------- C:\Program Files\Internet Explorer
2006-09-14 17:53 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-14 13:11 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Costco Photo Organizer
2006-09-14 13:02 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Google
2006-09-12 13:21 -------- d-------- C:\Program Files\CleanUp!
2006-09-10 08:13 -------- d-------- C:\Program Files\FreshDevices
2006-09-08 11:19 7552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2006-09-08 11:19 266112 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2006-09-08 11:19 18432 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2006-09-08 11:19 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-09-08 11:19 100864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2006-09-05 09:04 -------- d-------- C:\Program Files\Outlook Express
2006-09-05 09:04 -------- d-------- C:\Program Files\Messenger
2006-09-05 09:04 -------- d-------- C:\Program Files\Common Files\System
2006-08-24 11:55 13568 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
2006-08-24 09:27 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\AVG7
2006-08-24 08:02 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-23 22:39 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Windows Live Safety Center
2006-08-22 15:24 -------- d-------- C:\Program Files\Java
2006-08-21 20:57 -------- d-------- C:\Program Files\Common Files\Services
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 16:50 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Prevx
2006-08-18 23:41 -------- d-------- C:\Program Files\Windows Plus
2006-08-18 23:41 -------- d-------- C:\Program Files\Online Services
2006-08-18 23:28 -------- d-------- C:\Program Files\Trend Micro
2006-08-18 21:59 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-18 21:59 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-18 21:59 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-18 21:59 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-18 21:59 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-18 21:59 -------- d-------- C:\Program Files\Grisoft
2006-08-18 21:58 -------- d-------- C:\Program Files\Lavasoft
2006-08-18 21:58 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Lavasoft
2006-08-18 21:21 108032 --a------ C:\WINDOWS\system32\services.exe
2006-08-12 03:06 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Hamachi
2006-08-10 21:47 -------- d-------- C:\Program Files\Adobe
2006-08-08 11:10 10578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-08-07 13:08 -------- d-------- C:\Program Files\Common Files\Simple Star Shared
2006-08-04 12:18 613208 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-08-03 08:02 -------- d-------- C:\Program Files\Hand-Crafted Software
2006-08-02 22:00 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\CyberLink
2006-07-31 10:18 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Adobe
2006-07-27 15:48 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Sun
2006-07-27 15:46 -------- d-------- C:\Program Files\Common Files\Java
2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 20:54 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\pdf995
2006-07-26 18:59 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2006-07-26 18:59 118784 --a------ C:\WINDOWS\system32\pdfmona.dll
2006-07-26 18:55 -------- d-------- C:\Program Files\activePDF
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 22:58 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Yahoo!
2006-07-20 20:11 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Snapfish
2006-07-20 19:52 -------- d-------- C:\Program Files\Costco
2006-07-20 19:52 -------- d-------- C:\Program Files\Common Files\HP
2006-07-20 14:49 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Apple Computer
2006-07-20 14:47 -------- d-------- C:\Program Files\iPod
2006-07-19 00:06 -------- d-------- C:\Documents and Settings\Jennifer\Application Data\Arcsoft
2006-07-17 22:52 -------- d-------- C:\Program Files\InterActual
2006-06-21 22:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-21 22:06 1435648 --a------ C:\WINDOWS\system32\query.dll
2006-06-20 02:20 0 -rahs---- C:\MSDOS.SYS
2006-06-20 02:20 0 -rahs---- C:\IO.SYS
2006-06-20 02:20 0 --a------ C:\CONFIG.SYS
2006-06-20 02:20 0 --a------ C:\AUTOEXEC.BAT
2006-06-19 19:10 62 --a------ C:\Documents and Settings\Jennifer\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Comcast\\COMCAS~1\\data\\Xtras\\mssysmgr.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SkyTel"="SkyTel.EXE"
"RestoreIT!"="\"C:\\Program Files\\Phoenix Technologies\\cME\\RPro\\ XP\\VBPTASK.EXE\" VBStart"
"nwiz"="nwiz.exe /install"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Guard"="\"C:\\Program Files\\Phoenix Technologies\\cME\\Guard\\Guard.exe\" /background"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,62,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Sat 09/16/2006 21:49:02.09
ComboFix.txt
ComboFix2.txt

Looks fine

I suggest that you go submit each of the file's in this section one at a time
"Files Created from 2006-08-16 to 2006-09-16"
http://www.virustotal.com/flash/index_en.html
Let us know if any malware is found.

Thank you for the help. I checked all files and they all said "no virus found".

:bigthumb:

Thats great


Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

Surf safe

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Glad we could help, cheers.