Smitfraud-c.gp too many sites on google.. I am patient

Here is my issue. Whenever I search something up in Google I have a range of irrelevant sites I see over and over again...
The sites included: UK.FindStuff.com,kymon.org,uk.12finder.com, www.monstermarketplace.com and more...

I'm guessing that its the work of Smitfraud-c.gp

Just so you know what kind of virus protection software etc. I have...
Hijackthis, Malwarebytes, Zonealarm, Adaware 2008 and Spybot- search and destroy.

Here is what I've done so far.
1)Scanned with Malwarebytes and deleted 2 infected files found.(no idea if they relate to my problem)
2)Scanned with Adaware 2008 and no results.
3)Used Spybot- search and destroy and found tons of spyware (because i hadn't used for a long time) and the most suspicious was Smitfraud-c.gp


Now I can't find any more files using virus scanners etc. and i know 100% that something is up, because of the repeated sites appearing on Google (whenever i search). I have testing on a different PC and they don't come up there.

I would be grateful to the max if i got some help on how to sort this out...

I will give you any information if needed. Here is a Hijack this log if you need...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:49, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7647 bytes

 

Hi nitrolagy

Here is my issue: You opened three threads for the same issue. This only cramps up space and will not get you help earlier. Next time, open one thread only.

First, download CWShredder and run it.

Please go to this page: http://forums.afterdawn.com/thread_view.cfm/370698 and follow steps #3-6 only.

Now, please download Combofix.
With Combofix, at the download window, please rename it to Combo-fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Now, tell me how you're doing.

Best Regards

 

I'd like to make an update.
I believe it is an adaware called coolsearch that is creating the problem not smitfraud...
Let me make this clear again so that there is no confusion.
I have AVG and used it scan now and found coolsearch on my pc... I scanned a second time and coolsearch no longer comes up on scan however I can still notice that I get the same sites In my Google search results no matter what I search.

(Sorry about posting thrice. I accidentally hit the post reply too quickly the first time and wanted to change what i said the first time hoping I could delete my older post)

 

http://groups.google.com/group/Google_Web_Search_Help-Content/browse_thread/thread/d5b432d6a7039a83

Read that somone else has the same problem as me and has put it in different words. Although i don't think he knows he most probably has a virus/spyware/adaware.

 

Hey nitrolagy

Still, please follow my instructions exactly (please notice that I have changed it). And thanks for the update.

Best Regards

 

Here is the log as requested...

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 18:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-16 17:45 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-09-16 06:49 --------- d-----w C:\Program Files\Yahoo!
2008-09-16 06:48 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 06:48 --------- d-----w C:\Program Files\iriverter
2008-09-16 06:48 --------- d-----w C:\Program Files\Easy Video Downloader
2008-09-16 06:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 20:06 --------- d-----w C:\Documents and Settings\Mokrane 1\Application Data\Apple Computer
2008-09-13 17:13 24 ----a-w C:\Documents and Settings\Asif\jagex_runescape_preferences.dat
2008-09-12 18:26 2,665,350 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 13:08 --------- d-----w C:\Documents and Settings\Asif\Application Data\U3
2008-08-25 13:17 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2008-08-25 13:10 1,338,880 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-08-23 14:28 --------- d-----w C:\Documents and Settings\Asif\Application Data\LimeWire
2008-08-18 19:24 87,020 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-18 19:24 7,333,920 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-18 14:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Vso
2008-08-13 11:24 --------- d-----w C:\Program Files\Realtek
2008-08-13 11:03 --------- d-----w C:\Program Files\Tiscali
2008-08-12 07:42 98,304 ----a-w C:\WINDOWS\DUMP7f80.tmp
2008-08-12 07:38 98,304 ----a-w C:\WINDOWS\DUMP800e.tmp
2008-08-11 21:50 98,304 ----a-w C:\WINDOWS\DUMP68fb.tmp
2008-08-10 17:16 184 ----a-w C:\setuplog.exe
2008-08-10 17:12 98,304 ----a-w C:\WINDOWS\DUMP74a3.tmp
2008-08-10 14:52 --------- d-----w C:\Program Files\Tiscali Broadband
2008-08-10 14:03 98,304 ----a-w C:\WINDOWS\DUMP8608.tmp
2008-08-10 14:00 98,304 ----a-w C:\WINDOWS\DUMP85f8.tmp
2008-08-10 13:58 98,304 ----a-w C:\WINDOWS\DUMP87fd.tmp
2008-08-10 13:55 98,304 ----a-w C:\WINDOWS\DUMP7c83.tmp
2008-08-10 13:47 98,304 ----a-w C:\WINDOWS\DUMP80b9.tmp
2008-08-10 09:09 98,304 ----a-w C:\WINDOWS\DUMP780e.tmp
2008-08-10 09:05 98,304 ----a-w C:\WINDOWS\DUMP8481.tmp
2008-08-09 14:56 98,304 ----a-w C:\WINDOWS\DUMP829d.tmp
2008-08-09 08:56 98,304 ----a-w C:\WINDOWS\DUMP8b57.tmp
2008-08-08 12:55 98,304 ----a-w C:\WINDOWS\DUMP8145.tmp
2008-07-22 14:37 --------- d-----w C:\Program Files\Apex
2008-07-22 13:25 --------- d-----w C:\Documents and Settings\Asif\Application Data\Malwarebytes
2008-07-22 06:36 --------- d-----w C:\Documents and Settings\Mokrane 1\Application Data\Malwarebytes
2008-07-22 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 21:57 1,501,696 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-21 21:49 60,928 ----a-w C:\WINDOWS\system32\12.tmp
2008-07-19 20:51 --------- d-----w C:\Documents and Settings\Asif\Application Data\DNA
2008-07-19 15:58 1,460,224 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-17 20:50 --------- d-----w C:\Program Files\Java
2008-07-17 18:31 --------- d-----w C:\Documents and Settings\Asif\Application Data\Any Video Converter
2008-07-09 08:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 08:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-06 16:47 16,384 ----a-w C:\WINDOWS\system32\drwtsn.exe
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:36 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:36 147,968 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:32 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 15:25 47,360 ----a-w C:\Documents and Settings\Asif\Application Data\pcouffin.sys
2008-01-28 18:25 5,762 ----a-w C:\Program Files\install.log
2007-10-24 20:50 258 ----a-w C:\Documents and Settings\Asif\dat.bin
2001-01-10 11:23 162,304 ----a-w C:\WINDOWS\inf\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 135168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-09-12 144784]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2008-07-06 98304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-07-06 88584]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2008-09-12 57344]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-16 1235736]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-03 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Adil\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-02-03 3450608]

C:\Documents and Settings\Anissa\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-02-03 3450608]

C:\Documents and Settings\Mokrane\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-02-03 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-20 20:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MA101 Configuration Utility .lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA101 Configuration Utility .lnk
backup=C:\WINDOWS\pss\MA101 Configuration Utility .lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Accessories^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Asif\Start Menu\Programs\Accessories\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??????????????????????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??????????????????????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2008-09-12 19:20 57344 C:\Program Files\SlySoft\CloneCD\clonecdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2007-05-23 16:14 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-05 19:03 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\LogonStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-07-06 15:14 570664 C:\Program Files\Common Files\Nero\Lib\nerocheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2008-07-06 15:14 3100672 C:\Program Files\Nokia\Nokia Software Launcher\nslauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AVGEMS"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"vsmon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-16 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-16 231704]
S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS [1998-05-05 12128]
S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS [1999-02-23 17700]
S2 PV8630;PV8630 WDM Device Driver;C:\WINDOWS\system32\PV8630.sys [2000-07-05 17284]
S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 76260]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b6c003c-9a60-11dc-856e-fb338140a82e}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61b41c79-f524-11dc-a18a-4d6564696130}]
\Shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-BitTorrent DNA - C:\Program Files\DNA\btdna.exe
MSConfigStartUp-msavsc - C:\Program Files\Microsoft Security Adviser\msavsc.exe
MSConfigStartUp-msctrl - C:\Program Files\Microsoft Security Adviser\msctrl.exe
MSConfigStartUp-msfw - C:\Program Files\Microsoft Security Adviser\msfw.exe
MSConfigStartUp-msiemon - C:\Program Files\Microsoft Security Adviser\msiemon.exe
MSConfigStartUp-mssadv - C:\Program Files\Microsoft Security Adviser\msfw.exe
MSConfigStartUp-msscan - C:\Program Files\Microsoft Security Adviser\msscan.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Asif\Application Data\Mozilla\Firefox\Profiles\8kkto7i9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 16:55:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-17 16:56:32
ComboFix-quarantined-files.txt 2008-09-17 15:56:13

Pre-Run: 143,983,988,736 bytes free
Post-Run: 144,483,962,880 bytes free

321 --- E O F --- 2008-07-09 16:37:01





I would like to say thank you. I feel as though i just lifted a rock from my PC maybe even a few rocks.
I get normal search results in Google now and will update within 24hours if I get the virus/adaware/malware again as I have had experience of getting rid of it and receiving it again after scanning with AVG.
I would love to hug you even though I am not that kind of person to express my gratitude. However i can only say thank you online.
An extra icing on the cake would be to know how I got this but I can live without.
Again I would like o say thank you =D

 

Hey nitrolagy

You're welcome. And besides, you're the one doing the work. It's your effort that you have to thank.

However, before I can proceed, did you post the entire Combofix log?? It doesn't look complete to me.

Best Regards

 

I think it was the whole log... =S I can't find the log anymore so =S. Im not getting the virus again btw so Im happy =D.
Thanks again.

 

Sure nitrolagy. You're welcome. Are you sure you don't want more checkups to remove every trace of the malware?

Best Regards

 

I guess im fine... Im pretty sure its gone for sure now... Thanks.