Well, if one product found something, scanning with another will not hurt. Please run this online scan: http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here - and if it looks like i'm bouncing you around a bit it is because i cannot see what wrote in those DNS entries, and why they were hidden. Are you still being redirected?

I searched about ten things and didn't get any redirects?

Here is the log from Panda:



Incident Status Location
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\MSIMG32.dll
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Me\Cookies\me@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Me\Cookies\me@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Me\Cookies\me@adrevolver[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Me\Cookies\me@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Me\Cookies\me@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Me\Cookies\me@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Me\Cookies\me@atwola[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Me\Cookies\me@bs.serving-sys[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Me\Cookies\me@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Me\Cookies\me@doubleclick[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Me\Cookies\me@linksynergy[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Me\Cookies\me@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Me\Cookies\me@mediaplex[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Me\Cookies\me@serving-sys[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Me\Cookies\me@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Me\Cookies\me@tribalfusion[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Me\Cookies\me@www.myaffiliateprogram[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Me\Cookies\me@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Me\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Me\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Me\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Me\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Growler, Panda came up clean [it did break a legitimate file in Smitfraudfix, so that won't run any more..], but there are a few reg entries in your sys that I would like to see - this batch file will write them to a file, c:\rq.txt. Could you please post it?
To run the batch file simply copy the text between the lines to a notepad and save it to your desktop as serverlist.bat
Just dclick the icon to run it - you will see a black window flash and that will be it done.
_________________________________________________________
reg query HKLM\SYSTEM\CurrentControlSet\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D} /s > c:\rq.txt
reg query HKLM\SYSTEM\CurrentControlSet\Services\{29210358-60B4-47B9-8EA9-3D2642170A7D} /s >> c:\rq.txt
reg query HKLM\SYSTEM\ControlSet003\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D} /s >> c:\rq.txt
reg query HKLM\SYSTEM\ControlSet003\Services\{29210358-60B4-47B9-8EA9-3D2642170A7D} /s >> c:\rq.txt
_________________________________________________________
...if i've made an error in the pathnames the file will most likely be empty; no harm will be done, but just tell me, ok? If you are not getting redirected now they are doing no harm in there....if they still exist.

I ran that batch file and the black screen flashed.

Not sure how I post that? It won't stay open to copy any of it?

Let me know and if there is anything else to do.

c:\rq.txt? It should hang around, it's only a text file....that is the one i want...

! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D}\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D}\Parameters\Tcpip
EnableDHCP REG_DWORD 0x1
IPAddress REG_MULTI_SZ 0.0.0.0\0\0
SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
DefaultGateway REG_MULTI_SZ \0
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D}\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{20689ED6-9A8C-480D-8D42-438F6CEA161D}\Parameters\Tcpip
EnableDHCP REG_DWORD 0x1
IPAddress REG_MULTI_SZ 0.0.0.0\0\0
SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
DefaultGateway REG_MULTI_SZ \0

ok, thanks, growler... it read the keys okay. I was trying to check whether these entries from a Smitfraudfix log were still there:
smitfraudfix:
HKLM\SYSTEM\CCS\Services\Tcpip\..\{20689ED6-9A8C-480D-8D42-438F6CEA161D}: DhcpNameServer=85.255.116.104,85.255.112.229
HKLM\SYSTEM\CCS\Services\Tcpip\..\{29210358-60B4-47B9-8EA9-3D2642170A7D}: DhcpNameServer=85.255.116.104,85.255.112.229
HKLM\SYSTEM\CS3\Services\Tcpip\..\{20689ED6-9A8C-480D-8D42-438F6CEA161D}: DhcpNameServer=85.255.116.104,85.255.112.229
HKLM\SYSTEM\CS3\Services\Tcpip\..\{29210358-60B4-47B9-8EA9-3D2642170A7D}: DhcpNameServer=85.255.116.104,85.255.112.229

..if they were i would have helped you delete them, but it appears they are gone. So I think you should be clean to go... come back if anything pops up again. I assume you have suffered no redirections since when you mentioned surfing was okay?

For some reason I just lost my program Limewire that I use for donwloading music? It said it was corrupt so I guess that is ok, I will remove all of it from my computer.


Thanks a lot for all the help.

I use emule... i have not seen any fake mp3 files there. Limewire put up plenty. Delete all your combofix, SMF files and tools and backups -next time you need them they will have been updated.
And just check that a new restore point is made.
Cheers, it's been fun.