bloody "intervalhehehe virus"

A.T.R.1 · 13 December 2008 at 5:23PM

i am also another one to suffer with this damn thing.
i have just done the hijackthis,this is the file it gave me.can anyone help me with what to do next.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:24, on 13/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - !!1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - !!72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - !!1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\PROGRA~2\SONYER~1\SONYER~1\LIVEUP~1\LI STOF~1.DAT
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CameraManager] C:\Garmin\CAMERA~1.EXE
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - !!08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: !!56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: !!5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: !!8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O18 - Protocol: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnse rv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 13400 bytes

[EMAIL="abuse@moneysavingexpert.com?subject=Reporting post http://forums.moneysavingexpert.com/showpost.html?p=16710921"]

[/EMAIL]

Browntoa · 13 December 2008 at 5:31PM

fix these

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com

O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause

tick those items and fix selected

then reboot and follow the next post

Browntoa · 13 December 2008 at 5:32PM

Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

A.T.R.1 · 13 December 2008 at 6:30PM

this is the log file.

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6001 Service Pack 1
13/12/2008 17:27:50
mbam-log-2008-12-13 (17-27-50).txt
Scan type: Quick Scan
Objects scanned: 48578
Time elapsed: 6 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:

Browntoa · 13 December 2008 at 6:33PM

seeing it showed rogue antivirus I would follow this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

and post that log , and a fresh hijackthis log

A.T.R.1 · 13 December 2008 at 7:37PM

2008-12-02 17:10:20 A

348,160 C:\Qoobox\Quarantine\C\Windows\System32\LXDNinst.dll.vir
2008-12-02 17:16:47 A

348,160 C:\Qoobox\Quarantine\C\Windows\System32\lxdncoin.dll.vir
2008-12-13 17:48:34 A

54 C:\Qoobox\Quarantine\catchme.log
2008-12-13 17:57:54 A

4,813 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-12-13 18:01:47 A

0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-12-13 18:01:47 A

0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-12-13 18:01:47 A

0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-12-13 18:02:01 A

95 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-PMCRemote.reg.dat
2008-12-13 18:02:01 A

114 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-gStart.reg.dat
2008-12-13 18:02:01 A

123 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-CameraManager.reg.dat
2008-12-13 18:02:01 A

169 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-BitTorrent.reg.dat
2008-12-13 18:02:03 A

164 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-trioService.reg.dat
2008-12-13 18:02:03 A

195 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Adobe Photo Downloader.reg.dat
2008-12-13 18:02:03 A

232 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-BVRPLiveUpdate.reg.dat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:24, on 13/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - !!1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - !!72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - !!1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\PROGRA~2\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CameraManager] C:\Garmin\CAMERA~1.EXE
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - !!08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: !!56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: !!5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: !!8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229177018334&h=f2599c651e86da97b091d7122cdbf83e/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 13400 bytes

Reluctant_spender · 13 December 2008 at 7:49PM

Disable TeaTimer
Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes.
You can enable it again after you're clean.
Open Spybot and click on 'Mode' then click 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.

then.
Download HostsXpert.zip

Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
Double-click HostsXpert.exe to run the program.
Click "Make Hosts Writable?" in the upper left corner (Only If available).
Click "Restore Microsoft's Hosts file" and then click "OK".
Click the X to exit the program.

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

A.T.R.1 · 13 December 2008 at 8:19PM

a big thank you to everyone that gave advice.
i think its sorted,i seem to be able to get on my facebook(in english,this time,not chinese)and my google has come back,without the microsoft message.

Browntoa · 13 December 2008 at 8:27PM

you still need to sort out your hosts file as posted above the log shows these entries in it

O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com

A.T.R.1 · 13 December 2008 at 9:35PM

sorry for sounding a little thick,but,what do you mean."sort the files out"

Browntoa · 13 December 2008 at 9:46PM

post 7

Download HostsXpert.zip

Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
Double-click HostsXpert.exe to run the program.
Click "Make Hosts Writable?" in the upper left corner (Only If available).
Click "Restore Microsoft's Hosts file" and then click "OK".
Click the X to exit the program.

bloody "intervalhehehe virus"

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free