ALERT virus 'intervalhehehe' urgent help needed

i was downloading a programme called winrar and i believe i have got a virus or malaware not sure of difference. when i open the internet page it is in chinese and keeps flashing up 'intervalhehehe' I have run spybot and avast but still there. I need your help as the wife and kids are giving me hell please please please HELP

 

Wrong forum, try here :
>>> http://forums.afterdawn.com/forum_view.cfm/166

 

Hi sadfart

Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

Configuring Malwarebytes

• Click on the tab Settings.
• Make sure only these boxes are checked:

Code:

Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects

Updating Malwarebytes

• Click on the tab Update.
• Press the button Check for Updates
• Wait for Malwarebytes to be fully updated.

Scanning Time

• Click on the tab Scanner.
• Check Perform full scan and click on Scan
• Wait for the scan to complete, and then click on Show Results.
• Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

Post A Log

• A text box will pop up after the removal process is over. Post the contents of the text here.
• If no text box pops up, launch Malwarebytes, and click on the tab Logs.
• The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
• Post the log here.

Best Regards

 

thanks for your response i am not very technical but i will follow your instructions. with a bit of luck family communications will recommence and i won't be that stupid so and so for much longer.

 

Hi Cdavfrew,
Carried out your very clear instructions as above and i am now copying the log as requested. i have not tried to see if everything is working properly yet as i wanted to post the log just in case the computer froze on me - well it is a very cold day- please note i haven't lost my sense of humour- well u no wat they say if u don't laugh you will cry. thanks once again for all your help

Sadfart

 

sorry my heads turned i forgot to attach log

Malwarebytes' Anti-Malware 1.30
Database version: 1437
Windows 5.1.2600 Service Pack 2

11/30/2008 16:25:48
mbam-log-2008-11-30 (16-25-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 158543
Time elapsed: 33 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 152

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\VideoEgg\Loader\2364\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater\2663\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Updater\2663\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\dataCollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\murf\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.

 

Hi cdav,
I dont think the problem is resolved when i open mozila firfox i get chinese writing and when i open the internet explorer i get a message saying i have a virus and wants me to pay for software to resolve it. I understand this is the scam i.e. the buggers put a virus on and want you to pay to supposedly remove it but i presume if you paid up and downloaded there programme it would probably muck up the computer even more. I have copied below the message from firefox. I know i am areal pain but your help would be very much appreciated.

Sadfart

无法找到该页
您正在搜索的页面可能已经删除、更名或暂时不可用。

请尝试以下操作：

* 确保浏览器的地址栏中显示的网站地址的拼写和格式正确无误。
* 如果通过单击链接而到达了该网页，请与网站管理员联系，通知他们该链接的格式不正确。
* 单击后退按钮尝试另一个链接。

HTTP 错误 404 - 文件或目录未找到。
Internet 信息服务 (IIS)

技术信息（为技术支持人员提供）

* 转到 Microsoft 产品支持服务并搜索包括“HTTP”和“404”的标题。
* 打开“IIS 帮助”（可在 IIS 管理器 (inetmgr) 中访问），然后搜索标题为“网站设置”、“常规管理任务”和“关于自定义错误消息”的主题。

 

Hey sadfart

I understand Chinese and the chinese message you have is the common Internet Explorer error (i.e. This page cannot be found blah blah blah), which leads me to suspect that you are infected by Chinese malware, which has altered some of your settings.

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Save it to your Desktop.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.

• Run Combo-Fix.exe and follow the prompts.
• Accept the End-User License Agreement.
• Allow the Recovery Console to be installed.
• When you see the window below, click on Yes.

• When the Recovery Console has been installed, click on Yes to start the scan.


**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be fully completed.
• If it requires a reboot, please do so.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards

 

Malwarebytes' Anti-Malware 1.30
Database version: 1443
Windows 5.1.2600 Service Pack 3

01/12/2008 5:11:54 PM
mbam-log-2008-12-01 (17-11-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 106684
Time elapsed: 42 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\explore.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

 

Hey jojokimy

Please open a new thread for your problem, as your posting here might confused up this thread.

Best Regards

 

I just got rid of this virus by going to run entering C:\WINDOWS\SYSTEM32\DRIVERS\ETC

Then opening up the host file with notepad. I deleted the contents and replaced it with

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost



I then saved it and did a system restore and now all is cool. However I wouldn't do any banking or sensitive stuff for while. I've used so many diferent spyware progs and none have worked. So I will wait to see what happens with others who have had this crap

 

Hi Cdav,

sorry in the delay in getting back to you, i deleted a Rar file i found in the windows system file which was empty last night, i then rebooted the computer and ruddy thing wouldn't start again even in safe mode I was crying and thought tonight I would have to do a restore from the cd and lose everythjing. But hey presto when i turned the computer on tonight it opened, although i believe i still have the virus/trojan (whatever)because when i do a search on the internet explorer page it keeps going back to a page pretending to be from microsoft and looking for me to pay them money to download something or other that they state will fix the problem, this has been reported as a scam on some other sites i have been on.

Sorry for the above rant just wanted to give you an update on current position.
I have tried to do a system restore but the computer has refused permission to do this.
I have now followed your instructions and copied log below. I was not advised by computer that i needed to reboot, so i decided not to do so just in case it wouldn't start again and will leave it running until i hear from you.
I have also reactivated avast antivirus and firewall.

Thanks for all your help so far.

ComboFix 08-12-01.03 - murf 2008-12-02 20:19:21.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.148 [GMT 0:00]
Running from: c:\documents and settings\murf\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\msn.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\ipflr.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-11-30 15:45 . 2008-11-30 15:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 15:45 . 2008-11-30 15:45 <DIR> d-------- c:\documents and settings\murf\Application Data\Malwarebytes
2008-11-30 15:45 . 2008-11-30 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 15:45 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 15:45 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 20:38 . 2008-11-21 20:38 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-21 20:38 . 2008-11-21 20:38 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-21 20:38 . 2008-11-21 20:38 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-21 20:38 . 2008-11-21 20:38 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2004-08-01 23:08 25,456 ----a-w c:\program files\adupdmanager.xml
2004-06-24 00:03 4,040 ----a-w c:\program files\-dcch$v
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f3730ce0-582d-4b69-883c-613308706456}"= "c:\program files\bigmaq2\tbbig0.dll" [2008-11-24 1784856]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe1.dll" [2008-07-04 1569304]

[HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}]

[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
2008-07-04 17:40 1569304 --a------ c:\program files\thechatterbox.cc\tbthe1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3730ce0-582d-4b69-883c-613308706456}]
2008-11-24 20:52 1784856 --a------ c:\program files\bigmaq2\tbbig0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f3730ce0-582d-4b69-883c-613308706456}"= "c:\program files\bigmaq2\tbbig0.dll" [2008-11-24 1784856]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe1.dll" [2008-07-04 1569304]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F3730CE0-582D-4B69-883C-613308706456}"= "c:\program files\bigmaq2\tbbig0.dll" [2008-11-24 1784856]
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthe1.dll" [2008-07-04 1569304]

[HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}]

[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-04-13 18576936]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"avast!"="c:\avast4~2\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-12-18 180269]
"IW ControlCenter"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 836096]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"EPSON PictureMate"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE" [2003-10-10 99840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-08 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-04-28 82026]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-07-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\MSN6.EXE"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-04 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobiw.sys [2003-04-10 187392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFECP16.SYS [1998-08-18 52800]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 cdrdrv;Cdrdrv;c:\windows\system32\Drivers\Cdrdrv.sys [2002-12-13 64000]
S3 hmajeeq.sys;hmajeeq.sys;\??\c:\windows\System32\hmajeeq.sys []

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\MESSAGES\SDNotify.exe [2007-09-26 08:53]

2008-12-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-_{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
BHO-{} - (no file)
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKLM-Run-VTTimer - VTTimer.exe
HKLM-Run-I/O Controllers - svcnet.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\murf\Application Data\Mozilla\Firefox\Profiles\xytoy8qd.Default User\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1666617&SearchSource=3&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 20:20:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-02 20:21:07
ComboFix-quarantined-files.txt 2008-12-02 20:21:06

Pre-Run: 41,500,278,784 bytes free
Post-Run: 41,986,818,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

174 --- E O F --- 2008-12-01 18:45:58

 

Hi cdav,

just to let you know b4 i run combo fix i deleted firefox from my computer.

Best Regards

sadfart

 

Hey sadfart

How willing are you to download another software to scan your computer? I understand that disk space may be an issue, so it's your call.

Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.

Rename HijackThis(.exe) to scanner(.exe).

Next, run scanner(.exe). A window will pop up.

• Click on the button which says Main Menu, then Do a system scan and save a logfile.
• Please wait for the scan to be completed.
• After the scan has completed, a text window will pop up. Please post the contents of this window here.

This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.

NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.

Also, it's probably best to let your computer restart. Better to know now than later, right?

Best Regards

 

I ran HijackThis and it told me to delete all the stuff that was in the host file. However it does not replace it with what was in it before I infected my puter. It also comes up with other stuff that is not in the host file.

The worry for you is that you may not have a restore point anymore that is before the date you loaded the crap onto your machine.

Google "intervalhehehe host file" if you want a cleaer explanation of what to do.

I also downloaded the trial version of Kaspersky internet security which seemed to find a few threats that all the others missed

 

Hi to all.

I have the exact same problem of sadfart.I'm infected with 'intervalhehehe' which i downloaded with winrar as well.Same sympthoms and everything.i read the thread , downloaded combofix, ran it and gave me the log in a notepad form...what do i do next...really appiciate your help.. and if you could tell me, how dangerous is this virus?? this is the log

ComboFix 08-12-03.04 - Roberto 2008-12-04 14:25:02.1 - NTFSx86
Microsoft® Windows Vista&#8482; Home Premium 6.0.6000.0.1252.1.1033.18.864 [GMT 0:00]
Running from: c:\users\Roberto\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-12-04 12:36 . 2008-12-04 12:36 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-12-04 12:36 . 2008-12-04 12:36 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-12-04 12:36 . 2008-12-04 12:36 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-12-04 12:36 . 2008-12-04 12:36 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-12-04 12:35 . 2008-12-04 12:35 <DIR> d----c--- c:\users\All Users\avg8
2008-12-04 12:35 . 2008-12-04 12:35 <DIR> d----c--- c:\programdata\avg8
2008-12-04 12:35 . 2008-12-04 12:35 <DIR> d----c--- c:\program files\AVG
2008-12-04 12:23 . 2008-12-04 12:23 <DIR> d----c--- c:\program files\Opera
2008-12-04 12:16 . 2008-12-04 12:16 <DIR> d----c--- c:\program files\XviD
2008-12-04 12:15 . 2008-12-04 12:15 <DIR> d----c--- c:\program files\K-Lite Codec Pack
2008-12-04 12:15 . 2008-12-04 12:15 <DIR> d----c--- c:\program files\AC3Filter
2008-12-04 12:15 . 2003-08-19 09:20 180,224 --a------ c:\windows\System32\ac3filter.cpl
2008-12-04 11:11 . 2008-12-04 11:11 <DIR> dr---c--- c:\program files\Norton Support
2008-12-04 08:56 . 2008-12-04 11:05 <DIR> d-a--c--- c:\users\All Users\TEMP
2008-12-04 08:56 . 2008-12-04 11:05 <DIR> d-a--c--- c:\programdata\TEMP
2008-12-04 01:37 . 2008-12-04 09:51 <DIR> d----c--- c:\users\All Users\Symantec
2008-12-04 01:37 . 2008-12-04 09:51 <DIR> d----c--- c:\programdata\Symantec
2008-12-04 01:36 . 2008-12-04 01:36 <DIR> d-------- c:\windows\System32\drivers\NIS
2008-12-04 01:36 . 2008-12-04 01:36 <DIR> d----c--- c:\program files\Symantec
2008-12-04 01:36 . 2008-12-04 01:36 <DIR> d----c--- c:\program files\Norton Internet Security
2008-12-04 01:36 . 2008-12-04 09:51 <DIR> d----c--- c:\program files\Common Files\Symantec Shared
2008-12-04 01:36 . 2008-12-04 01:36 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-04 01:36 . 2008-12-04 01:36 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-12-04 01:36 . 2008-12-04 01:36 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-04 01:36 . 2008-12-04 01:36 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-12-04 01:32 . 2008-12-04 01:32 <DIR> d----c--- c:\users\All Users\NortonInstaller
2008-12-04 01:32 . 2008-12-04 01:36 <DIR> d----c--- c:\users\All Users\Norton
2008-12-04 01:32 . 2008-12-04 01:32 <DIR> d----c--- c:\programdata\NortonInstaller
2008-12-04 01:32 . 2008-12-04 01:36 <DIR> d----c--- c:\programdata\Norton
2008-12-04 01:32 . 2008-12-04 01:36 <DIR> d----c--- c:\program files\NortonInstaller
2008-12-04 01:28 . 2008-12-04 01:28 <DIR> d----c--- c:\users\All Users\Symantec Temporary Files
2008-12-04 01:28 . 2008-12-04 01:28 <DIR> d----c--- c:\programdata\Symantec Temporary Files
2008-12-04 00:50 . 2008-12-04 00:50 <DIR> d-------- c:\users\Roberto\AppData\Roaming\McAfee
2008-12-03 08:07 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 08:07 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 08:07 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 08:07 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 08:06 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 08:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 08:06 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 08:06 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 08:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-26 21:28 . 2008-11-26 21:28 <DIR> d-------- c:\users\Roberto\AppData\Roaming\NCH Software
2008-11-26 20:19 . 2008-11-26 20:19 <DIR> d----c--- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 20:19 . 2008-11-26 20:19 <DIR> d----c--- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 20:19 . 2008-11-26 20:19 <DIR> d----c--- c:\program files\iTunes
2008-11-26 20:19 . 2008-11-26 20:19 <DIR> d----c--- c:\program files\iPod
2008-11-26 19:09 . 2008-11-26 19:12 <DIR> d-------- c:\users\Roberto\AppData\Roaming\TigerPlayer
2008-11-26 19:07 . 2008-11-26 19:09 <DIR> d----c--- c:\program files\MpcStar
2008-11-26 18:33 . 2008-12-04 12:32 <DIR> d----c--- c:\users\Roberto\APPLICATIONS
2008-11-26 18:23 . 2008-12-04 12:18 <DIR> d----c--- c:\users\Roberto\FILMS
2008-11-26 17:27 . 2008-11-26 17:27 <DIR> d----c--- c:\program files\Dziobas Rar Player
2008-11-26 15:50 . 2008-11-26 15:52 <DIR> d----c--- C:\Netgear
2008-11-26 14:55 . 2008-12-04 11:38 <DIR> d----c--- C:\Downloads
2008-11-26 14:54 . 2008-11-26 14:54 <DIR> d----c--- c:\program files\BitComet
2008-11-26 13:31 . 2008-10-21 05:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 13:31 . 2008-08-28 03:22 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 13:31 . 2008-08-28 03:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 13:31 . 2008-08-28 03:22 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 13:31 . 2008-10-22 03:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 13:31 . 2008-10-22 03:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 13:31 . 2008-10-22 03:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 13:10 . 2008-11-26 20:17 <DIR> d----c--- c:\program files\QuickTime
2008-11-20 23:25 . 2008-11-20 23:25 <DIR> d----c--- c:\program files\DNA
2008-11-20 23:25 . 2008-11-20 23:25 <DIR> d----c--- c:\program files\BitTorrent
2008-11-20 23:24 . 2008-11-20 23:24 <DIR> d----c--- c:\program files\AskBarDis
2008-11-12 10:03 . 2008-09-10 03:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 10:03 . 2008-09-05 04:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:03 . 2008-08-26 01:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 10:03 . 2008-09-10 03:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 10:03 . 2008-09-05 04:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-07 14:23 . 2008-11-07 14:23 32,000 --a------ c:\windows\System32\drivers\usbaapl.sys
2008-11-04 19:06 . 2008-11-04 19:06 <DIR> d-------- c:\users\Guest\Bluetooth Software
2008-11-04 19:05 . 2008-11-04 19:05 <DIR> d-------- c:\users\Guest\AppData\Roaming\Roxio
2008-11-04 19:05 . 2008-11-04 19:05 <DIR> d--h----- c:\users\Guest\AppData\Roaming\GTek
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Videos
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Searches
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Saved Games
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Pictures
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Music
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Links
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Downloads
2008-11-04 19:04 . 2008-11-04 19:06 <DIR> dr------- c:\users\Guest\Documents
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> dr------- c:\users\Guest\Contacts
2008-11-04 19:04 . 2006-11-02 12:37 <DIR> d-------- c:\users\Guest\AppData\Roaming\Media Center Programs
2008-11-04 19:04 . 2008-11-04 19:04 <DIR> d--h----- c:\users\Guest\AppData
2008-11-04 19:04 . 2008-12-04 14:07 <DIR> d----c--- c:\users\Guest
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 09:15 --------- dc----w c:\programdata\McAfee
2008-11-28 20:35 --------- d-----w c:\users\Roberto\AppData\Roaming\LimeWire
2008-11-28 19:40 27,525 ----a-w c:\users\Roberto\AppData\Roaming\nvModes.dat
2008-11-26 23:41 --------- dc----w c:\programdata\NCH Swift Sound
2008-11-26 23:41 --------- dc----w c:\program files\NCH Swift Sound
2008-11-26 20:19 --------- dc----w c:\program files\Common Files\Apple
2008-11-26 20:17 --------- dc----w c:\programdata\Apple Computer
2008-11-26 17:47 --------- dc----w c:\program files\Common Files\Nero
2008-11-26 17:45 --------- dc----w c:\programdata\Nero
2008-11-23 16:07 --------- d-----w c:\users\Roberto\AppData\Roaming\skypePM
2008-11-23 01:05 --------- d-----w c:\users\Roberto\AppData\Roaming\Skype
2008-11-20 17:42 --------- d-----w c:\users\Roberto\AppData\Roaming\Apple Computer
2008-10-28 01:33 --------- dc----w c:\program files\LimeWire
2008-10-20 16:38 --------- dc----w c:\program files\Windows Live
2008-10-20 16:36 --------- dc----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-20 16:33 --------- dc----w c:\program files\Microsoft
2008-10-20 16:29 --------- dc----w c:\program files\Common Files\Windows Live
2008-10-16 21:49 --------- dc----w c:\programdata\CyberLink
2008-10-16 21:49 --------- d-----w c:\users\Roberto\AppData\Roaming\CyberLink
2008-10-16 02:12 --------- dc----w c:\program files\Windows Mail
2008-10-15 21:18 --------- d-----w c:\users\Roberto\AppData\Roaming\Camfrog
2008-10-15 21:17 --------- dc----w c:\program files\Camfrog
2008-10-13 13:02 28,672 ----a-w c:\windows\System32\ssconfig.exe
2008-10-13 13:02 180,224 ----a-w c:\windows\UninstallWSST.exe
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-19 21:38 56 -c-ha-w c:\users\All Users\ezsidmv.dat
2008-09-19 21:38 56 -c-ha-w c:\programdata\ezsidmv.dat
2008-09-18 14:41 753,664 ----a-w c:\windows\System32\NET11c32.dll
2008-09-18 14:41 2,777,088 ----a-w c:\windows\System32\NET11r32.dll
2008-09-18 14:36 61,224 -c--a-w c:\users\Roberto\GoToAssistDownloadHelper.exe
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-11 07:54 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-09-11 07:54 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-09-11 07:54 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-09-11 07:54 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-09-11 07:54 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-11 07:54 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-09-11 07:54 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-11 07:54 1,686,528 ----a-w c:\windows\System32\gameux.dll
2008-09-11 07:53 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-09-11 07:53 268,800 ----a-w c:\windows\System32\es.dll
2008-09-08 23:03 51,712 ----a-w c:\windows\System32\sirenacm.dll
2008-09-07 21:20 174 --sha-w c:\program files\desktop.ini
2008-09-07 20:36 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-09-07 20:36 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-09-07 20:36 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-09-07 20:36 272,896 ----a-w c:\windows\System32\polstore.dll
2008-09-07 20:35 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-09-07 20:35 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-09-07 20:35 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-09-07 20:35 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-09-07 20:35 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-09-07 20:35 299,008 ----a-w c:\windows\System32\wlansec.dll
2008-09-07 20:35 289,280 ----a-w c:\windows\System32\wlanmsm.dll
2008-09-07 20:35 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-09-07 20:35 2,923,520 ----a-w c:\windows\explorer.exe
2008-09-07 20:34 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-09-07 20:32 2,048 ----a-w c:\windows\System32\tzres.dll
2008-09-07 20:30 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-09-07 20:30 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-09-07 20:30 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-09-07 20:30 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2008-09-07 20:28 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-09-07 20:25 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-09-07 20:23 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-09-07 20:23 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-09-07 20:23 2,048 ----a-w c:\windows\System32\asferror.dll
2008-09-07 20:22 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-09-07 20:22 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-09-07 20:21 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-09-07 20:21 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-09-07 20:21 11,776 ----a-w c:\windows\System32\sbunattend.exe
2008-09-07 20:20 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-09-07 20:20 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-09-07 20:20 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-09-07 20:20 1,327,616 ----a-w c:\windows\System32\quartz.dll
2008-09-05 21:16 1,900,544 ----a-w c:\windows\System32\usbaaplrc.dll
2008-09-05 14:56 287,744 ----a-w c:\windows\WLXPGSS.SCR
2007-11-24 14:46 76 --sha-r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-24 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-09-20 1410344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-07 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-11-24 77824]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-24 1838592]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-04 1234712]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i263_32.drv
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
"vidc.XVID"= xvid.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D18116E7-8636-4DA0-AEB0-EE6D4263A8AF}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{BF9D1942-D4DE-4AB6-A744-7CD075A6CCA5}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{F0BAB53D-4597-41ED-BF80-06C715004BDF}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{540D9235-A6B6-4DCB-BC73-3364E323DECE}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{6212DBD9-43B7-4046-9DAB-038C75AD4634}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B72E65C2-6F63-4207-ABEF-7758D3E4B7BF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B78BC15C-2316-4EAF-BECE-759C5E5FA8AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D31238A5-0170-43F6-8507-EA9F6428BF60}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ECE65B30-FC2F-4896-937B-1BC168B0DE7A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9F46F2A6-F9FC-45C6-9903-F570D75E2C45}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{7E67C9E0-DFC9-4C7A-981A-DDA8B94DBFCA}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{C1295366-BB88-469A-AD4B-05A06C95DE32}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1CB37482-7508-4073-9C90-8D79E0B1F839}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{32C2A325-ACE6-485B-AEC4-A954A5D34081}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{6E5ACB26-0D7F-4FDE-B625-4E3207A3F860}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SYMEFA.SYS [2008-12-04 309296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-04 97928]
R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2008-12-04 255536]
R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys [2008-12-04 362544]
R1 IDSVix86;IDSVix86;\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081203.001\IDSvix86.sys [2008-12-04 289840]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-24 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-04 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-04 231704]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-12-04 69128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-11-24 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-04 99376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-11-24 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-11-24 7424]
R3 SYMNDISV;SYMNDISV;\??\c:\windows\system32\drivers\NIS\1001000.021\SYMNDISV.SYS [2008-12-04 40496]
S3 GoToAssist;GoToAssist;"c:\program files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [2008-09-18 16680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\autoRcd.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 14:31:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-04 14:41:44
ComboFix-quarantined-files.txt 2008-12-04 14:41:42

Pre-Run: 44,755,689,472 bytes free
Post-Run: 57,541,799,936 bytes free

319 --- E O F --- 2008-12-01 13:54:18

 

hey sadfart i think i just found the solution..i read on another forum what to do and it worked for me till now. i did the process 2 mins ago and the microsoft thing on the browser left .this is what i did:

Download HighJack this from the following link

http://www.download.com/Trend-Micro-Hija...

Then click install Highjack this

Click scan

Then check all of the following files with the check mark...After you have checked off all of these files hit FIX your problems should be solved. Mine were...a lot simpler than I thought it would be.

O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 204.16.197.121 www.asfvb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.3.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.657.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.34.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.45.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.asdv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvtrv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.g.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.msasern.com
O1 - Hosts: 61.157.217.210 www.antispy.com

 

Hi Bertumx,

Thanks for your post would be interested if you could forward details of the site that you got the result from. After all the shit i have been through i have turned into a doubting tomas. Although i have to say it seems like the easiest solution so far, except that hijack might b a problem as you will see below.

Hi Cdav,
Was trying to follow your instructions but made a horlicks of trying to rename hijack this to scanner and had no win zip to open it with. I then downloaded jzip and tried to unzip the file but when itried to rename it within jzip it wouldn't let me so i deleted it but i thinthink it may still be on computer somewhere. i feel like such a dimwit and you probably think to yourself what have i got involved with, but would like any advice you could give me at this time.

Regards
Safart.

ps. what do u think B's solution above do you think i should try it?

 

hi sadfart

so far it worked for me...ill try and forward the site for u...but whatever i wrote up there was copied and pasted from the site i told u about.......

regards...