Hi,
i'm new to all this but i suddently realised that i was getting redirected hosts in spybot scan : Microsoft.Windows.RedirectedHosts: [SBI $D69ACBE9] Redirected host (Redirected host, nothing done)
www.halifax-online.co.uk=62.172.43.131

Microsoft.Windows.RedirectedHosts: [SBI $57F28C67] Redirected host (Redirected host, nothing done)
online.lloydstsb.co.uk=193.34.231.34

Always got to do with my online banking !

I tried looking around on how to delete them but they come back all the time. I don't really know what they actually are as well.
Anyways, i did a full scan with Kaspersky and it found nothing. I also did a scan with malwarebytes anti-malware and it did find a few things that i deleted but upon reboot and scanning again with spybot, the re-directed hosts are back !
this is the log of what malwarebytes found :

Malwarebytes' Anti-Malware 1.23
Database version: 997
Windows 5.1.2600 Service Pack 3

09:51:47 27/07/2008
mbam-log-7-27-2008 (09-51-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 75683
Time elapsed: 36 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\setup.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\PHIL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp (Trojan.FakeAlert) -> No action taken.

Finaly after reading alot around here i dowloaded hijack this for the log here under. I hope i did everything right and please can you shine some light upon this for me, thank you very much, Phil.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:38, on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TweakMASTER\TMTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 209.87.179.221 www.lavasoft.com
O1 - Hosts: 70.42.249.31 www.trialpay.com
O1 - Hosts: 216.239.122.147 www.download.com
O1 - Hosts: 209.62.178.57 ad.uk.doubleclick.net
O1 - Hosts: 216.239.122.148 www.cnettv.com
O1 - Hosts: 216.239.122.142 www.cnet.com
O1 - Hosts: 216.239.122.60 software-files.download.com
O1 - Hosts: 216.239.116.65 bwp.download.com
O1 - Hosts: 209.225.0.103 servedby.advertising.com
O1 - Hosts: 80.77.246.42 www.dslzoneuk.net
O1 - Hosts: 216.92.240.34 www.file.net
O1 - Hosts: 209.68.25.184 www.neuber.com
O1 - Hosts: 208.69.152.105 www.siteadvisor.com
O1 - Hosts: 69.20.71.82 www.noadware.net
O1 - Hosts: 69.71.52.52 fetchback.com
O1 - Hosts: 72.32.20.57 livechat.boldchat.com
O1 - Hosts: 72.32.37.161 os.boldchat.com
O1 - Hosts: 209.34.241.244 www.myitforum.com
O1 - Hosts: 204.14.90.22 spywarewarrior.com
O1 - Hosts: 66.135.202.165 cgi.ebay.co.uk
O1 - Hosts: 66.211.160.198 promo.ebay.co.uk
O1 - Hosts: 72.52.220.46 www.ccleaner.com
O1 - Hosts: 74.53.121.85 www.filehippo.com
O1 - Hosts: 208.65.153.251 www.youtube.com
O1 - Hosts: 38.119.130.61 www.newgrounds.com
O1 - Hosts: 38.119.130.60 ads.newgrounds.com
O1 - Hosts: 83.245.99.12 www.juno.co.uk
O1 - Hosts: 83.138.174.196 server.lon.liveperson.net
O1 - Hosts: 81.21.75.32 www.foxtrotsurveys.co.uk
O1 - Hosts: 38.117.8.194 www.stopzilla.com
O1 - Hosts: 69.147.103.146 us.mc538.mail.yahoo.com
O1 - Hosts: 38.117.8.193 download.stopzilla.com
O1 - Hosts: 87.248.113.14 us.yahoo.com
O1 - Hosts: 87.248.112.8 uk.search.yahoo.com
O1 - Hosts: 87.248.115.233 uk.mc234.mail.yahoo.com
O1 - Hosts: 72.30.186.249 search.yahoo.com
O1 - Hosts: 66.249.16.230 www.aboutus.org
O1 - Hosts: 74.125.77.164 pagead2.googlesyndication.com
O1 - Hosts: 83.138.130.65 www.alwaker-q8.net
O1 - Hosts: 66.249.17.251 whois.domaintools.com
O1 - Hosts: 208.109.181.53 www.tprclan.net
O1 - Hosts: 208.109.181.53 www.tprclan.com
O1 - Hosts: 74.208.43.156 tpr.griefwatch.net
O1 - Hosts: 72.9.154.74 swbf.spacehostv2.info
O1 - Hosts: 80.77.246.42 www.samknows.com
O1 - Hosts: 87.194.212.134 www.adslnation.com
O1 - Hosts: 72.14.221.191 thehermesproject.blogspot.com
O1 - Hosts: 72.14.221.191 www.blogger.com
O1 - Hosts: 193.34.230.181 www.lloydstsb.com
O1 - Hosts: 193.34.230.181 help.lloydstsb.com
O1 - Hosts: 216.7.89.66 herfirstbigcock.com
O1 - Hosts: 216.7.89.66 www.herfirstbigcock.com
O1 - Hosts: 64.56.205.72 adultfriendfinder.com
O1 - Hosts: 82.129.34.171 secure.localbillinglimited.com
O1 - Hosts: 139.19.1.158 broadband.mpi-sws.mpg.de
O1 - Hosts: 157.22.245.20 www.doxpara.com
O1 - Hosts: 209.200.168.66 a675bc1cceda.toorrr.com
O1 - Hosts: 85.233.160.167 www.speedtest.bbmax.co.uk
O1 - Hosts: 89.238.64.39 www.spybot.info
O1 - Hosts: 89.238.64.41 forums.spybot.info
O1 - Hosts: 89.238.64.39 www.safer-networking.org
O1 - Hosts: 64.225.158.190 www.softpedia.com
O1 - Hosts: 65.54.139.245 msnia.login.live.com
O1 - Hosts: 212.135.93.146 bl116w.blu116.mail.live.com
O1 - Hosts: 65.203.229.43 view.atdmt.com
O1 - Hosts: 68.142.195.57 videogames.yahoo.com
O1 - Hosts: 212.100.250.8 survey.euro.confirmit.com
O1 - Hosts: 195.140.186.101 email.honda.co.uk
O1 - Hosts: 194.29.64.17 www.honda.co.uk
O1 - Hosts: 84.40.3.165 media.honda.co.uk
O1 - Hosts: 194.29.64.17 honda.co.uk
O1 - Hosts: 217.12.8.76 login.yahoo.com
O1 - Hosts: 68.142.241.73 edit.yahoo.com
O1 - Hosts: 62.212.89.51 www.satalogue.com
O1 - Hosts: 212.35.107.18 www.rtbfsat.be
O1 - Hosts: 212.35.107.19 old.rtbf.be
O1 - Hosts: 207.210.116.122 www.sesat.co.uk
O1 - Hosts: 192.215.101.9 www.getty.edu
O1 - Hosts: 78.109.163.223 www.locallife.co.uk
O1 - Hosts: 89.167.143.36 blog.wotsat.com
O1 - Hosts: 83.138.171.246 www.freesat.co.uk
O1 - Hosts: 212.43.221.34 www.connectedtv.eu
O1 - Hosts: 88.221.178.168 www.argos.co.uk
O1 - Hosts: 212.135.93.144 www.comet.co.uk
O1 - Hosts: 62.212.81.195 www.satcure.com
O1 - Hosts: 38.99.42.7 www.justin.tv
O1 - Hosts: 62.172.43.225 www.halifax.co.uk
O1 - Hosts: 212.140.245.21 credit-cards.halifax-online.co.uk
O1 - Hosts: 66.135.213.215 shop.ebay.co.uk
O1 - Hosts: 216.113.185.27 feedback.ebay.co.uk
O1 - Hosts: 88.221.179.190 www.trendsecure.com
O1 - Hosts: 85.12.57.107 www.kaspersky.com
O1 - Hosts: 217.199.165.239 lloydstsb.creativevirtual.com
O1 - Hosts: 67.55.104.20 www.besttechie.net
O1 - Hosts: 67.55.104.20 www.malwaresupport.com
O1 - Hosts: 193.34.231.34 online.lloydstsb.co.uk
O1 - Hosts: 62.172.43.131 www.halifax-online.co.uk
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TweakMASTER] "C:\Program Files\TweakMASTER\TMTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tesco] "C:\Program Files\Tesco Internet Phone\TescoIP.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1198924998734
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 13575 bytes