HOSTS file in Chinese

When I go to C:\WINDOWS\system32\drivers\etc to chech HOSTS file, I open it with Notepad/Word/Notepad++ but it shows only as squares.

When I open with LibreOffice, the text is Chinese symbols, that translate into words not IP/addresses.

I turned off Spybot Hosts List, so the large list is one line now, but still Chinese.

I have Avast Free, Spybot, Malwarebytes, SuperAntiSpyware.

I did every scan in safe mode and boot mode…All clean.

run OTL and attach diagnostic log… not copy and paste. http://forum.avast.com/index.php?topic=53253.0

you dont need SpyBoot and SAS when you have Malwarebytes …

Scanning OTL now.

Also, I have Immunization on for Spybot, if that is possible cause.

Also, a symptom of possible malware is my Windows Firewall turns off the back on for only about 2 seconds when I reconnect to my Wireless network (this confirmed when I tested it multiple times), sometimes startup also. Any ideas why?

No it is not the immunisation at fault here

OTL log too large to upload.

I thought it would be. Run this otl fix and then redo the scan please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

OTL log still too large…530 KB.

I could turn off Spybot Hosts, that will lower the KB. Should I do that?

Could you attach in two parts please

When I try, it says the Unicode characters will be lost.

I will live with that for the moment… Is the host file without the Chinese characters now ?

Here the OTL in 3 texts.

Yes, it now returned to english. I not know how that worked, but thank you.

But still have the Windows Firewall swtiching off/on 1 time when connecting to Wireless network. Not everytime but sometimes, started about 3 weeks ago. Any ideas?

Could you attach them please :slight_smile:

Here.

Could you uninstall Spybot please before running this fix as it is returning the host file to the old one after OTL changes it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I was reading my OTL, and it said ZeroAccess check. Am I infected with it?

========== ZeroAccess Check ==========

[2011/03/15 06:46:24 | 000,000,227 | RHS- | M] () – C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shdocvw.dll – [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = C:\WINDOWS\system32\wbem\fastprox.dll – [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
“” = C:\WINDOWS\system32\wbem\wbemess.dll – [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both

Here OTL Quick scan, with clicked options “All Users” "LOP CHECK “Purity CHECK”.
If you need another without options, I will do it?

Here OTL Quick scan, no options clicked (off "All Users, off “Check LOP”. off “Purity Check”)

Here.