system
August 23, 2013, 2:12pm
1
When I go to C:\WINDOWS\system32\drivers\etc to chech HOSTS file, I open it with Notepad/Word/Notepad++ but it shows only as squares.
When I open with LibreOffice, the text is Chinese symbols, that translate into words not IP/addresses.
I turned off Spybot Hosts List, so the large list is one line now, but still Chinese.
I have Avast Free, Spybot, Malwarebytes, SuperAntiSpyware.
system
August 23, 2013, 2:14pm
2
I did every scan in safe mode and boot mode…All clean.
Pondus
August 23, 2013, 2:27pm
3
run OTL and attach diagnostic log… not copy and paste. http://forum.avast.com/index.php?topic=53253.0
you dont need SpyBoot and SAS when you have Malwarebytes …
system
August 23, 2013, 2:53pm
4
Scanning OTL now.
Also, I have Immunization on for Spybot, if that is possible cause.
Also, a symptom of possible malware is my Windows Firewall turns off the back on for only about 2 seconds when I reconnect to my Wireless network (this confirmed when I tested it multiple times), sometimes startup also. Any ideas why?
No it is not the immunisation at fault here
system
August 23, 2013, 3:02pm
6
OTL log too large to upload.
I thought it would be. Run this otl fix and then redo the scan please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
system
August 23, 2013, 3:13pm
8
OTL log still too large…530 KB.
system
August 23, 2013, 3:14pm
9
I could turn off Spybot Hosts, that will lower the KB. Should I do that?
Could you attach in two parts please
system
August 23, 2013, 3:16pm
11
When I try, it says the Unicode characters will be lost.
I will live with that for the moment… Is the host file without the Chinese characters now ?
system
August 23, 2013, 3:26pm
13
Here the OTL in 3 texts.
Yes, it now returned to english. I not know how that worked, but thank you.
But still have the Windows Firewall swtiching off/on 1 time when connecting to Wireless network. Not everytime but sometimes, started about 3 weeks ago. Any ideas?
Could you attach them please
Could you uninstall Spybot please before running this fix as it is returning the host file to the old one after OTL changes it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:OTL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
system
August 23, 2013, 4:31pm
17
I was reading my OTL, and it said ZeroAccess check. Am I infected with it?
========== ZeroAccess Check ==========
[2011/03/15 06:46:24 | 000,000,227 | RHS- | M] () – C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shdocvw.dll – [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = C:\WINDOWS\system32\wbem\fastprox.dll – [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
“” = C:\WINDOWS\system32\wbem\wbemess.dll – [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both
system
August 23, 2013, 4:50pm
18
Here OTL Quick scan, with clicked options “All Users” "LOP CHECK “Purity CHECK”.
If you need another without options, I will do it?
system
August 23, 2013, 4:58pm
19
Here OTL Quick scan, no options clicked (off "All Users, off “Check LOP”. off “Purity Check”)