Remove Windows.RedirectHosts & ProtectionSuite

[jpfof7]

Acer Aspire One computer comes home from college with foolish child and multiple infections. OS is Windows XP Home Edition

I ran Spybot and Malwarebyte's tools but can't seem to remove the following:

Microsoft.Windows.redirectHosts
Fraud.WindowsProtectionSuite

Spybot and HJT both gave messages about not being able to edit the Hosts file.

I have attempted to follow your instructions regarding disabling Teatimer and running ERUNT.

The HJT log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:56 AM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\PLFSetI.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 88.198.247.67 google.ae
O1 - Hosts: 88.198.247.67 google.as
O1 - Hosts: 88.198.247.67 google.at
O1 - Hosts: 88.198.247.67 google.az
O1 - Hosts: 88.198.247.67 google.ba
O1 - Hosts: 88.198.247.67 google.be
O1 - Hosts: 88.198.247.67 google.bg
O1 - Hosts: 88.198.247.67 google.bs
O1 - Hosts: 88.198.247.67 google.ca
O1 - Hosts: 88.198.247.67 google.cd
O1 - Hosts: 88.198.247.67 google.com.gh
O1 - Hosts: 88.198.247.67 google.com.hk
O1 - Hosts: 88.198.247.67 google.com.jm
O1 - Hosts: 88.198.247.67 google.com.mx
O1 - Hosts: 88.198.247.67 google.com.my
O1 - Hosts: 88.198.247.67 google.com.na
O1 - Hosts: 88.198.247.67 google.com.nf
O1 - Hosts: 88.198.247.67 google.com.ng
O1 - Hosts: 88.198.247.67 google.ch
O1 - Hosts: 88.198.247.67 google.com.np
O1 - Hosts: 88.198.247.67 google.com.pr
O1 - Hosts: 88.198.247.67 google.com.qa
O1 - Hosts: 88.198.247.67 google.com.sg
O1 - Hosts: 88.198.247.67 google.com.tj
O1 - Hosts: 88.198.247.67 google.com.tw
O1 - Hosts: 88.198.247.67 google.dj
O1 - Hosts: 88.198.247.67 google.de
O1 - Hosts: 88.198.247.67 google.dk
O1 - Hosts: 88.198.247.67 google.dm
O1 - Hosts: 88.198.247.67 google.ee
O1 - Hosts: 88.198.247.67 google.fi
O1 - Hosts: 88.198.247.67 google.fm
O1 - Hosts: 88.198.247.67 google.fr
O1 - Hosts: 88.198.247.67 google.ge
O1 - Hosts: 88.198.247.67 google.gg
O1 - Hosts: 88.198.247.67 google.gm
O1 - Hosts: 88.198.247.67 google.gr
O1 - Hosts: 88.198.247.67 google.ht
O1 - Hosts: 88.198.247.67 google.ie
O1 - Hosts: 88.198.247.67 google.im
O1 - Hosts: 88.198.247.67 google.in
O1 - Hosts: 88.198.247.67 google.it
O1 - Hosts: 88.198.247.67 google.ki
O1 - Hosts: 88.198.247.67 google.la
O1 - Hosts: 88.198.247.67 google.li
O1 - Hosts: 88.198.247.67 google.lv
O1 - Hosts: 88.198.247.67 google.ma
O1 - Hosts: 88.198.247.67 google.ms
O1 - Hosts: 88.198.247.67 google.mu
O1 - Hosts: 88.198.247.67 google.mw
O1 - Hosts: 88.198.247.67 google.nl
O1 - Hosts: 88.198.247.67 google.no
O1 - Hosts: 88.198.247.67 google.nr
O1 - Hosts: 88.198.247.67 google.nu
O1 - Hosts: 88.198.247.67 google.pl
O1 - Hosts: 88.198.247.67 google.pn
O1 - Hosts: 88.198.247.67 google.pt
O1 - Hosts: 88.198.247.67 google.ro
O1 - Hosts: 88.198.247.67 google.ru
O1 - Hosts: 88.198.247.67 google.rw
O1 - Hosts: 88.198.247.67 google.sc
O1 - Hosts: 88.198.247.67 google.se
O1 - Hosts: 88.198.247.67 google.sh
O1 - Hosts: 88.198.247.67 google.si
O1 - Hosts: 88.198.247.67 google.sm
O1 - Hosts: 88.198.247.67 google.sn
O1 - Hosts: 88.198.247.67 google.st
O1 - Hosts: 88.198.247.67 google.tl
O1 - Hosts: 88.198.247.67 google.tm
O1 - Hosts: 88.198.247.67 google.tt
O1 - Hosts: 88.198.247.67 google.us
O1 - Hosts: 88.198.247.67 google.vu
O1 - Hosts: 88.198.247.67 google.ws
O1 - Hosts: 88.198.247.67 google.co.ck
O1 - Hosts: 88.198.247.67 google.co.id
O1 - Hosts: 88.198.247.67 google.co.il
O1 - Hosts: 88.198.247.67 google.co.in
O1 - Hosts: 88.198.247.67 google.co.jp
O1 - Hosts: 88.198.247.67 google.co.kr
O1 - Hosts: 88.198.247.67 google.co.ls
O1 - Hosts: 88.198.247.67 google.co.ma
O1 - Hosts: 88.198.247.67 google.co.nz
O1 - Hosts: 88.198.247.67 google.co.tz
O1 - Hosts: 88.198.247.67 google.co.ug
O1 - Hosts: 88.198.247.67 google.co.uk
O1 - Hosts: 88.198.247.67 google.co.za
O1 - Hosts: 88.198.247.67 google.co.zm
O1 - Hosts: 88.198.247.67 google.com
O1 - Hosts: 88.198.247.67 google.com.af
O1 - Hosts: 88.198.247.67 google.com.ag
O1 - Hosts: 88.198.247.67 google.com.ar
O1 - Hosts: 88.198.247.67 google.com.au
O1 - Hosts: 88.198.247.67 google.com.bn
O1 - Hosts: 88.198.247.67 google.com.br
O1 - Hosts: 88.198.247.67 google.com.by
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://lcwireless.scu.edu/auth/taweb.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12729 bytes

[Shaba]

Hi jpfof7

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, please post back a fresh HijackThis log.

[jpfof7]

Thank you for the reply. The computer is back at school so it will take a few days to complete this next step. I guess Spybot isn't considered anti-virus? Also, McAfee was loaded but the subscription expired. Curious it didn't seem to register.

[Shaba]

Spybot is antispyware and not antivirus.

OK, I wil wait

[jpfof7]

I installed virus software and ran scans. I have used Avira antivirus, Malbytes Malware, and Spybot. I still have the Windows.RedirectHosts and ProtectionSuite issues. Spybot continues to note as does HJT that the Hosts file can't be edited.

Sorry for the delay. I have the computer back so I can respond faster now.

Here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:24 AM, on 1/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PLFSetI.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 88.198.247.67 google.ae
O1 - Hosts: 88.198.247.67 google.as
O1 - Hosts: 88.198.247.67 google.at
O1 - Hosts: 88.198.247.67 google.az
O1 - Hosts: 88.198.247.67 google.ba
O1 - Hosts: 88.198.247.67 google.be
O1 - Hosts: 88.198.247.67 google.bg
O1 - Hosts: 88.198.247.67 google.bs
O1 - Hosts: 88.198.247.67 google.ca
O1 - Hosts: 88.198.247.67 google.cd
O1 - Hosts: 88.198.247.67 google.com.gh
O1 - Hosts: 88.198.247.67 google.com.hk
O1 - Hosts: 88.198.247.67 google.com.jm
O1 - Hosts: 88.198.247.67 google.com.mx
O1 - Hosts: 88.198.247.67 google.com.my
O1 - Hosts: 88.198.247.67 google.com.na
O1 - Hosts: 88.198.247.67 google.com.nf
O1 - Hosts: 88.198.247.67 google.com.ng
O1 - Hosts: 88.198.247.67 google.ch
O1 - Hosts: 88.198.247.67 google.com.np
O1 - Hosts: 88.198.247.67 google.com.pr
O1 - Hosts: 88.198.247.67 google.com.qa
O1 - Hosts: 88.198.247.67 google.com.sg
O1 - Hosts: 88.198.247.67 google.com.tj
O1 - Hosts: 88.198.247.67 google.com.tw
O1 - Hosts: 88.198.247.67 google.dj
O1 - Hosts: 88.198.247.67 google.de
O1 - Hosts: 88.198.247.67 google.dk
O1 - Hosts: 88.198.247.67 google.dm
O1 - Hosts: 88.198.247.67 google.ee
O1 - Hosts: 88.198.247.67 google.fi
O1 - Hosts: 88.198.247.67 google.fm
O1 - Hosts: 88.198.247.67 google.fr
O1 - Hosts: 88.198.247.67 google.ge
O1 - Hosts: 88.198.247.67 google.gg
O1 - Hosts: 88.198.247.67 google.gm
O1 - Hosts: 88.198.247.67 google.gr
O1 - Hosts: 88.198.247.67 google.ht
O1 - Hosts: 88.198.247.67 google.ie
O1 - Hosts: 88.198.247.67 google.im
O1 - Hosts: 88.198.247.67 google.in
O1 - Hosts: 88.198.247.67 google.it
O1 - Hosts: 88.198.247.67 google.ki
O1 - Hosts: 88.198.247.67 google.la
O1 - Hosts: 88.198.247.67 google.li
O1 - Hosts: 88.198.247.67 google.lv
O1 - Hosts: 88.198.247.67 google.ma
O1 - Hosts: 88.198.247.67 google.ms
O1 - Hosts: 88.198.247.67 google.mu
O1 - Hosts: 88.198.247.67 google.mw
O1 - Hosts: 88.198.247.67 google.nl
O1 - Hosts: 88.198.247.67 google.no
O1 - Hosts: 88.198.247.67 google.nr
O1 - Hosts: 88.198.247.67 google.nu
O1 - Hosts: 88.198.247.67 google.pl
O1 - Hosts: 88.198.247.67 google.pn
O1 - Hosts: 88.198.247.67 google.pt
O1 - Hosts: 88.198.247.67 google.ro
O1 - Hosts: 88.198.247.67 google.ru
O1 - Hosts: 88.198.247.67 google.rw
O1 - Hosts: 88.198.247.67 google.sc
O1 - Hosts: 88.198.247.67 google.se
O1 - Hosts: 88.198.247.67 google.sh
O1 - Hosts: 88.198.247.67 google.si
O1 - Hosts: 88.198.247.67 google.sm
O1 - Hosts: 88.198.247.67 google.sn
O1 - Hosts: 88.198.247.67 google.st
O1 - Hosts: 88.198.247.67 google.tl
O1 - Hosts: 88.198.247.67 google.tm
O1 - Hosts: 88.198.247.67 google.tt
O1 - Hosts: 88.198.247.67 google.us
O1 - Hosts: 88.198.247.67 google.vu
O1 - Hosts: 88.198.247.67 google.ws
O1 - Hosts: 88.198.247.67 google.co.ck
O1 - Hosts: 88.198.247.67 google.co.id
O1 - Hosts: 88.198.247.67 google.co.il
O1 - Hosts: 88.198.247.67 google.co.in
O1 - Hosts: 88.198.247.67 google.co.jp
O1 - Hosts: 88.198.247.67 google.co.kr
O1 - Hosts: 88.198.247.67 google.co.ls
O1 - Hosts: 88.198.247.67 google.co.ma
O1 - Hosts: 88.198.247.67 google.co.nz
O1 - Hosts: 88.198.247.67 google.co.tz
O1 - Hosts: 88.198.247.67 google.co.ug
O1 - Hosts: 88.198.247.67 google.co.uk
O1 - Hosts: 88.198.247.67 google.co.za
O1 - Hosts: 88.198.247.67 google.co.zm
O1 - Hosts: 88.198.247.67 google.com
O1 - Hosts: 88.198.247.67 google.com.af
O1 - Hosts: 88.198.247.67 google.com.ag
O1 - Hosts: 88.198.247.67 google.com.ar
O1 - Hosts: 88.198.247.67 google.com.au
O1 - Hosts: 88.198.247.67 google.com.bn
O1 - Hosts: 88.198.247.67 google.com.br
O1 - Hosts: 88.198.247.67 google.com.by
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\rsfNZBGrI.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://lcwireless.scu.edu/auth/taweb.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13251 bytes

[Shaba]

Download HostsXpert and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your desktop

• Click "Make Hosts Writable?" upper right corner (if available)
• Click "Restore Microsoft's Original Hosts File" and then click OK
• Close HostsXpert

Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually

Download at your desktop DDS from one of the links below:

Link 1
Link 2

• Double click the tool to run it.
• A black Screen will open, just read the contents and do nothing.
• When the tool finish it will open 2 reports.
• Copy/paste both reports back here and remove DDS from your desktop.

[jpfof7]

HostsXpert 4.3 doesn't provide a make hosts writeable option.

Also, I get the following message when trying to restore original hosts file:

ERROR: Cannot create file c:\WINDOWS\system32\DRIVERS\ETC\hosts

[jpfof7]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/16/2009 10:58:42 AM
System Uptime: 1/16/2010 9:19:06 AM (0 hours ago)

Motherboard: Acer | | Aspire one
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1324/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 124.86 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025022F&REV_1000\4&32214977&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025022F&REV_1000\4&32214977&0&0001
Service:

==== System Restore Points ===================

RP22: 10/16/2009 10:22:49 AM - Software Distribution Service 3.0
RP23: 10/17/2009 1:03:51 PM - System Checkpoint
RP24: 10/18/2009 12:40:29 AM - Software Distribution Service 3.0
RP25: 10/19/2009 10:33:01 AM - Software Distribution Service 3.0
RP26: 10/21/2009 5:20:07 PM - System Checkpoint
RP27: 10/22/2009 3:00:19 AM - Software Distribution Service 3.0
RP28: 10/23/2009 12:52:01 PM - System Checkpoint
RP29: 10/24/2009 8:07:06 PM - System Checkpoint
RP30: 10/25/2009 9:57:35 PM - System Checkpoint
RP31: 10/27/2009 5:56:02 PM - System Checkpoint
RP32: 10/28/2009 10:31:18 AM - Software Distribution Service 3.0
RP33: 10/29/2009 12:41:21 PM - System Checkpoint
RP34: 10/30/2009 4:17:08 PM - System Checkpoint
RP35: 11/1/2009 7:00:50 PM - System Checkpoint
RP36: 11/3/2009 3:04:41 PM - System Checkpoint
RP37: 11/4/2009 10:48:50 PM - Software Distribution Service 3.0
RP38: 11/6/2009 10:21:51 PM - System Checkpoint
RP39: 11/9/2009 1:05:34 PM - System Checkpoint
RP40: 11/10/2009 2:16:57 PM - Software Distribution Service 3.0
RP41: 11/11/2009 5:50:30 PM - System Checkpoint
RP42: 11/12/2009 9:10:36 PM - System Checkpoint
RP43: 11/15/2009 2:51:27 PM - System Checkpoint
RP44: 11/19/2009 10:58:30 AM - System Checkpoint
RP45: 11/20/2009 7:50:27 PM - System Checkpoint
RP46: 11/26/2009 8:12:43 PM - System Checkpoint
RP47: 11/27/2009 9:51:21 AM - Software Distribution Service 3.0
RP48: 11/28/2009 5:39:49 PM - System Checkpoint
RP49: 11/30/2009 10:34:59 PM - Software Distribution Service 3.0
RP50: 12/1/2009 8:42:16 PM - Installed Java(TM) 6 Update 16
RP51: 12/1/2009 8:43:25 PM - Installed OpenOffice.org 3.1
RP52: 12/3/2009 10:57:28 PM - Printer Driver Dell Laser Printer 5310n PS3 Installed
RP53: 12/5/2009 11:00:36 AM - System Checkpoint
RP54: 12/6/2009 4:42:19 PM - System Checkpoint
RP55: 12/8/2009 12:47:23 AM - System Checkpoint
RP56: 12/9/2009 12:19:33 PM - System Checkpoint
RP57: 12/10/2009 8:38:21 AM - Software Distribution Service 3.0
RP58: 12/12/2009 12:33:19 AM - System Checkpoint
RP59: 12/13/2009 10:24:50 AM - System Checkpoint
RP60: 12/14/2009 3:21:53 PM - System Checkpoint
RP61: 12/15/2009 7:40:42 PM - System Checkpoint
RP62: 12/17/2009 8:55:21 AM - System Checkpoint
RP63: 12/21/2009 6:23:00 PM - System Checkpoint
RP64: 12/23/2009 3:05:34 PM - System Checkpoint
RP65: 12/29/2009 11:00:48 PM - System Checkpoint
RP66: 12/31/2009 2:45:49 PM - System Checkpoint
RP67: 12/31/2009 3:10:17 PM - Removed Adobe Reader 9.
RP68: 12/31/2009 3:11:09 PM - Removed Compatibility Pack for the 2007 Office system
RP69: 12/31/2009 3:22:12 PM - Removed Microsoft Office Home and Student 2007 Trial
RP70: 12/31/2009 3:31:52 PM - Removed Realtek High Definition Audio Driver
RP71: 12/31/2009 3:32:42 PM - Removed Skype web features
RP72: 12/31/2009 3:33:19 PM - Removed Skype™ 4.1
RP73: 12/31/2009 3:35:11 PM - Removed Microsoft Works
RP74: 12/31/2009 3:36:17 PM - Removed Microsoft Office Suite Activation Assistant.
RP75: 12/31/2009 3:36:53 PM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
RP76: 12/31/2009 3:39:36 PM - Software Distribution Service 3.0
RP77: 1/1/2010 10:15:23 AM - Software Distribution Service 3.0
RP78: 1/2/2010 10:17:37 AM - System Checkpoint
RP79: 1/3/2010 2:25:28 PM - Removed Cisco NAC Agent .
RP80: 1/3/2010 2:26:05 PM - Installed Cisco NAC Agent .
RP81: 1/5/2010 9:19:46 PM - System Checkpoint
RP82: 1/6/2010 12:40:41 PM - Installed AVG Free 8.5
RP83: 1/7/2010 8:58:14 AM - Avg8 Update
RP84: 1/7/2010 8:59:33 AM - Avg8 Update
RP85: 1/8/2010 1:15:20 PM - Removed Acrobat.com
RP86: 1/9/2010 4:16:57 PM - System Checkpoint
RP87: 1/10/2010 6:42:40 PM - System Checkpoint
RP88: 1/11/2010 9:06:50 PM - System Checkpoint
RP89: 1/12/2010 4:24:49 PM - Removed AVG Free 8.5
RP90: 1/12/2010 4:25:43 PM - Installed AVG Free 8.5
RP91: 1/12/2010 4:27:09 PM - Removed Acer VCM
RP92: 1/12/2010 10:47:43 PM - Avira AntiVir Personal - 1/12/2010 22:47
RP93: 1/13/2010 3:00:20 AM - Software Distribution Service 3.0
RP94: 1/14/2010 7:48:24 AM - Software Distribution Service 3.0
RP95: 1/15/2010 7:51:19 PM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 67.215.245.21 www.google-analytics.com
Hosts: 88.198.247.67 google.ae
Hosts: 88.198.247.67 google.as
Hosts: 88.198.247.67 google.at
Hosts: 88.198.247.67 google.az
Hosts: 88.198.247.67 google.ba
Hosts: 88.198.247.67 google.be
Hosts: 88.198.247.67 google.bg
Hosts: 88.198.247.67 google.bs
Hosts: 88.198.247.67 google.ca
Hosts: 88.198.247.67 google.cd
Hosts: 88.198.247.67 google.com.gh
Hosts: 88.198.247.67 google.com.hk
Hosts: 88.198.247.67 google.com.jm
Hosts: 88.198.247.67 google.com.mx
Hosts: 88.198.247.67 google.com.my
Hosts: 88.198.247.67 google.com.na
Hosts: 88.198.247.67 google.com.nf
Hosts: 88.198.247.67 google.com.ng
Hosts: 88.198.247.67 google.ch
Hosts: 88.198.247.67 google.com.np
Hosts: 88.198.247.67 google.com.pr
Hosts: 88.198.247.67 google.com.qa
Hosts: 88.198.247.67 google.com.sg
Hosts: 88.198.247.67 google.com.tj
Hosts: 88.198.247.67 google.com.tw
Hosts: 88.198.247.67 google.dj
Hosts: 88.198.247.67 google.de
Hosts: 88.198.247.67 google.dk
Hosts: 88.198.247.67 google.dm
Hosts: 88.198.247.67 google.ee
Hosts: 88.198.247.67 google.fi
Hosts: 88.198.247.67 google.fm
Hosts: 88.198.247.67 google.fr
Hosts: 88.198.247.67 google.ge
Hosts: 88.198.247.67 google.gg
Hosts: 88.198.247.67 google.gm
Hosts: 88.198.247.67 google.gr
Hosts: 88.198.247.67 google.ht
Hosts: 88.198.247.67 google.ie
Hosts: 88.198.247.67 google.im
Hosts: 88.198.247.67 google.in
Hosts: 88.198.247.67 google.it
Hosts: 88.198.247.67 google.ki
Hosts: 88.198.247.67 google.la
Hosts: 88.198.247.67 google.li
Hosts: 88.198.247.67 google.lv
Hosts: 88.198.247.67 google.ma
Hosts: 88.198.247.67 google.ms
Hosts: 88.198.247.67 google.mu
Hosts: 88.198.247.67 google.mw
Hosts: 88.198.247.67 google.nl
Hosts: 88.198.247.67 google.no
Hosts: 88.198.247.67 google.nr
Hosts: 88.198.247.67 google.nu
Hosts: 88.198.247.67 google.pl
Hosts: 88.198.247.67 google.pn
Hosts: 88.198.247.67 google.pt
Hosts: 88.198.247.67 google.ro
Hosts: 88.198.247.67 google.ru
Hosts: 88.198.247.67 google.rw
Hosts: 88.198.247.67 google.sc
Hosts: 88.198.247.67 google.se
Hosts: 88.198.247.67 google.sh
Hosts: 88.198.247.67 google.si
Hosts: 88.198.247.67 google.sm
Hosts: 88.198.247.67 google.sn
Hosts: 88.198.247.67 google.st
Hosts: 88.198.247.67 google.tl
Hosts: 88.198.247.67 google.tm
Hosts: 88.198.247.67 google.tt
Hosts: 88.198.247.67 google.us
Hosts: 88.198.247.67 google.vu
Hosts: 88.198.247.67 google.ws
Hosts: 88.198.247.67 google.co.ck
Hosts: 88.198.247.67 google.co.id
Hosts: 88.198.247.67 google.co.il
Hosts: 88.198.247.67 google.co.in
Hosts: 88.198.247.67 google.co.jp
Hosts: 88.198.247.67 google.co.kr
Hosts: 88.198.247.67 google.co.ls
Hosts: 88.198.247.67 google.co.ma
Hosts: 88.198.247.67 google.co.nz
Hosts: 88.198.247.67 google.co.tz
Hosts: 88.198.247.67 google.co.ug
Hosts: 88.198.247.67 google.co.uk
Hosts: 88.198.247.67 google.co.za
Hosts: 88.198.247.67 google.co.zm
Hosts: 88.198.247.67 google.com
Hosts: 88.198.247.67 google.com.af
Hosts: 88.198.247.67 google.com.ag
Hosts: 88.198.247.67 google.com.ar
Hosts: 88.198.247.67 google.com.au
Hosts: 88.198.247.67 google.com.bn
Hosts: 88.198.247.67 google.com.br
Hosts: 88.198.247.67 google.com.by
Hosts: 88.198.247.67 google.com.bz
Hosts: 88.198.247.67 google.com.cu
Hosts: 88.198.247.67 google.com.ec
Hosts: 88.198.247.67 google.com.fj
Hosts: 88.198.247.67 www.google.ae
Hosts: 88.198.247.67 www.google.as
Hosts: 88.198.247.67 www.google.at
Hosts: 88.198.247.67 www.google.az
Hosts: 88.198.247.67 www.google.ba
Hosts: 88.198.247.67 www.google.be
Hosts: 88.198.247.67 www.google.bg
Hosts: 88.198.247.67 www.google.bs
Hosts: 88.198.247.67 www.google.ca
Hosts: 88.198.247.67 www.google.cd
Hosts: 88.198.247.67 www.google.com.gh
Hosts: 88.198.247.67 www.google.com.hk
Hosts: 88.198.247.67 www.google.com.jm
Hosts: 88.198.247.67 www.google.com.mx
Hosts: 88.198.247.67 www.google.com.my
Hosts: 88.198.247.67 www.google.com.na
Hosts: 88.198.247.67 www.google.com.nf
Hosts: 88.198.247.67 www.google.com.ng
Hosts: 88.198.247.67 www.google.ch
Hosts: 88.198.247.67 www.google.com.np
Hosts: 88.198.247.67 www.google.com.pr
Hosts: 88.198.247.67 www.google.com.qa
Hosts: 88.198.247.67 www.google.com.sg
Hosts: 88.198.247.67 www.google.com.tj
Hosts: 88.198.247.67 www.google.com.tw
Hosts: 88.198.247.67 www.google.dj
Hosts: 88.198.247.67 www.google.de
Hosts: 88.198.247.67 www.google.dk
Hosts: 88.198.247.67 www.google.dm
Hosts: 88.198.247.67 www.google.ee
Hosts: 88.198.247.67 www.google.fi
Hosts: 88.198.247.67 www.google.fm
Hosts: 88.198.247.67 www.google.fr
Hosts: 88.198.247.67 www.google.ge
Hosts: 88.198.247.67 www.google.gg
Hosts: 88.198.247.67 www.google.gm
Hosts: 88.198.247.67 www.google.gr
Hosts: 88.198.247.67 www.google.ht
Hosts: 88.198.247.67 www.google.ie
Hosts: 88.198.247.67 www.google.im
Hosts: 88.198.247.67 www.google.in
Hosts: 88.198.247.67 www.google.it
Hosts: 88.198.247.67 www.google.ki
Hosts: 88.198.247.67 www.google.la
Hosts: 88.198.247.67 www.google.li
Hosts: 88.198.247.67 www.google.lv
Hosts: 88.198.247.67 www.google.ma
Hosts: 88.198.247.67 www.google.ms
Hosts: 88.198.247.67 www.google.mu
Hosts: 88.198.247.67 www.google.mw
Hosts: 88.198.247.67 www.google.nl
Hosts: 88.198.247.67 www.google.no
Hosts: 88.198.247.67 www.google.nr
Hosts: 88.198.247.67 www.google.nu
Hosts: 88.198.247.67 www.google.pl
Hosts: 88.198.247.67 www.google.pn
Hosts: 88.198.247.67 www.google.pt
Hosts: 88.198.247.67 www.google.ro
Hosts: 88.198.247.67 www.google.ru
Hosts: 88.198.247.67 www.google.rw
Hosts: 88.198.247.67 www.google.sc
Hosts: 88.198.247.67 www.google.se
Hosts: 88.198.247.67 www.google.sh
Hosts: 88.198.247.67 www.google.si
Hosts: 88.198.247.67 www.google.sm
Hosts: 88.198.247.67 www.google.sn
Hosts: 88.198.247.67 www.google.st
Hosts: 88.198.247.67 www.google.tl
Hosts: 88.198.247.67 www.google.tm
Hosts: 88.198.247.67 www.google.tt
Hosts: 88.198.247.67 www.google.us
Hosts: 88.198.247.67 www.google.vu
Hosts: 88.198.247.67 www.google.ws
Hosts: 88.198.247.67 www.google.co.ck
Hosts: 88.198.247.67 www.google.co.id
Hosts: 88.198.247.67 www.google.co.il
Hosts: 88.198.247.67 www.google.co.in
Hosts: 88.198.247.67 www.google.co.jp
Hosts: 88.198.247.67 www.google.co.kr
Hosts: 88.198.247.67 www.google.co.ls
Hosts: 88.198.247.67 www.google.co.ma
Hosts: 88.198.247.67 www.google.co.nz
Hosts: 88.198.247.67 www.google.co.tz
Hosts: 88.198.247.67 www.google.co.ug
Hosts: 88.198.247.67 www.google.co.uk
Hosts: 88.198.247.67 www.google.co.za
Hosts: 88.198.247.67 www.google.co.zm
Hosts: 88.198.247.67 www.google.com
Hosts: 88.198.247.67 www.google.com.af
Hosts: 88.198.247.67 www.google.com.ag
Hosts: 88.198.247.67 www.google.com.ar
Hosts: 88.198.247.67 www.google.com.au
Hosts: 88.198.247.67 www.google.com.bn
Hosts: 88.198.247.67 www.google.com.br
Hosts: 88.198.247.67 www.google.com.by
Hosts: 88.198.247.67 www.google.com.bz
Hosts: 88.198.247.67 www.google.com.cu
Hosts: 88.198.247.67 www.google.com.ec
Hosts: 88.198.247.67 www.google.com.fj
Hosts: 88.198.247.67 google.com
Hosts: 88.198.247.67 www.google.com
Hosts: 88.198.247.67 bing.com
Hosts: 88.198.247.67 www.bing.com
Hosts: 88.198.247.67 search.yahoo.com
Hosts: 88.198.247.67 www.search.yahoo.com
Hosts: 88.198.247.67 search.live.com
Hosts: 88.198.247.67 search.msn.com
Hosts: 88.198.247.67 uk.search.yahoo.com
Hosts: 88.198.247.67 ca.search.yahoo.com
Hosts: 88.198.247.67 de.search.yahoo.com
Hosts: 88.198.247.67 fr.search.yahoo.com
Hosts: 88.198.247.67 au.search.yahoo.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 secure.paysecuresystem.com

==== Installed Programs ======================

Acer Crystal Eye Webcam
Acer eRecovery Management
Acer ScreenSaver
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bonjour
Carbonite Online Backup Setup
Choice Guard
Cisco NAC Agent
Cool PDF Reader 3.0
DivX Player
DivX Plus Web Player
DivX Version Checker
ERUNT 1.1j
Google Desktop
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 16
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.1
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
WebCam
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Search Protection
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

1/13/2010 9:30:14 AM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 00255622C76C has been denied by the DHCP server 10.196.255.250 (The DHCP Server sent a DHCPNACK message).
1/13/2010 5:04:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/13/2010 3:41:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv
1/11/2010 2:28:06 PM, error: Dhcp [1002] - The IP address lease 129.210.219.13 for the Network Card with network address 00255622C76C has been denied by the DHCP server 192.168.100.5 (The DHCP Server sent a DHCPNACK message).
1/11/2010 1:04:43 PM, error: Dhcp [1002] - The IP address lease 129.210.237.188 for the Network Card with network address 00255622C76C has been denied by the DHCP server 129.210.250.201 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



DDS (Ver_09-12-01.01) - NTFSx86
Run by Julia Pezzini at 9:41:24.00 on Sat 01/16/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.601 [GMT -8:00]

AV: PC Live Guard *On-access scanning enabled* (Updated) {DB08491C-21DE-40D7-AA03-3BCA2FAAE4FF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Live Guard *enabled* {43DA7C7C-F504-4D5F-95ED-8CE62F26A3F2}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PLFSetI.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julia Pezzini\My Documents\antivirus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\rsfNZBGrI.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\juliap~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\juliap~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://lcwireless.scu.edu/auth/taweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-12 56816]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2009-11-21 742144]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-7-7 145152]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-11 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-11 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-01-13 06:48:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-13 06:48:41 0 d-----w- c:\program files\Avira
2010-01-13 06:48:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-13 04:27:09 0 d--h--w- c:\windows\PIF
2010-01-08 21:06:55 51604 ----a-w- c:\windows\system32\Adist5k.ppd
2010-01-08 21:06:55 438976 ----a-w- c:\windows\system32\Mshflxgd.ocx
2010-01-08 21:06:55 244024 ----a-w- c:\windows\system32\Msflxgrd.ocx
2010-01-08 21:06:55 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2010-01-08 21:06:55 204848 ----a-w- c:\windows\system32\gswin32c.exe
2010-01-08 21:06:55 196608 ----a-w- c:\windows\system32\Utility.dll
2010-01-08 21:06:55 117507 ----a-w- c:\windows\system32\msinet.ocx
2010-01-08 21:06:54 0 d-----w- c:\windows\system32\gs
2010-01-08 21:06:47 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-01-08 21:06:47 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-01-08 21:06:47 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-01-06 20:40:56 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-06 20:40:42 0 d-----w- c:\program files\AVG
2010-01-03 22:26:06 0 d-----w- c:\program files\common files\Cisco
2010-01-02 16:44:06 0 d-----w- c:\program files\Trend Micro
2009-12-31 23:29:57 0 d-----w- c:\docume~1\juliap~1\applic~1\MSNInstaller
2009-12-30 05:42:33 0 d-----w- c:\docume~1\juliap~1\applic~1\Malwarebytes
2009-12-30 05:42:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 05:42:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-30 05:42:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 05:42:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 04:02:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 04:02:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-29 04:53:07 0 d-sh--w- c:\docume~1\alluse~1\applic~1\PCMCRJQZLG
2009-12-29 04:51:50 0 d-sh--w- c:\docume~1\alluse~1\applic~1\664e2e2
2009-12-26 05:28:34 0 d-----w- c:\docume~1\juliap~1\applic~1\MozillaControl
2009-12-26 05:22:06 0 d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-12-26 05:19:15 0 d-----w- c:\program files\VideoLAN
2009-12-25 03:33:24 0 d-----w- c:\program files\common files\DivX Shared
2009-12-25 03:33:22 0 d-----w- c:\program files\DivX

==================== Find3M ====================

2009-12-02 04:42:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-14 00:49:00 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49:00 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49:00 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-03-12 05:16:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-09-16 17:52:49 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091620090917\index.dat

============= FINISH: 9:42:20.95 ===============

[Shaba]

So it is brute force time.

Download OTMoveIt by Old Timer and save it to your Desktop.

• Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
• Copy the lines in the codebox below.

Code:

:files
c:\WINDOWS\system32\DRIVERS\ETC\hosts

• Return to OTMoveIt, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt
  Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post also a fresh HijackThis log, please.

[jpfof7]

========== FILES ==========
c:\windows\system32\drivers\etc\hosts moved successfully.

OTM by OldTimer - Version 3.1.6.0 log created on 01162010_141133



HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:33 PM, on 1/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\PLFSetI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Julia Pezzini\My Documents\antivirus\OTM.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\rsfNZBGrI.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://lcwireless.scu.edu/auth/taweb.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9384 bytes