Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Remove Windows.RedirectHosts & ProtectionSuite

  1. #11
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default reposting HJT log after closing OTMoveIT

    Sorry, I didn't close OTMoveIT before running the last HJT.

    Here is the latest log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:16:38 PM, on 1/16/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\PLFSetI.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
    O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\rsfNZBGrI.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://lcwireless.scu.edu/auth/taweb.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 9239 bytes

  2. #12
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Looks good

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #13
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Post Kapersky and HJT

    Here is the Kapersky results:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, January 17, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, January 17, 2010 19:14:56
    Records in database: 3325557
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\

    Scan statistics:
    Objects scanned: 102015
    Threats found: 4
    Infected objects found: 75
    Suspicious objects found: 0
    Scan duration: 02:45:12


    File name / Threat / Threats count
    C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\GUMU2VR2\jquery-init[1].js Infected: Hoax.HTML.FakeAntivirus.a 1
    C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\K59JOU95\dfghfghgfj[1].dll Infected: Trojan.Win32.BHO.adet 1
    C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\R17H160C\documents[1].htm Infected: Trojan.JS.Plugator.a 1
    C:\Documents and Settings\HelpAssistant.ACER-330BB84976\Local Settings\Temporary Internet Files\Content.IE5\GUMU2VR2\jquery-init[1].js Infected: Hoax.HTML.FakeAntivirus.a 1
    C:\Documents and Settings\HelpAssistant.ACER-330BB84976\Local Settings\Temporary Internet Files\Content.IE5\K59JOU95\dfghfghgfj[1].dll Infected: Trojan.Win32.BHO.adet 1
    C:\Documents and Settings\HelpAssistant.ACER-330BB84976\Local Settings\Temporary Internet Files\Content.IE5\R17H160C\documents[1].htm Infected: Trojan.JS.Plugator.a 1
    C:\Documents and Settings\Julia Pezzini\Local Settings\Temporary Internet Files\Content.IE5\GUMU2VR2\jquery-init[1].js Infected: Hoax.HTML.FakeAntivirus.a 1
    C:\Documents and Settings\Julia Pezzini\Local Settings\Temporary Internet Files\Content.IE5\K59JOU95\dfghfghgfj[1].dll Infected: Trojan.Win32.BHO.adet 1
    C:\Documents and Settings\Julia Pezzini\Local Settings\Temporary Internet Files\Content.IE5\R17H160C\documents[1].htm Infected: Trojan.JS.Plugator.a 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-201439.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204056.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204113.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204114.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204115.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204116.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204118.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204119.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204120.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204121.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204122.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204123.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204124.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204240.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204244.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204245.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204246.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204247.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204248.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204249.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204250.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204251.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204252.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204253.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204254.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204255.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204256.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204259.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204300.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204301.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204430.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204436.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204438.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204439.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204440.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204441.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204442.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204443.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204444.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204445.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204446.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204447.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204448.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204449.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204450.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204617.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113506.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113514.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113515.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113516.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113517.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113518.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113519.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113520.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113522.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113523.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113524.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113525.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113526.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113527.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113528.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113529.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083025.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083028.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083029.backup Infected: Trojan.Win32.FraudPack.rdo 1
    C:\_OTM\MovedFiles\01162010_141133\c_windows\system32\drivers\etc\hosts Infected: Trojan.Win32.FraudPack.rdo 1

    Selected area has been scanned.


    Here is the HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:08:40 PM, on 1/17/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\PLFSetI.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=...9&m=aspire_one
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
    O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\rsfNZBGrI.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://lcwireless.scu.edu/auth/taweb.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 9321 bytes

    Please confirm that Kapersky only identifies issues but doesn't clean them. I didn't see any instructions to use Kapersky to clean or fix any issues.

  4. #14
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Yes it identifies only.

    Please download ATF Cleaner by Atribune and save
    it to desktop.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit to close ATF-Cleaner.

    • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
    • Copy the lines in the codebox below.

    Code:
    :files
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-201439.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204056.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204113.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204114.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204115.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204116.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204118.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204119.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204120.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204121.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204122.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204123.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204124.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204240.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204244.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204245.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204246.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204247.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204248.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204249.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204250.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204251.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204252.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204253.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204254.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204255.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204256.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204259.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204300.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204301.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204430.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204436.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204438.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204439.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204440.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204441.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204442.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204443.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204444.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204445.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204446.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204447.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204448.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204449.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204450.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204617.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113506.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113514.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113515.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113516.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113517.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113518.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113519.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113520.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113522.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113523.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113524.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113525.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113526.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113527.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113528.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113529.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083025.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083028.backup 
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083029.backup
    • Return to OTMoveIt, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt
      Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #15
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Result of running ATF and OTM

    ========== FILES ==========
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-201439.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204056.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204113.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204114.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204115.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204116.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204118.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204119.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204120.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204121.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204122.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204123.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204124.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204240.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204244.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204245.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204246.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204247.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204248.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204249.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204250.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204251.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204252.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204253.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204254.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204255.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204256.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204259.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204300.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204301.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204430.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204436.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204438.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204439.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204440.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204441.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204442.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204443.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204444.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204445.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204446.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204447.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204448.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204449.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204450.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091229-204617.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113506.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113514.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113515.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113516.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113517.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113518.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113519.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113520.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113522.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113523.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113524.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113525.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113526.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113527.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113528.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091230-113529.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083025.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083028.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20100102-083029.backup moved successfully.

    OTM by OldTimer - Version 3.1.6.0 log created on 01182010_132948

    ==========================
    http://forums.spybot.info/showthread...230#post356230
    Last edited by tashi; 2010-01-19 at 18:27. Reason: Added link

  6. #16
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Advising I have another infected computer

    Per the FAQ and Tashi's reference I have another infected computer. I had opened a separate thread. I am informing you of the additional computer. The first computer, the Acer Aspire One, was infected at my daughter's college, but is not home so I can try to resolve. The second computer, a Dell desktop, has always been located in the house. The computers share a wireless router but are not otherwise networked.

  7. #17
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Thanks for update.

    That looks good

    Still problems?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #18
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Spybot is clear, Thank you

    I reran Spybot and it didn't find the issues so it would appear things are ok. Thank you very much.

  9. #19
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Good

    Are you ready for final instructions?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #20
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Ready for final instructions

    Yes, ready for final instructions

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •