PDA

View Full Version : help!!!!!!



sweet228jb
2009-12-16, 20:02
i have a serious problem with my computer when i go to google it seems that is from the nederland is not like the normal google and is in diferent language and this is my log please help Logfile of HijackThis v1.99.1
Scan saved at 11:58:02 AM, on 12/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\Office\outlook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\HijackThis.exe

O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.248.168.186 google.ae
O1 - Hosts: 89.248.168.186 google.as
O1 - Hosts: 89.248.168.186 google.at
O1 - Hosts: 89.248.168.186 google.az
O1 - Hosts: 89.248.168.186 google.ba
O1 - Hosts: 89.248.168.186 google.be
O1 - Hosts: 89.248.168.186 google.bg
O1 - Hosts: 89.248.168.186 google.bs
O1 - Hosts: 89.248.168.186 google.ca
O1 - Hosts: 89.248.168.186 google.cd
O1 - Hosts: 89.248.168.186 google.com.gh
O1 - Hosts: 89.248.168.186 google.com.hk
O1 - Hosts: 89.248.168.186 google.com.jm
O1 - Hosts: 89.248.168.186 google.com.mx
O1 - Hosts: 89.248.168.186 google.com.my
O1 - Hosts: 89.248.168.186 google.com.na
O1 - Hosts: 89.248.168.186 google.com.nf
O1 - Hosts: 89.248.168.186 google.com.ng
O1 - Hosts: 89.248.168.186 google.ch
O1 - Hosts: 89.248.168.186 google.com.np
O1 - Hosts: 89.248.168.186 google.com.pr
O1 - Hosts: 89.248.168.186 google.com.qa
O1 - Hosts: 89.248.168.186 google.com.sg
O1 - Hosts: 89.248.168.186 google.com.tj
O1 - Hosts: 89.248.168.186 google.com.tw
O1 - Hosts: 89.248.168.186 google.dj
O1 - Hosts: 89.248.168.186 google.de
O1 - Hosts: 89.248.168.186 google.dk
O1 - Hosts: 89.248.168.186 google.dm
O1 - Hosts: 89.248.168.186 google.ee
O1 - Hosts: 89.248.168.186 google.fi
O1 - Hosts: 89.248.168.186 google.fm
O1 - Hosts: 89.248.168.186 google.fr
O1 - Hosts: 89.248.168.186 google.ge
O1 - Hosts: 89.248.168.186 google.gg
O1 - Hosts: 89.248.168.186 google.gm
O1 - Hosts: 89.248.168.186 google.gr
O1 - Hosts: 89.248.168.186 google.ht
O1 - Hosts: 89.248.168.186 google.ie
O1 - Hosts: 89.248.168.186 google.im
O1 - Hosts: 89.248.168.186 google.in
O1 - Hosts: 89.248.168.186 google.it
O1 - Hosts: 89.248.168.186 google.ki
O1 - Hosts: 89.248.168.186 google.la
O1 - Hosts: 89.248.168.186 google.li
O1 - Hosts: 89.248.168.186 google.lv
O1 - Hosts: 89.248.168.186 google.ma
O1 - Hosts: 89.248.168.186 google.ms
O1 - Hosts: 89.248.168.186 google.mu
O1 - Hosts: 89.248.168.186 google.mw
O1 - Hosts: 89.248.168.186 google.nl
O1 - Hosts: 89.248.168.186 google.no
O1 - Hosts: 89.248.168.186 google.nr
O1 - Hosts: 89.248.168.186 google.nu
O1 - Hosts: 89.248.168.186 google.pl
O1 - Hosts: 89.248.168.186 google.pn
O1 - Hosts: 89.248.168.186 google.pt
O1 - Hosts: 89.248.168.186 google.ro
O1 - Hosts: 89.248.168.186 google.ru
O1 - Hosts: 89.248.168.186 google.rw
O1 - Hosts: 89.248.168.186 google.sc
O1 - Hosts: 89.248.168.186 google.se
O1 - Hosts: 89.248.168.186 google.sh
O1 - Hosts: 89.248.168.186 google.si
O1 - Hosts: 89.248.168.186 google.sm
O1 - Hosts: 89.248.168.186 google.sn
O1 - Hosts: 89.248.168.186 google.st
O1 - Hosts: 89.248.168.186 google.tl
O1 - Hosts: 89.248.168.186 google.tm
O1 - Hosts: 89.248.168.186 google.tt
O1 - Hosts: 89.248.168.186 google.us
O1 - Hosts: 89.248.168.186 google.vu
O1 - Hosts: 89.248.168.186 google.ws
O1 - Hosts: 89.248.168.186 google.co.ck
O1 - Hosts: 89.248.168.186 google.co.id
O1 - Hosts: 89.248.168.186 google.co.il
O1 - Hosts: 89.248.168.186 google.co.in
O1 - Hosts: 89.248.168.186 google.co.jp
O1 - Hosts: 89.248.168.186 google.co.kr
O1 - Hosts: 89.248.168.186 google.co.ls
O1 - Hosts: 89.248.168.186 google.co.ma
O1 - Hosts: 89.248.168.186 google.co.nz
O1 - Hosts: 89.248.168.186 google.co.tz
O1 - Hosts: 89.248.168.186 google.co.ug
O1 - Hosts: 89.248.168.186 google.co.uk
O1 - Hosts: 89.248.168.186 google.co.za
O1 - Hosts: 89.248.168.186 google.co.zm
O1 - Hosts: 89.248.168.186 google.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: lunegogu.dll c:\windows\system32\jiyazami.dll c:\windows\system32\daharubo.dll c:\windows\system32\sehuwuri.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: kokakuyiw - {e81ff61e-b5f9-411d-a65b-bff111c8db0c} - (no file)
O21 - SSODL: zubepumuh - {fc748d0c-4069-4aac-92bb-e0a6888e9b5d} - c:\windows\system32\sehuwuri.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe

Shaba
2009-12-19, 17:22
Hi sweet228jb

You are running 2 antiviruses, AVG and Avira. Please uninstall one of them.

After that:

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Shaba
2009-12-24, 14:41
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.