Jump to content


Photo

urgent need help!! read the description


  • Please log in to reply
3 replies to this topic

#1 McManny

McManny

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 July 2004 - 01:03 PM

I've been having a problem with my computer and I can't fix the problem. My IE homepage has been set to res://xcgje.dll/index.html#37794 and I can't change it I also get a popup every time I open a new browser window of ie. I've updated and ran, cwshredder, ad-aware and none of them seem to work. This is my latest Hijackthis log. I've also had problems with Kazaa. And also popus of "only the best" appears anytime when i connect. I have dial-up. I NEED HELP PLEaSE!!, I going crazy over here!!
Thanks!!!!! :)

Logfile of HijackThis v1.97.7
Scan saved at 14:41:40, on 29/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\appiy.exe
C:\Archivos de programa\Panda Antivirus Platinum\AVENGINE.EXE
C:\Archivos de programa\Panda Antivirus Platinum\apvxdwin.exe
C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\atlcf.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Archivos de programa\Panda Antivirus Platinum\pavProxy.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tomás\Mis documentos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xcgje.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xcgje.dll/index.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xcgje.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xcgje.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xcgje.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xcgje.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {686BD755-AEF3-AAE3-3C6B-59594F796234} - C:\WINDOWS\javaef32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [atlcf.exe] C:\WINDOWS\system32\atlcf.exe
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [appiy.exe] C:\WINDOWS\system32\appiy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

#2 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 29 July 2004 - 01:33 PM

Hello McManny, and welcome to the forums. Please print out my instructions for reference during the fix.

1. Download About:Buster from http://www.atribune....AboutBuster.zip

2. Boot in Safe Mode - Hit the F8 key several times while booting, until you get a menu.

3. Run About:Buster while you are in Safe Mode. Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form after the program runs. Save the log somewhere.

4. Repeat step 3.

Post a new Hijack This log along with the About Buster logs in your next reply.

#3 McManny

McManny

    Member

  • New Member
  • Pip
  • 2 posts

Posted 30 July 2004 - 10:36 AM

thanks for the welcome
ok, i did it and this appeared


-- Scan 1 --------
About:Buster Version 2.0
Deleted Service Key Successfully!
Removed! : C:\WINDOWS\earlfd.dat
Removed! : C:\WINDOWS\System32\atlcf.exe
Removed! : C:\WINDOWS\System32\dgqsh.dat
Removed! : C:\WINDOWS\System32\earlf.dat
Removed! : C:\WINDOWS\System32\zzayx.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.0
Attempted Clean Of Temp folder.
Pages Reset... Done!



Logfile of HijackThis v1.97.7
Scan saved at 12:28:09, on 30/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Panda Antivirus Platinum\pavsrv51.exe
C:\Archivos de programa\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\appiy.exe
C:\Archivos de programa\Panda Antivirus Platinum\apvxdwin.exe
C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\Archivos de programa\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Tomás\Mis documentos\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {686BD755-AEF3-AAE3-3C6B-59594F796234} - C:\WINDOWS\javaef32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab



but, i just got connected and again the page appeared, the one of xcgje.dll, and before i had deleted it, what do i do??
thks

#4 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 31 July 2004 - 11:16 AM

McManny,

You appear to be clean, but About Blank may be lurking around somewhere. Set your colmputer clock ahead a few days, reboot, and get a new Hijack This log. Set your computer clock back to normal then post "The Log from the Future."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button