I have a Pop-Up Problem Too

  Snakey 23:06 02 Sep 04
Locked

Have followed Sealers recent thread and have got the hijackthis log. Help needed from Nellie2 please.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\mfces32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\ntgd.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\Documents and Settings\Natasha\Desktop\HijackThis.exe

  Snakey 23:07 02 Sep 04

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ufxde.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ufxde.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ufxde.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ufxde.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ufxde.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ufxde.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ufxde.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {9E57DB01-8D19-85F2-6848-874E14539906} - C:\WINDOWS\d3ed32.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ntgd.exe] C:\WINDOWS\ntgd.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Ydnxuck] C:\WINDOWS\System32\fzjrkxnb.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TextBridge Instant Access OCR.lnk = C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

  Snakey 23:09 02 Sep 04

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - click here
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - click here
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - click here
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - click here
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - click here
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - click here

Many thanks

  Snakey 14:22 03 Sep 04

Please

  Sealer 14:34 03 Sep 04

Hi, Nellie will get you out of the Sh*t. First i think you will have to double space between line of log to make it easier to digest. GOOD LUCK

  Sealer 14:37 03 Sep 04

Sorry, I also think you were supposed to link to my thread + see how my thread double spacing looks. Easy reading

  Nellie2 18:21 03 Sep 04

Snakey I don't mean to split hairs but it is really important that I see the header of your log, it tells me the operating system and what version of hijackthis you are using, like this.

Logfile of HijackThis v1.98.2

Scan saved at 18:15:59, on 03/09/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

having my tea now... back later

  Snakey 18:38 03 Sep 04

Logfile of HijackThis v1.97.7
Scan saved at 18:36:52, on 03/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Many Thanks

  Nellie2 19:21 03 Sep 04

Right... this will take a few steps!!

First, please download AboutBuster from click here and unzip it to your desktop but don't run it yet:

If you don't already have Adaware then you will find a download link click here plus instructions on how to set it up. Don't run it yet, just make sure that you have checked for updates.

Follow the instructions click here to enable viewing of hidden/system files:

Next, go to Start > Run and type Services.msc then click ok. On the screen that comes up, scroll down and look for any of these services:

Network Security Service
Remote Procedure Call (RPC) Helper
Workstation NetLogon Service

If you find one of those double-click on it (if you don't find any of them, stop and post back). On the next screen, click the stop button, then in the Startup Type drop-down, change it to Disabled and click Apply then Ok.

Please print out the remainder of these directions, as you'll have to proceed in Safe Mode and won't want to open IE again until they're complete.

Reboot to Safe Mode.

In Safe Mode, scan with Hijack This, put ticks next to all of these entries and then click "Fix Checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\ufxde.dll/sp.html#28129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ufxde.dll/sp.html#28129

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ufxde.dll/sp.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ufxde.dll/sp.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ufxde.dll/sp.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ufxde.dll/sp.html#28129

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ufxde.dll/sp.html#28129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

O2 - BHO: (no name) - {9E57DB01-8D19-85F2-6848-874E14539906} - C:\WINDOWS\d3ed32.dll

O4 - HKLM\..\Run: [ntgd.exe] C:\WINDOWS\ntgd.exe

O4 - HKCU\..\Run: [Ydnxuck] C:\WINDOWS\System32\fzjrkxnb.exe

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - hxxp://www .netvenda.com/sites/gampr-gb/gbp/games4.cab

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - hxxp://direct.data-line.us/gbn298.exe

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - hxxp://direct.data-line.us/gbn298.exe

Next, still in Safe-Mode, delete any of the following files that are present;

C:\WINDOWS\d3ed32.dll
C:\WINDOWS\ntgd.exe
C:\WINDOWS\System32\fzjrkxnb.exe

Double click the AboutBuster.exe file that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report it creates (copy and paste it into notepad or wordpad and save as a .txt file).

Finally, still in Safe Mode, scan with Ad-Aware and let it remove anything it finds.

Reboot to normal mode, delete the copy of hijackthis that you have and download version 1.98.2 from click here,
rescan with Hijack This and post a new log here along with the log you saved from AboutBuster.

  Snakey 20:14 03 Sep 04

Will get on it now .

  Snakey 20:27 03 Sep 04

Sorry, it's been a long day.

This is the correct one. Will it alter the procedure?


Logfile of HijackThis v1.97.7
Scan saved at 22:39:57, on 02/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

This thread is now locked and can not be replied to.

What is Amazon Go and will it come to the UK? The store without checkouts or queues

1995-2015: How technology has changed the world in 20 years

Why ecommerce hasn't taken off on social media

New MacBook Pro 2016 review | MacBook Pro with Touch Bar review: Apple's expensive and powerful…