• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
wdsmith

dreaded #96676

7 posts in this topic

I have caught the res://*****.dll/index.html#96676. I have read the orientation instructions re: usual fixes. Below is my (reoccuring HJT log). Please note using this log I have checked and fixed ALL R0 and R1, the O2, BHO (no name), and both O9's. The problem is not repaired. Waiting for your help THANKS

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:33:41 PM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\ehome\ehSched.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\javapw32.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\USB Storage RW\shwicon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Open Site\opensite.exe

C:\WINDOWS\system32\mfcpc32.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 33 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dnegb.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dnegb.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dnegb.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dnegb.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dnegb.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dnegb.dll/sp.html#96676

O2 - BHO: (no name) - {D568270B-05A0-5431-80D7-D046559307AC} - C:\WINDOWS\sysae.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [mfcpc32.exe] C:\WINDOWS\system32\mfcpc32.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Share this post


Link to post
Share on other sites

Hello First download About:Buster by me from.

 

www.atribune.org/downloads/AboutBuster.zip

 

Unzip it to your deskop. Then open Hijack this and tick the boxes next to these items.

 

 

O2 - BHO: (no name) - {D568270B-05A0-5431-80D7-D046559307AC} - C:\WINDOWS\sysae.dll

O4 - HKLM\..\Run: [mfcpc32.exe] C:\WINDOWS\system32\mfcpc32.exe

 

Then close all windows and hit fix checked. Open About:Buster. Hit ok on the first prompt, Then start, and Ok again. The scan may take up to 5 minutes. After it is complete. Copy the report somewhere. Restart your computer. Paste the report and a new hijack this log.

 

Good Luck :thumbsup:

Share this post


Link to post
Share on other sites

OK followed your instr noting I could not type the redirected URL in the white box of rubber ducky. In fact the onscreen instructions said "no need". Here is the RD and HJT log after. NOTE: Prior to your reply and your instructions I used KILL BOX to delete mfcpc32.exe. The problem still exists. I won't be able to reply until tomorrow.

 

About:Buster Version 1.21

Removed! : C:\WINDOWS\iegy.exe

Removed! : C:\WINDOWS\bjphe.dat

Removed! : C:\WINDOWS\gkfxo.dat

Removed! : C:\WINDOWS\hbswb.dat

Removed! : C:\WINDOWS\kjvcp.dat

Removed! : C:\WINDOWS\lwamq.dat

Removed! : C:\WINDOWS\mibyy.dat

Removed! : C:\WINDOWS\njkjg.dat

Removed! : C:\WINDOWS\ozpvq.dat

Removed! : C:\WINDOWS\wunzc.dat

Removed! : C:\WINDOWS\afdol.dll

Removed! : C:\WINDOWS\dnegb.dll

Removed! : C:\WINDOWS\dpzxd.dll

Removed! : C:\WINDOWS\fsyln.dll

Removed! : C:\WINDOWS\huxql.dll

Removed! : C:\WINDOWS\ifaie.dll

Removed! : C:\WINDOWS\mftsm.dll

Removed! : C:\WINDOWS\sohlm.dll

Removed! : C:\WINDOWS\waqml.dll

Removed! : C:\WINDOWS\yqdxz.dll

Removed! : C:\WINDOWS\System32\javapw32.exe

Removed! : C:\WINDOWS\System32\sdkma32.exe

Removed! : C:\WINDOWS\System32\hprnf.dll

Removed! : C:\WINDOWS\System32\iakqk.dll

Removed! : C:\WINDOWS\System32\lqnov.dll

Removed! : C:\WINDOWS\System32\lrtyf.dll

Removed! : C:\WINDOWS\System32\oezov.dll

Removed! : C:\WINDOWS\System32\prvpa.dll

Removed! : C:\WINDOWS\System32\rpdpa.dll

Removed! : C:\WINDOWS\System32\txwuz.dll

Removed! : C:\WINDOWS\System32\uwpml.dll

Removed! : C:\WINDOWS\System32\atwxq.dat

Removed! : C:\WINDOWS\System32\cfucs.dat

Removed! : C:\WINDOWS\System32\gensn.dat

Removed! : C:\WINDOWS\System32\kxhut.dat

Removed! : C:\WINDOWS\System32\nutwi.dat

Removed! : C:\WINDOWS\System32\phesf.dat

Removed! : C:\WINDOWS\System32\pufrd.dat

Removed! : C:\WINDOWS\System32\qdqff.dat

Removed! : C:\WINDOWS\System32\rcydc.dat

Removed! : C:\WINDOWS\System32\viksb.dat

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed __NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:12:38 PM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehSched.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\USB Storage RW\shwicon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\WINDOWS\system32\javaqc.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\addpl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 43 for hijackthis.zip\HijackThis.exe

C:\WINDOWS\mssj.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xulsu.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xulsu.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xulsu.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xulsu.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xulsu.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xulsu.dll/sp.html#96676

O2 - BHO: (no name) - {24D627C3-088F-DDEB-85B3-5A49ED6BD761} - C:\WINDOWS\netzc32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [javaqc.exe] C:\WINDOWS\system32\javaqc.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\RunOnce: [addpl.exe] C:\WINDOWS\addpl.exe

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Share this post


Link to post
Share on other sites

I have the #96676 too and I've done the same things as you to get rid of it but also no luck. I'm looking forward to the advice you get.

Share this post


Link to post
Share on other sites

Just an up date. I tried your instrs which did not work. I used PGPhantom's and Mother Lion's instructions of 6-22-04 1252 and 6-28-04 0847. In sum I opened in safe mode ran aboutbuster, Spy Bot, CWS, and the latest update Ad-Aware. No luck. I even deleted the __NS_Service and ___NS_Service_x regestries. They are probably back now. Here is my latest HJT log. It is the BHO that seems to be at the root of all evil!

 

Logfile of HijackThis v1.97.7

Scan saved at 6:32:16 PM, on 6/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\USB Storage RW\shwicon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\WINDOWS\system32\javaqc.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\System32\rundll32.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\apild32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 52 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujvey.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ujvey.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ujvey.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujvey.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ujvey.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ujvey.dll/sp.html#96676

O2 - BHO: (no name) - {4224B593-F6B1-9877-F203-0040429B324E} - C:\WINDOWS\msrc.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [javaqc.exe] C:\WINDOWS\system32\javaqc.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8166.4403819444

Share this post


Link to post
Share on other sites

Bump to RUBBER DUCKY

 

I Have tried the updated about blank process and it is a temp fix until I get a popup from only the best. Thr pop up seems to start the whole problem again. I have installed a trial pop up blocker (History Kill) which allows a few "only the best" popup to show but it also has a warning that an attempt is being made to redirect my home page. If I select NO is seems to keep the one I have selected. This is very cumbersome and does not always. I am encouraged by the success of many who have used about buster but I just cANT GET THE FINAL FIX.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0