• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
jpm04

res://vquvw.dll/index.html#96676

5 posts in this topic

Please help. I have read the FAQ. I ran Spybot, Ad-aware, and CWShreder with the latest updates. I downloaded and installed the Windows update SP1. I went through "Jason's Toolbox" and tightened up my security with SpywareBlaster and SpywareGuard (but that will only help with prevention in the future). I need help with my current hijack. I am running Windows XP, as you will see from my hijackthis log file below. But, I will also inform you that my OS is the Japanese version of Windows, which means there may be some garbage characters in the log file if your (my wonderful savior!) computer cannot display the few Japanese characters I noticed in the file. I can translate it for you if that line looks important.

 

As to the main problem. My IE browser homepage is automatically reset to go to res://vquvw.dll/index.html#96676 no matter what I myself set as the homepage. Also, often when I do a search on google I get a new window with this address: http://www.lookfor.cc/index.php?pin=96676.

 

The other problem is that open files (such as the hijackthis log file in notepad) sometimes automatically close on me while I am reading them.

 

Finally, although I know nothing about what should or should not be in the hijackthis log file, it seems that mine are always rather short compared to those in the posts of people with a similar (i.e. res://<random>.dll/index.html#96676) problem. In particular, there are no registry lines (R0, R1, R2, R3, or R4) that I have seen in many peoples posts.

 

I have followed instructions in other forums to make sure that I can view all files. And that is where I am at the moment. Please, I am begging. Please help!

 

Thank you in advance!!!!!!!!!

 

Here is my hijackthis log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 16:28:15, on 2004/06/23

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\ati2evxx.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\NTMETER.exe

C:\Smdata\ReadSctService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\msnf32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\Atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\necmfk\necmfk.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\appki32.exe

C:\WINDOWS\System32\conime.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Justsystem\JSLIB32\JSQSF32.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\GAKKEN\SNJ\SKPMAIN.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

C:\WINDOWS\HIBERGID.exe

C:\Program Files\Justsystem\ATOK14\IATOKIK2.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\PC-USER\My Documents\Josh' Stuff\myDownload\HijackThis.exe

 

F0 - syst>m.ini: Shell=

F0 - R >ystem.ini: Shel>=

F0 - R >ystem.ini: UserInit=

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {A8A38ECE-0067-5871-C179-8D58C341F9C2} - C:\WINDOWS\addgx32.dll

O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [NMFTASK] NMFTASK.EXE /RESET

O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [appki32.exe] C:\WINDOWS\appki32.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\RunOnce: [msnf32.exe] C:\WINDOWS\msnf32.exe

O4 - HKLM\..\RunOnce: [atluk.exe] C:\WINDOWS\atluk.exe

O4 - HKLM\..\RunOnce: [addkd32.exe] C:\WINDOWS\system32\addkd32.exe

O4 - HKLM\..\RunOnce: [msim.exe] C:\WINDOWS\system32\msim.exe

O4 - HKLM\..\RunOnce: [crhs.exe] C:\WINDOWS\crhs.exe

O4 - HKLM\..\RunOnce: [atlcb32.exe] C:\WINDOWS\system32\atlcb32.exe

O4 - HKLM\..\RunOnce: [addim.exe] C:\WINDOWS\addim.exe

O4 - HKLM\..\RunOnce: [sysnq.exe] C:\WINDOWS\system32\sysnq.exe

O4 - HKLM\..\RunOnce: [sdkki32.exe] C:\WINDOWS\sdkki32.exe

O4 - HKLM\..\RunOnce: [addlo.exe] C:\WINDOWS\addlo.exe

O4 - HKLM\..\RunOnce: [netjj32.exe] C:\WINDOWS\netjj32.exe

O4 - HKLM\..\RunOnce: [winzm.exe] C:\WINDOWS\winzm.exe

O4 - Startup: ntuser.dat

O4 - Startup: ntuser.dat.LOG

O4 - Startup: ntuser.ini

O4 - Global Startup: NTUSER.DAT

O4 - Global Startup: NTUSER.DAT.LOG

O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7580.1759143519

O17 - HKLM\System\CCS\Services\Tcpip\..\{318CB4BC-2864-491B-8140-18C37794FA8A}: NameServer = 151.203.0.84 151.203.0.85

O17 - HKLM\System\CCS\Services\Tcpip\..\{6FEA58CC-72FF-45BB-A5D5-45499BA053CA}: NameServer = 10.118.1.1

 

PLEASE!!!

THANK YOU!!!

Share this post


Link to post
Share on other sites

Well, I hope you get an answer soon, be cause I have the same problem.

I'm new to this forum, and am having a hard time following.

Is there answer to this, and I'm not not seeing it?

Thanks

gtorbet

Share this post


Link to post
Share on other sites

jpm04

 

Well, I could tell that this solution is on the right track, but it's not quite the right solution for me.

First, while I have your basic user symptoms, on don't have the exact processes as describe in the solution. Maybe I have them under a different name, and am not technical enought to relate them.

 

I'm going to post my own case, which will look very simailar to your, and maybe somebody can guide me through my exact flavor of this solution.

 

And yes, you are correct, we how Rubber Ducky and other a debt of gratitude.

 

Thanks for your reply.

 

gtorbet

Share this post


Link to post
Share on other sites

gtorbet,

 

If you have #96676 bug, I would say that the solution I pointed you to will work. The exact processes running on your computer will be different from others. Mine were different from those shown in the solution. I wish I could guide you through the steps, as I know how badly you must want to kill that bug. Unfortunately I am just a newbie myself. I was fortunate to have an experience friend come over and help me. Try to post your own thread and hopefully one of the experts out there will be able to guide you. I am sorry I cannot be of direct help. Good luck.

 

jpm04

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0