stewartjacobs
asked on
I cannot open internet explorer a buffer overrun detected message appears
I cannot open explorer. Eaxh time I try to do this it comes up with Buffer overrun detected Program C:\Program Files|internet Explorer\IEEXPLORE.EXE The Microsoft Visula C++ Runtime Library note ads a buffer overrun has been detected which has corrupted the programs internal state. The program cannot safely continue execution and must now be terminated. I have reloaded ieexplore setup with out success.
If the spelling is correct you have an intruder.
It may be malware (keylogger), hijacker (code stealer) or others.
I hope you're running an updated Anti Virus software, but you may also want to try these online scanners:
Panda ActiveScan
http://www.pandasoftware.com/activescan
McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp
Symantec Security Check
http://security.symantec.com/sscv6/
Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp
PcPitstop
http://pcpitstop.com/antivirus/default.asp
RAV
http://www.ravantivirus.com/scan/
After that:
Download Ad-Aware from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).
Also excellent is SpyBot Search & Destroy available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).
You should also apply the "immunize" function, since it blocks roughly 1700 known 'bad' runs/apis/apps.
Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.
You can also install “preventive” software that will help you control these nasties:
SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Avoids malicious Active X installs.
Advantage: no system resources used!!!
Just download, install and UPDATE.
All of them extremely useful but you must keep them UPDATED.
Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.
Zee
like blue_zee said, check the program name CAREFULLY, internet explorer is IEXPLORE.exe NOT IEEXPLORE.exe
click on start/programs/accessories
in here click on running tasks, if you find IEEXPLORER.exe doesnt have Microsoft Corporation next to it, youre int TROUBLE.
do a search on ieexplorer.exe and delete it, also look in your startup folder for suspicious apps click on start/run and type msconfig.exe then click on startup tab and take note of the apps
click on start/programs/accessories
in here click on running tasks, if you find IEEXPLORER.exe doesnt have Microsoft Corporation next to it, youre int TROUBLE.
do a search on ieexplorer.exe and delete it, also look in your startup folder for suspicious apps click on start/run and type msconfig.exe then click on startup tab and take note of the apps
ASKER
Well have tried everything now bar reinstalling windows. My system was invaded by spyware but even after removing these and reloading IE application with files downloading from Microsoft over the original I get the Buffer overrun detected! warning when I try to open Explorer..where to know
Could you, please double check this name?
IEEXPLORE.EXE
IEEXPLORE.EXE
#
Author: stewartjacobs
Date: 08/01/2004 10:40PM WEST
View Source Question
Post a Reply to this feedback
thanks I am running spybot and will see what happens and also check the spelling if I still have he probelm. I am running avg anti virus on this machine with no errors reported.
Stewart,
Listening...
Zee
Author: stewartjacobs
Date: 08/01/2004 10:40PM WEST
View Source Question
Post a Reply to this feedback
thanks I am running spybot and will see what happens and also check the spelling if I still have he probelm. I am running avg anti virus on this machine with no errors reported.
Stewart,
Listening...
Zee
ASKER
No solution just yet..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Zee here is the Hijack log
Logfile of HijackThis v1.98.1
Scan saved at 20:37:16, on 08/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\HIDSERV.
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DAEMON.E
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
C:\WINDOWS\SYSTEM\IRMON.EX
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IM
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATH
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUS
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.E
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.E
C:\WINDOWS\SYSTEM\IBMBAYSN
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.10
C:\WINDOWS\PLAXO\2.0.2.3\I
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECT
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILP
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAG
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMF
C:\WINDOWS\SYSTEM\PSTORES.
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\HIJACKTHIS\HIJACKTHIS.E
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-4
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\de
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUs
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.e
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalContro
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] c:\Program Files\Logitech\ImageStudio
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0002.10
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\A
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADSe
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\I
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpic
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetect
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAG
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2
O16 - DPF: {68C5C43A-DF08-11D3-8120-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-3
O16 - DPF: {74FFE28D-2378-11D5-990C-0
O16 - DPF: {B9191F79-5613-4C76-AA2A-3
Logfile of HijackThis v1.98.1
Scan saved at 20:37:16, on 08/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\HIDSERV.
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DAEMON.E
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
C:\WINDOWS\SYSTEM\IRMON.EX
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IM
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATH
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUS
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.E
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.E
C:\WINDOWS\SYSTEM\IBMBAYSN
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.10
C:\WINDOWS\PLAXO\2.0.2.3\I
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECT
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILP
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAG
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMF
C:\WINDOWS\SYSTEM\PSTORES.
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\HIJACKTHIS\HIJACKTHIS.E
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-4
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\de
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUs
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.e
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalContro
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] c:\Program Files\Logitech\ImageStudio
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0002.10
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\A
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADSe
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\I
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpic
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetect
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAG
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2
O16 - DPF: {68C5C43A-DF08-11D3-8120-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-3
O16 - DPF: {74FFE28D-2378-11D5-990C-0
O16 - DPF: {B9191F79-5613-4C76-AA2A-3
First of all, 2 different Anti Virus running simultaneously is not good.
After that you should thin down your startup entries.
I will need some time to check the log, but will return.
Zee
You can fix these:
O16 - DPF: {68C5C43A-DF08-11D3-8120-0
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {B9191F79-5613-4C76-AA2A-3
But I believe trimming your sytem may be the solution.
Zee
ASKER
will do..I was surprised to see so many things running..is it possible to know the most recent entries as a clue to the probem..I will make the changes and come back soon..
ASKER
sorry Zee when you say fix what do you want me to do with those mentioned entries?
Tick them and click Fix selected.
Zee
ASKER
Hi Zee still suffering..how can I curtail some of these processes safely..or should I just abandon. I downloaded registry mechanic and it found quite a few "errors" but no resolution. Even when I tried to reinstall in SafeMode some time ago there was not enough memory...
Start > Run > type MSCONFIG and press enter.
Select the startup tab.
You can enable/disable startup items here.
If you are unsure of any file loading at startup, check this list:
http://www.kephyr.com/filedb/index/all.html
Some of the files will be related to software you installed. The best way to solve these problems is to configure the software not to load at startup or uninstall it from Add/Remove Programs.
Zee
ASKER
will do and get back thanks....phew
ASKER
Hi Zee no success really coming to the end of the line prior to re-install...
ASKER
Hi Zee
Here is the latest log of a "working" system. I'm not sure which of the removed items was the offending but I have exploerer back Thanks for your help.
Stewart
Logfile of HijackThis v1.98.1
Scan saved at 08:12:17, on 08/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\WINDOWS\SYSTEM\HIDSERV.
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IRMON.EX
C:\WINDOWS\SYSTEM\DAEMON.E
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IM
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUS
C:\WINDOWS\LOADQM.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATH
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.E
C:\WINDOWS\SYSTEM\IBMBAYSN
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\PLAXO\2.0.2.3\I
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECT
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAG
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILP
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMF
C:\HIJACKTHIS\HIJACKTHIS.E
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\de
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUs
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalContro
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\A
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\I
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpic
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetect
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAG
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-3
O16 - DPF: {74FFE28D-2378-11D5-990C-0
Here is the latest log of a "working" system. I'm not sure which of the removed items was the offending but I have exploerer back Thanks for your help.
Stewart
Logfile of HijackThis v1.98.1
Scan saved at 08:12:17, on 08/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\WINDOWS\SYSTEM\HIDSERV.
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IRMON.EX
C:\WINDOWS\SYSTEM\DAEMON.E
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IM
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUS
C:\WINDOWS\LOADQM.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATH
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.E
C:\WINDOWS\SYSTEM\IBMBAYSN
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\PLAXO\2.0.2.3\I
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECT
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAG
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILP
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMF
C:\HIJACKTHIS\HIJACKTHIS.E
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVI
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\de
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUs
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalContro
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\A
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\I
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpic
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetect
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAG
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-3
O16 - DPF: {74FFE28D-2378-11D5-990C-0
Hi,
Thanks.
You may be hit again...
Hope you manage to keep it clean.
:)
Zee
Could you, please double check this name?
IEEXPLORE.EXE
Are you sure you didn't mistype it?
Zee