Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

I cannot open internet explorer a buffer overrun detected message appears

Posted on 2004-08-01
20
Medium Priority
?
3,242 Views
Last Modified: 2013-12-28
I cannot open explorer. Eaxh time I try to do this it comes up with  Buffer overrun detected Program C:\Program Files|internet Explorer\IEEXPLORE.EXE  The Microsoft Visula C++ Runtime Library note  ads a buffer overrun has been detected which has corrupted the programs internal state. The program cannot safely continue execution and must now be terminated. I have reloaded ieexplore setup with out success.
0
Comment
Question by:stewartjacobs
  • 10
  • 9
20 Comments
 
LVL 29

Expert Comment

by:blue_zee
ID: 11689485

Could you, please double check this name?

IEEXPLORE.EXE

Are you sure you didn't mistype it?

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11689507

If the spelling is correct you have an intruder.

It may be malware (keylogger), hijacker (code stealer) or others.

I hope you're running an updated Anti Virus software, but you may also want to try these online scanners:


Panda ActiveScan
http://www.pandasoftware.com/activescan

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp 

Symantec Security Check
http://security.symantec.com/sscv6/ 

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp 

PcPitstop
http://pcpitstop.com/antivirus/default.asp 

RAV
http://www.ravantivirus.com/scan/

After that:

Download Ad-Aware from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).

Also excellent is SpyBot Search & Destroy available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).
You should also apply the "immunize" function, since it blocks roughly 1700 known 'bad' runs/apis/apps.

Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.

You can also install “preventive” software that will help you control these nasties:

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Avoids malicious Active X installs.
Advantage: no system resources used!!!
Just download, install and UPDATE.

All of them extremely useful but you must keep them UPDATED.

Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.

Zee
0
 
LVL 3

Expert Comment

by:JohnnyAffa
ID: 11692344
like blue_zee said, check the program name CAREFULLY, internet explorer is IEXPLORE.exe NOT IEEXPLORE.exe

click on start/programs/accessories/system tools/system information

in here click on running tasks, if you find IEEXPLORER.exe doesnt have Microsoft Corporation next to it, youre int TROUBLE.

do a search on ieexplorer.exe and delete it, also look in your startup folder for suspicious apps  click on start/run and type msconfig.exe  then click on startup tab and take note of the apps
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:stewartjacobs
ID: 11697735
Well have tried everything now bar reinstalling windows. My system was invaded by spyware but even after removing these and reloading IE application with files downloading from Microsoft over the original I get the Buffer overrun detected! warning when I try to open Explorer..where to know
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11698324
Could you, please double check this name?

IEEXPLORE.EXE
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11709759
#
Author: stewartjacobs
Date: 08/01/2004 10:40PM WEST
View Source Question
Post a Reply to this feedback
thanks I am running spybot and will see what happens and also check the spelling if I still have he probelm. I am running avg anti virus on this machine with no errors reported.

Stewart,

Listening...

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11709854
No solution just yet..
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 1600 total points
ID: 11709891

OK.

Then, please download HijackThis, scan and save the log.

Post that log here.

HJT can be obtained here:

http://aumha.org/downloads/hijackthis.zip

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11719933
Zee here is the Hijack log

Logfile of HijackThis v1.98.1
Scan saved at 20:37:16, on 08/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2COMM.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2TRAY.EXE
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\PLAXO\2.0.2.3\INSTALLSTUB.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILPROXYSERVER.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMFILTERENGINE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-GB\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -logon
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] c:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -service
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\InstallStub.exe -a
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {68C5C43A-DF08-11D3-8120-0050042F9A68} (Netcon3 Control) - file://C:\CHDIRTRY\netcon3.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ukmeeting.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11720685

First of all, 2 different Anti Virus running simultaneously is not good.

After that you should thin down your startup entries.

I will need some time to check the log, but will return.

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11721067

You can fix these:

O16 - DPF: {68C5C43A-DF08-11D3-8120-0050042F9A68} (Netcon3 Control) - file://C:\CHDIRTRY\netcon3.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ukmeeting.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

But I believe trimming your sytem may be the solution.

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11725362
will do..I was surprised to see so many things running..is it possible to know the most recent entries as a clue to the probem..I will make the changes and come back soon..
0
 

Author Comment

by:stewartjacobs
ID: 11725376
sorry Zee when you say fix what do you want me to do with those mentioned entries?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11728341

Tick them and click Fix selected.

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11735263
Hi Zee still suffering..how can I curtail some of these processes safely..or should I just abandon. I downloaded registry mechanic and it found quite a few "errors" but no resolution. Even when I tried to reinstall in SafeMode some time ago there was not enough memory...
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11736129

Start > Run > type MSCONFIG and press enter.

Select the startup tab.

You can enable/disable startup items here.

If you are unsure of any file loading at startup, check this list:

http://www.kephyr.com/filedb/index/all.html

Some of the files will be related to software you installed. The best way to solve these problems is to configure the software not to load at startup or uninstall it from Add/Remove Programs.

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11738949
will do and get back thanks....phew
0
 

Author Comment

by:stewartjacobs
ID: 11750612
Hi Zee no success really coming to the end of the line prior to re-install...
0
 

Author Comment

by:stewartjacobs
ID: 11760079
Hi Zee

Here is the latest log of a "working" system. I'm not sure which of the removed items was the offending but I have exploerer back  Thanks for your help.
Stewart

Logfile of HijackThis v1.98.1
Scan saved at 08:12:17, on 08/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2COMM.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2TRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\PLAXO\2.0.2.3\INSTALLSTUB.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILPROXYSERVER.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMFILTERENGINE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -logon
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -service
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\InstallStub.exe -a
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab

0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11773256

Hi,

Thanks.

You may be hit again...

Hope you manage to keep it clean.
:)

Zee
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question