Solved

I cannot open internet explorer a buffer overrun detected message appears

Posted on 2004-08-01
20
3,211 Views
Last Modified: 2013-12-28
I cannot open explorer. Eaxh time I try to do this it comes up with  Buffer overrun detected Program C:\Program Files|internet Explorer\IEEXPLORE.EXE  The Microsoft Visula C++ Runtime Library note  ads a buffer overrun has been detected which has corrupted the programs internal state. The program cannot safely continue execution and must now be terminated. I have reloaded ieexplore setup with out success.
0
Comment
Question by:stewartjacobs
  • 10
  • 9
20 Comments
 
LVL 29

Expert Comment

by:blue_zee
ID: 11689485

Could you, please double check this name?

IEEXPLORE.EXE

Are you sure you didn't mistype it?

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11689507

If the spelling is correct you have an intruder.

It may be malware (keylogger), hijacker (code stealer) or others.

I hope you're running an updated Anti Virus software, but you may also want to try these online scanners:


Panda ActiveScan
http://www.pandasoftware.com/activescan

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp

Symantec Security Check
http://security.symantec.com/sscv6/

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp

PcPitstop
http://pcpitstop.com/antivirus/default.asp

RAV
http://www.ravantivirus.com/scan/

After that:

Download Ad-Aware from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).

Also excellent is SpyBot Search & Destroy available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).
You should also apply the "immunize" function, since it blocks roughly 1700 known 'bad' runs/apis/apps.

Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.

You can also install “preventive” software that will help you control these nasties:

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Avoids malicious Active X installs.
Advantage: no system resources used!!!
Just download, install and UPDATE.

All of them extremely useful but you must keep them UPDATED.

Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.

Zee
0
 
LVL 3

Expert Comment

by:JohnnyAffa
ID: 11692344
like blue_zee said, check the program name CAREFULLY, internet explorer is IEXPLORE.exe NOT IEEXPLORE.exe

click on start/programs/accessories/system tools/system information

in here click on running tasks, if you find IEEXPLORER.exe doesnt have Microsoft Corporation next to it, youre int TROUBLE.

do a search on ieexplorer.exe and delete it, also look in your startup folder for suspicious apps  click on start/run and type msconfig.exe  then click on startup tab and take note of the apps
0
 

Author Comment

by:stewartjacobs
ID: 11697735
Well have tried everything now bar reinstalling windows. My system was invaded by spyware but even after removing these and reloading IE application with files downloading from Microsoft over the original I get the Buffer overrun detected! warning when I try to open Explorer..where to know
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11698324
Could you, please double check this name?

IEEXPLORE.EXE
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11709759
#
Author: stewartjacobs
Date: 08/01/2004 10:40PM WEST
View Source Question
Post a Reply to this feedback
thanks I am running spybot and will see what happens and also check the spelling if I still have he probelm. I am running avg anti virus on this machine with no errors reported.

Stewart,

Listening...

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11709854
No solution just yet..
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 400 total points
ID: 11709891

OK.

Then, please download HijackThis, scan and save the log.

Post that log here.

HJT can be obtained here:

http://aumha.org/downloads/hijackthis.zip

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11719933
Zee here is the Hijack log

Logfile of HijackThis v1.98.1
Scan saved at 20:37:16, on 08/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2COMM.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2TRAY.EXE
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\PLAXO\2.0.2.3\INSTALLSTUB.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILPROXYSERVER.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMFILTERENGINE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-GB\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -logon
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] c:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -service
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\InstallStub.exe -a
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {68C5C43A-DF08-11D3-8120-0050042F9A68} (Netcon3 Control) - file://C:\CHDIRTRY\netcon3.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ukmeeting.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11720685

First of all, 2 different Anti Virus running simultaneously is not good.

After that you should thin down your startup entries.

I will need some time to check the log, but will return.

Zee
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 29

Expert Comment

by:blue_zee
ID: 11721067

You can fix these:

O16 - DPF: {68C5C43A-DF08-11D3-8120-0050042F9A68} (Netcon3 Control) - file://C:\CHDIRTRY\netcon3.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ukmeeting.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

But I believe trimming your sytem may be the solution.

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11725362
will do..I was surprised to see so many things running..is it possible to know the most recent entries as a clue to the probem..I will make the changes and come back soon..
0
 

Author Comment

by:stewartjacobs
ID: 11725376
sorry Zee when you say fix what do you want me to do with those mentioned entries?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11728341

Tick them and click Fix selected.

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11735263
Hi Zee still suffering..how can I curtail some of these processes safely..or should I just abandon. I downloaded registry mechanic and it found quite a few "errors" but no resolution. Even when I tried to reinstall in SafeMode some time ago there was not enough memory...
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11736129

Start > Run > type MSCONFIG and press enter.

Select the startup tab.

You can enable/disable startup items here.

If you are unsure of any file loading at startup, check this list:

http://www.kephyr.com/filedb/index/all.html

Some of the files will be related to software you installed. The best way to solve these problems is to configure the software not to load at startup or uninstall it from Add/Remove Programs.

Zee
0
 

Author Comment

by:stewartjacobs
ID: 11738949
will do and get back thanks....phew
0
 

Author Comment

by:stewartjacobs
ID: 11750612
Hi Zee no success really coming to the end of the line prior to re-install...
0
 

Author Comment

by:stewartjacobs
ID: 11760079
Hi Zee

Here is the latest log of a "working" system. I'm not sure which of the removed items was the offending but I have exploerer back  Thanks for your help.
Stewart

Logfile of HijackThis v1.98.1
Scan saved at 08:12:17, on 08/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2COMM.EXE
C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2TRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\THINKPAD\TP98.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\THINKPAD\TPONSCR.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\PLAXO\2.0.2.3\INSTALLSTUB.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILPROXYSERVER.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMFILTERENGINE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LTWinModem3] ltmsg.exe 7
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -logon
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [GoToMyPC] C:\PROGRAM FILES\EXPERTCITY\GOTOMYPC\G2SVC.EXE -service
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.2.3\InstallStub.exe -a
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Live Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: eFax.com Tray Menu.lnk = C:\WINDOWS\SYSTEM\hotres32.dll
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab

0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11773256

Hi,

Thanks.

You may be hit again...

Hope you manage to keep it clean.
:)

Zee
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now