[shadowjack]

My neighbours pc has this problem, when trying to open IE, windows explorer, my computer etc, it gives buffer overrun error. Programs like kazaa, outlook and MSN seem to work normal. Updated to IE6 sp1, but that didnt help. OS is Windows 98. Here's the hijackthis log, any help would be greatly appreciated... TIA!

Logfile of HijackThis v1.99.1
Scan saved at 15:31:58, on 6-3-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\WINDOWS\SYSTEM\W98EJECT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.2\NHELPER.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LVCOMSX] c:\windows\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] c:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] c:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-ass...oolbar/tbie.asp (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\geop-kazemule\local.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab

[Advertisements]

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.2\NHELPER.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-ass...oolbar/tbie.asp (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\geop-kazemule\local.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab

Click on Fix Checked and exit HijackThis.

Post back a fresh HijackThis log and we'll take another look.

[coachwife6]

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.2\NHELPER.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-ass...oolbar/tbie.asp (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\geop-kazemule\local.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab

Click on Fix Checked and exit HijackThis.

Post back a fresh HijackThis log and we'll take another look.

[complog]

But suppose Hijack-This Cant open, due to the same error?

[coachwife6]

Is it not opening?

[shadowjack]

yeah hijackthis did open, thats how I got the log. removed entries as printed below me and all is running normal again. I got them in 24hoursupport.helpdesk since I never bet on 1 horse only.... thnx, my neighbour is happy again =]
Running processes:


>R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
>(no file)


>O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -
>C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.2\NHELPER.DLL


>O2 - BHO: MyWay Search Assistant BHO -
>{04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM
>FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)


>O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)


>O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe



>O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} -
>http://knowledge-ass...oolbar/tbie.asp (file missing)



>O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} -
>c:\geop-kazemule\local.htm


>O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) -
>http://cabs.roings.com/cabs/roing.cab

[coachwife6]

removed entries as printed below me and all is running normal again. I got them in 24hoursupport.helpdesk since I never bet on 1 horse only....

I'm not following.

[shadowjack]

I posted the same question in 24hoursupport.helpdesk newsgroup. someone there came up with the entries to delete. If I have a problem I try several ways to solve it, so I post in 2 or 3 forums.

thnx

[coachwife6]

I'm glad you solved your problem. But what you did creates an even larger problem for the people who volunteer their time. You were helped by more than one person, which solves your problem, but there are other people out there who don't get help because of it. Please look over our forums and see how many people are still waiting for assistance.

I hope in the future you consider that when you post in two or three forums.

I'm glad you got your problem resolved.

[shadowjack]

sorry for taking ppl's precious time, but in my experience in some forums it takes days or even weeks before you get some respond. anywayz, your help and effort is greatly appreciated....