[Cyberspy]

When I open up add/remove programs, it lists around 50 differant programs that are installed, but when you click on 95% of them, there is no remove/uninstall button. I have been working on pc's for quite a while, and this is the first time I have come across this. Just trying a few of the previous posts, I downloaded and installed the program ADD/REMOVE Pro. This program is showing me the same as the windows add/remove program. ADD/REMOVE Pro is only showing that there are 12 programs installed (Its not showing all 50 programs).....This is very odd, I know it is spyware related (Ive been fighting this for 3 days now) I would be more than happy to upload some screen shots of what im looking at if anyone would like to see this. Im at my witts end.I have ran anti-virus tools, spyware, & adware tools. Also have ran the microsoft SFC program (which of course doesnt really fix anything.).On top of not being able to remove programs from add/remove programs, I also keep getting an error message that says "Microsoft Visual C Runtime Library""Buffer Overrun Detected!""Program C:WindowsExplorer.exe""A buffer overrun has been detected which has corrupted the programs internal state. The program cannot safely continue execution and must now be terminated."I have gone in renamed explorer.exe to explorer.bak hoping windows would automatically replace the explorer.exe file and fix itself (which of course, no go on that one either), I have also taken a copy of explorer.exe from another XP pro machine, and dropped it on to the machine that is having problems, and so far no go there either.And to finish this up, the programs ive ran to try and fix the above:Anti-virus: avastSpyware: adaware se , adaware pro, seach and destroyMisc: Add/Remove Pro , Windows recovery, SFC, Registry Mechanic, & System Mechanic Pro(Do not have system restore running, so I cant use that)Formatting is sounding awesome right about now! :) Thank you for any replys.

[rgreen4]

If this were my machine, I would take a spare/new drive install in the computer, install Windows, install anti-virus, install several anti-spywares, then hook up the problem drive and copy over all the data I wanted to keep. I would remove the corrupted drive, run all the scans to make sure the spare/new drive is functional.I would then remove the good drive, reinstall the bad drive and use the drive installation tools for that drive (Seatools for Seagate, etc) and reformat the drive using the drive tools. I use mostly Seagate drives, and the retail boxed version has Seatools on a bootable CD. For OEM drives (no box) if you don't have the tools on a CD you need to download the tools and burn a bootable CD. I am afraid the drive is so corrupted, that even if you were to get all the malware off, the damage to the OS and Programs would make it un-usable without reformatting and reinstalling windows.This is the precise reason I keep a cloned drive and store data separately from my programs. This can happen to any of us, even with the anti-malware programs and firewalls. If there is no data to recover, then Darn the Torpedos, Format away! But, keep in mind if you COA on this machine is OEM, you cannot install from an upgrade or full install disk using an OEM COA.

[Wainui]

Cyberspy,There is one other thing you could try - HiJackThis and you can download it {size:18px}Here[/size:258cfeed1f].If you have not used it before, when you run the program it will generate a log. Save the log and post it in this forum.We will examine the log and advise what to remove.

[rgreen4]

Add/Remove does not work. He would have to remove anything by just deleting.

[Wainui]

HiJackThis does the removing not Windows.

[Cyberspy]

I have used hijackthis before. I forgot to add it to the list of things ive tried, but I will be glad to post the log file to see if im missing anything. I'm having a problem though, this forum will not let me post the log file until I have been a member for 1 day for some reason. So, hopefully either tonight or tomorrow morning, I will be able to post it. I keep getting an error about new members can not post anything with u r l 's in it. (im spacing it out cause for whatever reason, it gave me that error again just a few minutes ago, when I had it all together)

[Cyberspy]

RGREEN4: I must ask though, after reading your comment, even if I ghost the drive that is having problems, and load the backup onto another drive, and continue on with the whole process. Just curious, how would this fix it? Im only asking because I think I was just a little bit confused on all the steps. If from what I interperted from what I was reading, wouldnt I just be moving the problem from one drive to the other and back again? (what ever is wrong with this copy, I cant get anti-virus software to pick it up.) Which, I also need to add to the list of programs I have tired "Dr. Web Anti-Virus First Aid", ran this program, it found a few bugs, but still was unable to correct the problem. I know the buffer over flow has got to be related to spyware effecting explorer.exe some how, any steps on how to completely repair windows (with out loosing all dada) would be awesome, but next to that, the add/remove programs, I keep thinking is a glitch in the registry. Looking through the add/remove programs again, every program I installed for the last 4 days has a remove button next to it, everything before 4 days, has the lovely windows "this progam is used occasionaly" or "used rarely" or that other really usless stuff, but there are no remove/uninstall buttons with them. I keep thinking this has got to be a registry glitch. (but then again, its very weird that add/remove programs shows 50+ programs installed, but every other 3rd party add/remove program only shows 12, and the 12 that they all show, are the programs that were installed in the last 4 days) None of the programs from before 4 days ago show up in the 3rd party add/remove programs...and to verify that the programs that were installed before 4 days ago, they are still installed on the machine, and work perfectly.

[smax013]

[quote name='Cyberspy']RGREEN4:> > > > I must ask though, after reading your comment, even if I ghost the drive that is having problems, and load the backup onto another drive, and continue on with the whole process. Just curious, how would this fix it? Im only asking because I think I was just a little bit confused on all the steps. If from what I interperted from what I was reading, wouldnt I just be moving the problem from one drive to the other and back again? (what ever is wrong with this copy, I cant get anti-virus software to pick it up.) Which, I also need to add to the list of programs I have tired "Dr. Web Anti-Virus First Aid", ran this program, it found a few bugs, but still was unable to correct the problem. I know the buffer over flow has got to be related to spyware effecting explorer.exe some how, any steps on how to completely repair windows (with out loosing all dada) would be awesome, but next to that, the add/remove programs, I keep thinking is a glitch in the registry. Looking through the add/remove programs again, every program I installed for the last 4 days has a remove button next to it, everything before 4 days, has the lovely windows "this progam is used occasionaly" or "used rarely" or that other really usless stuff, but there are no remove/uninstall buttons with them. I keep thinking this has got to be a registry glitch. (but then again, its very weird that add/remove programs shows 50+ programs installed, but every other 3rd party add/remove program only shows 12, and the 12 that they all show, are the programs that were installed in the last 4 days) None of the programs from before 4 days ago show up in the 3rd party add/remove programs...and to verify that the programs that were installed before 4 days ago, they are still installed on the machine, and work perfectly.Just to toss a thought out there...do you have multiple user accounts setup on this computer? Is it possible that the software that does not show up as being able to be removed was installed by another user account and thus you don't have the privaledges to remove them from that account? Is the account you are user an adminsitrator account?I don't know if that will result in anything or not, but thought I would toss it out there and see if it "stuck to the wall", so to speak.

[Wainui]

Just Copy and Paste your log here. Dont worry about any URL, Img or anything else.

[SpiritWind]

{size:18px}[/size]:D Hi Cyberspy : Best to start with using some good & FREE programs; Ad-Aware is no longer a top antiSPYWARE program . Assuming you have Win XP OS, the Malware-fighting Experts on many Support Forums recommend : 1) FREE Ver of SUPERAntiSpyware from www.superantispyware.com 2) "Trial" Ver of AVG Anti-Spyware, best downloaded from www.ewido.net ; since the Trial ver has "real-time" protection as your Ad-Aware Pro ( did not protect very well , did it !? ) , should IMMEDIATELY after installation, turn "off" its "Resident Shield" . Sometimes the "Uninstaller" for a program is in its Listing in "All Programs", not in Control Panel's "Add or Remove Programs" . IF you have been getting Popup "alerts" concerning "spyware", then I recommend you try the FREE "Rogue Remover", available at www.malwarebytes.org/rogueremover.php ; this is assuming you have an "unzipping" utility .

[Cyberspy]

alrighty, to start with, no, I do not have mutli user accounts. Actually just have 1 account. (well 2 if you count the safemode administrator account.)2nd, as for posting the Hijackthis log file, I would be more than happy to post it, but every time I copy and paste the log file and hit "submit" here in the forum, It gives an error saying I am unable to post anything with a u r l in it because im a new user. (there are not web addresses in the log file, so I dont know why it keeps telling me that) but because of that issue, I cant post the hijackthis log file till tonight (then I will been a user for 24 hours) =Dand as for the the post just before this one, I think the name was spirit something, im currently downloading and installing the programs you had listed, so I will post a reply as soon as I get results. and once again, thank you to everyone.

[hissy100]

Just get the names of the programs and go to their folders in program files and search for a uninstall program if there isn't one just delete the folder.

[Cyberspy]

Alrighty, well here is where im at now. Spiritwind: I have installed and ran all the programs you have listed with the exception of AVG. (I have used avg before and I really had alot of problems with their software.) But, I did install the superantispyware & Rogue Remover. I must say, both of those are excellant programs. First off, after running Super Anti Spyware, it did find 4 bugs, each containing 5 files (20 in all), after having to go into safe mode to re-run the scan, it was able to delete all of the infections. So far, the explorer.exe buffer overrun has not happened since I have been back in normal mode. This is great!! If anyone else is having the same problem that im having, deffinitly try the Super Anti Spy Ware program. As for the Rogue Remover, I did use it, but it didnt find any files that were infected (but then again, I did run it after I ran the superanti...)Anyways, so at this point, i would say that issue has been solved. (I hope.)Alrighty, the next issue I was having, with the add/remove programs. This one isnt fixed yet, and im still trying to figure this one out. I noticed someone posted saying just goto program files and delete the programs manually. The programs that Im trying to delete are not regualar programs that I just installed...these are programs that were 3rd party installed. (well a few of them). Anyways, I have taken screenshots and uploaded them to my web server, so if anyone is interested, they can see what Im looking at. Also, at the request of adding the Hijackthis log file, since I am unable to post it in this forum, I have gone ahead and uploaded it to my server as well so it can be viewed in internet explorer (everything is server side, so no one needs to download anything, it should just show up in your browsers when you click the link.)Hopefully these links will work.http://tbcclan.com/screenshots/1.jpghttp://tbcclan.com/screenshots/2.jpghttp://tbcclan.com/screenshots/3.jpghttp://tbcclan.com/screenshots/4.jpghttp://tbcclan.com/screenshots/hijackthis.txt

[smax013]

[quote name='Cyberspy']Alrighty, well here is where im at now. > > > > Spiritwind: I have installed and ran all the programs you have listed with the exception of AVG. (I have used avg before and I really had alot of problems with their software.) But, I did install the superantispyware & Rogue Remover. I must say, both of those are excellant programs. First off, after running Super Anti Spyware, it did find 4 bugs, each containing 5 files (20 in all), after having to go into safe mode to re-run the scan, it was able to delete all of the infections. So far, the explorer.exe buffer overrun has not happened since I have been back in normal mode. This is great!! If anyone else is having the same problem that im having, deffinitly try the Super Anti Spy Ware program. As for the Rogue Remover, I did use it, but it didnt find any files that were infected (but then again, I did run it after I ran the superanti...)Anyways, so at this point, i would say that issue has been solved. (I hope.)> > > > Alrighty, the next issue I was having, with the add/remove programs. This one isnt fixed yet, and im still trying to figure this one out. I noticed someone posted saying just goto program files and delete the programs manually. The programs that Im trying to delete are not regualar programs that I just installed...these are programs that were 3rd party installed. (well a few of them). Anyways, I have taken screenshots and uploaded them to my web server, so if anyone is interested, they can see what Im looking at. Also, at the request of adding the Hijackthis log file, since I am unable to post it in this forum, I have gone ahead and uploaded it to my server as well so it can be viewed in internet explorer (everything is server side, so no one needs to download anything, it should just show up in your browsers when you click the link.)> > > > Hopefully these links will work.> > > > http://tbcclan.com/screenshots/1.jpg> > http://tbcclan.com/screenshots/2.jpg> > http://tbcclan.com/screenshots/3.jpg> > http://tbcclan.com/screenshots/4.jpg> > http://tbcclan.com/s...jackthis.txtThe item highlighted in the first screen shot appears to be some HP software that is used with their printers. Do you have an HP printer?The item highlighted in the second screen shot is Google Toolbar. There appears to be a Remove button in the screenshot. Does it not remove it?I had no luck with the other two, but I suspect the last one is also related to the HP printer software. If you have an HP printer, is it an All-in-One printer?I suspect the third one is also printer related. It could be for some of the software that HP loaded if you have an HP printer. Maybe some of their application software.

[Cyberspy]

I apologize, the ones that I selected were just random selects. I was just highlighting differant ones to show what it looks like on the right hand side.

[Spart]

I use Kaspersky Internet Security. It has a great firewall and and an anti virus system 10x better than AVG. When I installed Kaspersky It caught things AVG and Nod32 missed including 3 trojans. You can LEGALLY get free 3-month keys for it as well. Heres the link to the site where you get the free keys.THESE ARE STRAIGHT FROM KASPERSKY LABS!!!!!http://62.134.200.252/cobi/relicense.phpJust put your email in and click the button.DL the software here. I used Internet Security 7http://www.kaspersky.com/

[Wainui]

Cyberspy,OK, I managed to have a look at your HiJackThis log and you have a few "Bugs" Run HiJackThis and put a check beside each of the entries listed below,then using HiJackThis delete them.Restart your computer.Run HiJackThis again. Post a new log here. That HiJackthis.txt was OK.[?] - C:Program FilesDeskperienceWeb ReplayWebReplay.exe[?] - O4 - HKCU..Run: [WebReplayAutoRun] C:Program FilesDeskperienceWeb ReplayWebReplay.exe[?] - O9 - Extra button: Web Replay - {3401B8CC-95A4-4dbe-B73F-00E2D23F2B73} - C:Program FilesDeskperienceWeb ReplayShowToolbar.dll[X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dll[X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dll[X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dll[X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dll[X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifw_xfilter.dll[?] - O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaser...diaControl5.cab

[SpiritWind]

{size:18px}[/size]:D Hi Cyberspy : Those numerous 010 Entries in your HijackThis log MAY be a serious problem, requiring the use of a program called "LSPFix". However, it would be best IF you Posted a HijackThis Log on a Forum staffed by experienced, trained, certified by the Alliance of Security Analysis Professionals, volunteer Malware Experts and I recommend the "Spyware Beware" Forums at http://forums.maddoktor2.com/index.php .

[Cyberspy]

(These are all part of a program I use called Web replay)[?] - C:Program FilesDeskperienceWeb ReplayWebReplay.exe [?] - O4 - HKCU..Run: [WebReplayAutoRun] C:Program FilesDeskperienceWeb ReplayWebReplay.exe [?] - O9 - Extra button: Web Replay - {3401B8CC-95A4-4dbe-B73F-00E2D 23F2B73} - C:Program FilesDeskperienceWeb ReplayShowToolbar.dll (part of System Mechanic Professional (avail @ iolo.com) (which Im actually going to remove this entry because I uninstalled the actual firewall)[X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifw xfilter.dll [X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifw xfilter.dll [X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifw xfilter.dll [X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifw xfilter.dll [X] - O10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifw _xfilter.dll Umedia is a server I mess around with to steam live audio to a website[?] - O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1 D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bi n/UMediaControl5.cab

[TeMerc]

As pointed out by Spirit, using HJT to remove those 010 entries is a no-no, likely the Net connection will be broken.LSPFix is indeed the way to go.I suggest you also run Vundo Fix as well, based on the 020 file.Please download {color:blue}VundoFix.exe{color} to your desktop.[list]Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.