IE Buffer Overrun Detected

Visual C++ Error - Buffer Overrun Detected!

I have had no success getting rid of this error message. When you open IE, the error is generated. If you immediately open IE again, it works fine. After about 5 minutes, when you open IE again, the error message reappears.

I noticed that on a couple of WinXP SP installs, I got error messages saying they could not install properly (although the installation continued and MS reported that the SP was sucessfully installed).

The following is a log of HJT. Any help would be appreciated!!!!

Logfile of HijackThis v1.99.1
Scan saved at 6:55:38 PM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\HOTSAUCE\Dyndns\DynDNS.exe
C:\HOTSAUCE\evs\HS EVS.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\nvsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Rar$EX00.219\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=192.168.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [DynDNS Updater] "C:\HOTSAUCE\Dyndns\DynDNS.exe"
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection
Manager\CManager.exe
O4 - Global Startup: HS EVS.exe.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\dellaxim\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8EDAF1B-A777-4E73-ACCF-73429ACCCBC8}:
NameServer = 192.168.0.1,205.152.37.23
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} -
C:\WINDOWS\System32\msdhmd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASAPIDriver (asapi) - Unknown owner - C:\WINDOWS\system32\sd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NvidiaDriver (Nvidianc) - Unknown owner -
C:\WINDOWS\system32\sd.exe
O23 - Service: NidiaManager (Nvidianc2) - Unknown owner -
C:\WINDOWS\system32\sd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner -
C:\WINDOWS\nvsvc.exe" /service (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program
Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

GTJack

Newbie Poster

7 posts since Jul 2006

Reputation Points: 10

Solved Threads: 0

5 Years Ago

This log looks a little lacking. Did you do it in safe mode?
First move HJT to a permanent folder such as C:\HJT or something similar. Run HJT and check the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} -
C:\WINDOWS\System32\msdhmd.dll
Close all other windows and click fix checked.

Do you know what this is.
Internet Assigned Numbers Authority

Do you live in California?

Now go to Jotti's and upload and scan the following file.
C:\WINDOWS\system32\sd.exe
Post the results in you next log.

Please download and install ewido anti-spyware tool Close all other Applications Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
This in very important to get updates
When updating has finished. Close Ewido.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see the following site: HERE

You MUST manage to get into Safe Mode for the fix to work.
Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!Open Ewido
Click on scanner top of Ewido sceen
Click on Settings
Under How to Act click on Recommended Action choose Quarantine
Under How to scan all boxes should be selected
Under Possibly unwanted software all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file
Click On scan Tab
Click on Complete system scan
Let the program scan the machine It can take awhile give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido
Now while still in safe mode delete the following file if present.
C:\WINDOWS\System32\msdhmd.dll

Reboot back to normal and post a new HJT log, the Ewido log, and the Jotti's results.
Still having problems?

BTW Firefox is a much better browser than IE so i recommend using that instead.

kylethedarkn

A.K.A. The Laughing Man

Team Colleague

628 posts since May 2006

Reputation Points: 55

Solved Threads: 39

This article has been dead for over three months

You