Buffer Overrun Detected when starting Internet Explorer

[spk1973]

This is very similar to another thread on this forum, I understood the general steps involved in running HiJackThis but I don't know which files to fix/uninstall/delete and was hoping one of the good knowledgeable folks on this forum could shed some light.

Windows XP Home Edition Version 2002 Service Pack 3.
Complete text of alert:

Title: "Microsoft Visual C++ Runtime Library"

"Buffer overrun detected!
Program:C:\Program Files\Internet Explorer\iexplore.exe
A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated."

I have attached the HJT log file.
Any help much appreciated.
-Shawn

 

[raybay]

The log will not be fully helpful without a full description of the motherboard, memory, chipset, hard drive, video graphics card or port, etc.
The buffer overrun could be easily promolgated by the hardware and install.

 

[spk1973]

The log will not be fully helpful without a full description of the motherboard, memory, chipset, hard drive, video graphics card or port, etc.
The buffer overrun could be easily promolgated by the hardware and install.

I should also point out that Safari is installed and works without any problems, but this error seems consistent with other "quirks" with this PC that seem indicative of a virus/malware.

Compiled from SiSandra:

Processor
Model : Intel(R) Celeron(R) M processor 1.60GHz
Speed : 1.60GHz
Cores per Processor : 1 Unit(s)
Threads per Core : 1 Unit(s)
Type : Mobile
Internal Data Cache : 32kB, Synchronous, Write-Back, 8-way, 64 byte line size
L2 On-board Cache : 1MB, ECC, Synchronous, ATC, 4-way, 64 byte line size

System
System : TOSHIBA Satellite M45
Mainboard : ATI SB400
Bus(es) : X-Bus PCI IMB PCMCIA CardBus USB FireWire/1394 i2c/SMBus
Multi-Processor (MP) Support : No
Multi-Processor Advanced PIC (APIC) : Yes
System BIOS : Phoenix Technologies LTD 1.50
Total Memory : 448MB DDR SO-DIMM

Chipset
Model : Toshiba RS400/133 Host Bridge
Front Side Bus Speed : 4x 100MHz (400MHz)
Total Memory : 512MB DDR SO-DIMM
Shared Memory : 1GB
Memory Bus Speed : 2x 167MHz (334MHz)

Memory Module(s)
Memory Module : Samsung M4 70L6524CU0-CB3 512MB DDR PC2700U DDR-166 (2.5-3-3-7 2-10-0-0)

Video System
Adapter : ATI RADEON XPRESS 200M Series (64MB, PCI, PS2.0, VS2.0)

Storage Devices
HTS541080G9AT00 80GB (ATA100, 2.5", 5400rpm, 7MB Cache) : 75GB (C
MATSHITA DVD-RAM UJ-841S (ATA33, DVD+-RW, CD-RW, 2MB Cache) : N/A (D

Logical Storage Devices
SQ003920 (C : 74GB (NTFS) @ HTS541080G9AT00 80GB (ATA100, 2.5", 5400rpm, 7MB Cache)
CD-ROM/DVD (D : N/A @ MATSHITA DVD-RAM UJ-841S (ATA33, DVD+-RW, CD-RW, 2MB Cache)

Peripherals
LPC Hub Controller 1 : Toshiba IXP SB400 SMBus
LPC Hub Controller 2 : Toshiba IXP SB400 PCI-ISA Bridge
LPC Legacy Controller 1 : SMSC LPC v1
Audio Device : Toshiba IXP SB400 AC'97 Audio Controller
Serial Port(s) : 1
Disk Controller : Toshiba IXP SB400 IDE Controller
USB Controller 1 : Toshiba IXP SB400 OHCI USB Controller
USB Controller 2 : Toshiba IXP SB400 OHCI USB Controller
USB Controller 3 : Toshiba IXP SB400 EHCI USB 2.0 Controller
FireWire/1394 Controller 1 : Toshiba TSB43AB21 1394a-2000 OHCI PHY/link-layer Controller
CardBus/PCMCIA Controller 1 : TI PCI1410 PC Card CardBus Controller
System SMBus Controller 1 : AMD IXP SMBus

Printers and Faxes
Printer : PDF Printer Pilot (2400x2400, Colour)
Printer : Microsoft Office Document Image Writer Driver (300x300, Colour)
Fax : Microsoft Shared Fax Driver (200x200)
Printer : EPSON Stylus CX4200 Series (720x720, USB, Colour)
Printer : EPSON Stylus C88 Series (360x360, USB, Colour)

Network Services
Network Adapter : Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport (Ethernet, 54Mbps)
Network Adapter : Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
Wireless Adapter 1 : Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport (802.11g (ERP), WEP n-bit, 54Mbps)

Power Management
Mains (AC) Line Status : On-Line
Battery No 1 : 96%

Operating System(s)
Windows System : Microsoft Windows XP Home 5.01.2600 (Service Pack 3)
Platform Compliance : x86

 

[spk1973]

Just checking in to bump the thread. Anyone here who can offer any help with this?
Thanks.

 

[DelJo63]

first action is to get current with MS Update (yes there's hotfixes to SP3)

 

[spk1973]

first action is to get current with MS Update (yes there's hotfixes to SP3)

I apologize, I'm not quite sure what this means. Windows does not show any need for updates after checking to make sure it automatically checks for updates.
Please advise. Thanks so much.
In case anything has changed between the first post and this one ( this is my father-in-laws computer), I have attached a new(most recent) hijackthis log.
Thanks again.

 

[raybay]

I don't see the problem in that log.
The main problem is that you do not have nearly enough memory for what you are running. With that computer each memory slot can hold DDR2 PC2-5300 with a maximum of 1GB per slot, or a total of 2 GB. You have 512 MB in two 256 MB... which is not close to enough for what you have installed.
Also, I would go to www.microsoft.com, then search for Microsoft Update, then run updates in Custom mode to be sure you are missing nothing... do not depend on automatic updates to fix all...

 

[spk1973]

I don't see the problem in that log.
The main problem is that you do not have nearly enough memory for what you are running. With that computer each memory slot can hold DDR2 PC2-5300 with a maximum of 1GB per slot, or a total of 2 GB. You have 512 MB in two 256 MB... which is not close to enough for what you have installed.

I don't know how this can be. I have gone through his pc and removed all extraneous programs and large files. Admittedly, I know nothing about partitioning or anything like that so maybe the hard drive isn't formatted properly?
I will check the MS site for manual updating later this morning and report back. Thanks.

 

[DelJo63]

Admittedly, I know nothing about partitioning or anything like that so maybe the hard drive isn't formatted properly?
I will check the MS site for manual updating later this morning and report back. Thanks.

Not related at all. Buffer Overrun is a software coding error and
whichever program was active at the time of the error NEEDS AN UPDATE
(even if MS has yet to create it).

 

[mflynn]

Hi spk1973

Run HJT Scan only, Select and remove the below
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Boot to Safe Mode networking and see if the issue exists there!

Then back to normal and copy (don't change your original shortcut) an Internet explorer SHORTCUT then go into properties and add a space then -extoff to the end of the Target line.

Should look like this. "C:\Program Files\Internet Explorer\iexplore.exe" -extoff

This will run IE with all addons turned off. If no problem here then it is an addon that is the issue.

Mike

 

[spk1973]

Not related at all. Buffer Overrun is a software coding error and
whichever program was active at the time of the error NEEDS AN UPDATE
(even if MS has yet to create it).

In the most supreme irony, trying to visit update.microsoft.com when NOT using IE (the browser currently not working) will bring up a page with the following message:

"Thank you for your interest in obtaining updates from our site.
To use this site, you must be running Microsoft Internet Explorer 5 or later.
To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.
If you prefer to use a different web browser, you can obtain updates from the Microsoft Download Center or you can stay up to date with the latest critical and security updates by using Automatic Updates...."

I went to the download center but now I must choose which updates to install? I haven't the slightest idea. There is a malicious software update that I'll try but I don't know how I can be sure I'm completely up to date. Any help, again, greatly appreciated.
-Shawn

 

[mflynn]

When you report back on post #10 then there is a good chance we can fix that!

Mike

 

[DelJo63]

In the most supreme irony, trying to visit update.microsoft.com when NOT using IE (the browser currently not working) will bring up a page with the following message:

"Thank you for your interest in obtaining updates from our site.
To use this site, you must be running Microsoft Internet Explorer 5 or later.
To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

Oh yes! Although there is a tad of technicality, this is not just irony -- imo, foolishness and arrogance!

• Technicality: MS Update requires ActiveX to allow the install. This is not a true requirement, but an implementation detail (down load and then manual or a scheduled job to run an MSI package would work as well)
• foolishness and arrogance: Your situation highlights the issue well. If some other browser could be used, then you could repair IE or anything else that needed MS downloads.

btw: the C++ RTE can be obtained here

 

[spk1973]

Hi spk1973

Run HJT Scan only, Select and remove the below
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Boot to Safe Mode networking and see if the issue exists there!

Then back to normal and copy (don't change your original shortcut) an Internet explorer SHORTCUT then go into properties and add a space then -extoff to the end of the Target line.

Should look like this. "C:\Program Files\Internet Explorer\iexplore.exe" -extoff

This will run IE with all addons turned off. If no problem here then it is an addon that is the issue.

Mike

Mike,
Thanks for your input.
I did what you said, and ran IE and it worked with no addons. So, per you, the issue involves some addon.
How to go about finding out which one it is?
Thanks,
-Shawn

 

[mflynn]

No time to post now out to Dinner for a couple hours!

Mike

 

[spk1973]

Also, I can visit the MS update page with IE add-ons blocked, but cannot access updates due to add-ons being blocked. Cannot disable add-ons without quitting and opening non-add-on-blocked IE, which will not open due to Buffer Overrun.
Aaargh!

 

[mflynn]

OK do this!

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Flush DNS
Flush Icons
Reinstall BITS
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!

Reboot retest winupdate with regular IE not the noaddons one.

Mike

 

[spk1973]

OK do this!

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Flush DNS
Flush Icons
Reinstall BITS
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!

Reboot retest winupdate with regular IE not the noaddons one.

Mike

Hi Mike,
Did all the above, did not notice any unfound files or other errors.
Rebooted, but I'm not sure what you mean by retest winupdate with regular IE. I tried opening the IE shortcut (the one without addons) and it still won't open. Buffer overrun error again.
-Shawn

 

[mflynn]

Ok that usually does it.

So do the below..

Temp files can cause this so clean up deeply with these

CCleaner http://www.ccleaner.com/download/builds get the SLIM at bottom of screen.
Run CCleaner twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
-------------------------------------------
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html
Temp and Registry, repeatedly until no more found including FF and Opera (but here do not clear Passwords).
-------------------------------------------
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. Run Analyze and clean.
-------------------------------------------
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

After the above reboot and test for the Buffer Overrun. before continuing below but even if fixed I advise the below!

-------------------------------------------
Finally run SAS https://www.techspot.com/downloads/2695-superantispyware.html
I am recommending this for one of its repair tools, but go ahead and do a Malware scan and post the results (this will tell us if we have malware that could cause this issue). We may not need the tools from SAS if the other above works.

Mike

 

[raybay]

Fix the memory. 448 MB is inadequate for so many other operations with your setup and service packs.

Then follow the guide for a full Microsoft Update.

Then work on the other stuff, if needed.

First things first.

 

[raybay]

If you installed Internet Explorer 7 over an existing install of Internet Explorer 6.1, Use Add or Remove in the Control panel to remove Internet Explorer 7.
Then reboot and try your system without Internet Explorer 7...

Then if it works, reinstall Internet Explorer 7 after using CCleaner to clean, then Defragment, then a reboot.

 

[mflynn]

Ram will not fix a Buffer overflow!

And he can not access updates at this point. That is what we want to do fix the Buffer overflow then do the Windows Updates.

Mike

 

[spk1973]

Ok that usually does it.

So do the below..

Temp files can cause this so clean up deeply with these

CCleaner http://www.ccleaner.com/download/builds get the SLIM at bottom of screen.
Run CCleaner twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
-------------------------------------------
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html
Temp and Registry, repeatedly until no more found including FF and Opera (but here do not clear Passwords).
-------------------------------------------
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. Run Analyze and clean.
-------------------------------------------
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

After the above reboot and test for the Buffer Overrun. before continuing below but even if fixed I advise the below!

-------------------------------------------
Finally run SAS https://www.techspot.com/downloads/2695-superantispyware.html
I am recommending this for one of its repair tools, but go ahead and do a Malware scan and post the results (this will tell us if we have malware that could cause this issue). We may not need the tools from SAS if the other above works.

Mike

OK, so I did everything above, and there were 159 files detected by SAS. I've attached the scanner log. What next?
Thanks for your help so far. I think I might be getting to the problem slowly but surely.

 

[mflynn]

Ouch!

Not good! May not be all of problem but it is not logical to try and repair a System issue with Malware! We need to Clean the Malware first!

We may after cleaning need to reinstall IE7 as advised by Raybay but until we are clean we do not want to install anything except Malware cleaners, as it could be compromised as soon as installed.

You owe it to yourself to do the 8 Steps now! https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

With these exceptions!

1. You have already done CCleaner so skip that one.
2. You have already done SAS
3. Do nothing with Virus scanners or Firewalls yet.

Update SAS Scan again Quick scan this time click to remove the tracking cookies and attach another log.

Then get the HJT and MBAM installed run and logs attached!

Mike

 

[spk1973]

Ouch!

Not good! May not be all of problem but it is not logical to try and repair a System issue with Malware! We need to Clean the Malware first!

We may after cleaning need to reinstall IE7 as advised by Raybay but until we are clean we do not want to install anything except Malware cleaners, as it could be compromised as soon as installed.

You owe it to yourself to do the 8 Steps now! https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

With these exceptions!

1. You have already done CCleaner so skip that one.
2. You have already done SAS
3. Do nothing with Virus scanners or Firewalls yet.

Update SAS Scan again Quick scan this time click to remove the tracking cookies and attach another log.

Then get the HJT and MBAM installed run and logs attached!

Mike

Thanks, Mike. I quarantined/removed the bad files, but I'm gonna go through the steps you mentioned.
By the way IE WORKS!!!!!! YOOHOO!!! I have visited the update page and gotten critical updates and was working through the custom updates but it won't let me install this one:
Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86
Thanks so much for your (and raybay and joebeard's) help. I will post later today with the results from the 8 steps, HJT and MBAM logs attached. It's great that IE works but my end goal of all this is to clean this computer good. It certainly appears that I'm getting there.
Thanks again,
-Shawn