IE no longer wants to launch

Status
Not open for further replies.
L

ladybird1881

Posts: 7   +0
There's not only a problem with my compueter, but I might have hammered my mother's as well. First mine.....
I think it occurs when I open up IE I get the following message:
"Visual C++ Runtime Library
Program: C:\WINDOWS|Explorer.EXE
A buffer overrun has been detected which has corrupted the program's internal state. the program cannot safely continue execution and must now be terminated"

If I then click OK it shuts down everything and all I am left with is my pretty desktop wall paper. If I don't I can go about my business but get constant pop-ups. I've run both Ad-Aware and Spybot and removed whatever they told me to. I've also been using Firefox, especially to use this site for much needed help. I found a thread about this "buffer overrun" message and dl'd HJT and a few other sites that thread suggested but wanted to get feedback from any, especiall RealBlackStuff who posted the info I've been following, to ensure I am taking the right steps......
Please help!!!!!
I will post about my mother's computer at a later time.
:( :( :( :(
 
Hello and welcome to TechSpot.

Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

If you decide to clean your system after reading the above thread, do the following.

Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

Regards :)

This thread is for the use of ladybird1881 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Combofix and HJT log

I've run all instructions up to 12 and I will continue in safe mode with the rest of them. Here are my Combofix and HJT logs up to this point.
 
Hi ladybird1881 and welcome to techspot. =)

The Combofix file that you posted is the wrong one. It should be ComboFix.txt, see if you can find it.

I do see something nasty in your logs; complete the instructions then post your logs together and I'll give you the instructions for cleaning at one go. Do post your AVG antispyware log in your next reply, as well as the results of the AVG anti-root kit scan.

Regards,
Your friendly momok =)

This thread is for the use of ladybird1881 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That's the correct ComboFix log, but please follow momok's instructions and post the AVG Anti-Spyware log and the AVG Anti-Rootkit results.

Regards :)

This thread is for the use of ladybird1881 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Sorry, I think you forgot to attach the files... ;)

Edit: never mind, I just saw your other thread.

Please post in that one only from now on.

Regards :)
 
Please copy and paste these instructions into a Notepad file and save it to your desktop. Then close your web browser and follow these instructions from Notepad.

Step 1:

Go into Control Panel->Add/Remove Programs and uninstall anything having to do with the following:

AWS
Seekerbar
PartyPoker
WeatherBug

Step 2:

Run HJT with no other programs open. Do a system scan.

Place a check in the box next to the following entries (if there):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [http]www.seekerbar.com/ie.aspx?tb_id=50154

O2 - BHO: (no name) - {586C8288-10E3-489C-AEEE-B1B60C53568C} - \

O2 - BHO: (no name) - {8ED08520-B05D-46EE-AE4F-3049A7FD1A07} - \

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1

O4 - HKCU\..\Run: [KovpRVj2V] qapl400.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Click the Fix Checked button. Close HJT.

Step 3:

Search your system for the following file and delete all instances found:

ALCXMNTR.EXE
qapl400.exe

Step 4:

Download the attached "Combofix-Do.txt" ( from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job.

Step 5:

Navigate to virusscan.jotti.org.

Enter the following into the text box at the top of the page.

C:\WINDOWS\system32\msxml3a.dll

Click the Submit button. Make note of the results.

Then do the same with C:\Program Files\TTC.dll

Please post both sets of results here.

Step 6:

All of the items in your AVG Anti-Spyware log say No Action taken. That's because you haven't set it to deal correctly with the results. You need to run AVG Anti-Spyware again and set it to apply the recommended action to all results. Pictorial instructions here.

Step 7:

Post your fresh AVG Anti-Spyware log after configuring it according to Step 6, as well as fresh HJT and ComboFix logs, into this thread. Also post here the results of the Jotti virus scan.

Regards :)

This thread is for the use of ladybird1881 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
ok here goes

How's this??
The first virusscan C:\WINDOWS\system32\msxml3a.dll
turned up "FOUND NOTHING" on all sites.
The second virusscan.jotti search (C:\Program Files\TTC.dll)
told me "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file."
There are two ComboFix logs attached, ComboFix 2 was created first (??). I think it was created yesterday and modified today (is this by your ComboFix-Do txt?) and ComboFix is the most recent scan, just about 10 minutes ago.
I hope this is right......
 
All looks good, except for two entries in your ComboFix log.

Download the attached "Combofix-Do.txt" ( from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job.

Regards :)

This thread is for the use of ladybird1881 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Posts merged. I'll let kitty take over here from now; seems like your almost done with the cleaning.

Regards,
Your friendly momok =)

This thread is for the use of ladybird1881 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

C
Facebook stubbornly refuses to load pictures
Replies
0
Views
1K
catc01
C
Cal Jeffrey
Vision Pro users are angry the device has no reset or recovery measures for password loss
Replies
7
Views
255
Cal Jeffrey
Cal Jeffrey
Z
Ubisoft is removing The Crew from libraries following shutdown, reigniting digital ownership debate
2
Replies
47
Views
409
ceasorlydell31
ceasorlydell31

Latest posts

Back