Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Shuts down Adaware freezes


  • Please log in to reply
28 replies to this topic

#16 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 03 November 2008 - 08:21 AM

Hello.

That is big enough.

First download the setup file for IE7 from here:
http://www.microsoft.com/windows/downloads/ie/getitnow.mspx
Make sure you choose the correct settings.

Transfer it to the problem computer. Run the installation.

Tell me what happens.

With Regards,
The Panda

BC AdBot (Login to Remove)

 


#17 magpercy

magpercy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 November 2008 - 10:31 AM

No changes
I still can't call up IE from ther start menu without the blue box telling me it encountered a problem - and the additional problem of the memory not being written
thanks!

#18 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 03 November 2008 - 11:45 AM

Hello.

A blue box? I'm not sure I get what that means. Doesn't sound like it's a standard windows error box is it?

Would it be possible to take a screenshot of it and tranfer it to the working computer? Then we can upload that for everyone to see the error.

With Regards,
The Panda

#19 magpercy

magpercy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 November 2008 - 12:39 PM

Its the same error message I have been getting all along :

"Internet Explorer has encountered a problem a needs to shut down. We are sorry for the inconvenience"

and on top of it another message pops up that says
iexplore.exe - Application Error
The instruction at "0x034a1ef4" referenced memory at "0x00000000". The memory could not be 'written'.
Click on OK to terminate the program
Click on CANCEL to debug

#20 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 03 November 2008 - 04:27 PM

Hello magpercy.

This problems are very difficult to diagnose.

Let's try uninstalling SP3. Refer to the article below:
http://support.microsoft.com/kb/950249

After, try reinstalling it. Since you cannot use Windows Updates, download the setup file here. It's quite large though.

With Regards,
The Panda

#21 magpercy

magpercy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 November 2008 - 06:45 PM

Hello Panda
I uninstalled SP3 and then was able to reinstall it
and STILL have problems!
Thank you

#22 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 04 November 2008 - 05:02 PM

Hello.

Let's see if there are any browser addons left..

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    set lineinquestion=nothing
    :dothebho
    IF exist tempreg123.txt del /q tempreg123.txt
    reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" | findstr /e "{........-....-....-....-............}">>tempreg123.txt
    ECHO __________ENDOFFILE_______>>tempreg123.txt
    findstr /n /v "dglaisdgflagdldgfa" tempreg123.txt>tempreg1234.txt
    IF exist tempreg123.txt del /q tempreg123.txt
    FOR /F "tokens=*" %%K IN ('findstr /e "__________ENDOFFILE_______" "tempreg1234.txt"') DO (set lastline=%%K)
    IF "%lastlinenumber%"=="1" ECHO No BHOs>>report.txt & goto skipBHO
    set lastlinenumber=%lastline:~0,1%
    ECHO _____________Browser Helper Objects______________>>Report.txt
    :findingbho
    set /a lastlinenumber=%lastlinenumber%-1
    IF %lastlinenumber%==0 goto skipbho
    FOR /F "tokens=*" %%L IN ('findstr /b "%lastlinenumber%:" "tempreg1234.txt"') DO (set lineinquestion=%%L)
    set lineinquestion=%lineinquestion:~-38%
    ECHO [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%lineinquestion%]>>Report.txt
    ECHO [HKEY_CLASSES_ROOT\CLSID\%lineinquestion%]>>Report.txt
    reg query "HKEY_CLASSES_ROOT\CLSID\%lineinquestion%"|findstr "<NO NAME>">>Report.txt
    ECHO [HKEY_CLASSES_ROOT\CLSID\%lineinquestion%\InprocServer32]>>report.txt
    reg query "HKEY_CLASSES_ROOT\CLSID\%lineinquestion%\InprocServer32"|findstr "<NO NAME>" >>report.txt
    ECHO.>>Report.txt
    goto findingbho
    :skipBHO
    del /q tempreg1234.txt>nul
    start notepad report
    exit
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input bhoquery.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Transfer the batch script to the problem computer.

Double click bhoquery.bat. You will see a black Command Prompt window open followed by a notepad with Report.txt.

Transfer the report file back to the working computer. Post back the contents of report.txt.

With Regards,
The Panda

Edited by PropagandaPanda, 04 November 2008 - 05:02 PM.


#23 magpercy

magpercy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 04 November 2008 - 05:40 PM

Thanks
Here's the report:

_____________Browser Helper Objects______________
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
<NO NAME> REG_SZ JQSIEStartDetectorImpl Class
[HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\InprocServer32]
<NO NAME> REG_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
<NO NAME> REG_SZ Java™ Plug-In 2 SSV Helper
[HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32]
<NO NAME> REG_SZ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
<NO NAME> REG_SZ Google Toolbar Helper
[HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
<NO NAME> REG_SZ c:\program files\google\googletoolbar1.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
<NO NAME> REG_SZ AVG Security Toolbar
[HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\InprocServer32]
<NO NAME> REG_SZ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_CLASSES_ROOT\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
<NO NAME> REG_SZ SSVHelper Class
[HKEY_CLASSES_ROOT\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32]
<NO NAME> REG_SZ C:\Program Files\Java\jre6\bin\ssv.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
[HKEY_CLASSES_ROOT\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}]
<NO NAME> REG_SZ DriveLetterAccess
[HKEY_CLASSES_ROOT\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}\InprocServer32]
<NO NAME> REG_SZ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
<NO NAME> REG_SZ AVG Safe Search
[HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\InprocServer32]
<NO NAME> REG_SZ C:\Program Files\AVG\AVG8\avgssie.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
<NO NAME> REG_SZ Adobe PDF Reader Link Helper
[HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32]
<NO NAME> REG_SZ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

#24 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 04 November 2008 - 07:21 PM

Hello.

This must be one of the stranges IE problems I've seen.

That IE shortcut that works, what site does it point to? Right click it, select Properties and tell me the Target/URL.

Does this error occur only when you visit certain sites?

With Regards,
The Panda

#25 magpercy

magpercy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 04 November 2008 - 07:30 PM

I agree = its bizarre
Its started a couple of months ago and we were able to get around it by just dragging the box that pops up off to the side - and we went on with our business. That doesn't work anymore.

I am able to get to IE through this website (below) and I can even get to bleepingcomputer from there - but if I try to go to microsoft.com or to my.yahoo.com from this shortcut - the box pops up - so I am limited in where I can go and what I can do on this computer.



http://webmail.east.cox.net/do/mail/messag...en-US&v=cox

#26 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 04 November 2008 - 07:50 PM

Hello magpercy.

Though this doesn't sound like a typical hijacking, I still want to rule out malware as the cause.

Download and Run OTScanIt
Download OTScanIt2 by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the "Scan all users" box.
  • Under the Additional Scans bar, click "Extras". Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.
---
Start a new topic in the Malware Removal forum and attach the log to that topic. Do not attach the log to this topic.

Post a link to the newly created topic here. I'll analyse the log when it's posted.

With Regards,
The Panda

Edited by PropagandaPanda, 04 November 2008 - 07:50 PM.


#27 magpercy

magpercy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 04 November 2008 - 08:06 PM

Panda
I was unable to upload it from that computer - the box popped up on me
but I copied it to a flash drive and added it to this:

http://www.bleepingcomputer.com/forums/t/178085/ie-explorer-shuts-down/

thanks!

#28 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 05 November 2008 - 08:11 PM

Hello.

Malware is not the cause. We've done a complete reinstall of IE and SP3.

Unfortunately, this is beyond my ability to diagnose. Please start a new topic in this forum. Include a link back to this topic and the topic in the Malware Removal forum.

With Regards,
The Panda

#29 magpercy

magpercy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 05 November 2008 - 10:41 PM

Thanks for trying... I guess I've stumped everyone
bummer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users