problem with Internet Explorer

Hubby has been having a problem with his computer.. whenever he opens Internet Explorer it tries to load but then comes up with an error that says:

Internet Explorer has encountered a problem and needs to close...then we clikck on dont send and it comes up with another box that says:
iexplore.exe - Application Error The instruction at "0x00e638ae" referenced memory at "0x00f79e0". The memory could not be "read".
Click ok to terminate
Click cancel to debug

But if he opens IE and immediately clicks the page while its loading it will come up fine.

He said he has been having this problem for about 2 weeks now.

We thought it might be some kinda virus or something so we did the REad and Run Me First stuff. I have attached the logs.. could not get the newest spybot to run so used version 1.4.. also when running the avg spyware steps.. i changed the report setting to make a report always.. but there are no reports showing up on the report page.

Thanks in advance for the help!

 

It looks like you had McAfee at one time, is this true? Did you uninstall it completely?
McAfee came preinstalled on the computer, never used it.. have always used avg. I did run the McAfee removal tool I found somewhere on majorgeeks.

Deleted the Viewpoint folder. Can you tell me what it was?

And tell me what these two are (if you don't know - remove them):
C:\Documents and Settings\All Users\Desktop\2736331.lnk
C:\Documents and Settings\All Users\Desktop\8739600.lnk
These are dial up connection shortcuts. Have had them since before I got dsl.. should be totally safe.

Uninstalled Java 2 Runtime Environment, SE v1.4.2


Starting the MGTools steps now...

 

Use windows explorer to find and delete:
C:\WINDOWS\addins\kbwms.dll

Could not find this to delete it.. have attached a screenshot of my addins folder.. if you notice the file names are backwards smwbk instead of kbwms... are these ok?

attached is the new logs and the screenshot

Thanks so much for your help Tim

no screenshot .. upload says its too big and i dont know how to make it smaller

 

ok.. took another screenshot saved it as a jpeg.. hope this one works

Could not find this, I looked for it in exporer and also did a search for it neither way could i find it.
c:\PROGRA~1\mcafee.com

ran the fixme.reg

 

srmjdm!
It's not uncommon for malware to do that - use file names backwards and forwards.
The backwards ones are certainly related to the forwards ones.
abri

 

So should I delete those files in the addins folder? What exactly is that folder anyways?

Thanks

 

Hi srmjdm!

Delete the following out of the addins folder. Leave any others.
smwbk.bak1
smwbk.bak2
smwbk.ini
smwbk.ini2
smwbk.tmp

The addins folder is a normal windows folder. (weak answer, I know, but all I have time for at the moment)

abri

 

i started to delete these but it told me they were system files .. and if i remove them my computer or programs may no longer work correctly.

Should I go ahead and delete them?

and if yes I should delete them.. whats my next steps?

 

Hi srmjdm!
I'm quite sure they are malware, because there's nothing on them in the internet. However, to be careful, please have any two of them scanned at jotti or VirusTotal and let me know the results.

After you upload them for the scan, please rename all of them by adding .zzz to the end of each one. So smwbk1.bak will then be smwbk1.bak.zzz and so forth.

After you get the results back from Jotti / Virus Total and we see if your computer suffers any ill effects by chaning the names, then we will try to delete them again.

abri

 

scanned with both sites.. both sites found in the smwbk.bak1 file under bitdefender possible trojan.vundo.dvs

neither site found anything with the other files


so what now?

 

Hi srmjdem!

Are you able to delete these files after renaming them? If not, make sure the file names in your Windows Explorer addins folder match those in the box below and then do the following:

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run CCleaner at the default setting with the Windows tab as the top one. After you run CCleaner, please attach the avenger log and let me know how this went.

abri

 

abri

I renamed those files with the .zzz , restarted my computer.. then tried to delete them.. they came up again with the message.. they were system files .. and if i remove them my computer or programs may no longer work correctly.

so I am gonna go ahead and run the avenger program
will post logs as soon as it is finished.

thanks
renee

 

ok.. here is the avenger log

Internet explorer is still having the same problem.

whats next?

Thanks again!

 

ok.. here is my new logs

Let me know what I need to do next.. Thanks!

 

The files below are shortcuts to my dialup internet service provider
Code:
C:\Documents and Settings\All Users\Desktop\"
2736331.lnk Oct 22 2003 610 "2736331.lnk"
8739600.lnk Jan 11 2004 610 "8739600.lnk

completed your steps.. logs are attached

internet explorer is still having the same problem.. it wont open.. comes up with the same message.

thanks
Renee

 

Tim,

I dont currently have another browser installed.. I guess I could download one and try it out. I know if I click on a link say thru email or on a website... the browser has no problem opening the new page. Could I possible just need to reinstall?? or update?? Internet Explorer?

No other issues going on other than the computer being slow .. especially at startup.

 

what is sfc/scannow ??

my start page is msn.com

 

ok.. i ran the sfc/scannow using my xp service pack 2 cd.. but apparantly it found no errors as it didnt tell me I needed to insert the disk nor did it show any errors during the checking process. I went ahead and upgraded IE to IE 7. Will try it out for a day or so and see if the error stops coming up after the upgrade.

 

Tim,
sorry didnt see your post before upgrading Internet Explorer.. am running version 7.0.5730.13 now. Have used it for the past 2 days and the error message has not happened at all since upgrading IE.

Should I still go ahead and do the above fixes that you listed in your last post?

 

also.. i ran the start up tool.. how do i find out what these process are and if i can stop them or not??

thanks

 

Thank you Tim for all your help!

Things seem to be running smoothly on this computer now..