1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

corrupt IEDLL.EXE file

Discussion in 'All Other Software' started by tdt7680, Sep 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. tdt7680

    tdt7680 Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    1
    EVERY TIME I TURN ON MY COMPUTER IT SAYS THAT I HAVE A CORRUPT IEDLL.EXE FILE AND NEED TO REINSTALL. HOW DO I DO THIS?
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    What operating system are you referring to here ? As well are you able to boot into windows ?
     
  3. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Hi tdt7680 ,

    You have a Browser Hijacker onboard , Please do the following ,

    Download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems.

    Shutdown & Reboot your computer


    Download SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

    Download Hijack This version 1.97 www.tomcoyote.org/hjt/ Press the scan button , the scan button becomes save log button , (Do not fix anything yet) save the log in the same folder Hijack This resides in , copy and paste the log to the forum.

    Good luck
     
  4. giles1

    giles1

    Joined:
    Sep 18, 2003
    Messages:
    2
    Hi Everyone,

    I have the same message on initailising my pc ( windows 98 / office 200 ) - after studying your thread have downloaded as per BlueSpruce's advice spybot, spyware & hijack this - have carried out all actions as advised but now have come to a point where I need some help. I am non technical so really appreciate BlueSpruces very clear and easy to follows instructions:

    please can some one help me go to the next step, I do not know what files I should fix and 'hijack this' advises that I ask the experts before doing anything else.

    thank you for your time and advice in advance

    Giles1


    logifle of hijack this as follows:

    Logfile of HijackThis v1.97.2
    Scan saved at 4:02:39 PM, on 9/18/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
    C:\PROGRAM FILES\DANTZ\CLIENT\RETROCLIENT.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\WINDOWS\APOINT\APOINT.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
    C:\PROGRAM FILES\WANADOO\CNXMON.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\HPJETDSC.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\WINDOWS\APOINT\APWHEEL.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
    C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
    C:\PROGRAM FILES\WANADOO\WATCH.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo, Internet avec France Télécom
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [AlpsPoint] C:\WINDOWS\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIPOLAB] ati2plxx.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
    O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\NORTON~1\vptray.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
    O4 - HKLM\..\RunServices: [Retrospect Client] C:\Program Files\Dantz\Client\Retroclient.exe
    O4 - HKLM\..\RunServices: [rtvscn95] c:\PROGRA~1\NORTON~1\rtvscn95.exe
    O4 - HKLM\..\RunServices: [defwatch] c:\PROGRA~1\NORTON~1\defwatch.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
    O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Wanadoo (HKCU)
    O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d196.cab
    O16 - DPF: {7A96FF35-4937-11D1-8F2C-00609779BDA3} (Scol Class) - http://www.cryonetworks.com/files/atlscol.dll
    O16 - DPF: SMapplet - https://www.nwolb.co.uk/nwol/rbs_html/classes/SMapplet.cab
    O16 - DPF: {024527A4-86C9-4E9C-A034-FCA9030D9CC7} (Æ®À«³Ý ÀÚµ¿´Ù¿î·Îµå) - http://www.twimnet.com/test/TwimNet.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37882.1472222222
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install2.0/Installer.exe
    O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://fr4-download.nocreditcard.net/download/Object/DialerHTML/DHTMLAccess1043.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
     
  5. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Hi giles1 , welcome to TSG

    Close all browser windows , Scan Hijack This , put a check in the following entries and hit 'Fix Checked' ,

    O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe

    O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE

    O16 - DPF: {024527A4-86C9-4E9C-A034-FCA9030D9CC7} (Æ®À«³Ý ÀÚµ¿´Ù¿î·Îµå) - http://www.twimnet.com/test/TwimNet.cab

    O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://fr4-download.nocreditcard.ne...LAccess1043.cab

    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

    O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe

    Shutdown & Reboot your computer in Safe Mode , Tap the F8 key on Reboot.

    Delete the following

    C:\WINDOWS\iedll.exe > File
    C:\WINDOWS\LOADER.EXE > File

    Shutdown & Normal Reboot

    The following link can assist you in optimizing your start-up applications www.pacs-portal.co.uk/startup_pages/startup_full.htm


    Good luck
     
  6. giles1

    giles1

    Joined:
    Sep 18, 2003
    Messages:
    2
    Dear BlueSpruce,

    Many thanks yr reply which actioned accordingly. When re-booting , I tapped the F8 button however my pc did not reboot in safe mode, I then carried on with deleting last 2 files as you instructed, iedll,exe - no problem however my PC could not find loader.exe on file search. I guess that means that somehow I have managed to delete it ? or it was not there in the first place?

    anyway when rebooting my PC again, the error messages have now disappeared so reckon that have solved the problem - is there anything else I should do now ??

    In the meantime thanks very much indeed for all your help and assistance.

    Giles1
     
  7. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    giles1 ,

    The following link will be of more assistance with starting your computer in Safe Mode http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    Regarding the missing loader.exe file , merijn author of Hijack This has developed a program , CWShredder dedicated to detecting and removing all currently known variants of CoolWebSearch , give CWShredder a run , if loader.exe is still on your system IT'S TOAST! www.spywareinfo.com/~merijn/files/cwshredder.zip

    Glad to have been of assistance

    Good luck
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - corrupt IEDLL file
  1. mouse92
    Replies:
    5
    Views:
    235
  2. Joeleis1
    Replies:
    47
    Views:
    1,727
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165081

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice