corrupt IEDLL.EXE file

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tdt7680

Thread Starter
Joined
Sep 13, 2003
Messages
1
EVERY TIME I TURN ON MY COMPUTER IT SAYS THAT I HAVE A CORRUPT IEDLL.EXE FILE AND NEED TO REINSTALL. HOW DO I DO THIS?
 
Joined
Feb 23, 2003
Messages
16,274
What operating system are you referring to here ? As well are you able to boot into windows ?
 
Joined
Jul 24, 2003
Messages
420
Hi tdt7680 ,

You have a Browser Hijacker onboard , Please do the following ,

Download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems.

Shutdown & Reboot your computer


Download SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

Download Hijack This version 1.97 www.tomcoyote.org/hjt/ Press the scan button , the scan button becomes save log button , (Do not fix anything yet) save the log in the same folder Hijack This resides in , copy and paste the log to the forum.

Good luck
 
Joined
Sep 18, 2003
Messages
2
Hi Everyone,

I have the same message on initailising my pc ( windows 98 / office 200 ) - after studying your thread have downloaded as per BlueSpruce's advice spybot, spyware & hijack this - have carried out all actions as advised but now have come to a point where I need some help. I am non technical so really appreciate BlueSpruces very clear and easy to follows instructions:

please can some one help me go to the next step, I do not know what files I should fix and 'hijack this' advises that I ask the experts before doing anything else.

thank you for your time and advice in advance

Giles1


logifle of hijack this as follows:

Logfile of HijackThis v1.97.2
Scan saved at 4:02:39 PM, on 9/18/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAM FILES\DANTZ\CLIENT\RETROCLIENT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\APOINT\APOINT.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\WANADOO\CNXMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\HPJETDSC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\APOINT\APWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
C:\PROGRAM FILES\WANADOO\WATCH.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo, Internet avec France Télécom
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\WINDOWS\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [Retrospect Client] C:\Program Files\Dantz\Client\Retroclient.exe
O4 - HKLM\..\RunServices: [rtvscn95] c:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] c:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Wanadoo (HKCU)
O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d196.cab
O16 - DPF: {7A96FF35-4937-11D1-8F2C-00609779BDA3} (Scol Class) - http://www.cryonetworks.com/files/atlscol.dll
O16 - DPF: SMapplet - https://www.nwolb.co.uk/nwol/rbs_html/classes/SMapplet.cab
O16 - DPF: {024527A4-86C9-4E9C-A034-FCA9030D9CC7} (Æ®À«³Ý ÀÚµ¿´Ù¿î·Îµå) - http://www.twimnet.com/test/TwimNet.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37882.1472222222
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install2.0/Installer.exe
O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://fr4-download.nocreditcard.net/download/Object/DialerHTML/DHTMLAccess1043.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
 
Joined
Jul 24, 2003
Messages
420
Hi giles1 , welcome to TSG

Close all browser windows , Scan Hijack This , put a check in the following entries and hit 'Fix Checked' ,

O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe

O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE

O16 - DPF: {024527A4-86C9-4E9C-A034-FCA9030D9CC7} (Æ®À«³Ý ÀÚµ¿´Ù¿î·Îµå) - http://www.twimnet.com/test/TwimNet.cab

O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://fr4-download.nocreditcard.ne...LAccess1043.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe

Shutdown & Reboot your computer in Safe Mode , Tap the F8 key on Reboot.

Delete the following

C:\WINDOWS\iedll.exe > File
C:\WINDOWS\LOADER.EXE > File

Shutdown & Normal Reboot

The following link can assist you in optimizing your start-up applications www.pacs-portal.co.uk/startup_pages/startup_full.htm


Good luck
 
Joined
Sep 18, 2003
Messages
2
Dear BlueSpruce,

Many thanks yr reply which actioned accordingly. When re-booting , I tapped the F8 button however my pc did not reboot in safe mode, I then carried on with deleting last 2 files as you instructed, iedll,exe - no problem however my PC could not find loader.exe on file search. I guess that means that somehow I have managed to delete it ? or it was not there in the first place?

anyway when rebooting my PC again, the error messages have now disappeared so reckon that have solved the problem - is there anything else I should do now ??

In the meantime thanks very much indeed for all your help and assistance.

Giles1
 
Joined
Jul 24, 2003
Messages
420
giles1 ,

The following link will be of more assistance with starting your computer in Safe Mode http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Regarding the missing loader.exe file , merijn author of Hijack This has developed a program , CWShredder dedicated to detecting and removing all currently known variants of CoolWebSearch , give CWShredder a run , if loader.exe is still on your system IT'S TOAST! www.spywareinfo.com/~merijn/files/cwshredder.zip

Glad to have been of assistance

Good luck
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top