Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

iexplore.exe - Application Error [RESOLVED]


  • This topic is locked This topic is locked

#1
BVags

BVags

    New Member

  • Member
  • Pip
  • 4 posts
first time writer, but long time visitor, so i'll thank you guys in advance for any help you can give. visited some site last week, and now when i click the explorer icon, i get an iexplore.exe - Application Error stating "The application failed to intialize properly (0xc0000005). Click OK to terminate the application."

i ran spybot, ad-aware, trojan hunter, ewido, housecall, cwshredder and hijack, where i deleted 2 links to a /web/related.htm file. ran mostly all of them in safe mode, and erased whatever it found, but still getting the error.

i can say tho, that i do not get the error in safe mode, so something's starting up, i just can't figure out what. i ran hijack in both safe and regular mode, so i've got hijack logs for both, but wasn't sure if pasting both was ok, so just pasting the log in regular mode for now. if you want me to paste the safe mode log let me know, thanks ...
-brian

Logfile of HijackThis v1.99.1
Scan saved at 4:10:49 PM, on 12/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ident Server\Identd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://sbs.firemati...emote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Identd - MO Industries - C:\Program Files\Ident Server\Identd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisement


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

Can you perform next please?

Open notepad and copy and paste next bold in it:

regedit /e look.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM
start notepad look.txt


Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch must look afterwards: Posted Image
Doubleclick look.bat and copy and paste the contents of it in your next reply.
  • 0

#3
BVags

BVags

    New Member

  • Member
  • Pip
  • 4 posts
thanks for the replay.

here is the reponse to double-clicking look.bat ...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM]
"data2"=hex:8d,db,44,87,44,7a,79,08,0a,7e,0d,7a,08,12,0b,7b,7d,0f,12,0b,08,09,\
7e,12,06,7d,0b,0d,12,7a,0b,7c,0c,79,0a,0b,0a,0d,06,0d,7d,42
"data1"=hex:f6,a9,59,85,78,7d,74,74,78,7d,71,6d
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

Go to start > run and copy and paste next line in the field:

regedit /a C:\backupkey.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM

Then open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
This is how the regfix must look afterwards: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and open your Internet Explorer.
Let me know if that solved the problem.
  • 0

#5
BVags

BVags

    New Member

  • Member
  • Pip
  • 4 posts
wow! worked like a gem. appreciate all the help. allowed me to delay re-formatting for a little while longer, hah. any idea what that was? spyware i'm assuming, or just a corrupted registry key? just interested if you got a second. if not, then i'll just again say that i appreciate the help very much ...
-brian
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

No, I don't think malware caused this. Because it seems a common problem nowadays on windows 2000 systems. The forums are full with the same problem now.
A corrupted registry key, yes, that could be the cause.
Can you remember if anything was updating right before this happened?
  • 0

#7
BVags

BVags

    New Member

  • Member
  • Pip
  • 4 posts
wasn't updating, but what happened right before was i got 1 of those javascript pop-up windows asking you to respond to a question, and type something in. and i just kept hitting cancel, cancel, canel. i tried to open explorer after that, and that's when i got that error. i tried to restart, thinking that mite fix things, but nada. so, yah, guess something got corrupted through that javascript prompt ...
-brian
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: iexplore.exe - Application Error [RESOLVED]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured