Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Iexplore.exeis the antichrist, along with what I can only guess is a veritable who's who of other Malwares

  • This topic is locked This topic is locked
2 replies to this topic

#1 Luddite310


  • Members
  • 2 posts
  • Local time:08:05 AM

Posted 11 May 2009 - 03:08 AM

Greetings! I just wand to preface this with a sincere thank you for even taking the time to so much as looking at this post. I am a starving writer who literally can't afford to spend the 20 dollars on the registry cleaners and such programs that are offered. I can only assume that my computer is in really poor shape by this point, as it was the community laptop for a house full of savages for about a year before I moved and it came with me. I have been running Malwarebytes, Avast and Ace Utilities trying to help, but Iexplore.exe is the most invasive and sinister piece of binary sadism I have ever had come across my task manager. I think in my blind efforts to fix it I may have made the situation worse, because now I have a new error message popping up whenever the computer turns on. It says "The exception unknown software exception (0xc00000fd) occurred in the application at location 0x77517ce2 (although that second code varies). Whenever I click ok it goes into the auto-shutdown mode, which I can kill but it doesn't really help as the system is so unstable that it all goes to hell within 5 minutes anyways. If I could get rid of these two things I would be the single most grateful human being on Earth! I am going to post the logs as per the forum instructions, and cross my fingers. Thanks again help! If anyone needs anything literary based in return it would be my pleasure to return the favor in an area I suck slightly less at than computing!


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Molly at 0:33:12.57 on Mon 05/11/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO:  - No File
BHO: {9178f1d8-03fe-48a4-9e1f-629ee781521a} - c:\windows\system32\nnnkkIYr.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: WinTouch Bar: {b28bb341-2c37-4711-bf95-9ddb4ce55f4a} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} -

DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} -

DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://aolsvc.aol.com/onlinegames/trytrijinx/TriJinx.
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B12213CD-4189-415D-A054-7999528459F7} -

DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} -

DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sweetopia/Sweetopia.
Notify: c00E4138 - c00E4138.mat
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: opnkijKC - opnkijKC.dll
Notify: zgsrgd - zgsrgd32.dll
AppInit_DLLs: karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnkkIYr

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-05-11 00:21 <DIR> --d----- c:\program files\Trend Micro
2009-05-10 23:15 <DIR> --d----- c:\documents and settings\molly\.housecall6.6
2009-05-10 20:03 <DIR> --d----- c:\program files\Ace Utilities
2009-05-10 20:02 <DIR> --d----- c:\program files\Acelogix
2009-05-10 18:53 40 a------- c:\windows\system32\msnav32.ax
2009-05-10 18:10 <DIR> --d----- c:\docume~1\molly\applic~1\Malwarebytes
2009-05-10 18:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-10 17:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-10 17:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 16:45 <DIR> --d----- c:\windows\system32\MpEngineStore
2009-05-10 15:51 <DIR> --d----- C:\c1c6c72c8512dd1e476d
2009-05-06 13:54 <DIR> --d----- c:\program files\DoylesRoom
2009-05-03 19:12 120,832 a------- c:\windows\system32\egvcjigu.dll
2009-04-24 01:02 33,792 a------- c:\program files\common files\kgmo.dll

==================== Find3M ====================

2009-05-10 16:24 2,417 a--sh--- c:\windows\system32\rYIkknnn.ini2
2009-05-10 13:20 33,792 a------- c:\program files\common files\kgmo1.tmp
2009-04-07 01:13 14,336 a------- c:\windows\system32\svchost.exe
2009-04-07 01:13 36,576 a------- c:\windows\system32\drivers\ndisuio.sys
2009-04-07 01:13 19,904 a------- c:\windows\system32\drivers\ifre300.sys
2009-04-02 23:50 21,664 a------- c:\windows\system32\drivers\lif9330.sys
2009-03-03 21:55 129,024 a------- c:\windows\system32\bcugtqge.dll
2009-02-28 18:57 536,646 a------- c:\windows\system32\lcntttdi.exe
2009-02-28 18:55 129,024 a------- c:\windows\system32\qlgaavqm.dll
2008-07-30 17:33 2,354 a------- c:\docume~1\molly\applic~1\SAS7_000.DAT
2008-05-07 15:27 13,824 -------- c:\docume~1\molly\applic~1\qhewt.exe
2006-11-05 19:38 32 ac---r-- c:\documents and settings\all users\hash.dat
2008-09-03 03:50 841,092 a--sh--- c:\windows\system32\lTtsDcdd.ini2
2005-12-09 15:47 447,369 a--sh--- c:\windows\system32\yycdd.bak1
2005-12-08 15:47 444,847 a--sh--- c:\windows\system32\yycdd.bak2
2005-12-09 18:02 447,420 a--sh--- c:\windows\system32\yycdd.ini2
2008-10-01 17:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

2008-11-13 21:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

2008-11-20 06:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

2008-11-20 06:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

2008-11-21 07:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local


============= FINISH: 0:34:13.21 ===============

Attached Files

BC AdBot (Login to Remove)


#2 SifuMike


    malware expert

  • Staff Emeritus
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:05 AM

Posted 13 May 2009 - 04:32 PM

Hello Luddite310,

Welcome to the BleepingComputer Forums.

Have you been playing with Registry Cleaners? :thumbup2: Because I know Registry Cleaners can break Windows. :)

The following is referring to Ace Utilities and RegCure .
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


Download Lop S&D
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

You can enable them after the scan.

You can find a detailed instructions with visuals here

Double-click Lop S&D.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


Post the last Malwarebytes log so I can see what it is finding.

Edited by SifuMike, 13 May 2009 - 04:38 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike


    malware expert

  • Staff Emeritus
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:05 AM

Posted 22 May 2009 - 05:37 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users