Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplore.exe - Application Error


  • This topic is locked This topic is locked
4 replies to this topic

#1 Happy Chap

Happy Chap

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 19 January 2006 - 06:55 AM

Hi - hope someone cleverer than me can help with this problem....

(Originally posted in Windows 2000 forum - Wrong place apparently - sorry - hope this is right forum)

First off - If I try to get on the internet from the desktop I get this...

"IEXPLORE.EXE - APPLICATION ERROR
The application failed to initialize properly (0xc0000005)
Click OK to terminate the application."

I've seen that quite a few others have had the same problem and their problems have been solved by a registry fix using...
"HKEY_LOCAL_MACHINE\SYSTEMCurrentControlSet\Services\RPCDKM"

I've tried using the same fix without any luck...

My HijackThis log is as follows...

ogfile of HijackThis v1.99.1
Scan saved at 09:37:47, on 19/01/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\keyhook.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\system32\hpnra.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINNT\system32\internat.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\wuauclt.exe
C:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\system32\keyhook.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lignacite.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{14FBB296-41A2-4E2D-AE4C-11157B18A7C1}: NameServer = 192.1.1.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lignacite.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{14FBB296-41A2-4E2D-AE4C-11157B18A7C1}: NameServer = 192.1.1.250
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lignacite.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\..\{14FBB296-41A2-4E2D-AE4C-11157B18A7C1}: NameServer = 192.1.1.250
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Sophos Anti-Virus Update (SweepUpdate) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE





I've also scanned the registry - with the following results....

4 instances of "RPCDKM" found.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RPCKDM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RPCKDM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM]

[HKEY_USERS\S-1-5-21-515967899-1647877149-1801674531-1132\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RPCKDM"



I've scanned the computer for viruses - and found none.

I've checked the computer for spyware with Ad-Aware - that too says I'm clean.

However, I CAN get on the internet by either of the following methods...
1) Reboot in safe mode with network access and use the normal desktop route.
or
2) Select "My Computer" from the desktop, the access "favourites" from the toolbar and go from there.

I'd be grateful for any advice or help offered.

Thanks

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:15 AM

Posted 19 January 2006 - 12:38 PM

Hello,

Not sure what instructions you followed.. but next instructions musst work:

open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
This is how the regfix must look afterwards: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and open your Internet Explorer.
Let me know if that solved the problem.

Also check and fix next entry in hijackthis:

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

Edited by miekiemoes, 19 January 2006 - 12:39 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Happy Chap

Happy Chap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 20 January 2006 - 03:39 AM

Hi
Thanks for the reply and info...
The instructions you give are precisely the ones I followed (gleaned from someone else's post earlier).
See the registry scan at the end of my original post - So I think this was done OK?
But I have repeated the exercise to make sure I did'nt make a pig's ear of it.
I also deleted the BHO as you suggested and rebooted.
I'm sorry to say that none of them worked. :thumbsup:

If you have any other ideas I'd be very happy to hear them....

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:15 AM

Posted 20 January 2006 - 04:05 AM

Hello,

Please read my instructions very carefully once again.
As I read in you first post, you made a typo on that key.

See the registry scan at the end of my original post - So I think this was done OK?


That key needs to go. So you did something wrong there if the regisry scan still shows it.
Did you use notepad? Did you add regedit4 on top?

Anyway, I uploaded it here for you. Unzip remove.zip and doubleclick remove.reg.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:15 AM

Posted 26 January 2006 - 11:39 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users