Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SysFader: iexplore.exe - Application Error


  • Please log in to reply
11 replies to this topic

#1 Lukin922

Lukin922

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 13 January 2010 - 08:44 PM

Whenever I attempt to use Internet Explorer I get the following error message:

SysFader: iexplore.exe - Application Error

The instruction at "0x7c91b21a" referenced memory at "0x00000010". The memory could not be "written".

Click on OK to terminate the program

When I click OK IE closes. I have reinstalled IE8 without any luck. Does anyone know how to fix this issue so I can use IE again? I've read a few other posts regarding this issue, however I didn't want to do anything that might further cause harm. Any help in regards to this issue would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 44,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:25 AM

Posted 14 January 2010 - 09:34 AM

Others with same/similar problem, http://social.msdn.microsoft.com/Forums/en...f9-b44f16293a82.

Worth a look, IMO: http://beyondteck.blogspot.com/2006/05/how...rexe-error.html.

Louis

#3 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 14 January 2010 - 09:49 PM

I was able to use IE8 by disabling all add-ons. Reading the other forum however, I'm still not sure what caused this issue or is continuing to cause the issue. I've also noticed using Google Chrome does not result in the Sysfader error. I'm happy I can at least use IE, however I still wish I knew what caused the error and how to fix it.

#4 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 20 January 2010 - 09:05 PM

Can anyone help with this issue? I've stopped using IE8 and have been using Google Chrome without any issues. Whenever I try to use IE8 I get the same error message from above. I've run MalWarebytes, SpyBot, and SUPERAntispyware with no luck finding any issues.

I've also now encountered a similar error when using windows explorer.

explorer.exe - Application error

The instruction at "0x7c91b21a" referenced memory at "0x00000010". The memory could not be "written".

Click OK to terminate the program.

#5 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 23 January 2010 - 11:11 PM

Any suggestions? this continues to occur when attempting to use windows explorer. It gives me the error, terminates the program and then the desktop flashes briefly before returning to normal. I think I may be infected with something but so far nothing I've run has uncovered anything.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 44,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:25 AM

Posted 24 January 2010 - 09:58 AM

From what I see...there's a probability of this being a malware situation.

What AV program is installed? Last complete (with updated definitions) scan?

Open IE, go to Tools/Manage Add-ons. List everything detailed there.

Louis

#7 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 24 January 2010 - 10:19 AM

I had been using McAfee, but I think my free trial period ran out. I run Malwarebytes, Spybot, and SuperAntispyware weekly on the computer. I update the definitions for each of those programs each time I run a scan. Attached below are my add-ons. I'll post the logs from my last scans.

Name Adobe PDF Reader
Publisher Adobe Systems, Incorporated
Status Enabled
File date Monday, December 21, 2009, 6:15 PM

Name Adobe PDF Link Helper
Publisher Adobe Systems, Incorporated
Status Disabled
File date Monday, December 21, 2009, 6:27 PM
Version 9.3.0.148
Load time (0.01 s)

Name QuickTime Object
Publisher Apple Inc.
Status Enabled
File date Tuesday, November 10, 2009, 11:35 PM
Version QuickTime 7.6.5 (1327.80)

Name Windows Media Player
Publisher Microsoft Corporation
Status Enabled
File date Monday, July 13, 2009, 10:43 PM
Version 11.0.5721.5268

Name Windows Live Toolbar
Publisher Microsoft Corporation
Status Enabled
File date Friday, February 06, 2009, 5:17 PM
Version 14.0.8064.206
Load time 3.38 s

Name Search Helper
Publisher Microsoft Corporation
Status Enabled
File date Tuesday, May 19, 2009, 10:36 AM
Version 1.3.59.0
Load time 0.48 s

Name Windows Live Sign-in Helper
Publisher Microsoft Corporation
Status Enabled
File date Thursday, January 22, 2009, 2:41 PM
Version 5.0.818.5
Load time 0.00 s

Name Windows Live Toolbar BHO
Publisher Microsoft Corporation
Status Enabled
File date Friday, February 06, 2009, 5:17 PM
Version 14.0.8064.206
Load time 0.01 s

Name Research
Publisher Microsoft Corporation
Status Enabled
File date Friday, March 06, 2009, 3:04 AM
Version 12.0.6423.0

Name Blog This in Windows Live Writer
Publisher Not Available
Status Disabled
Version 1.0.0.0

Name Send to OneNote
Publisher Not Available
Status Disabled
Version 12.0.6413.0

Name Research
Publisher Not Available
Status Disabled

Name Diagnose Connection Problems...
Publisher Not Available
Status Disabled

Name Windows Messenger
Publisher Not Available
Status Disabled

Name Discuss
Publisher Not Available
Status Enabled
Version 6.0.2900.5848


here is my Malwarebytes complete scan from last night:

Malwarebytes' Anti-Malware 1.44
Database version: 3557
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/23/2010 7:36:42 PM
mbam-log-2010-01-23 (19-36-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 207039
Time elapsed: 1 hour(s), 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{8452E574-DB7D-44B4-AE2F-5961FD7FC26D}\RP137\A0031786.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#8 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 24 January 2010 - 10:21 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/23/2010 at 09:00 PM

Application Version : 4.33.1000

Core Rules Database Version : 4511
Trace Rules Database Version: 2323

Scan type : Quick Scan
Total Scan Time : 00:19:53

Memory items scanned : 371
Memory threats detected : 0
Registry items scanned : 395
Registry threats detected : 0
File items scanned : 5949
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Family\Cookies\family@CAQ6G3FQ.txt
C:\Documents and Settings\Family\Cookies\family@revsci[6].txt
C:\Documents and Settings\Family\Cookies\family@bs.serving-sys[7].txt
C:\Documents and Settings\Family\Cookies\family@atwola[2].txt
C:\Documents and Settings\Family\Cookies\family@at.atwola[6].txt
C:\Documents and Settings\Family\Cookies\family@tacoda[5].txt
C:\Documents and Settings\Family\Cookies\family@interclick[7].txt

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 44,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:25 AM

Posted 24 January 2010 - 11:09 AM

Sooo...are you saying that you don't have a reliable, updated AV program installed?

None of the applications you listed is a bona fide AV program...other than the Symantec product.

There are a number of free AV programs which are (IMO) at least as effective as NAV or NIS.

http://www.techsupportalert.com/best-free-...us-software.htm

Louis

#10 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 24 January 2010 - 12:06 PM

I guess what I'm saying is recently I no longer have a reliable, updated AV program installed. I'll install one of the programs listed from your link, thank you. My question now is, if I am infected how do I become uninfected?

#11 hamluis

hamluis

    Moderator


  • Moderator
  • 44,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:25 AM

Posted 24 January 2010 - 01:21 PM

A start, Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/.

Louis

#12 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 24 January 2010 - 04:58 PM

I'm now running Avira AntiVir which uncovered ADSPY/GameVance.A.1544



Avira AntiVir Personal
Report file date: Sunday, January 24, 2010 11:12

Scanning for 1637072 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YELLOW-5

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 17:10:33
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:10:41
VBASE003.VDF : 7.10.3.2 2048 Bytes 1/20/2010 17:10:41
VBASE004.VDF : 7.10.3.3 2048 Bytes 1/20/2010 17:10:42
VBASE005.VDF : 7.10.3.4 2048 Bytes 1/20/2010 17:10:42
VBASE006.VDF : 7.10.3.5 2048 Bytes 1/20/2010 17:10:42
VBASE007.VDF : 7.10.3.6 2048 Bytes 1/20/2010 17:10:42
VBASE008.VDF : 7.10.3.7 2048 Bytes 1/20/2010 17:10:42
VBASE009.VDF : 7.10.3.8 2048 Bytes 1/20/2010 17:10:42
VBASE010.VDF : 7.10.3.9 2048 Bytes 1/20/2010 17:10:42
VBASE011.VDF : 7.10.3.10 2048 Bytes 1/20/2010 17:10:43
VBASE012.VDF : 7.10.3.11 2048 Bytes 1/20/2010 17:10:43
VBASE013.VDF : 7.10.3.12 2048 Bytes 1/20/2010 17:10:43
VBASE014.VDF : 7.10.3.45 173568 Bytes 1/22/2010 17:10:44
VBASE015.VDF : 7.10.3.46 2048 Bytes 1/22/2010 17:10:44
VBASE016.VDF : 7.10.3.47 2048 Bytes 1/22/2010 17:10:44
VBASE017.VDF : 7.10.3.48 2048 Bytes 1/22/2010 17:10:44
VBASE018.VDF : 7.10.3.49 2048 Bytes 1/22/2010 17:10:44
VBASE019.VDF : 7.10.3.50 2048 Bytes 1/22/2010 17:10:44
VBASE020.VDF : 7.10.3.51 2048 Bytes 1/22/2010 17:10:45
VBASE021.VDF : 7.10.3.52 2048 Bytes 1/22/2010 17:10:45
VBASE022.VDF : 7.10.3.53 2048 Bytes 1/22/2010 17:10:45
VBASE023.VDF : 7.10.3.54 2048 Bytes 1/22/2010 17:10:45
VBASE024.VDF : 7.10.3.55 2048 Bytes 1/22/2010 17:10:45
VBASE025.VDF : 7.10.3.56 2048 Bytes 1/22/2010 17:10:45
VBASE026.VDF : 7.10.3.57 2048 Bytes 1/22/2010 17:10:45
VBASE027.VDF : 7.10.3.58 2048 Bytes 1/22/2010 17:10:46
VBASE028.VDF : 7.10.3.59 2048 Bytes 1/22/2010 17:10:46
VBASE029.VDF : 7.10.3.60 2048 Bytes 1/22/2010 17:10:46
VBASE030.VDF : 7.10.3.61 2048 Bytes 1/22/2010 17:10:46
VBASE031.VDF : 7.10.3.63 77824 Bytes 1/24/2010 17:10:46
Engineversion : 8.2.1.150
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/24/2010 17:10:55
AESCRIPT.DLL : 8.1.3.12 823675 Bytes 1/24/2010 17:10:54
AESCN.DLL : 8.1.3.1 127348 Bytes 1/24/2010 17:10:53
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 1/24/2010 17:10:53
AEPACK.DLL : 8.2.0.5 422262 Bytes 1/24/2010 17:10:52
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 1/24/2010 17:10:51
AEHELP.DLL : 8.1.10.0 237942 Bytes 1/24/2010 17:10:48
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/24/2010 17:10:47
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
AECORE.DLL : 8.1.9.5 184693 Bytes 1/24/2010 17:10:47
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: Sunday, January 24, 2010 11:12

Starting search for hidden objects.
'43249' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'winamp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'RIMAutoUpdate.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SSScheduler.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{8452E574-DB7D-44B4-AE2F-5961FD7FC26D}\RP90\A0027365.exe
[DETECTION] Contains recognition pattern of the ADSPY/GameVance.A.1544 adware or spyware
Begin scan in 'D:\'

Beginning disinfection:
C:\System Volume Information\_restore{8452E574-DB7D-44B4-AE2F-5961FD7FC26D}\RP90\A0027365.exe
[DETECTION] Contains recognition pattern of the ADSPY/GameVance.A.1544 adware or spyware
[NOTE] The file was moved to '4b8ca3e8.qua'!


End of the scan: Sunday, January 24, 2010 13:47
Used time: 57:03 Minute(s)

The scan has been done completely.

10248 Scanned directories
298367 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
298365 Files not concerned
6158 Archives were scanned
1 Warnings
2 Notes
43249 Objects were scanned with rootkit scan
0 Hidden objects were found




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users