Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Program Crashes and Errors


  • This topic is locked This topic is locked
5 replies to this topic

#1 Lukin922

Lukin922

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 January 2010 - 10:39 PM

I have had several recent problems that seem to only get worse, but have been unable to identify the cause. I've used this site in the past with some other computer problems and was hoping to get some additional help with this issue. I realize I should probably not post these issues all in one post, however I'm unsure if these are separate issues or the result of the same problem. All of these problems began recently.

I've run SpyBot, Malwarebytes, SUPERAntiSpyware, Windows Malicious Software Removal Tool, with minimal to no hits.

1. I'm running Windows XP Professional. My problems originally started with IE8 crashing. I would get the following error:

SysFader: iexplore.exe - Application Error

The instruction at "0x7c91b21a" referenced memory at "0x00000010". The memory could not be "written".

Click on OK to terminate the program

I am able to use Google Chrome and if I disable the add-ons I can use IE8 for most websites. This issue appeared to occur shortly after I installed Windows Service Pack 3. I also vaguely remember either a Java or Adobe Flash install at the same time. I continue to have errors with IE8 if I use the add-ons.

2. Since that time, whenever I use windows explorer (My Computer) after clicking on the folders or attempting to open any files I get the following error:

explorer.exe - Application Error

The instruction at "0x7c91b21a" referenced memory at "0x00000010" . The memory could not be "written". Click OK to terminate the program.

After clicking OK, the desktop goes blank for a second and then the desktop loads, often with the task bar applications in a different order.

3. At start-up I also started getting the following error:

The type initializer for "System.Drawing.SafeNativeMethods" threw an exception.

I posted this error: http://www.bleepingcomputer.com/forums/ind...=288875&hl=
and was able to fix this error by shutting off "HP Image Zone Fast Start.lnk" at startup.

4. I'm also unable to use iTunes. I get

iTunes not installed correctly. Reinstall iTunes. Error 7.

After some research online I believe the issue with iTunes is that Quicktime is not working currently. I've uninstalled and reinstalled iTunes 9 without any luck.

5. When I click on the QuickTime application I get the following message:

QuickTime Player has encountered a problem and needs to close. We are sorry for the inconvenience.

This happens each time I attempt to run the application. I have uninstalled and reinstalled QuickTime and the same issue.

6. WinAmp is now crashing when I attempt to add files to the playlist. The event viewer error is:

Faulting application winamp.exe, version 5.5.7.2830, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

7. I've noticed several other errors in the event viewer related to the problems listed above.

I'm hoping to not have to reinstall the operating system, but if the problems continue to persist I may have no choice. Any help on any of the above issues would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 29 January 2010 - 05:27 PM

Here is the


DDS (Ver_09-12-01.01) - NTFSx86
Run by Family at 16:09:41.44 on Fri 01/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1199 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Winkflash\Transporter\WinkflashTransporter.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Family\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254536144000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254536137422
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-24 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-24 56816]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-3 54752]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S0 slwnvrpw;slwnvrpw;c:\windows\system32\drivers\hykeirw.sys --> c:\windows\system32\drivers\hykeirw.sys [?]
S2 gupdate1ca6fdbde1c57a8;Google Update Service (gupdate1ca6fdbde1c57a8);c:\program files\google\update\GoogleUpdate.exe [2009-11-27 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-3 174592]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-9-29 41984]

=============== Created Last 30 ================

2010-01-28 02:03:03 0 d-----w- c:\program files\ThreatExpert Memory Scanner
2010-01-27 12:28:36 0 d-----w- c:\program files\Winkflash
2010-01-26 04:04:40 0 d-----w- c:\docume~1\family\applic~1\Uniblue
2010-01-26 04:04:40 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2010-01-24 17:07:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-24 17:07:48 0 d-----w- c:\program files\Avira
2010-01-24 17:07:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-24 03:54:26 0 d-----w- c:\program files\Bonjour
2010-01-24 03:44:16 0 d-----w- c:\windows\SxsCaPendDel
2010-01-24 03:21:38 0 d-----w- c:\program files\Windows Installer Clean Up
2010-01-24 03:21:19 0 d-----w- c:\program files\MSECACHE
2010-01-24 02:05:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2010-01-24 02:05:15 0 d-----w- c:\program files\Research In Motion
2010-01-21 23:14:30 0 d-sh--w- C:\found.002
2010-01-21 02:26:20 10 ----a-w- c:\windows\WININIT.INI
2010-01-21 00:20:50 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-21 00:20:50 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-21 00:20:39 0 d-----w- c:\windows\Logs
2010-01-21 00:20:37 0 d-----w- c:\program files\Winamp Detect
2010-01-21 00:20:36 0 d-----w- c:\program files\Winamp Toolbar
2010-01-21 00:20:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Winamp Toolbar
2010-01-19 22:51:07 256 ----a-w- c:\windows\system32\pool.bin
2010-01-19 22:51:05 0 d-----w- c:\docume~1\family\applic~1\Research In Motion
2010-01-19 22:50:36 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-01-19 22:49:49 0 d-----w- c:\program files\common files\Research In Motion
2010-01-19 01:45:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-19 01:44:59 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-19 01:44:59 0 d-----w- c:\docume~1\family\applic~1\SUPERAntiSpyware.com
2010-01-19 01:39:25 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-16 06:21:00 7365 ----a-w- C:\fraglist.luar
2010-01-14 02:02:51 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-01-14 01:33:34 0 dc-h--w- c:\windows\ie8
2010-01-13 03:56:46 0 d-sh--w- C:\found.001
2010-01-06 20:22:08 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-06 20:22:07 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-05 01:43:11 0 d-sh--w- C:\found.000
2010-01-05 01:33:19 0 d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 16:10:19.86 ===============

Edited by Orange Blossom, 13 May 2010 - 11:14 PM.
Move to log forum from AII. ~ OB


#3 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 29 January 2010 - 05:31 PM

How do I attach a file? The Attachments section does not show up at the bottom of the post. I'm trying to add the attach.txt and ark.txt files.

Edited by Lukin922, 29 January 2010 - 05:33 PM.


#4 Lukin922

Lukin922
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 30 January 2010 - 02:38 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/29 16:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1120000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA636000 Size: 8192 File Visible: No Signed: -
Status: -

Name: kteproc.sys
Image Path: C:\WINDOWS\System32\kteproc.sys
Address: 0xBA5B4000 Size: 4608 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE680000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\_restore{8452E574-DB7D-44B4-AE2F-5961FD7FC26D}\RP143\change.log.3
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\family\local settings\temp\etilqs_d1qabsiutait8cmun6x6
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\family\local settings\temp\etilqs_dxnycrkghgbeebmozojw
Status: Allocation size mismatch (API: 32768, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xba71d576

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba71d56c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xba71d57b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xba71d585

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xba71d58a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba71d558

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba71d55d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xba71d594

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xba71d58f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xba71d580

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb12e60b0

==EOF==

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 14 May 2010 - 05:48 PM

Hi...this was just moved to this forum or the replies may have reset since it just appeared in the Open Logs list. Do you still need help? You are infected.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 19 May 2010 - 06:10 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users