Application error on most executables after startup

Posted on 2008-06-20
Last Modified: 2011-11-15
After removing a spyware, on startup I get multiple error messages like:
Application Error: The instruction at "....." referenced memory at "....". The memory could not be "read".
This happens on most executables, including explorer.exe, msconfig.exe, sfc.exe... here is a list of some executables, with the instruction address and the memory address:

verclsid   0x0040a54b   0x000a6000
explorer   0x0040a54b  0x000aa000
sfc   0x0040a54b   0x000a9000
skype   0x0014a54b   0x001b7000
firefox   0x0014a54b   0x001a7000
regedit   0x0040a54b   0x00b9000

Strangely, this does not happen on some executable if they are launched early, but only after some time into the startup: for example: skype starts normally when at startup, but if I close and reopen it, it won't start and give me the error.
Some programs start normally at startup, ZoneAlarm Antivirus is among these.

This happened after I have removed a malware infection:
this morning at startup I had a popup in the lower right corner, telling that my pc was infected and i needed an antispyware. I have ZoneAlarm Antivirus and Firewall installed, but ZoneAlarm's TrueVector service had been disabled by this malicious software, and Spybot would not start either. ZoneAlarm Antivirus' update did not work. This malicious software autonomously downloaded and installed a so-called antispyware named XPSecurityCenter, which is surely spyware itself.
I had some Windows automatic updates left pending, and I installed them: among them there was the Windows Malware Removal Tool.
After rebooting, the popup was gone, and i saw a brief message stating that some malware had been removed (I think the windows removal tool removed this spyware, but I'm not sure). ZoneAlarm started working again.
I rebooted again and this time all those messages started to show up.

At this time, I can't run quite anything on my PC. Can somebody please help me?

Thank you
Question by:francescoba
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1

Author Comment

ID: 21832425
P.S. I noticed that many instruction adresses are the same, this makes me think that there are a few core executables or dlls who cause this problem

Expert Comment

ID: 21832960
Download memtest from and run the tool to test your memory.
LVL 20

Expert Comment

ID: 21833030
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.


Author Comment

ID: 21837221
Thank you for your replies, I'm trying to test your solutions: I have the additional problem that my CD drive is not working, so I'll have to obtain an external CD or floppy drive in order to run memtest86. I'll post the results when i've done it.

Regarding Hijackthis: this morning I tried to run HJTInstall, and it didn't go, giving the same error as the other executables, then after some minuten ZoneAlarm reported a virus (in aspimgr.exe), and put it in quarantine.
After the virus was put in quarantine, all the executables start normally, including Hijackthis, so I run it.
During the scan, Hijackthis gave me an error, that I am attaching to this post together with the log.

Also, I forgot to mention one thing yesterday: after the initial infection I got a windows message stating that some system files had been replaced by different versions, and I should restore them from the windows CD (I could not do this because the cd drive is not working)
LVL 20

Accepted Solution

IndiGenus earned 500 total points
ID: 21837325
Download and Run ComboFix (by sUBs) from one of the links below. You must run it directly from your Desktop.

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log.  

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.

LVL 30

Expert Comment

by:Marc Z
ID: 21846182
While IndiGenus helps you get cleaned up, I might suggest backing up ANY important files, getting them off that machine and getting ready for a system format and reinstall.  Sounds also like you may have some hardware issues as well, if you have lost your CD drive and now your Memory is showing issues.

Author Comment

ID: 21891314
Thank you all for your help, now I got ComboFix and I scanned my PC, and I am posting the log here, with a new Hijackthis log. After the ComboFix scan my PC began to work normally. I also did a scan with Spybot and with ZoneAlarm Antivirus. I have been using it for some days now without problems. As for the backup, I had already done that, thank you. I am going to check the RAM too, as soon as I get a working Cd drive. I always thought that the cd drive problem is due to mechanical damage, since I transport my laptop by car a lot, for work, and sometimes it got some hits. Anyway, how could I check that?

LVL 30

Expert Comment

by:Marc Z
ID: 21891547
"Anyway, how could I check that?"
Do you have a replacement you could test it out with?  Perhaps if you could burn a LiveCD of a Linux distro you could insert that and boot to it and see if it runs.  But what error do you get currently when you insert a disk to it?
LVL 30

Expert Comment

by:Marc Z
ID: 21893884
Do you have ANY idea what these are ?
O4 - Startup: Script.ahk
O4 - Startup: Start.vbs

In Hijack This, fix these.
       F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
       O4 - Global Startup: Snippy.lnk = C:\Programmi\Snippy\Snippy.exe
O9 - Extra button: LookWAYup - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - (file missing)
       O9 - Extra 'Tools' menuitem: LookWAYup - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - (file missing)

Check these and see if you know them. If not Fix in HIJackthis
      O8 - Extra context menu item: LookWAYup -

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
O16 - DPF: {A8680DA2-873A-11D4-928C-0050DAC7E112} (CTI_RECORDER) -
O16 - DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} (wodTelnetDLX Class) -

Author Comment

ID: 21898381
The F2 entry is due to a virus, but it is not present anymore, I think it was removed in the antivirus scans I did after ComboFix. The other entries are all legitimate programs.
The cd drive has mechanical issues: no boot possible (I checked with the bootable memtest86+ iso).
Anyway, since I had no more memory errors after the ComboFix scan, I assume that my RAM is ok and I'll give up the memtest86 scan: the errors were given by the viruses, which were removed by ComboFix.

Thank you all for helping me to solve this problem!

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question