Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Sysfader: Iexplore.exe application error (0xc0000417) occurred in the application at location 0x003da4d1

Posted on 2010-01-03
6
Medium Priority
?
5,711 Views
Last Modified: 2013-12-08
I'm having real trouble finding a solution to this problem. I've scanned the web for any solution available without any luck.

I can reproduce this error at any time by navigating IE to Sun's Java Test/Verification page at http://www.java.com/en/download/help/testvm.xml when logged on as a user without admin privileges on a windows 2003 R2 Terminal Server. If I add the user to Domain Admins and relogin with it, everything works okay.

I've tried every other solution available, been searching for several days without getting rid of this.

Attached underneath is a HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:18:01, on 03.01.2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Documents and Settings\goj\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IBMIASRW.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pndcsvc.exe
C:\WINDOWS\system32\pndmsvc.exe
C:\WINDOWS\system32\pnMaxItSvc.exe
C:\WINDOWS\system32\PNMMRSVC.exe
C:\WINDOWS\system32\pnmpts.exe
C:\WINDOWS\system32\pnregsvc.exe
C:\WINDOWS\system32\pntzsvc.exe
C:\WINDOWS\system32\pnupsvc.exe
C:\WINDOWS\system32\pntermhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.4.55.250:3128
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-66663234-2941838256-1045617787-1162\..\Run: []  (User 'klabri')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\goj\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231577456375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231577510468
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://business.fokus.no/html/activex/e-Safekey/FOK/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asp.it.no
O17 - HKLM\Software\..\Telephony: DomainName = asp.it.no
O17 - HKLM\System\CCS\Services\Tcpip\..\{BED5D480-6C21-400F-98EC-36FD99EB06C1}: NameServer = 212.4.55.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9654EBB-028E-4780-8B76-6A6639E91E81}: NameServer = 212.4.55.54
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = asp.it.no
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = asp.it.no
O20 - AppInit_DLLs: pngdi32.dll pndmapi.dll pndmterm.dll pnfwhook.dll pntzapi.dll pndmredirc.dll pnviphk.dll pnuphk.dll PNFMMRHook.dll
O20 - Winlogon Notify: PNFMMR - pnfmmrwnp.dll (file missing)
O20 - Winlogon Notify: PNMIC - PNMICWNP.dll (file missing)
O20 - Winlogon Notify: pnmp - pnmpnp.dll (file missing)
O20 - Winlogon Notify: PNTS - pntshook.dll (file missing)
O20 - Winlogon Notify: PNUP - pnupwnp.dll (file missing)
O20 - Winlogon Notify: PNUSBWNP - PNUSBWNP.dll (file missing)
O20 - Winlogon Notify: PNVIPWNP - PNVIPWNP.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM Automatic Server Restart Service for IPMI (ibmiasrw) - IBM Corporation - C:\WINDOWS\system32\IBMIASRW.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Quest Data Collector (pndcsvc) - Quest Software - C:\WINDOWS\system32\pndcsvc.exe
O23 - Service: Quest Database Manager (pndmsvc) - Quest Software - C:\WINDOWS\system32\pndmsvc.exe
O23 - Service: Quest Max-IT VM Analysis Service (pnmaxitsvc) - Quest Software - C:\WINDOWS\system32\pnMaxItSvc.exe
O23 - Service: Quest Multimedia Redirection Service (pnmmrsvc) - Quest Software - C:\WINDOWS\system32\PNMMRSVC.exe
O23 - Service: Quest MetaProfiles Agent (pnmpts) - Quest Software - C:\WINDOWS\system32\pnmpts.exe
O23 - Service: Quest Registry Service (pnregsvc) - Quest Software - C:\WINDOWS\system32\pnregsvc.exe
O23 - Service: Quest Time Zones (pntzsvc) - Quest Software - C:\WINDOWS\system32\pntzsvc.exe
O23 - Service: Quest Universal Printer (pnupsvc) - Quest Software - C:\WINDOWS\system32\pnupsvc.exe
O23 - Service: Quest Terminal Services Helper Service - Quest Software - C:\WINDOWS\system32\pntermhlp.exe


----

As far as I can see, there is neither any viruses or spyware/malware on the server. I think this happened after the last windows update, but I am unsure which update caused it.

I've tried downgrading to IE6 and IE7 without any help. I've scanned the computer for malware/spyware, I've disabled all transition effects both on computer level and IE level. Current Java version is 1.6_17, I tried downgrading to 1.6_15 without any improvement as well.

Any help and/or solution would be appreciated.

BR

Geir-Otto Jakobsen
0
Comment
Question by:beester
  • 4
  • 2
6 Comments
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 26172160
Hello this sounds like a rights issue?  Why would you think it is a potential browser hijack.  Can regualr TS users load the JVM in IE?  What version of IE is in play?
0
 
LVL 7

Author Comment

by:beester
ID: 26172601
Sounds like a rights issue, yes, but what rights? NTFS security on all java directories are set to full access for domain users.

The regular users have been running java applets on that server for a year now without any problems at all. Right now it's IE8, but I've also tried downgrading to IE6 and IE7.
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 26173233
There is more too it than just the Java install directories.  Regular users do not have the rights to some of the registry keys you have listed in the report above.  Add the web-site to the Trusted Sites zone in IE, and see if that works out better.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 7

Author Comment

by:beester
ID: 26173455
I've added *.sun.com and *.java.com in trusted sites, and reset permissions for trusted sites to the lowest possible, still no luck. Which registry keys are you thinking about?
0
 
LVL 7

Author Comment

by:beester
ID: 26278572
Noone else have any tips here?

At the moment I have to give the users local administrative rights on the terminal server to workaround this problem, and it's really not an option in the long term...
0
 
LVL 7

Accepted Solution

by:
beester earned 0 total points
ID: 26502306
No solutions offered here.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question