The instruction at Ox7c91b1fa referenced memory at 0x00000010. The memory could not be written.?
This happens as Windows XP is booting up and then I click ok and it removes the screen but not the problem.
Happens everytime.
DaniWeb4Jim 47 Junior Poster
sparkax 3 Posting Whiz in Training
It is probably an application error. Try and find out which start up application is causing the error and uninstall.
magic_mikey 0 Light Poster
It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.
DaniWeb4Jim 47 Junior Poster
It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.
Thanks I was thinking, that I will try it.
DaniWeb4Jim 47 Junior Poster
Thanks I was thinking, that I will try it.
I talked to another techie friend and he suggested to remove 2 of the 4 memory sticks at a time and then see which one caused the problem. He must be thinking like you. Thanks for the info, I was thinking about it too.
Thanks,
Jim
DaniWeb4Jim 47 Junior Poster
Thanks I was thinking, that I will try it.
I tried the startup in msconfig and nothing different I still have the message. I am going to do a memory test. I will let you know.
gerbil 216 Industrious Poster
Jim, it is not a memory problem, it is a problem with a program trying to access reserved memory. In other words, it is caused by some sloppy software, and sloppy software is occasionally found in malware. So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
...an then:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
DaniWeb4Jim 47 Junior Poster
HERE IS THE LOG.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:48 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend HiJackThis\HiJackThis.2.0.0.2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221429925828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221799765640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11443 bytes
gerbil 216 Industrious Poster
And present the log from this task, please...?
So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
DaniWeb4Jim 47 Junior Poster
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3
9/29/2008 2:53:33 AM
MalwareBytesLog-mbam-log-2008-09-29 (02-52-57).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 303216
Time elapsed: 6 hour(s), 2 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 13
Folders Infected: 9
Files Infected: 146
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-1582543-23807) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Program Files\Spyware Remover (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover (Rogue.SpywareRemove) -> No action taken.
Files Infected:
C:\Documents and Settings\JIM\Desktop\MSOFFICE 2007\ke_and_pa_by_kissme1\ke and pa AutoPlay\Docs\keygen.exe (Backdoor.Bot) -> No action taken.
C:\Downloads\MISC Downloads\noadware.exe (Rogue.Installer) -> No action taken.
D:\My Documents\ToolBox\Utilities\Registry Tools\MiscRegTools\ErrorNukerInstaller.exe (Rogue.Installer) -> No action taken.
D:\My Documents\ToolBox\Utilities\Windows Utils\WIN XP\Windows.Activation.Keys.Keygens\Win XP KeyGens&Serials\XP SP1 Keychanger SP2 Keygen and Product Key Viewer\Windows XP Key.exe (Trojan.Downloader) -> No action taken.
D:\My Documents\ToolBox\Desktop\Adobe Products\Adobe CS3\All Keygen-Cracks for Adobe CS3\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
D:\My Documents\Azureus Downloads\All Keygen-Cracks for Adobe CS3, By GameGrounds!\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
D:\My Documents\Azureus Downloads\All Keygen-Cracks for Adobe CS3, By GameGrounds!-1\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
C:\Program Files\Spyware Remover\ignorespylist.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\License.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Readme.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\SpyLog28-09-08-36510.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Spyware.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\SpyWatch.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\zlib.dll (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\about.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\auto-remove-files-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\backup-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\backup-window-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\check-mark.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\clear-log.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\configuration.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\desktop-icon.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\exit.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\help-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\help.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\ignore-list.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\index.html (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\language-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\launch-spyware.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\monitor-on.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\ok-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options1a.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options2a.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\remove-auto-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\remove-selection-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\save-log-auto-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\save-log.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-2.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-log-window.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-on-start-option.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-sections.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\select-all-spyware-components-option.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\settings-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spyware1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-auto-pop.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-autostart.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-force.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-lauch.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-options-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-remove-bad.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-time-interval.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\stop-scan-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\view-current-process.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\arabic.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\arabic.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Chinese.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Chinese.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\English.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\English.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Français.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Français.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\German.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\German.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Italiano.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Italiano.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Japanese.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Japanese.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Korean.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Korean.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\português.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\português.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Spanish.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Spanish.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\PopUpWatch.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\index.html (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\advanced-window-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\main-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\main-window-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\menu.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\tray-menu-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\English.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\English.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Français.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Français.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\German.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\German.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Italiano.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Italiano.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\português.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\português.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Spanish.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Spanish.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound1.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound10.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound11.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound12.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound13.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound14.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound15.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound16.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound17.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound18.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound19.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound2.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound20.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound21.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound22.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound23.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound24.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound25.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound26.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound27.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound28.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound3.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound4.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound5.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound6.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound7.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound8.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound9.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\License Agreement.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Popup-Watch.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Readme.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Spy-Watch.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Spyware Remover.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\User's Guide.lnk (Rogue.SpywareRemove) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Application Data\Adobe\Manager.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Spyware Remover.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
I ran this again and nothing changed STILL HAVE message.
DaniWeb4Jim 47 Junior Poster
It is probably an application error. Try and find out which start up application is causing the error and uninstall.
NOPE! it is not because I ran AdAware2008, SpyBot, HiJack 2.02 MalwareBytes' AntiMalware, AVG-AntiVirus/Anti-Spyware and nothing came up. Also removed every program line in MSCONFIG.
NOTHING works?
Any more suggestions, or reformat?
Jim
gerbil 216 Industrious Poster
Jim, when you ran MBAM did you clilck the Remove Selected button? Cos everywhere I am seeing "No action taken." If you did not, then please rerun MBAM, post the log.
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hi DaniWeb4Jim, looking at the MBA-M log you obviously have infections on the machine. Update MBA-M and then run a Full System scan again, this time however follow the instructions given Make sure that everything found is checked, and click Remove Selected.
Reboot the machine. See if this makes a difference. It may not yet because there could actually be some application issues at work but for the amount of infection showing this could possibly be a part of the problem.
Judy
P.S. Whoops gerbil, didn't see you there.
DaniWeb4Jim 47 Junior Poster
And present the log from this task, please...?
So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
I removed all of my 4 512 MB DDR400 memory sticks and no change. Same message. I am now running BitDefender and have run your suggestion Malwarebyte's AntiMalware.
Any additional thoughts?
DaniWeb4Jim 47 Junior Poster
Hi DaniWeb4Jim, looking at the MBA-M log you obviously have infections on the machine. Update MBA-M and then run a Full System scan again, this time however follow the instructions given Make sure that everything found is checked, and click Remove Selected.
Reboot the machine. See if this makes a difference. It may not yet because there could actually be some application issues at work but for the amount of infection showing this could possibly be a part of the problem.
Judy
P.S. Whoops gerbil, didn't see you there.
Thanks Judy. I owe you an ice cream.
I am running Bitdefender a suggestion from a PC Repair store owner (friend) and I removed everyone of my 4 - 512 MB - DDR400 RAM memory sticks and know for positive sure that it is not memory problems.
Also I installed that Spyware program but sometimes programs that are alike say that the other program (their competition) is a spyware. If you run SpyBot and have Adaware 2008 it tells you that it may come up as a spyware and vice versa.
Jim
DaniWeb4Jim 47 Junior Poster
Jim, when you ran MBAM did you clilck the Remove Selected button? Cos everywhere I am seeing "No action taken." If you did not, then please rerun MBAM, post the log.
Yep, did that but it says that after it prints the log. I will rerun the log later and post it. jholand1964 said the same thing. She helped me a lot when I first started.
I don't give up I will get it. My PC Repair store owner and I differ about this method he reformats and charged the job out. I want to be the old time mechanic, like my father. I reformat when necessary but I want to get it.
Thanks for all of your input.
Jim
jholland1964 650 Posting Expert Team Colleague Featured Poster
Also I installed that Spyware program but sometimes programs that are alike say that the other program (their competition) is a spyware. If you run SpyBot and have Adaware 2008 it tells you that it may come up as a spyware and vice versa.
I have never had any of those tell me either of the other two was spyware. They do not compete with each other. Don't run all three at the same time. Use them for scanning only not as protective programs. In order to have any of those as protective programs you must purchase them. The free versions are used for scanning and removal only so they would not compete, because you cannot scan with all three at one time. The only time you may get a notation about one of the other programs is if one will note something in the Quarantine file of another. That would be perfectly fine because that is where it should be if removed by the program. The only times I have seen this is MBA-M will find something quarantined in Spybot, that is NOT competing both programs are doing their jobs. Frankly, since the change this past year with AdAware I have quit using it, mainly because it has a portion of the program that now loads as a service, which does nothing but run unless you actually pay for the program.
Today, for most of us anyway, MBA-M is THE program of choice. It has updates at a minimum of every other day, sometimes more than once a day. It finds and removes almost every nasty out there right now. You really cannot go wrong by it. I do still use Spybot but generally it finds nothing.
Put those memory sticks back in since you have ruled out those as the problem. Run the FIX with MBA-M.
Yep, did that but it says that after it prints the log.
Look at it closely, it should show you a screen with the problems found with a place to Select everything to fix. You have to place check marks in those in order for it to fix.
Save that log and then REBOOT. Then run a new HJT scan and post back with both logs. I honestly cannot see, yet anyway where a reformat is necessary. Just don't think this warrants that right now.
Judy
caperjack 875 I hate 20 Questions Team Colleague
My PC Repair store owner and I differ about this method he reformat and charged the job out.
I to like to fix the problem ,my own ,,but for the store owner its not cost effective to try and fix the problem anymore as it can take days ,as shown by how long its taking you to fix this one .imagine if the store owner did this with the many computers he get to fix ,there would not be enough time in his week to fix them all ,so format is the most efficient way to fix it !
DaniWeb4Jim 47 Junior Poster
Yep, did that but it says that after it prints the log. I will rerun the log later and post it. jholand1964 said the same thing. She helped me a lot when I first started.
I don't give up I will get it. My PC Repair store owner and I differ about this method he reformats and charged the job out. I want to be the old time mechanic, like my father. I reformat when necessary but I want to get it.
Thanks for all of your input.
Jim
I did everything that was suggested and still have this. Of course you don't know me. So here is some info:
I build repair and troubleshoot computers day after day for friend,s clients and help a guy who owns his own store. I find a new wrinkle in every PC Desktop or Laptop.
The fun for me isn't the money it's the adventure. I play with it for as long as it takes to fix it. Because I have a very good FULL TIME job.
My friend has his store, rent, light, gas, heat, etc. He needs the money so I take a project and fix it so he doesn't have to reformat. I have three PCs networked and a 17 HP year old Laptop. I can take my sweet time, which is why it looks like a long time, but sometimes I am busy and don't get back at it for a while.
I setup the network to learn networks and am going to sell some of the older PCs that I have that are not working yet. I have 4 others in my basement.
So, here I am searching for this error message.
JIm
You guys are in college or fix PCs for a living?
gerbil 216 Industrious Poster
These are my crossword puzzles.
Ok, to continue.. I would like to see the MBAM log... the one with Successfully deleted and Delete on reboot, which instruction you would have followed, of course.
tdssserv.sys is a rootkit, MBAM found and should have deleted it...
DaniWeb4Jim 47 Junior Poster
These are my crossword puzzles.
Ok, to continue.. I would like to see the MBAM log... the one with Successfully deleted and Delete on reboot, which instruction you would have followed, of course.
tdssserv.sys is a rootkit, MBAM found and should have deleted it...
I used SDFIX.EXE, which runs in SAFE MODE but I ran your suggesstion
Malwarebytes' Anti-Malware also SEE BOTH BELOW
SDFIX.EXE
SDFix: Version 1.240
Run by JIM on Wed 11/12/2008 at 07:00 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
tdssserv
Path :
\systemroot\system32\drivers\TDSSserv.sys
tdssserv - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\JIM.JIM-ADM\Application Data\Adobe\crc.dat - Deleted
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\twain_32\user.ds - Deleted
C:\windows\system32\drivers\TDSSserv.sys - Deleted
Folder C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\twain_32 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 07:33:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
source file error: C:\Documents and Settings\JIM.JIM-ADM\ntuser.dat
scanning hidden files ...
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A TAX THNG1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS 34816 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv 3182 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv 2680 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv 1255 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A TAX THNG1.xls 18432 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\An Organization Charts.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\An Organization Charts.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls 13824 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4 11088 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4 14080 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls 44032 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip 99422 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls 84992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls 103936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls 60416 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls 84480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls 87552 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip 99428 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip 329776 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls 5632 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls 31744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls 24064 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls 14848 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv 20790 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls 25600 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls 23040 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls 20480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls 22016 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls 17920 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls 16896 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls 18432 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls 29184 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS 50688 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls 124928 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls 123904 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls 95744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls 41472 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls 32256 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1 36804 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls 140288 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls 34304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls 39936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS 58368 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls 45568 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls 47104 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\prvflder.dat 512 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 143
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 23 Aug 2001 24,448 A.SHR --- "C:\NTBOOTDD.SYS"
Thu 9 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 14 Sep 2008 678,814 ...H. --- "C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe"
Thu 18 Mar 1999 70,656 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\cabarc.exe"
Wed 24 Feb 1999 111,104 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\Proflwiz.exe"
Sun 5 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 19 Nov 2003 495,616 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\PhotoJam 4 Deluxe.exe"
Fri 14 Nov 2003 372,736 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\product\PhotoJam 4 Deluxe.exe"
Wed 12 Nov 2008 8,278 A..H. --- "C:\Documents and Settings\JIM.JIM-ADM\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp"
Wed 26 Feb 1997 21,504 A..H. --- "C:\Program Files\Corel\Graphics10\Draw\Scripts\Misc\scpext.dll"
Finished!
MALWAREBYTES' ANTI-MALWARE
Malwarebytes' Anti-Malware 1.30
Database version: 1386
Windows 5.1.2600 Service Pack 3
11/12/2008 7:06:14 PM
mbam-log-2008-11-12 (19-06-14).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 300589
Time elapsed: 4 hour(s), 13 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DaniWeb4Jim 47 Junior Poster
It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.
SORRY, WE WERE ALL WRONG.....It was BILL GATES AND MICROSOFT AGAIN
http://support.microsoft.com/kb/927385/
You receive an error message after a Windows XP-based computer runs an automatic update, and you may be unable to run any programs after you close the "svchost.exe - Application Error" error message dialog box
View products that this article applies to.
Article ID : 927385
Last Review : December 5, 2007
Revision : 2.3
On This Page
SYMPTOMS
CAUSE
RESOLUTION
WORKAROUND
Method 1
Step1: Check whether settings for the Automatic Updates service and for the Background Intelligent Transfer Service (BITS) are correct
Step 2: Reregister Windows Update components
Step 3: Rename the Windows Update temporary folder
Method 2
SYMPTOMS
You configure a Microsoft Windows XP-based computer for Automatic Updates, and the Windows operating system runs an automatic update. Then, you may receive an error message in the svchost.exe - Application Error dialog box that resembles the following:
The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'.
You may also see an entry that is related to the error message in the Application log. The entry resembles the following:
Date: Date
Time: Time
Type: Error
User: N/A
Computer: ComputerName
Source: Application
Error Category: (100)
Event ID: 1000
Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module msi.dll, version 3.1.4000.2435, fault address 0x00012780.
Additionally, if you close the error message dialog box, you may be unable to run any programs on the computer. If you leave the error message dialog box open, you can continue to use the computer. But when you try to shut down the computer, the computer stops responding.
Back to the top
CAUSE
This issue may occur because of a problem with the Automatic Updates service.
Back to the top
RESOLUTION
To resolve this problem, apply the hotfix that is described in the following Microsoft Knowledge Base article:
927891 (http://support.microsoft.com/kb/927891/) You receive an access violation when you try to install an update from Windows Update after you apply hotfix package 916089
Back to the top
WORKAROUND
To work around this problem, use one of the follow methods:
Back to the top
Method 1
Leave the svchost.exe - Application Error dialog box open, and then follow these steps.
Step1: Check whether settings for the Automatic Updates service and for the Background Intelligent Transfer Service (BITS) are correct
To do this, follow these steps:1. Click Start, point to Run, type services.msc, and then click OK.
2. In the details pane, locate and double-click Automatic Updates.
3. Click the Log On tab.
4. Make sure that the Local System account option is selected and that the Allow service to interact with desktop check box is cleared.
5. Make sure that this service has been enabled in the Hardware Profile list. If this service has not been enabled, click Enable to enable the service.
6. Click the General tab, and make sure that the Automatic option is selected in the Startup Type list. Under Service status, click Start to start the service if it is not already running.
7. Repeat steps 2 through 6 for Background Intelligent Transfer Service (BITS).
Step 2: Reregister Windows Update components
To do this, follow these steps:1. Click Start, click Run, type REGSVR32 WUAPI.DLL, and then press ENTER.
2. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click OK.
3. Type the following commands in the Open box, one after the other, and then press ENTER after each command:
REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL
Step 3: Rename the Windows Update temporary folder
The temporary folder of Windows Update may be corrupted. In this case, you can rename the temporary folder of Windows Update. To do this, follow these steps:1. Click Start, click Run, type cmd, and then press ENTER.
2. At the command prompt, type net stop Wuauserv, and then press ENTER.
3. Click Start, click Run, type %windir%, and then press ENTER.
4. In the folder that opens, locate and rename the SoftwareDistribution folder to SDold.
5. At the command prompt, type net start Wuauserv, and then press ENTER to start the Automatic Updates service.
Method 2
Follow these steps:1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the Automatic Updates tab.
3. Click Turn off Automatic Updates, and then click OK.
4. Restart the computer.
5. Use the Windows Update Web site to install updates manually.
6. After you install the updates manually, turn on Automatic Updates.
--------------------------------------------------------------------------------
APPLIES TO
• Microsoft Windows Update Corporate Edition 1.0, when used with:
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Keywords: kbwinupdwebsite kbwindowsupdatev6 kbexpertiseinter kbtshoot KB927385
gerbil 216 Industrious Poster
Good-oh, jim.
M$ error from your last post: The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'. Notice that it refers to svchost.exe; the latter info is taken from the error log.
Your reported error: The instruction at Ox7c91b1fa referenced memory at 0x00000010. Note that a different instruction location and different memory address is involved; it is not the same cause as that of M$. You need to look back throught you error logs to find which process/service caused the error. It will still be there in the log - check back through Administrative tools > Event Viewer, Applications. I doubt very much that your error was svchost.exe related, you would have mentioned other symptoms..... Would like to know what you find...
That was not the MBAM log I hoped to see; I wanted to see the one with the detections and fixes applied. But no matter now.
DaniWeb4Jim 47 Junior Poster
Good-oh, jim.
M$ error from your last post: The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'. Notice that it refers to svchost.exe; the latter info is taken from the error log.
Your reported error: The instruction at Ox7c91b1fa referenced memory at 0x00000010. Note that a different instruction location and different memory address is involved; it is not the same cause as that of M$. You need to look back throught you error logs to find which process/service caused the error. It will still be there in the log - check back through Administrative tools > Event Viewer, Applications. I doubt very much that your error was svchost.exe related, you would have mentioned other symptoms..... Would like to know what you find...
That was not the MBAM log I hoped to see; I wanted to see the one with the detections and fixes applied. But no matter now.
That is correct the reference memory is different but that message is removed and it was a scvhost.exe problem but now that it is fixed I can't send you the winword file I made with the message in it.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.