Windows NT / 2000 / XP RSS Windows NT / 2000 / XP RSS

The instruction at Ox7c91b1fa referenced memory at 0x00000010.

Thread Solved
1 2 Last »

Join Date: Sep 2008
Posts: 91
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #1
Nov 4th, 2008
The instruction at Ox7c91b1fa referenced memory at 0x00000010. The memory could not be written.?
This happens as Windows XP is booting up and then I click ok and it removes the screen but not the problem.
Happens everytime.
Reply With Quote Quick reply to this message  
Join Date: Aug 2008
Posts: 212
Reputation: sparkax is an unknown quantity at this point 
Solved Threads: 19
sparkax's Avatar
sparkax sparkax is offline Offline
Posting Whiz in Training

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #2
Nov 4th, 2008
It is probably an application error. Try and find out which start up application is causing the error and uninstall.
Reply With Quote Quick reply to this message  
Join Date: Mar 2008
Posts: 28
Reputation: magic_mikey is an unknown quantity at this point 
Solved Threads: 5
magic_mikey's Avatar
magic_mikey magic_mikey is offline Offline
Light Poster

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #3
Nov 4th, 2008
It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.
Last edited by magic_mikey; Nov 4th, 2008 at 8:10 am.
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 91
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #4
Nov 4th, 2008
Originally Posted by magic_mikey View Post
It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.

Thanks I was thinking, that I will try it.
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 91
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #5
Nov 7th, 2008
Originally Posted by DaniWeb4Jim View Post
Thanks I was thinking, that I will try it.
I talked to another techie friend and he suggested to remove 2 of the 4 memory sticks at a time and then see which one caused the problem. He must be thinking like you. Thanks for the info, I was thinking about it too.
Thanks,
Jim
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 91
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #6
Nov 7th, 2008
Originally Posted by DaniWeb4Jim View Post
Thanks I was thinking, that I will try it.
I tried the startup in msconfig and nothing different I still have the message. I am going to do a memory test. I will let you know.
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #7
Nov 7th, 2008
Jim, it is not a memory problem, it is a problem with a program trying to access reserved memory. In other words, it is caused by some sloppy software, and sloppy software is occasionally found in malware. So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
...an then:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 91
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #8
Nov 8th, 2008
HERE IS THE LOG.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:48 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend HiJackThis\HiJackThis.2.0.0.2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1221429925828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1221799765640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11443 bytes
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #9
Nov 8th, 2008
And present the log from this task, please...?
So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 91
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

 
0
  #10
Nov 10th, 2008
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3

9/29/2008 2:53:33 AM
MalwareBytesLog-mbam-log-2008-09-29 (02-52-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 303216
Time elapsed: 6 hour(s), 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 13
Folders Infected: 9
Files Infected: 146

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-1582543-23807) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Spyware Remover (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover (Rogue.SpywareRemove) -> No action taken.

Files Infected:
C:\Documents and Settings\JIM\Desktop\MSOFFICE 2007\ke_and_pa_by_kissme1\ke and pa AutoPlay\Docs\keygen.exe (Backdoor.Bot) -> No action taken.
C:\Downloads\MISC Downloads\noadware.exe (Rogue.Installer) -> No action taken.
D:\My Documents\ToolBox\Utilities\Registry Tools\MiscRegTools\ErrorNukerInstaller.exe (Rogue.Installer) -> No action taken.
D:\My Documents\ToolBox\Utilities\Windows Utils\WIN XP\Windows.Activation.Keys.Keygens\Win XP KeyGens&Serials\XP SP1 Keychanger SP2 Keygen and Product Key Viewer\Windows XP Key.exe (Trojan.Downloader) -> No action taken.
D:\My Documents\ToolBox\Desktop\Adobe Products\Adobe CS3\All Keygen-Cracks for Adobe CS3\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
D:\My Documents\Azureus Downloads\All Keygen-Cracks for Adobe CS3, By GameGrounds!\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
D:\My Documents\Azureus Downloads\All Keygen-Cracks for Adobe CS3, By GameGrounds!-1\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
C:\Program Files\Spyware Remover\ignorespylist.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\License.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Readme.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\SpyLog28-09-08-36510.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Spyware.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\SpyWatch.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\zlib.dll (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\about.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\auto-remove-files-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\backup-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\backup-window-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\check-mark.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\clear-log.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\configuration.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\desktop-icon.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\exit.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\help-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\help.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\ignore-list.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\index.html (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\language-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\launch-spyware.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\monitor-on.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\ok-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options1a.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options2a.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\remove-auto-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\remove-selection-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\save-log-auto-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\save-log.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-2.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-log-window.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-on-start-option.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-sections.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\select-all-spyware-components-option.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\settings-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spyware1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-auto-pop.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-autostart.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-force.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-lauch.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-options-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-remove-bad.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-time-interval.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\stop-scan-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\view-current-process.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\arabic.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\arabic.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Chinese.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Chinese.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\English.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\English.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Français.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Français.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\German.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\German.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Italiano.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Italiano.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Japanese.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Japanese.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Korean.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Korean.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\português.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\português.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Spanish.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Spanish.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\PopUpWatch.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\index.html (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\advanced-window-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\main-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\main-window-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\menu.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\tray-menu-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\English.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\English.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Français.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Français.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\German.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\German.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Italiano.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Italiano.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\português.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\português.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Spanish.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Spanish.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound1.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound10.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound11.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound12.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound13.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound14.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound15.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound16.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound17.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound18.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound19.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound2.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound20.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound21.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound22.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound23.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound24.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound25.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound26.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound27.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound28.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound3.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound4.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound5.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound6.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound7.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound8.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound9.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\License Agreement.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Popup-Watch.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Readme.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Spy-Watch.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Spyware Remover.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\User's Guide.lnk (Rogue.SpywareRemove) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Application Data\Adobe\Manager.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Spyware Remover.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.

I ran this again and nothing changed STILL HAVE message.
Reply With Quote Quick reply to this message  
Reply
1 2 Last »

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Other Threads in the Windows NT / 2000 / XP Forum
Thread Tools Search this Thread



.net 3.5 3daccelertion 2010 activedirectory alaris android apache application arm auto black blue book boot cellphones chinese collaboration combofix computer computerfreezes crash desktop desktops domain dotnetnuke drive error errors explorer features firefox folder fonts freeze gadgets hardware install intel killprocess laptop laptops latitude lcd linux load mac markshuttleworth microsoft minimalizes mobile monitor netbooks novell nvidia opensource operatingsystems options oracle osinstallationproblem osx outlook partition patch port product proxy raid rds reformat remotedesktopconnection retail screen server. sp1 sp3 spyware studios ubuntu uninstall unreadable update upgrade usb verizon videogames virtual virus vulnerability wab webos weecam win win32/heur window windows windows7 windowsxp worm xp
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC