 |  |  |  |  |  |  |  |
The instruction at Ox7c91b1fa referenced memory at 0x00000010.
Thread Solved |
•
•
•
•
Originally Posted by gerbil 
These are my crossword puzzles.
Ok, to continue.. I would like to see the MBAM log... the one with Successfully deleted and Delete on reboot, which instruction you would have followed, of course.
tdssserv.sys is a rootkit, MBAM found and should have deleted it...
Malwarebytes' Anti-Malware also SEE BOTH BELOW
SDFIX.EXE
SDFix: Version 1.240
Run by JIM on Wed 11/12/2008 at 07:00 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
tdssserv
Path :
\systemroot\system32\drivers\TDSSserv.sys
tdssserv - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\JIM.JIM-ADM\Application Data\Adobe\crc.dat - Deleted
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\twain_32\user.ds - Deleted
C:\windows\system32\drivers\TDSSserv.sys - Deleted
Folder C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\twain_32 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 07:33:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
source file error: C:\Documents and Settings\JIM.JIM-ADM\ntuser.dat
scanning hidden files ...
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A TAX THNG1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS 34816 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv 3182 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv 2680 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv 1255 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A TAX THNG1.xls 18432 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\An Organization Charts.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\An Organization Charts.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls 13824 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4 11088 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4 14080 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls 44032 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip 99422 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls 84992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls 103936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls 60416 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls 84480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls 87552 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip 99428 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip 329776 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls 5632 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls 31744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls 24064 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls 14848 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv 20790 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls 25600 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls 23040 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls 20480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls 22016 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls 17920 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls 16896 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls 18432 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls 29184 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS 50688 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls 124928 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls 123904 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls 95744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls 41472 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls 32256 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1 36804 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls 140288 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls 34304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls 39936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS 58368 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls 45568 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls 47104 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\prvflder.dat 512 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 143
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:enabled
xpsp2res.dll,-22019""C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe
:Enabled:WinDVD""C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe
:Enabled:AIM""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe
:Enabled:Windows Messenger""C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe
:Enabled
iSoftware Database Agent Service""C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe
:EnablediSoftware Sandra Agent Service"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:enabledxpsp2res.dll,-22019"Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 23 Aug 2001 24,448 A.SHR --- "C:\NTBOOTDD.SYS"
Thu 9 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 14 Sep 2008 678,814 ...H. --- "C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe"
Thu 18 Mar 1999 70,656 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\cabarc.exe"
Wed 24 Feb 1999 111,104 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\Proflwiz.exe"
Sun 5 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 19 Nov 2003 495,616 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\PhotoJam 4 Deluxe.exe"
Fri 14 Nov 2003 372,736 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\product\PhotoJam 4 Deluxe.exe"
Wed 12 Nov 2008 8,278 A..H. --- "C:\Documents and Settings\JIM.JIM-ADM\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp"
Wed 26 Feb 1997 21,504 A..H. --- "C:\Program Files\Corel\Graphics10\Draw\Scripts\Misc\scpext.dll"
Finished!
MALWAREBYTES' ANTI-MALWARE
Malwarebytes' Anti-Malware 1.30
Database version: 1386
Windows 5.1.2600 Service Pack 3
11/12/2008 7:06:14 PM
mbam-log-2008-11-12 (19-06-14).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 300589
Time elapsed: 4 hour(s), 13 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
•
•
•
•
Originally Posted by magic_mikey
It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.
SORRY, WE WERE ALL WRONG.....It was BILL GATES AND MICROSOFT AGAIN
http://support.microsoft.com/kb/927385/
You receive an error message after a Windows XP-based computer runs an automatic update, and you may be unable to run any programs after you close the "svchost.exe - Application Error" error message dialog box
View products that this article applies to.
Article ID : 927385
Last Review : December 5, 2007
Revision : 2.3
On This Page
SYMPTOMS
CAUSE
RESOLUTION
WORKAROUND
Method 1
Step1: Check whether settings for the Automatic Updates service and for the Background Intelligent Transfer Service (BITS) are correct
Step 2: Reregister Windows Update components
Step 3: Rename the Windows Update temporary folder
Method 2
SYMPTOMS
You configure a Microsoft Windows XP-based computer for Automatic Updates, and the Windows operating system runs an automatic update. Then, you may receive an error message in the svchost.exe - Application Error dialog box that resembles the following:
The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'.
You may also see an entry that is related to the error message in the Application log. The entry resembles the following:
Date: Date
Time: Time
Type: Error
User: N/A
Computer: ComputerName
Source: Application
Error Category: (100)
Event ID: 1000
Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module msi.dll, version 3.1.4000.2435, fault address 0x00012780.
Additionally, if you close the error message dialog box, you may be unable to run any programs on the computer. If you leave the error message dialog box open, you can continue to use the computer. But when you try to shut down the computer, the computer stops responding.
Back to the top
CAUSE
This issue may occur because of a problem with the Automatic Updates service.
Back to the top
RESOLUTION
To resolve this problem, apply the hotfix that is described in the following Microsoft Knowledge Base article:
927891 (http://support.microsoft.com/kb/927891/) You receive an access violation when you try to install an update from Windows Update after you apply hotfix package 916089
Back to the top
WORKAROUND
To work around this problem, use one of the follow methods:
Back to the top
Method 1
Leave the svchost.exe - Application Error dialog box open, and then follow these steps.
Step1: Check whether settings for the Automatic Updates service and for the Background Intelligent Transfer Service (BITS) are correct
To do this, follow these steps:1. Click Start, point to Run, type services.msc, and then click OK.
2. In the details pane, locate and double-click Automatic Updates.
3. Click the Log On tab.
4. Make sure that the Local System account option is selected and that the Allow service to interact with desktop check box is cleared.
5. Make sure that this service has been enabled in the Hardware Profile list. If this service has not been enabled, click Enable to enable the service.
6. Click the General tab, and make sure that the Automatic option is selected in the Startup Type list. Under Service status, click Start to start the service if it is not already running.
7. Repeat steps 2 through 6 for Background Intelligent Transfer Service (BITS).
Step 2: Reregister Windows Update components
To do this, follow these steps:1. Click Start, click Run, type REGSVR32 WUAPI.DLL, and then press ENTER.
2. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click OK.
3. Type the following commands in the Open box, one after the other, and then press ENTER after each command:
REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL
Step 3: Rename the Windows Update temporary folder
The temporary folder of Windows Update may be corrupted. In this case, you can rename the temporary folder of Windows Update. To do this, follow these steps:1. Click Start, click Run, type cmd, and then press ENTER.
2. At the command prompt, type net stop Wuauserv, and then press ENTER.
3. Click Start, click Run, type %windir%, and then press ENTER.
4. In the folder that opens, locate and rename the SoftwareDistribution folder to SDold.
5. At the command prompt, type net start Wuauserv, and then press ENTER to start the Automatic Updates service.
Method 2
Follow these steps:1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the Automatic Updates tab.
3. Click Turn off Automatic Updates, and then click OK.
4. Restart the computer.
5. Use the Windows Update Web site to install updates manually.
6. After you install the updates manually, turn on Automatic Updates.
--------------------------------------------------------------------------------
APPLIES TO
• Microsoft Windows Update Corporate Edition 1.0, when used with:
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Keywords: kbwinupdwebsite kbwindowsupdatev6 kbexpertiseinter kbtshoot KB927385
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Good-oh, jim.
M$ error from your last post: The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'. Notice that it refers to svchost.exe; the latter info is taken from the error log.
Your reported error: The instruction at Ox7c91b1fa referenced memory at 0x00000010. Note that a different instruction location and different memory address is involved; it is not the same cause as that of M$. You need to look back throught you error logs to find which process/service caused the error. It will still be there in the log - check back through Administrative tools > Event Viewer, Applications. I doubt very much that your error was svchost.exe related, you would have mentioned other symptoms..... Would like to know what you find...
That was not the MBAM log I hoped to see; I wanted to see the one with the detections and fixes applied. But no matter now.
M$ error from your last post: The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'. Notice that it refers to svchost.exe; the latter info is taken from the error log.
Your reported error: The instruction at Ox7c91b1fa referenced memory at 0x00000010. Note that a different instruction location and different memory address is involved; it is not the same cause as that of M$. You need to look back throught you error logs to find which process/service caused the error. It will still be there in the log - check back through Administrative tools > Event Viewer, Applications. I doubt very much that your error was svchost.exe related, you would have mentioned other symptoms..... Would like to know what you find...
That was not the MBAM log I hoped to see; I wanted to see the one with the detections and fixes applied. But no matter now.
Deep, deep in the woods, but walking about.
•
•
•
•
Originally Posted by gerbil
Good-oh, jim.
M$ error from your last post: The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'. Notice that it refers to svchost.exe; the latter info is taken from the error log.
Your reported error: The instruction at Ox7c91b1fa referenced memory at 0x00000010. Note that a different instruction location and different memory address is involved; it is not the same cause as that of M$. You need to look back throught you error logs to find which process/service caused the error. It will still be there in the log - check back through Administrative tools > Event Viewer, Applications. I doubt very much that your error was svchost.exe related, you would have mentioned other symptoms..... Would like to know what you find...
That was not the MBAM log I hoped to see; I wanted to see the one with the detections and fixes applied. But no matter now.
 |
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Network Cable Unplugged
- Next Thread: Cannot login to Windows
Views: 2667 | Replies: 23
| Thread Tools | Search this Thread |
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Windows NT / 2000 / XP
.net 2010 alaris appstore audio auto black blue bluescreen book bulletin cellphones chkdsk collaboration computer crash cursor deployment deployments desktop dns dotnetnuke drive dual eartlink error errors explorer features folder fontmanagers framework gadgets hardware interoperability killprocess laptop laptops latitude lcd linux load login mac markshuttleworth memory microsoft minimalizes mobile monitor motionle1600 netbooks novell operatingsystems oracle osx outlook palm partition port product proxy remotedesktop remotedesktopconnection replacingraiddrive retail retrieve rootkit screen security simplifiedchinese slowperformance sp1 sp3 spyware technology ubuntu uninstall update usb verizon videodrivers videogames virtual virus vista visual wab webos weecam win win32/heur window windows windows7 windowsxp windowsxpnotstartingup. worm xp xpde
