943,866 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Windows NT / 2000 / XP > The instruction at Ox7c91b1fa referenced memory at 0x00000010.
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Nov 4th, 2008
0

The instruction at Ox7c91b1fa referenced memory at 0x00000010.

Expand Post »
The instruction at Ox7c91b1fa referenced memory at 0x00000010. The memory could not be written.?
This happens as Windows XP is booting up and then I click ok and it removes the screen but not the problem.
Happens everytime.
Reputation Points: 15
Solved Threads: 0
Junior Poster
DaniWeb4Jim is offline Offline
150 posts
since Sep 2008
Permalink
Nov 4th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

It is probably an application error. Try and find out which start up application is causing the error and uninstall.
Reputation Points: 14
Solved Threads: 29
Posting Whiz in Training
sparkax is offline Offline
273 posts
since Aug 2008
Permalink
Nov 4th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.
Last edited by magic_mikey; Nov 4th, 2008 at 8:10 am.
Reputation Points: 10
Solved Threads: 4
Light Poster
magic_mikey is offline Offline
28 posts
since Mar 2008
Permalink
Nov 4th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

Click to Expand / Collapse  Quote originally posted by magic_mikey ...
It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.

Thanks I was thinking, that I will try it.
Reputation Points: 15
Solved Threads: 0
Junior Poster
DaniWeb4Jim is offline Offline
150 posts
since Sep 2008
Permalink
Nov 7th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

Click to Expand / Collapse  Quote originally posted by DaniWeb4Jim ...
Thanks I was thinking, that I will try it.
I talked to another techie friend and he suggested to remove 2 of the 4 memory sticks at a time and then see which one caused the problem. He must be thinking like you. Thanks for the info, I was thinking about it too.
Thanks,
Jim
Reputation Points: 15
Solved Threads: 0
Junior Poster
DaniWeb4Jim is offline Offline
150 posts
since Sep 2008
Permalink
Nov 7th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

Click to Expand / Collapse  Quote originally posted by DaniWeb4Jim ...
Thanks I was thinking, that I will try it.
I tried the startup in msconfig and nothing different I still have the message. I am going to do a memory test. I will let you know.
Reputation Points: 15
Solved Threads: 0
Junior Poster
DaniWeb4Jim is offline Offline
150 posts
since Sep 2008
Permalink
Nov 7th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

Jim, it is not a memory problem, it is a problem with a program trying to access reserved memory. In other words, it is caused by some sloppy software, and sloppy software is occasionally found in malware. So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
...an then:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005
Permalink
Nov 8th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

HERE IS THE LOG.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:48 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend HiJackThis\HiJackThis.2.0.0.2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1221429925828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1221799765640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11443 bytes
Reputation Points: 15
Solved Threads: 0
Junior Poster
DaniWeb4Jim is offline Offline
150 posts
since Sep 2008
Permalink
Nov 8th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

And present the log from this task, please...?
So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005
Permalink
Nov 10th, 2008
0

Re: The instruction at Ox7c91b1fa referenced memory at 0x00000010.

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3

9/29/2008 2:53:33 AM
MalwareBytesLog-mbam-log-2008-09-29 (02-52-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 303216
Time elapsed: 6 hour(s), 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 13
Folders Infected: 9
Files Infected: 146

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-1582543-23807) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Spyware Remover (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover (Rogue.SpywareRemove) -> No action taken.

Files Infected:
C:\Documents and Settings\JIM\Desktop\MSOFFICE 2007\ke_and_pa_by_kissme1\ke and pa AutoPlay\Docs\keygen.exe (Backdoor.Bot) -> No action taken.
C:\Downloads\MISC Downloads\noadware.exe (Rogue.Installer) -> No action taken.
D:\My Documents\ToolBox\Utilities\Registry Tools\MiscRegTools\ErrorNukerInstaller.exe (Rogue.Installer) -> No action taken.
D:\My Documents\ToolBox\Utilities\Windows Utils\WIN XP\Windows.Activation.Keys.Keygens\Win XP KeyGens&Serials\XP SP1 Keychanger SP2 Keygen and Product Key Viewer\Windows XP Key.exe (Trojan.Downloader) -> No action taken.
D:\My Documents\ToolBox\Desktop\Adobe Products\Adobe CS3\All Keygen-Cracks for Adobe CS3\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
D:\My Documents\Azureus Downloads\All Keygen-Cracks for Adobe CS3, By GameGrounds!\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
D:\My Documents\Azureus Downloads\All Keygen-Cracks for Adobe CS3, By GameGrounds!-1\Adobe Photoshop Extended CS3 Keygen\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.
C:\Program Files\Spyware Remover\ignorespylist.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\License.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Readme.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\SpyLog28-09-08-36510.txt (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Spyware.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\SpyWatch.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\zlib.dll (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\about.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\auto-remove-files-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\backup-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\backup-window-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\check-mark.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\clear-log.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\configuration.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\desktop-icon.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\exit.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\help-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\help.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\ignore-list.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\index.html (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\language-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\launch-spyware.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\monitor-on.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\ok-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options1a.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\options2a.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\remove-auto-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\remove-selection-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\save-log-auto-opt.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\save-log.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-2.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-log-window.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-on-start-option.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\scan-sections.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\select-all-spyware-components-option.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\settings-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spyware1.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-auto-pop.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-autostart.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-force.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-lauch.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-options-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-remove-bad.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch-time-interval.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\spywatch.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\stop-scan-button.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Help\view-current-process.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\arabic.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\arabic.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Chinese.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Chinese.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\English.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\English.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Français.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Français.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\German.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\German.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Italiano.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Italiano.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Japanese.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Japanese.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Korean.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Korean.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\português.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\português.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Spanish.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\Lang\Spanish.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\PopUpWatch.exe (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\index.html (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\advanced-window-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\main-small.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\main-window-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\menu.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Help\Images\tray-menu-options.jpg (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\English.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\English.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Français.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Français.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\German.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\German.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Italiano.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Italiano.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\português.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\português.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Spanish.bmp (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Lang\Spanish.ini (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound1.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound10.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound11.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound12.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound13.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound14.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound15.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound16.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound17.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound18.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound19.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound2.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound20.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound21.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound22.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound23.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound24.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound25.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound26.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound27.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound28.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound3.wav (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound4.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound5.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound6.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound7.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound8.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Program Files\Spyware Remover\PupupWatch\Sounds\Sound9.WAV (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\License Agreement.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Popup-Watch.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Readme.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Spy-Watch.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\Spyware Remover.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Start Menu\Programs\Spyware Remover\User's Guide.lnk (Rogue.SpywareRemove) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Application Data\Adobe\Manager.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Spyware Remover.lnk (Rogue.SpywareRemove) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Desktop\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\JIM.JIM-ADM\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.

I ran this again and nothing changed STILL HAVE message.
Reputation Points: 15
Solved Threads: 0
Junior Poster
DaniWeb4Jim is offline Offline
150 posts
since Sep 2008

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Windows NT / 2000 / XP Forum Timeline: Network Cable Unplugged
Next Thread in Windows NT / 2000 / XP Forum Timeline: Cannot login to Windows





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC