Posts by DaniWeb4Jim

Review MY OTHER POSTS on this subject. It may help you to help me.
I would appreciate anyone getting back to me anytime.
I have had this headache for weeks and DO NOT want to reformat unless it is a absolute emergency!
HAPPY HOLIDAYS TO ALL.
Jim

Additional INFO:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/30/2008
Time: 12:00:45 AM
User: N/A
Computer: JIM-ADM
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 6e 74 64 6c 6c 2e n ntdll.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 35 35 31 2600.551
0048: 32 20 61 74 20 6f 66 66 2 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 62 31 66 61 b1fa

The instruction at Ox7c91b1fa referenced memory at 0x00000010. The memory could not be written.?
This happens as Windows XP is booting up and then I click ok and it removes the screen but not the problem.
Happens everytime.

I have worked with JHolland1964 in Viruses but we are blocked or at least I am.

Here is my SDFIX LOG. And the message disappeared and sent me another.

SDFix: Version 1.240
Run by JIM on Wed 12/10/2008 at 09:22 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:47:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

source file error: C:\Documents and Settings\JIM.JIM-ADM\ntuser.dat
scanning hidden files ...

C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS 34816 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls.$e_ 512 bytes
C:\Documents and …

Definitely found and removed the inst.exe>>>Trojan.W32.RealSearch>>>This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
along with the other two, which I really can find little or no information about so we must assume they are part of this infection.

SDFIX LOG
SDFix: Version 1.240
Run by JIM on Wed 12/10/2008 at 09:22 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:47:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

source file error: C:\Documents and Settings\JIM.JIM-ADM\ntuser.dat
scanning hidden files ...

C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS 34816 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv 3182 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private …

Well maybe there is infection there, even though scans show clean.
Download Dr.Web CureIT
Scan with that and see what it comes up with. Save the log.
Then update MBA-M, run a full system scan with it and have it REMOVE Everything found.
Reboot.
Next download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.

Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Now double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
You may receive a warning because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Next you will see the Disclaimer screen you should press the Yes button to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the …

Thanks Judy,
I am working tomorrow but I will try to do it by Monday.
Thanks, you're the best!
Jim

THIS IS A FEW EVENT LOGS ANY ONE THAT CAN HELP ME SOLVE THIS PLEASE H-E-L-P...........

Event #1

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 3:01:24 AM
User: N/A
Computer: JIM-ADM
Description:
Faulting application , version 0.0.0.0 faulting module unknown, version 0.0.0.0 fault address 0x00000000
==========================================================================

Event #2

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 2:41:29 AM
User: N/A
Computer: JIM-ADM
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
==========================================================================

Event#3

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 5:41:50 PM
User: N/A
Computer: JIM-ADM
Description:
Faulting application , version 0.0.0.0 faulting module unknown, version 0.0.0.0 fault address 0x00000000

Did that and nothing different. Both DVDs copy and read DVDs and CDs fine. I copied a movies and an audio CD and no error messages. Once and a while the DVD will not read on a home theater but that was a bad disc. No helping that, I think that is normal.
The message changes and does not have a NTDLL.dll message. I will send you one of those.
That is business but on a personal not it is and has been a pleasing to find someone who speaks the same language.
Happy Thanksgiving.
Jim

Problem NOT solved, yet.
I rebooted and it is back, grrrrrrrrrrrrrrr
I am about to reinstall the whole thing, but, someone said it came back with the updates.
Sending you the messages via email

I got rid of the problem with a neat tool SDFix.exe I am zipping and sending it to you via your private email later. . But maybe it was the TREND HOUSECALL AND the intense TREND MICRO SECURITY SYSTEM CLEANER. I ran both and it cleaned out many of my KeyGens but I will look for them again. A key generator that is used by the company if you call and loose your code. I have a few programs that I did buy and lost the code so I do use them. I am rebooting to prove that it is gone but it must have been one of them that had a backdoor Trojan virus.
Thanks for all of your help. I will review my opinion of AD-Aware but I do use Spy-Bot without TEA-Timer also What ANTIVIRUS DO YOU USE. I use AVG Free 8.0 and it works well.

A question first before I give the list. I notice this entry on your HJT log;
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Did you place these?
I only ask because, according to HJT guidelines;

Now here are the items I see in your HJT log which are either running as a Start up program or running at Start up via services and are not really required to run at start up;

Google Desktop Search>>> supposedly, this is "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks". This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources.

Windows Defender>>>this is users choice. I use only SpywareBlaster, which DOES NOT run in the background and find it's protection superior to those programs which must actually RUN.

NvCplDaemon>>>Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. User's choice

AppleSyncNotifier>>>Added by Apple's MobileMe synchronization software. This service helps to synchronize contact, email, and calendar information between your ITouch, iPhone, Mac, and PC.

QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards. Not required
iTunesHelper>>>Installed with Apple's …

Judy:
I am going to research and turn off some of these things and I will be back at you. You have a lot of good points When did you start doing this and where did you get all the knowledge about the programs. Is there a book that has some of the errors and could you recommend one?
Thanks again.
Jim

Ok. Thanks. Will get back with you ASAP.
Judy

You mentioned things I should not run I thought I turned off a lot can you send me my log and put your suggestions to stop running in RED.
Thanks
Jim

I have a Clone I build it is a :
INTEL PENTIUM 4 - 2.66 Ghz
2.0 Gig of RAM
1 - WD 80 Gig HD
1 - WD250 Gig HD

Thanks for the uninstall link Bitdefender uninstalled

Yes I have seen that also.
Look at my attachments so that you see what you need to click on and what we must see. What we have to know is the actual process that is causing the error. That is what I have clumsily outlined in the second attachement.

We need to know this because the 1st error notification box is just telling you that Generic Host Process for Win32 Services is having a problem. The Generic Host Process for Win32 is
Svchost.exe. If you look at the Windows XP process list in Task Manager , you will notice at several Svchost.exe processes: some running under the SYSTEM account (sometimes referred to as LocalSystem) and some running under two new service accounts: NETWORK SERVICE and LOCAL SERVICE. You may very well have more showing, that is ok. Svchost.exe. does exactly what the name implies, it HOSTS the services on the computer. So just this generic error won't tell us anything, we need to know the particulars of the specific error, that is why you have to look in the info and see what specific process or processes are causing the errors.

See attachment

JHolland1964 can we chat and is there an email that I can add a pdf?
I will send you a screen print of the message. I have already tried Bill Gates fix which is Microsoft's Hot fix that is more than 3 years old and said to only happen with SP2. I am running SP3 so they loose. I ran all of the ANTI-MAL-SPYWARE-VIRUS anyone suggested. Puzzle is on another site a guy said he reformated and reinstalled Win XP and the message came back after he installed SP3 and Microsoft updates.
Jim

I am having trouble uninstalling Bitdefender because it said that I had a file missing call their support. BUT I did and do follow your advice, not a fair statement.
You sent or DANIWEB sent me a message and when I opened DANIWEB it did not show your message and I looked on your posts yesterday and did not find that one you mention?
Now this gives me a gray rectangular message that (Can I email it to you?=?=email?) That is annoying as heck.
Sorry you are right I did not update it but I ran and updated b4 and nothing shows I will try again. Thanks and really I enjoy getting your help and did follow you info but tried another antivirus without turning of the other.

I have run BITDEFENDER 2009 AD-AWARE 2008APYBOT AVG ANTI-VIRUS AND ANTI-SPYWARE MALWAREBYTES' ANTI-MALWARE and tried anything I can think of.
Any help?
I get this message when I boot up but everything works.

Malwarebytes' Anti-Malware 1.30
Database version: 1386
Windows 5.1.2600 Service Pack 3

11/22/2008 11:42:27 PM
mbam-log-2008-11-22 (23-42-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 300014
Time elapsed: 2 hour(s), 52 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:30 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
…

Good-oh, jim.
M$ error from your last post: The instruction at "0x745f2780" reference memory at "0x00000000". The memory could not be 'read'. Notice that it refers to svchost.exe; the latter info is taken from the error log.
Your reported error: The instruction at Ox7c91b1fa referenced memory at 0x00000010. Note that a different instruction location and different memory address is involved; it is not the same cause as that of M$. You need to look back throught you error logs to find which process/service caused the error. It will still be there in the log - check back through Administrative tools > Event Viewer, Applications. I doubt very much that your error was svchost.exe related, you would have mentioned other symptoms..... Would like to know what you find...
That was not the MBAM log I hoped to see; I wanted to see the one with the detections and fixes applied. But no matter now.

That is correct the reference memory is different but that message is removed and it was a scvhost.exe problem but now that it is fixed I can't send you the winword file I made with the message in it.

It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.

SORRY, WE WERE ALL WRONG.....It was BILL GATES AND MICROSOFT AGAIN

http://support.microsoft.com/kb/927385/

You receive an error message after a Windows XP-based computer runs an automatic update, and you may be unable to run any programs after you close the "svchost.exe - Application Error" error message dialog box
View products that this article applies to.
Article ID : 927385
Last Review : December 5, 2007
Revision : 2.3
On This Page

SYMPTOMS
CAUSE
RESOLUTION
WORKAROUND

Method 1

Step1: Check whether settings for the Automatic Updates service and for the Background Intelligent Transfer Service (BITS) are correct

Step 2: Reregister Windows Update components

Step 3: Rename the Windows Update temporary folder

Method 2
SYMPTOMS
You configure a Microsoft Windows XP-based computer for Automatic Updates, and the Windows operating system runs an automatic update. Then, you …

These are my crossword puzzles.
Ok, to continue.. I would like to see the MBAM log... the one with Successfully deleted and Delete on reboot, which instruction you would have followed, of course.
tdssserv.sys is a rootkit, MBAM found and should have deleted it...

I used SDFIX.EXE, which runs in SAFE MODE but I ran your suggesstion
Malwarebytes' Anti-Malware also SEE BOTH BELOW

SDFIX.EXE

SDFix: Version 1.240
Run by JIM on Wed 11/12/2008 at 07:00 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
tdssserv

Path :
\systemroot\system32\drivers\TDSSserv.sys

tdssserv - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\JIM.JIM-ADM\Application Data\Adobe\crc.dat - Deleted
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\twain_32\user.ds - Deleted
C:\windows\system32\drivers\TDSSserv.sys - Deleted

Folder C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\twain_32 - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 07:33:39
Windows 5.1.2600 Service Pack 3 NTFS

…

Yep, did that but it says that after it prints the log. I will rerun the log later and post it. jholand1964 said the same thing. She helped me a lot when I first started.
I don't give up I will get it. My PC Repair store owner and I differ about this method he reformats and charged the job out. I want to be the old time mechanic, like my father. I reformat when necessary but I want to get it.
Thanks for all of your input.
Jim

I did everything that was suggested and still have this. Of course you don't know me. So here is some info:
I build repair and troubleshoot computers day after day for friend,s clients and help a guy who owns his own store. I find a new wrinkle in every PC Desktop or Laptop.
The fun for me isn't the money it's the adventure. I play with it for as long as it takes to fix it. Because I have a very good FULL TIME job.
My friend has his store, rent, light, gas, heat, etc. He needs the money so I take a project and fix it so he doesn't have to reformat. I have three PCs networked and a 17 HP year old Laptop. I can take my sweet time, which is why it looks like a long time, but sometimes I am busy and don't get back at it for a while.
…

Jim, when you ran MBAM did you clilck the Remove Selected button? Cos everywhere I am seeing "No action taken." If you did not, then please rerun MBAM, post the log.

Yep, did that but it says that after it prints the log. I will rerun the log later and post it. jholand1964 said the same thing. She helped me a lot when I first started.
I don't give up I will get it. My PC Repair store owner and I differ about this method he reformats and charged the job out. I want to be the old time mechanic, like my father. I reformat when necessary but I want to get it.
Thanks for all of your input.
Jim

Hi DaniWeb4Jim, looking at the MBA-M log you obviously have infections on the machine. Update MBA-M and then run a Full System scan again, this time however follow the instructions given Make sure that everything found is checked, and click Remove Selected.
Reboot the machine. See if this makes a difference. It may not yet because there could actually be some application issues at work but for the amount of infection showing this could possibly be a part of the problem.
Judy
P.S. Whoops gerbil, didn't see you there.

Thanks Judy. I owe you an ice cream.

I am running Bitdefender a suggestion from a PC Repair store owner (friend) and I removed everyone of my 4 - 512 MB - DDR400 RAM memory sticks and know for positive sure that it is not memory problems.

Also I installed that Spyware program but sometimes programs that are alike say that the other program (their competition) is a spyware. If you run SpyBot and have Adaware 2008 it tells you that it may come up as a spyware and vice versa.

Jim

And present the log from this task, please...?
So firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].

I removed all of my 4 512 MB DDR400 memory sticks and no change. Same message. I am now running BitDefender and have run your suggestion Malwarebyte's AntiMalware.
Any additional thoughts?

It is probably an application error. Try and find out which start up application is causing the error and uninstall.

NOPE! it is not because I ran AdAware2008, SpyBot, HiJack 2.02 MalwareBytes' AntiMalware, AVG-AntiVirus/Anti-Spyware and nothing came up. Also removed every program line in MSCONFIG.
NOTHING works?
Any more suggestions, or reformat?
Jim

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3

9/29/2008 2:53:33 AM
MalwareBytesLog-mbam-log-2008-09-29 (02-52-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 303216
Time elapsed: 6 hour(s), 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 13
Folders Infected: 9
Files Infected: 146

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-1582543-23807) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No …

HERE IS THE LOG.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:48 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend HiJackThis\HiJackThis.2.0.0.2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - …

Thanks I was thinking, that I will try it.

I tried the startup in msconfig and nothing different I still have the message. I am going to do a memory test. I will let you know.

Thanks I was thinking, that I will try it.

I talked to another techie friend and he suggested to remove 2 of the 4 memory sticks at a time and then see which one caused the problem. He must be thinking like you. Thanks for the info, I was thinking about it too.
Thanks,
Jim

It can't write to memory block 0x00000010, either the block is reserved for an application or the block is bad. How many RAM sticks are there in your pc, can you take them out one at a time and boot up, if you don't get your error then the stick which you have out is faulty. If you do get your error then it is an application.
If it is an application use msconfig to disable all startup applications and then re enable them one at a time until you find which is causing the error.

Thanks I was thinking, that I will try it.

The instruction at Ox7c91b1fa referenced memory at 0x00000010. The memory could not be written.?
This happens as Windows XP is booting up and then I click ok and it removes the screen but not the problem.
Happens everytime.

http://www.adobe.com/education/pdf/etd/etd_lesson2.pdf

Also I tried it in EXCEL and printed it to ADOBE.PDF as my printer driver and it kept my hyperlink that you see above.
1. I opened a blank Book.xls.
2. Then I went to INSERT menu and clicked HYPERLINK added my link.
3. Using Adobe Acrobat CS3 I used the PRINT command and selected ADOBE.PDF
4. It printed a PDF with the hyperlink above and launched the file from the internet and opened the PDF.

TA DA all done.
Cheers!
Jim

Go to this:
http://www.adobe.com/education/pdf/etd/etd_lesson2.pdf

Sounds like it can help you
DaniWeb4Jim

PS I just Googled the problem and it came up.

Full Removal of Comodo Firewall Pro 3 with SafeSurf Toolbar (If Regular Uninstall Method Fails)
« on: December 15, 2007, 11:33:37 PM »

Novice users: see the bottom of this post for information on how to do this in an easy and fast way!

I encountered significant difficulty in removing a previous version of CFP so that I could upgrade to the most recent edition, v3.0.14.276. In reviewing some recent posts about incomplete or aborted installation routines, I thought I would post a set of comprehensive instructions for completely removing CFP.

In particular, these instructions should help upgrading users who receive the message, “COMODO Firewall Pro is already installed. Do you want to un-install it now?" and after checking either the “Yes” or “No” button, nothing happens.

These instructions are specific to Windows XP Pro SP2 x32. However, they may be adapted to your particular Windows installation, including Vista. I make no guarantees that these instructions will work in your specific situation. On my partitioned system, F:\ is used for Program Files. Most users will have C:\ as the default location for Program Files.

Caution: These instructions involve modifying the Windows Registry, either manually or by using a specialized registry management tool. If you are unsure of your ability to do this, there's an attached batch file that'll automatically delete everything mentioned below.[/i][/u].

If you have experienced problems removing CFP in the past, uninstalling in Safe Mode may work. However, these instructions are …

I marked it as solved and it shows no solved threads in my SOLVED THREADS LIST. THIS IS THE SECOND ONE I solved and it did not register. What am I doing wrong?

After your PM I noticed an inconsistancy, in your posts you just said that it wasn't giving you a security warning when you turn your firewall off, in your message to me you said that you couldn't turn it off.

The troubleshooting steps are very different depending on the case. If it's turning on and off but not giving you a security threat warning it's probably that the firewall is working properly but still detecting one of the third party firewalls. If it's just not turning on or off there's an issue with windows firewall.

You were reading and not interpreting what you were reading. No offense I would be confused also. I fixed it by going to the COMODO Site and in a forum I was given a solution a CFP3_File_Registry_Cleaner.Zip File.
Now IF I turn off Windows FIREWALL I get a prompt that I maybe at risk without the firewall. Befoire it said that 2 firewall were still running. The CFP**.zip file cleaned it and The Zonealarm solution they gave me turned of that one so NOW I GET A PROMPT THAT ONLY WINDOWS FIREWALL IS ON OR OFF.
GET IT?

"I tried to turn off the Windows Firewall and it does not tell me I am at risk which was what prompted me to try other things." --- huh?

after you get to Security Centre click the option under Firewall that you have another application monitoring your firewall.

to remove your previous installations of other firewalls, download and run ccleaner and use the registry fixer

I have Ccleaner, Registry Mechanic, RegCure, Registry Fix, Registry Repair V4.0, Clean My Registry, etc. About 16 cleaners. Nothing works. Is there a line of code to turn on the Windows Firewall alone?

Nothing has worked and they are still registering in TUT as on but the registry has no reference to ZoneAlarm of COMODO Firewall at all.?????

Windows firewall is designed to work in unison with third party security. You can turn it on while another is active and it wont tell you you're at risk when you disable it because it recognizes the other program.

As for getting rid of zonealarm:

1. Download the Windows installation cleanup utility.
2. Disconect your computer from the internet.
3. Uninstall both firewalls (preferably in safemode)
4. Once the uninstall packages have finished run the Windows installation cleanup utility, selecting the firewalls. This will clear all registry references.
5. Delete any files left over in your "program files" folder.
6. Reinstall the firewall of your choice (probably comodo)
7.Reconect to the internet.
8. If this didn't work, come back here and we'll see what we can come up with.

THIS DID NOT WORK. In my thread I said that I uninstalled the Firewalls. I tried to remove everything like they discribed in the ZoneAlarm site and deleted the files suggested in Windows\sytem32. Still shows that I have a firewall. Comodo maybe still installed but in (TUT) I see both Firewall. I have hidden files unchecked and can see everything. No files related to the program are there. All folders and registry links are deleted. But TUT (The Ultimate Troubleshooter have it showing as active. HELP!!!!

I have 2 Firewall that I installed (ZoneAlarm & COMODO) and they are still showing active in TUT (The Ultimate Troubleshooter). I cannot turn on or off Windows Firewall. If I try to it doesnot prompt me that I am at risk. I always get a prompt in my other PC.
Any suggestions?

I had trouble with ZoneAlarm so I uninstalled it. Not uninstalled and can not remove it to turn Windows Firewall on. So, Oh it gets better. Thinking I would get help by installing a new firewall (NOT), I installed COMODO Firewall. No they are both active by SSoftware and the registry doesn't know it is still there. I tried to turn off the Windows Firewall and it does not tell me I am at risk which was what prompted me to try other things.
Anyone have a clue? or FORMAT C:\?

Hi Comior:
Yes it worked.
I thank you for the fast reply but I had gotten that info yesterday between DELL and Microsoft support.
I am telling everyone about this website.
All of the people that I have worked with are very knowledgeable and friendly.
Thanks again,
DaniWeb4Jim (Jim)

About two months ago I added a DVD recorder to my sister-in-law's PC. She and I copied a disc from both recorders. Now she can not read a disc.
I checked in the device driver and disc management no drives showing, both are gone.
Anyone that has a fix let me know. I think the drivers are corrupted and already uninstalled them and reinstalled them by removing them from the device manager and rebooting.
Any other advise or I am putting in the RECOVERY DISC and reboot.
Thanks to all.

Judy:
MARK SOLVED I found the link.
Thanks again, Jim

Hi Judy
Here is my last log. I say it is fixed. No more problems related to that one.
How do I mark it solved. I will try but I don't see that link????
JIm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:02 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Hi Judy,
Mostly good advice, as usual. I turned off Anti-Vir. I was told I could use the two by a Senior ITHelpdesk Specialist who has his own business after hours like I do. He said that Anti-Vir can run with other Antivirus programs, especially AVG 8. He was the one who turned me on to it with my friend who owns FRANKLIN COMPUTERS PLUS on Hempstead Turnpike in Franklin Square, NY.
I found all of the registry programs fun, but also one does clean more than others. I found more performance. I have them installed but not turned on only when I want to use them.
I am trying to find my best one REGCURE is rated as the best but COMODO finds more...
What to do ...What to do??? So, I leave them on.
I have 14 but not all loaded, now. I had a problem that one of them fixed. I don't know which but, when it happens again, I will check it out.
I have been doing this since 1989 and making my own PCs since at least 1993.
I never had a malware or even a real virus until now, so more protection had not hurt. I know the 'only use one virus program rule'. I always try to try things, so I find out my own way.
I think I did most of what you suggested and will continue to watch this website because it has …

Hi Judy:

Here are the results of both HiJACK files you asked for.
AntiVir is not loaded in the system tray but still shows in the report.
I will leave it for now and see how it is running but the System Mechanic pop-up blocker is off and
Zone Alarms is removed.
I Only have Zone Alarm Firewall Basic.
Windows Firewall is OFF.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:02 AM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - …

Judy:
I see ZONE ALARM and WINDOWS FIREWALL is turned off. Does it mention what the other one is?
Jim