Explorer.exe issue (I think) [Solved/Closed]

arcy - Aug 3, 2010 at 03:56 PM - Latest reply: arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 13, 2010 at 07:29 PM
Hi guys,

I know there are a lot of post on explorer.exe crashing but what I have noticed is that everybody's problem is slightly different than mine.

I have an asus EeePC 1000H XP Home Ed Service Pack 3 1.60 GHz

Computer was running fine until I plugged in my Blackjack II smartphone to sync. I started Microsoft Activesync and that is where it all began (I sync my phone on a weely basis with no issues).

The computer did not recognize the phone and when I tried to fix the errror it wouldn't. I tried to uninstall and wasn't able to due to uninstaller something(which I have now managed to fix I think).

If I run IE normally (I am using IE in safemode now with no issues) internet connection will be lost and if I try to fiddle with it the computer will crash and restart on its own (with issues).

I ran malawarebytes yesterday and today and found nothing. Windows Live onecare is the only one that found something and removed it.

I managed to get Windows One Livecare working and it came up with 4 items:

Exploit:Java/CVE-2008-5353.EE
Exploit:Java/CVE-2008-5353.GA
Exploit:Java/CVE-2009-3867.CF
TrojanDownloader:Java/OpenConnection.BB

All have been removed but problem persists. I try to run Registry Booster2010 and it gets stuck. Task Manager says it is running but it seems to be frozen and then crash... a fast flash of the dreaded blue screen followed by a black screen and restart.

When I try to run a windows uptdate, it sort of opens IE8 and just stays in the initializing mode showing other backgrounds.

I saw several people run the Hijackthis program so I installed it, ran it and these are the results:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:46:19 PM, on 8/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\RegistryBooster 2010\registrybooster.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Aracely\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
See more 

177 replies

Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 3, 2010 at 04:51 PM
0
Thank you
Hello,

I suggest that your system is suffering from the damages caused by the Trojan Horse Downloader.

It was a good idea to produced the HJT log.

I would certainly remove the following items:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

I am also suspicious of the 016 DPF entries pertaining to Facebook, but you only can no if they are safe.

Please delete the above BHO's Browser Helper Objects as well as this useless one:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

See how your system performs and return to me for further clean-up instructions.

Regards
I greatly appreciate your reply Ambucias =)

Can you please let me know where I can locate these files and delete them. That I don't know how =/
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 3, 2010 at 05:17 PM
Certainly!

You run another Hyjackthis scan without the log.

You check them and then you delete them.

I am now signing off till tomorrow morning, 1817hrs here. I shall then read your feedback for further advise.

Regards.

P.S. On Kioskea, everything is possible!
Just had a thought, can I remove these by clicking each of these options on the HJT?
I think your comment came right after I had posted my question lol =) I have done so and posted the results below.

Have a good night!!
0
Thank you
I did not delete the facebook files as I am not sure what they are but I have deleted the ones you recommended. I have run HJT once again and these are the results:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:31 AM, on 8/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Aracely\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
BTW I haven't restarted the PC, should I do so now?
0
Thank you
the problem worsened! Now I have to log on on safe mode only as it does not let me log on normally before crashing =/
if it manages to "load" without crashing it stops at the desktop with no icons
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 4, 2010 at 04:53 AM
0
Thank you
Good morning and top of the day to you Darcy,

Please rest assured that the BHO's you have removed with Hyjackthis have nothing to do the the present situation.

First lets return you icons:

Please follow these steps:

reboot your computer in the Safe mode with command prompt.

Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.

A notepad window opens. Type the following text into notepad:

[Version]
Signature="$Chicago$"
Provider=Myantispyware.com

[DefaultInstall]
AddReg=regsec

[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.

In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.

In the command prompt type shutdown -r and press Enter.

Your computer will be rebooted.
you are an angel sent helping me out... OK let me go ahead and do what you are recommending and I will post right back
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 4, 2010 at 05:04 AM
Standing by
Ambucias I tried to open IE and it opened for a min before it shut down =/
MSN messenger would not load which leads me to believe there is still the explorer problem =/

desktop loaded fine however
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 4, 2010 at 05:35 AM
0
Thank you
Arcy,

You wrote that I was an angel, but my wife keeps telling me that I am almost an angel. I must tell her, after what you said that I got my full wings today!:)))

Back to business.

Since you got your desktop back, I think believe that you are correct in saying that the problem resides in Explorer which now has been partially repaired. Now, the problem resides with IE and you do have the latest version.

This type of problem is difficult to locate.

Here is a very powerfull tool to be used with extreme discretion.

To keep your system safe, you must follow the instructions hereunder to the letter:

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.

Let me know

P.S. I will be signing off in 50 minutes, so I hope we will have solved the problem by then
??? désolé, mais je ne pense pas que je connais le mot =/
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 4, 2010 at 07:59 AM
Cambronne était un général qui a servi sous Napoléon et lors d'une bataille, les Anglais lui ont demandé de se rendre. Il leur a répondu "Merde!". Aujourd'hui, on se sert de l'expression pour souhaiter bonne chance, surtout au théâtre.
it is THE word to express in English and French! It just flows!! it comes out au naturel lol
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 4, 2010 at 08:11 AM
In English, the expression is "Break a leg".
pour le bonne chance oui! puor un probleme c'est le mot de Cabronne lol
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 8, 2010 at 08:12 AM
0
Thank you
i'm back.... problem started again right after I reinstalled Microsoft Active Sync and plugged in my phone to sync =(

I unsinstalled it and did the following:

I ran Vundofix and it returned 0
I ran Combofix and
I ran Eusing free registry cleaner

Problem continues =(

I get the blue screen with
stop 0x00000074 ......
win32k.sys error
dwwin.exe corrupt file
and lots more (i have no clue how to access the log of that blue screen error msg)

SOS again
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 8, 2010 at 08:34 AM
0
Thank you
Oh! Oh! This is not funny.

I wonder why you ran Vundofix for it is a useless yet damaging Norton invention.

The error code 0x0000074 means 2 things.

Your ram bar is damaged or ill configured.

I suggest you remove your ram stick or sticks, check for damages, clean the slots with compressed air can.

Just in case some items did not need to be deleted, Run Eusing free again and restore the deleted items. There is a small link which will take you to the backup.

If that does not solve the issue, I shall refer your case to Jack4all who is more in the hardware issue than I.

Good luck
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 8, 2010 at 10:19 AM
Ambucias I made a mistake the error is
Kernel_data_inpage_error

error code 0x000007A (A not a 4 as initially posted) not sure if it makes a difference

win32k.sys - Adress BF 932000 base at Bf800000 Date Stamp

BTW I don't use Norton, I use Windows Live OneCare =)

I ran vundo as well as malaware and onecare just to see if any of these found something but all returned 0
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 8, 2010 at 10:59 AM
There are some of the errors I get from the Event Viewer window:

Error code 0000007a, parameter1 e1bbef50, parameter2 c000009a, parameter3 bffd682c, parameter4 27b32860.

The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'change.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
SCDEmu
StarOpen


The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 8, 2010 at 04:59 PM
0
Thank you
Hi,

You mentioned Vundofix which is a tool created by Norton Symantec to irradicate the virus Virtumonde.

the error code 0X0000007A means KERNEL_DATA_INPAGE_ERROR this happens when the IDE is connected to a slave while no master disk is on the same controller.

The error code: 0xC000009A Means insufficient resources

I am afraid that there are things about your system for which I do not have the entire picture.

I will see what Jack4all has to say about it. He is a highly estimated contributor .

Regards
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 8, 2010 at 05:25 PM
thank you Ambucias =)

I still went out to FNAC to get a bottle of compressed air and will clean it tomorrow (won't do any harm and getting rid of some dust lol).

I hope Jack4all has some insight on what is going on =/
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 8, 2010 at 05:39 PM
0
Thank you
Hello arcybarrios,

First thanks to Ambucias

Try this 1.

1)Click on Start --> Run -->Type cmd and click on OK---> Command Prompt will

be opened. Now type this command,

chkdsk /f /r

Press "Enter"

Note: If it says that "This volume will be checked the next time the system

restarts", then restart your PC to start chkdsk process. A blue screen will

appear performing check disk operation.

2) After check disk process,

Click on Start --> Run -->Type sysdm.cpl and click on OK.

"System Properties" window will be opened.

Click on "Advanced" tab ---> In "Performance" section click on "Settings"

button ---> Click on "Advanced" tab ---> Click on "Change" button ---> Select

the option "No paging file" ---> Click on "Set" button --->Click on

OK--->OK--->OK --->restart your PC.

After restarting your PC, again follow "Step 2" and this time select the option

"System managed size" and click on "Set" button -->Click on OK --->OK--->OK.

3) Open "My Computer" ---> Click on "Tools" ---> Folder Options ---> Click on

"View" tab ---> Then uncheck the check box "Hide extensions for known file

types" ---> Click on OK.

Go to this location C:\WINDOWS\system32 and search for the file named

"win32k.sys". Right-click on that file named "win32k.sys" ---> Rename -->

Now rename that file as win32k.old ---> Now close the Window ---> Restart

your PC ----> Now it will give you a new file named win32k.sys, again go to

this location C:\WINDOWS\system32 and check for the new file named

win32k.sys.

Don't delete the old file which was renamed as win32k.old


If the problem still exists,

Remove the RAM from the slot, clean it and place it back in another slot.

Note : If you are having two RAM's then remove one RAM and switch ON your

PC to check whether your problem is solved or not. If it still exists, place the

same RAM in another slot and Switch ON your computer.

Now swap the RAM's and check the other RAM by following the above

instructions given in "Note".

Testing RAM:

Click on the below link and download the ISO file

http://memtest.org/download/4.10/memtest86+-4.10.iso.zip

Burn it to a CD and boot from CD by setting your first boot device as

CD\DVD Drive and run memory test. Check the Error's columns. Make sure

there is no errors.

Good Luck.
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 8, 2010 at 05:43 PM
Thanks for taking over jack!

Now, look at this genius go! Amazing! Flabergasting! The Ace of all contributors!
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 8, 2010 at 06:06 PM
I am not ignoring you guys I am following instructions very carefully... I am on the system 32 folder step =)

And yes I agree with Ambucias comment above! I am in awe!
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 8, 2010 at 06:38 PM
0
Thank you
here goes after the millionth attempt =/

I have done almost all of the steps above except the dusting out RAM. That I will do tomorrow (1:35am here). I am afraid to say that the problem is still annoyingly present =( the BSOD is killing me softly.

I have an Asus Eee PC netbook which I believe has one slot of RAM only. The other thing is, I do not have a DVD/CD drive. Is it ok to mount the ISO file onto a virtual drive (I have powerISO) for it to work the same?

Thanks for helping out =)

Cheers
Ambucias
Posts
55821
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
November 14, 2018
- Aug 9, 2010 at 04:57 AM
Hello Arcy,

Jack4all is on your case and he as taken over your hardware issue. Please do follow is instructions for Jack is one of our official, trusted and distinguished contributors.

Good luck
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 05:33 AM
Thank you Ambucias! I think I have a bit of everything on my netbook (soft and hardware) =(
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 04:58 AM
0
Thank you
Good morning!!

So I dusted the RAM chip and its slot (and all inside) and problem continues. I open IE and it works fine until I do something it doesn't like and puff the window closes (Outlook as well). So far I have not seen the BSOD
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 9, 2010 at 06:28 AM
Hello,
0X0000007A error is the indication of bad sectors in your harddisk, bad RAM, Paging problem.
So first check your harddisk for bad sectors.
May be your harddisk contains bad sectors.
Try this 1 again.
Open "My Computer" -->right click on your OS drive --->Properties --> Click on "Tools" tab-->
click on "Check Now" button ---> select those two options --> Click on Start.
Now it should start checking your harddisk in different phases. After completion you can
see the report.

Let me know your harddisk brand name and model number .
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 06:52 AM
it doesn't allow me to run it it gives me the following:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

I restart and try to run again and I get the same msg

OK third time was a charm... it is now checking

Question, where do I get the info of the hard disk brand and model (besides opening the machine?)
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 9, 2010 at 07:22 AM
Hello,
Click on Start -->Run --> type devmgmt.msc and Click on OK. Device Manager will be opened.
Now double-click on "Disk Drive" or click on "+" to expand it. There you can find your harddisk number. Ex : HDS78082AF.
Let me know that number so that I can check for the HDD diagnostic utility in their site.
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 07:45 AM
ok so disk info: ST9160310AS
Seagate Momentus 5400.5 SATA 3Gb/s 160-GB Hard Drive Spin Speed 5400

Chkdsk has finished, where can I locate the log so that I can copy paste it here for you =)

(found it will paste shortly from the sicko computer)
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 9, 2010 at 07:56 AM
Hello,
Go to Event Viewer --> Click on "Application" --> under "Source" Column you can find the chkdsk/Winlogon.
Double-click on it and in description section you can find the information.
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 08:01 AM
0
Thank you
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 8/9/2010
Time: 2:38:57 PM
User: N/A
Computer: TOO LITTLE TOO CUTE
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 3 unused index entries from index $SII of file 0x9.
Cleaning up 3 unused index entries from index $SDH of file 0x9.
Cleaning up 3 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

83873632 KB total disk space.
15869684 KB in 127644 files.
50684 KB in 13630 indexes.
0 KB in bad sectors.
266680 KB in use by the system.
65536 KB occupied by the log file.
67686584 KB available on disk.

4096 bytes in each allocation unit.
20968408 total allocation units on disk.
16921646 allocation units available on disk.

Internal Info:
40 57 02 00 e6 27 02 00 ed a3 03 00 00 00 00 00 @W...'..........
50 02 00 00 02 00 00 00 13 03 00 00 00 00 00 00 P...............
ac 04 f2 0c 00 00 00 00 9a 2b ae 40 00 00 00 00 .........+.@....
fe 3e 58 10 00 00 00 00 c6 6c 30 ae 02 00 00 00 .>X......l0.....
04 ca a3 bd 02 00 00 00 48 e1 ca d3 05 00 00 00 ........H.......
70 18 22 5f 00 00 00 00 a8 39 07 00 9c f2 01 00 p."_.....9......
00 00 00 00 00 d0 9b c8 03 00 00 00 3e 35 00 00 ............>5..
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 9, 2010 at 08:58 AM
Hello,
Are you still facing the same problem ?
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 09:01 AM
so far so good jack ... I have outlook open and IE and neigther has closed...

Can I ask, what may have caused this problem? As mentioned above the only think I did was plug in my phone (as I do every week or every other day) to sync and next thing you you hell broke loose.

Is it safe to re install microsoft active sync and plug in my phone once again?
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 9, 2010 at 11:08 AM
Hello,
May be your harddisk contains system file error or bad sector. So what we did was to "Automatically fix system file error" and "Scan for and attempt recovery of bad sectors".

Yes, you can install the microsoft active sync and plug your phone.
Note : Incompatible drivers or corrupted driver will also results you in blue screen error.

In future if you run checkdisk from the windows, then after completion if you don't find the information in winlogon log file then search for the file chkdsk log file in event viewer.

Sorry for not replying to your previous question. I don't recommend doing memory test from windows. In future, if you want to do memory test then you can try this application called "UNetbootin". UNetbootin allows you to create bootable Live USB drives. You can burn the iso image to the USB flash drive using that utility --> set first boot device as USB Flash drive.

Cheers.
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 11:26 AM
thanks a million jack you and ambucias have been extremely helpful! Seriously no words can express my gratitude!

I will report back with the progress but so far so good... (mind you I have been using my other lap top for the most part)
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 9, 2010 at 06:13 PM
0
Thank you
Jack... bad news =( below the logs I copy pasted:

Event Type: Error
Event Source: ESENT
Event Category: General
Event ID: 481
Date: 8/10/2010
Time: 1:00:06 AM

Description:
wuauclt (352) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 2580480 (0x0000000000276000) for 12288 (0x00003000) bytes failed
with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ". The read operation will fail with error -1011 (0xfffffc0d).
If this error persists then the file may be damaged and may need to be restored from a previous backup.


Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1005
Date: 8/10/2010
Time: 1:00:18 AM

Description:
Windows cannot access the file C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{CE496A34-8519-4303-80E9-1AF033B49309}\mpengine.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Microsoft Malware Protection Engine because of this error.

Program: Microsoft Malware Protection Engine
File: C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{CE496A34-8519-4303-80E9-1AF033B49309}\mpengine.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.
Additional Data
Error value: C000009A
Disk type: 3

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Microsoft Office 12
Event Category: None
Event ID: 1000
Date: 8/10/2010
Time: 1:00:42 AM

Description:
Faulting application outlook.exe, version 12.0.6535.5005, stamp 4bf5c678, faulting module wwlib.dll, version 12.0.6535.5002, stamp 4bd2a85a, debug? 0, fault address 0x00c0ec57.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 8/10/2010
Time: 1:00:59 AM

Description:
Faulting application MsMpEng.exe, version 1.5.1958.0, faulting module mpengine.dll, version 1.1.6004.0, fault address 0x004b4978.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 8/10/2010
Time: 1:01:04 AM

Description:
Fault bucket 00499106.


I was browsing IE and crash! A window popped up with some error but I wasn't able to write it down. Once again the same BSOD came up with the usual info of all the previous ones
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date: 8/10/2010
Time: 12:59:56 AM

Description:
The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'color' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 9, 2010 at 10:25 PM
1)Download Malware's Anti-Malware from the below link.
http://ccm.net/download/download-105-malwarebytes-anti-malware
Update it --> then perform "Full Scan"
Note : Default selected option is "Quick Scan"
After scanning, click on "Show Results" --->then Remove.
You can find the log file on the desktop.
2)Download this registry cleaner, from the below link.
http://ccm.net/download/download-1389-regseeker
Extract it ---> double-click on "RegSeeker" file.
Click on "Clean the Registry".
Then click on "Select -->Select All"
Then click on "Actions --> Delete Selected Items" --> OK -->OK.
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 10, 2010 at 03:37 AM
Good morning jack =)

I don't think that Onecare is the problem. I think there is something that is preventing it from functioning properly.

The one consistent thing is when I am browsing in IE just closes (it happens more often with IE than firefox), puff the window is gone (if it feels like it, it might flicker).

There is something deeper embeded somewhere that is causing the system to crash... it puzzles me that anything that is related to explorer causes the system to crash. if I am doing two tasks in IE puff it crashes.

I actually have malaware installed on my computer and ran a full scan a few days ago (when the problem first started) and it found nothing. I ran a full scan in Onecare and it found 4 infected files which it fixed.

I also ran Eusing registry cleaner a few days ago and it cleaned about 1500 files.

i will run the one you are recommending and report back.

Sorry for all this mess =(
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 10, 2010 at 04:37 AM
I just ran malaware and this is the malaware report (I had to run it on safe mode) Don't know if that matters when scanning let me know (i just didn't want to system to crash in the middle of a scan)

Malwarebytes' Anti-Malware 1.44
Database version: 3795
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/10/2010 11:34:00 AM
mbam-log-2010-08-10 (11-34-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 269507
Time elapsed: 40 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I will try and run the registry cleaner in normal mode. I ran it on safe mode and it came up with 1050 files. I didn't clean them as I am trying desperately to backup my system but I am unable too. As soon as it starts backup it just hangs in 2%
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 10, 2010 at 06:23 AM
I finally managed to backup my computer and ran regseeker from firefox as I was unable to do so from IE. Anything I do from IE it is nearly impossible specially with .exe files.

Regseeker has found a total of 1973 files which have no been "cleaned."
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 10, 2010 at 07:03 AM
Hello,
Did you managed to remove delete them in regseeker.
The reasons for your IE getting crash is
if you harddisk contains bad sectors or system file getting corrupted.
if your RAM if not good
even some add-ons will results you crashing in IE.
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 10, 2010 at 07:12 AM
0
Thank you
Hello,

Lets start troubleshooting step by step. First lets check the RAM.

Make sure your USB Flash Drive doesn't contain any important data that's

because, we will be formating the USB Flash Drive.

Download this file

http://memtest.org/download/4.10/memtest86+-4.10.usb.installer.zip

Extract it--- > Plug your USB Flash Drive --> Double-click on "Memtest86+ 4.10

USB Installer" -->Click on "Agree" -->Select your "USB Flash Drive" letter from the

drop-down menu and select the option "(Recommended)check this box if you

want to format this Drive" -->Click on "Create".

Now Bootable USB Flash Drive is created. Now reboot your PC --> Set first boot

device as USB Flash Drive and follow the instructions.

Now it should start testing your RAM

Check the Error's columns. Make sure there are no errors.
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 11, 2010 at 10:57 AM
Send me minidumps to the below email ids

mevrickjack@yahoo.com

worldmac15@yahoo.com
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 11, 2010 at 11:02 AM
email sent to both addresses once again
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 11, 2010 at 11:55 AM
I now know why we cannot uninstall IE 8 =/

http://support.microsoft.com/kb/950719

It seems I have to uninstall service pack 3 and then uninstall =/
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 11, 2010 at 11:57 AM
Ya try uninstalling the service pack.

Received your minidump.

Remove the RAM from the slot and place it in another slot properly.
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 11, 2010 at 12:11 PM
Also let me know the virtual memory size.
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 11, 2010 at 12:10 PM
0
Thank you
I don't have another slot =/ the netbook only has one
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 13, 2010 at 09:48 AM
Jack I will email those to you a little later tonight as I am on my way out the door (have company since yesterday).

I know I sound like a broken record but THANK YOU!!!!! =)
jack4rall
Posts
6505
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
December 30, 2015
- Aug 13, 2010 at 11:06 AM
Ok, I will wait for your email.
Have a great time.
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 13, 2010 at 02:48 PM
email sent =)
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 13, 2010 at 03:10 PM
and IE keeps crashing even without add ons =/
arcybarrios
Posts
77
Registration date
Sunday August 8, 2010
Last seen
November 20, 2011
- Aug 13, 2010 at 07:29 PM
Solved

Thank you jack and ambucias for your patience and assistance =)