Windows Support Forum

C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove

Q: C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove

If some one could help me please I would really appreciate it I have my logs you requested right here in the attached zip folder My computer apparently has a trjan and I would really like to remove it Please help DDS Ver - - - NTFSx Run by James at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - Running Processes C Windows system wininit exe C Program Files AVG AVG avgchsvx exe How to 7 WIndows C:\windows\system32\drivers\atapi.sys remove Trojan C Program Files AVG AVG avgrsx exe C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Program Files DisplayLink Core Software DisplayLinkService exe C Windows system svchost exe -k NetworkService C Windows System spoolsv C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove exe C Windows system taskhost exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Sony VAIO Update VAIOUpdt exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove C Program Files Sony VAIO Event Service VESMgr exe C Program Files AVG AVG avgam exe C Windows system DRIVERS xaudio exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgemc exe C Program Files Sony VAIO Event Service VESMgrSub exe C Program Files Sony VAIO Care VCsystray exe C Program Files AVG AVG avgcsrvx exe C Windows system igfxext exe C Windows system igfxsrvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Sony ISB Utility ISBMgr exe C Program Files Apoint Apoint exe C Program Files DisplayLink Core Software DisplayLinkUI exe C Windows System igfxpers exe C Program Files AVG AVG avgtray exe C Windows system igfxsrvc exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Windows Sidebar sidebar exe C Program Files AIM aim exe C Program Files Skype Phone Skype exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Apoint ApMsgFwd exe C Program Files Apoint Apntex exe C Windows system conhost exe C Users James AppData Local Apps MH QVRYR R A KG X ZJZ HTZ curs tion eee a d CurseClient exe C Program Files AVG AVG avgcsrvx exe C Windows system SearchIndexer exe C Program Files iPod bin iPodService exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files Mozilla Firefox firefox exe C Windows system ctfmon exe C Program Files Skype Plugin Manager skypePM exe C Program Files Sony VAIO Update VUAgent exe C Users James AppData Local Temp Zgc exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users James Downloads dds scr C Windows system conhost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uInternet Settings ProxyOverride local uURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll mURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll BHO AIM Toolbar Loader b cda -b - eef-a - a ac dbf - c program files aim toolbar aimtb dll BHO Ask Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll TB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dll TB Ask Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dll TB AIM Toolbar ecd-cc - -a c- aaccbd - c program files aim toolbar aimtb dll uRun Sidebar c program files windows sidebar sidebar exe autoRun uRun Aim quot c program files aim aim exe quot d locale en-US uRun Skype quot c program files skype phone Skype exe quot nosplash minimized uRun BMIMZMHMFM c users james appdata local temp Zgc exe mRun ISBMgr exe quot c program files sony isb utility ISBMgr exe quot mRun Apoint c program files apoint Apoint exe mRun SONY VGP-UPR Display Adapter quot c program files displaylink core software DisplayLinkUI exe quot mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun AVG TRAY c progra avg avg avgtray exe mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun ISUSPM Startup c progra common instal update ISUSPM exe -startup mRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -start mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot StartupFolder c users james appdata roaming microsoft windows start menu programs startup CurseClientStartup ccip mPolicies-system ConsentPromptBehaviorUser x mPolicies-system EnableUIADesktopToggle x DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF D CDB E-AE D- CF- B - - hxxp fpdownload macromedia com get shockwave cabs flash swflash cab TCP NameServer TCP A F-FCE - A - -B ADFFC TCP D D -AAB - F C- D B- CC BD Handler linkscanner - F C- F - D -A D -FBDDE F D - c program files avg avg avgpp dll Handler skype com - FFC B - B - DFF- - C DD F D - c progra common skype SKYPE DLL Notify igfxcui - igfxdev dll Notify VESWinlogon - VESWinlogon dll AppInit DLLs avgrsstx dll FIREFOX FF - ProfilePath - c users james appdata roaming mozilla firefox profiles dgnus k default FF - prefs js browser search defaulturl - hxxp aim search aol com search search query searchTerms amp invocationType tb -ff-aim-chromesbox-en-us FF - prefs js browser startup homepage - hxxp www google com FF - prefs js keyword URL - hxxp www google com search ie UTF- amp oe UTF- amp sourceid navclient amp gfns amp q FF - component c program files avg avg firefox components avgssff dll FF - component c program files avg avg toolbar firefox avg igeared components IGeared tavgp xputils dll FF - component c program files avg avg toolbar firefox avg igeared components IGeared tavgp xputils dll FF - component c program files avg avg toolbar firefox avg igeared components IGeared tavgp xputils dll FF - component c program files avg avg toolbar firefox avg igeared components xpavgtbapi dll FF - plugin c program files mozilla firefox plugins npdnu dll FF - plugin c program files mozilla firefox plugins npdnupdater dll FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA ---- FIREFOX POLICIES ---- FF - user js network protocol-handler warn-external dnupdate - false user pref network protocol-handler warn-external dnupdate false FF - user js browser sessionstore resume from crash - false c program files mozilla firefox greprefs security-prefs js - pref quot security ssl rsa seed sha quot true SERVICES DRIVERS R AVGIDSErHrw x AVG IDSErHr c windows system drivers AVGIDSwx sys - - R AvgRkx avgrkx sys c windows system drivers avgrkx sys - - R Avgfwfd AVG network filter service c windows system drivers avgfwd x sys - - R AvgLdx AVG AVI Loader Driver x c windows system drivers avgldx sys - - R AvgMfx AVG On-access Scanner Minifilter Driver x c windows system drivers avgmfx sys - - R AvgTdiX AVG Network Redirector c windows system drivers avgtdix sys - - R avg emc AVG E-mail Scanner c program files avg avg avgemc exe - - R avg wd AVG WatchDog c program files avg avg avgwdsvc exe - - R avgfws AVG Firewall c program files avg avg avgfws exe - - R DisplayLinkService DisplayLink Service c program files displaylink core software DisplayLinkService exe - - R AVGIDSDriverw x AVG IDSDriver c program files avg avg identity protection agent driver platform win AVGIDSDriver sys - - R AVGIDSFilterw x AVG IDSFilter c program files avg avg identity protection agent driver platform win AVGIDSFilter sys - - R AVGIDSShimw x AVG IDSShim c program files avg avg identity protection agent driver platform win AVGIDSShim sys - - R netw v Intel R Wireless WiFi Link Series Adapter Driver for Windows Vista Bit c windows system drivers netw v sys - - R SFEP Sony Firmware Extension Parser c windows system drivers SFEP sys - - R ti sony ti sony c windows system drivers ti sony sys - - R VUAgent VUAgent c program files sony vaio update VUAgent exe - - R yukonw NDIS Miniport Driver for Marvell Yukon Ethernet Controller c windows system drivers yk x sys - - S dlkmdldr dlkmdldr c windows system drivers dlkmdldr sys - - S AVGIDSAgent AVG IDSAgent c program files avg avg identity protection agent bin AVGIDSAgent exe - - S b nd x Broadcom NetXtreme Gigabit Ethernet - NDIS c windows system drivers b nd x sys - - S dlkmd dlkmd c windows system drivers dlkmd sys - - S SampleCollector Intel R Sample Collector c program files sony vaio care collsvc exe - - S SrvHsfHDA SrvHsfHDA c windows system drivers VSTAZL SYS - - S SrvHsfV SrvHsfV c windows system drivers VSTDPV SYS - - S SrvHsfWinac SrvHsfWinac c windows system drivers VSTCNXT SYS - - Created Last - - ----a-w- c windows MEMORY DMP - - ----a-w- c windows msa exe - - ---ha-w- c programdata ezsidmv dat - - d-----r- c program files Skype - - d-----w- c programdata Skype - - ----a-w- c windows system winlogon exe - - ----a-w- c windows explorer exe - - d-----w- c users james appdata roaming AVG - - ----a-w- c windows system deploytk dll - - d-----w- c programdata TEMP - - d-----w- c users james appdata roaming AnvSoft - - d-----w- c program files AnvSoft - - d-----w- c programdata Hewlett-Packard - - ----a-w- c windows system SYSTEM - - d-----w- c programdata Blizzard Entertainment - - d-----w- c windows system appmgmt - - d-----w- c programdata InstallShield - - d-----w- c programdata Sonic - - d-----w- c programdata Roxio - - d-----w- c program files Roxio - - d-----w- c program files DivX - - d-----w- c program files common files Blizzard Entertainment - - d-----w- c programdata Blizzard - - ----a-w- c windows system wininet dll - - d-----w- c program files VideoLAN - - ----a-w- c windows system drivers GEARAspiWDM sys - - ----a-w- c windows system GEARAspi dll - - d-----w- c program files iPod - - d-----w- c programdata AC - - AC - -C DAA BD - - d-----w- c program files iTunes - - d-----w- c program files Bonjour - - d-----w- c programdata Apple Computer - - d-----w- c programdata Apple - - d-----w- c programdata AIM Toolbar - - d-----w- c program files AIM Toolbar - - d-----w- c program files common files Software Update Utility - - d-----w- c programdata AIM - - d-----w- c program files AIM - - d-----w- c program files common files AOL - - d-----w- c program files Ask com - - d-----w- c users james appdata roaming uTorrent - - ----a-w- c windows system avgrsstx dll - - ----a-w- c windows system drivers avgrkx sys - - ----a-w- c windows system drivers avgtdix sys - - ----a-w- c windows system drivers avgldx sys - - d-----w- c windows system drivers Avg - - d-----w- c programdata AVG Security Toolbar - - ----a-w- c windows system drivers AVGIDSwx sys - - ----a-w- c windows system drivers avgfwd x sys - - d-----w- c program files AVG - - d-----w- c programdata avg - - ----a-w- c windows system TVWizudlg exe - - ----a-w- c windows system igfxtvcx dll - - ----a-w- c windows system IScrNB bmp - - d-----w- c windows system Lang - - ----a-w- c windows system msv dll - - ----a-w- c windows system igxpun exe - - d-----w- c windows system x - - ----a-w- c windows system tzres dll - - d-----w- c program files Guitar Pro - - d-----w- c windows Panther - - ----a-w- c windows system drivers dxgkrnl sys - - ----a-w- c windows system CertEnroll dll - - ----a-w- c windows system winload exe - - ----a-w- c windows system winresume exe - - ----a-w- c windows system wmploc DLL - - ----a-w- c windows system msasn dll - - ----a-w- c windows system fontsub dll - - ----a-w- c windows system atmfd dll - - ----a-w- c windows system t embed dll - - ----a-w- c windows system drivers dlkmd sys - - ----a-w- c windows system drivers dlkmdldr sys - - ----a-w- c windows system drivers WimFltr sys - - d-----w- c program files Sony Corporation - - d-----w- c program files DisplayLink Core Software - - d-sh--w- c windows Installer - - ----a-w- c windows system drivers SFEP sys - - ----a-w- c windows system drivers DMICall sys - - d-----w- c windows Vaio Application Uninstaller - - ------w- c windows system MpSigStub exe - - ---ha-w- c windows system drivers Msft Kernel Apfiltr Wdf - - d-----w- c program files Apoint - - ----a-w- c windows system WdfCoinstaller dll - - ----a-w- c windows system Vxdif dll - - ----a-w- c windows system drivers Apfiltr sys - - d-----w- c program files CONEXANT - - ----a-w- c windows system drivers HSX DPV sys - - ----a-w- c windows system mdmxsdk dll - - ----a-w- c windows system drivers XAudio sys - - ----a-w- c windows system drivers HSX CNXT sys - - ----a-w- c windows system drivers XAudio exe - - ----a-w- c windows system drivers HSXHWAZL sys - - ----a-w- c windows system UCI M dll - - ----a-w- c windows system drivers SnyHDAN cty - - ----a-w- c windows system drivers mdmxsdk sys - - ---ha-w- c windows system drivers Msft User WpdFs Wdf - - ----a-w- c windows system drivers ti sony sys - - ----a-w- c windows system msvcr dll - - ----a-w- c windows system Microsoft VC MFC manifest - - ----a-w- c windows system msvcp dll - - ----a-w- c windows system Microsoft VC CRT manifest - - ----a-w- c windows system mfc u dll - - d-----w- c programdata Sony Corporation - - ----a-w- c windows system VESWinlogon dll - - d-----w- c program files Sony - - d-----w- c program files common files Sony Shared - - ----a-w- c windows HideWin exe - - ----a-w- c windows system PerfStringBackup INI - - d-----w- c windows system wbem Performance - - --sha-r- C grldr - - d-sh--w- C Recovery - - d-----w- C Update - - d-----w- C Program Files x - - ----a-w- C seatoolsforwindowssetup msi - - d-----w- C SonySupport - - d-----w- C Windows old - - ----a-w- C bcd backup - - ---ha-w- C bcd backup LOG - - ---ha-w- C bcd backup LOG - - ----a-w- C UpgDrv Find M - - ----a-w- c windows inf perflib perfd dat - - ----a-w- c windows inf perflib perfc dat - - ----a-w- c windows inf perflib perfi dat - - ----a-w- c windows inf perflib perfh dat - - --sha-w- c program files desktop ini - - ----a-w- c windows inf perflib perfi dat - - ----a-w- c windows inf perflib perfh dat - - ----a-w- c windows inf perflib perfd dat - - ----a-w- c windows inf perflib perfc dat - - --sha-r- c windows fonts StaticCache dat - - --sha-w- c windows winsxs x microsoft-windows-mail-app bf ad e none f e abb c c WinMail exe FINISH

Relevancy 100%
Preferred Solution: C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no evidence of the "atapi" infection. What led you to that conclusion? Is your browser being redirected? You are infected though.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick the 'Display Run' or 'Run command' box > OK > OK.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/c-windows-system32-drivers-atapi-sys-trojan-windows-7-how-to-remove-456801.html
Relevancy 84.01%

I am running windows 7 ultimate 32 bit and i installed avg internet security 9.0. i found this threat in my computer

\"C:\\WINDOWS\\system32\\drivers\\atapi.sys\";\"Tr ojan horse Rootkit-Pakes.U\";\"Object is white-listed (critical/system file that should not be removed)\".

I try to use malwarebytes and is says its clean.. but when i scan with virustotal.com, it detects a trojan... they say that this site can help me fix my problem. i don't now how to remove the trojan....

hope you can HELP me...

thanks....

A:Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\drivers\atapi.sys

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/windows-7-trojan-horse-rootkit-pakes-u-c-windows-system32-drivers-atapi-sys-450979.html
Relevancy 81.22%

Hi guys I've recently done a AVG "C:\WINDOWS\system32\drivers\atapi.sys Horse Infected in C with Trojan Packed.Protector scan and found my computer was infected with quot C Infected with Trojan Horse Packed.Protector C in "C:\WINDOWS\system32\drivers\atapi.sys WINDOWS system drivers atapi sys quot quot Trojan horse Packed Protector C quot quot Object is white-listed critical system file that should not be removed quot I've tried removing it but couldn't as it is white-listed Please kindly offer your advise Thank you very much and ur help will be greatly appreciated DDS Ver - - - NTFSx Run by user at on Fri Internet Explorer Microsoft Windows XP Professional GMT Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system Ati evxx exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C WINDOWS RTHDCPL EXE C Program Files CyberLink PowerDVD PDVDServ exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files AVG AVG avgwdsvc exe C Program Files lg fwupdate fwupdate exe C PROGRA AVG AVG avgtray exe C Program Files CyberLink Shared Files RichVideo exe C WINDOWS system MRT exe C Program Files Windows Live Messenger msnmsgr exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C WINDOWS system ctfmon exe C Program Files McAfee Security Scan SSScheduler exe C Program Files AVG AVG avgnsx exe C WINDOWS system Wacom Tablet exe C Program Files AVG AVG avgemc exe C WINDOWS system WTablet Wacom TabletUser exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system Wacom Tablet exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Documents and Settings user Desktop dds scr Pseudo HJT Report uStart Page hxxp google com sg uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO C C A-E - b - D - CECB - No File BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll TB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dll uRun msnmsgr quot c program files windows live messenger msnmsgr exe quot background uRun NeoChronos c docume user locals temp c exe uRun ctfmon exe c windows system ctfmon exe uRun av md c windows temp TM A tmp mRun RTHDCPL RTHDCPL EXE mRun Alcmtr ALCMTR EXE mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun StartCCC quot c program files ati technologies ati ace core-static CLIStart exe quot MSRun mRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun LanguageShortcut quot c program files cyberlink powerdvd language Language exe quot mRun NeroFilterCheck c program files common files ahead lib NeroCheck exe mRun LGODDFU quot c program files lg fwupdate fwupdate exe quot blrun mRun IMJPMIG quot c windows ime imjp IMJPMIG EXE quot Spoil RemAdvDef Migration mRun MSPY c windows system ime pintlgnt ImScInst exe SYNC mRun PHIME ASync c windows system ime tintlgnt TINTSETP EXE SYNC mRun PHIME A c windows system ime tintlgnt TINTSETP EXE IMEName mRun AVG TRAY c progra avg avg avgtray exe mRun Regedit c windows system regedit exe StartupFolder c docume user startm programs startup adobeg lnk - c program files common files adobe calibratio... Read more

A:Infected with Trojan Horse Packed.Protector C in "C:\WINDOWS\system32\drivers\atapi.sys

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

http://www.bleepingcomputer.com/forums/t/277796/infected-with-trojan-horse-packedprotector-c-in-cwindowssystem32driversatapisys/
Relevancy 103.63%

Today I turned on my computer and a message from AVAST said that the file C Windows System Drivers szkimzl sys and C WINDOWS and C:\WINDOWS\system32\drivers\atapi.sys C:\Windows\System32\Drivers\szkimzl.sys system drivers atapi sys was infected So I pressed 'delete' and I turned on my internet which was working fine the other day C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys and it wouldn't work I thought it might have been firefox but I tried IE Chrome and Opera none of the worked I have three other computers which are all on the same modem and they all work fine DDS Log DDS Ver - - - NTFSx Run by HP Administrator at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Outdated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system RUNDLL EXE C WINDOWS ehome ehtray exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files MySQL MySQL Server bin mysqld-nt exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wscntfy exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www comcast net uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyServer http BHO d -ce - - - d d a e - c windows system awttSlmm dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB E BD F- B D- E- BE-BE DF D AE - No File TB A A -BACC- D - - A E E - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe c windows system ctfmon exe uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun avast c progra alwils avast ashDisp exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun ftutil rundll exe ftutil dll SetWriteCacheMode mRun ehTray c windows ehome ehtray exe mRun AlwaysReady Power Message APP ARPWRMSG EXE dRun ctfmon exe c windows system ctfmon exe dRun vmamyovr c windows system config systemprofile local settings application data jaahjq nnitsysguard exe dRun ygua e yhuiesfha yfauy fe c windows temp ma xj exe dPolicies-explorer NoFolderOptions x dPolicies-system DisableRegistryTools x IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube Video IE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htm IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dll IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF ECD A- D - AF -BA A- F B D - hxxp xiah gamescampus com luncher GamesC... Read more

A:C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys

Hello iJoe,

Is there any reason you ran RootRepeal instead of gmer? I'd prefer a log from gmer as outlined in our pre-posting topic.



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

http://www.techsupportforum.com/forums/f50/c-windows-system32-drivers-szkimzl-sys-and-c-windows-system32-drivers-atapi-sys-452479.html
Relevancy 101.91%

Once I started my computer Pop-ups from AVAST said that C WINDOWS system drivers C:\WINDOWS\system32\drivers\atapi.sys atapi sys was infected I do not know how to remove or fix the problem Here's the DDS DDS Ver - - - NTFSx Run by HP Administrator C:\WINDOWS\system32\drivers\atapi.sys at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost C:\WINDOWS\system32\drivers\atapi.sys exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system RUNDLL EXE C Program Files Common Files Real Update OB realsched exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system spoolsv exe C Program Files Pando Networks Media Booster PMB exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files AIM aolsoftware exe C Program Files Common Files LightScribe LSSrvc exe C Program Files MySQL MySQL Server bin mysqld-nt exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Alwil Software Avast ashMaiSv exe C WINDOWS system wscntfy exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C Program Files Adobe Acrobat Reader AcroRd exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www daum net uInternet Connection Wizard ShellNext iexplore BHO d -ce - - - d d a e - c windows system awttSlmm dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB E BD F- B D- E- BE-BE DF D AE - No File TB A A -BACC- D - - A E E - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe uRun ctfmon exe c windows system ctfmon exe uRun PlayNC Launcher uRun Aim quot c program files aim aim exe quot d locale en-US ee aol imApp uRun Pando Media Booster c program files pando networks media booster PMB exe mRun avast c progra alwils avast ashDisp exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun TkBellExe quot c program files common files real update ob realsched exe quot -osboot mRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -start mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscript mRun ISUSPM Startup c progra common instal update isuspm exe -startup dRun ctfmon exe c windows system ctfmon exe IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube Video IE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htm IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREElle

http://www.bleepingcomputer.com/forums/t/280819/cwindowssystem32driversatapisys/
Relevancy 101.91%

when i try to install windows service pack 4 it says that
c:\windows\system32\drivers\atapi.sys is open or in use by another application
 

A:c:\windows\system32\drivers\atapi.sys

Found this on google.
do you have a cd-emulator (like daemon-tools) installed ?
I needed to uninstall it to get sp1 running.
 

https://forums.techguy.org/threads/c-windows-system32-drivers-atapi-sys.337823/
Relevancy 101.91%

I know my computer is infected becasue when I try to click on a link I m redirected to another site and sometimes I get some weird popups I ran SUPERAntiSpyware and AVG and it just says I have C:\WINDOWS\system32\drivers\atapi.sys tracking ads but C:\WINDOWS\system32\drivers\atapi.sys nothing else but every so often I get a warning from AVG about C C:\WINDOWS\system32\drivers\atapi.sys WINDOWS system drivers atapi sys being infected but nothing happensThanks for your help DDS Ver - - - NTFSx Run by Administrator at on Thu Internet Explorer Microsoft Windows XP Professional GMT - AV Paladin Antivirus On-access scanning enabled Outdated e e b- e- - c-f c d b Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system S EvMon exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Program Files Common Files Microsoft Shared Ink KeyboardSurrogate exesvchost exesvchost exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system spoolsv exeC Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files AVG AVG avgfws exeC Program Files Bonjour mDNSResponder exeC WINDOWS System digtizer exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system RegSrvc exeC Program Files AVG AVG avgam exeC Program Files AVG AVG avgnsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system ZCfgSvc exeC WINDOWS SYSTEM WISPTIS EXEC WINDOWS System tabbtnu exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC WINDOWS system XConfig exeC Program Files Common Files Microsoft Shared Ink TCServer exeC WINDOWS AGRSMMSG exeC Program Files Fujitsu Utils fjevents exeC Program Files Fujitsu Utils FjDspMon exeC Program Files Fujitsu Utils FjMnuIco exeC Program Files Fujitsu Fujitsu Hotkey Utility IndicatorUty exeC Program Files Fujitsu BtnHnd BtnHnd exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC PROGRA AVG AVG avgtray exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system igfxext exeC Program Files Common Files Microsoft Shared Ink TabTip exeC Program Files AVG AVG Identity Protection agent bin avgidsmonitor exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files iTunes iTunes exeC Program Files Adobe Acrobat Reader AcroRd exeC WINDOWS system calc exeC Documents and Settings Administrator Local Settings Temporary Internet Files Content IE XUKRUP Defogger exeC Documents and Settings Administrator Local Settings Temporary Internet Files Content IE V GGL Z dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Connection Wizard ShellNext hxxp us fujitsu com computersBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat reader activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB CCC A -B CA- -B A - F DD - No FileuRun ctfmon exe c windows system ctfmon exeuRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exemRun TabletWizard c windows help SplshWrp exemRun TabletTip quot c program files common files microsoft shared ink tabtip exe quot resumemRun HotKeysCmds c windows system hkcmd exemRun AGRSMMSG AGRSMMSG exemRun lt NO NAME gt mRun FjEvents c program files fujitsu utils fjevents exemRun FjDspMon c program files fujitsu utils FjDspMon exemRun Fujitsu Menu c program files fujitsu utils FjMnuIco exemRun IndicatorUtility c p... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hi aweber422,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.************Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsDownload ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.You will get a warning about the not trusted download sites for ComboFix, click Yes.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/304114/cwindowssystem32driversatapisys/
Relevancy 100.62%

This ATAPI.SYS infection seems to have installed on my PC. So far I'm not having too many problems on Windows 7 32 bit apart from AVG Free popping up and telling me that it detected an infection. I want to get rid of it though. I googled the problem and read that it could be removed with ComboFix. I ran it twice and AVG still sees the file. I read afterwards that I shouldn't have ran the file myself.....I want to post the log file of ComboFix's first scan, but unfortunately the second one overwrote it...Here's the second one: http://rapidshare.com/files/348612046/ComboFix.txt.htmlAnyone have any ideas on what I could do to get this cleaned up?

A:Windows/system32/drivers/atapi.sys problem

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/294645/windowssystem32driversatapisys-problem/
Relevancy 99.76%

I am trying to download SP3 for windows xp but the error message "c:\windows\system32\drivers\atapi.sys is open or in use by another application. close all other applications and click retry." I have uninstalled (and deleted the folders) all virtual drivers, and even the cd/dvd drive. I have scanned my computer for viruses, malware, and spyware and removed all threats as well. I have also tried moving "atapi" to a different folder and renaming it but when I try a message comes up that says it is in use. I have no more ideas and the internet solutions are not working or don't apply. I am very frusterated! Please help!
 

A:Solved: c:\windows\system32\drivers\atapi.sys is open or in use

Solve 1:

This may occur if u have these programs installed
Alcohol 120% ,Daemon tools
http://support.microsoft.com/kb/884675/en-us
Check this link to continue with ur installation..

Solve 2:

If you are unable to determine which 3rd-party software is causing this issue, then here is a method of installing SP3 that avoids most 3rd-party conflicts:​ - download the stand-alone SP3 installer from http://www.microsoft.com/downloads/...A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en and save it at a known place on hard disk.​ - use "msconfig" to select "Diagnostic Startup", and re-boot Windows.​ - dismiss "msconfig" when it pops up after restart.​ - now launch the SP3 updater from the known place where you saved it.​ - when the SP3 update has all finished (involves at least one restart), use "msconfig" to select "Normal Startup", and re-boot Windows.

Solve 3:

Check out this 3 step process:-

Step1:
Go google "Unlocker Assistance" and download the software (or the link is provided below), it's free and very useful program. This program can unlock or kill or delete any files that's being used, no matter what situation the file is on, it can unlock the file or kill the process which is using it. (The icon looks like a star magic wand, that's the right program)
Download the software below if you have trouble finding it.
http://ccollomb.free.fr/unlocker/

Step 2:
After you install the program, then go in your My Computer, and right click on the C:\ and click on Search. Then find the keyword "atapi.sys" that the error message mentioned. You will see an icon that looks like a white sheet of paper, right click on that and choose "Unlocker" on the menu. This might start by default . After that a window should pop up showing you which program is currently using the file, I think it was "System". Now you need to click either on the "Unlock" or "Unlock All".

Step 3:
After that, the "atapi.sys" file should be unlocked. Now, go back to the error message and you should see "Retry" or something like that, then just click on that. the process will continue on.

BEFORE INSTALLING SP3: (items in bold are imperative)
Run CCleaner to get rid of unnecessary junk on my system
Make sure to have at least 900MB of available disk space on the C: (system) drive
Run CHKDSK on my C: (system) drive to make sure it is OK
Run a full scan with anti-virus and anti-spyware apps to make sure there is no malware on my system
Run the defragmenter
Make a full backup of my C: (system) drive(for restoring if things dont work out well)
Shut down all user applications and processes
Disable my network connection
Shut down my firewall
Disable all active anti-virus and anti-spyware applications
Disable any other security software

 

https://forums.techguy.org/threads/solved-c-windows-system32-drivers-atapi-sys-is-open-or-in-use.923813/
Relevancy 97.61%

Request your help in removing the virus from my system. I'm not a tech savvy and hence request your assistance in removing this.

A:"C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG"

Your help is highly appreciated

http://www.bleepingcomputer.com/forums/t/307335/cwindowssystem32driversatapisys;virus-identified-win32patchedcg/
Relevancy 97.18%

This morning I got a trojan warning out of the blue while browsing a webpage where local taxi companies were compiled I am using Windows XP Service Pack AVG antivirus and SpyBot Search and Destroy While AVG gave me the warning Spybot said that I needed to allow some system startup values I couldn t do anything however as Spybot froze and my computer started lagging a lot I was forced to crtl-alt-del to end the spybot process and AVG wouldn t let system32\drivers(dllcahce)\atapi.sys Trojan packer me do anything else than Ignore the threat I ran system32\drivers(dllcahce)\atapi.sys Trojan packer a full scan on AVG and in the end it said that the threats had been healed and asked me to do a system reboot On startup however AVG still gave me the warning Then I was able to remove threat again I m adding some pictures below Ignore the picture names I panicked Also what happened is that suddenly all my rememberd passwords in facebook my picture gallery and a couple of forums have been forgotten and I am logged off http www picturepush com photo a Myself fun bmp - location details http www picturepush com photo a Myself fun bmp - after startup EDIT - Spybot is still bugging me about some startup registries but I can t do anything since it freezes all the time I might of managed to hit deny access once but I couldn t check the remember decision box I wasn t able to see the name of the registry since the box always goes grey-ish EDIT again - the startup entry spybot is bugging me about is C WINDOWS system av md exe and regedit Right now I m denying them access but I don t want to hit the quot remember decision quot box until I know what s going on nbsp

Relevancy 96.75%

Please find the logDDS Ver - - - NTFSx Run by Shankar at on Mon Internet Explorer Microsoft Windows Vista Home Premium GMT AV AVG Anti-Virus On-access scanning enabled Updated colorc SP AVG Anti-Virus enabled Updated colorc SP Windows Defender disabled Outdated coloro blue Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows is... identified Win32/Patched.CG";"Object "C:\Windows\System32\drivers\atapi.sys";"Virus system svchost exe -k NetworkServiceC Windows system rundll exeC Windows system WLANExt exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files ABBYY FineReader Licensing PE NetworkLicenseServer exeC Program Files Common Files Apple "C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is... Mobile Device Support AppleMobileDeviceService exeC "C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is... PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC Program Files Airtel NetXpert bin sprtsvc exeC Program Files TeamViewer Version TeamViewer Service exeC Windows System TUProgSt exeC Windows System svchost exe -k WerSvcGroupC Windows system DRIVERS xaudio exeC PROGRA AVG AVG avgam exeC Program Files Hewlett-Packard Shared hpqwmiex exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files IObit Advanced SystemCare AWC exeC Windows system taskeng exeC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Windows WindowsMobile wmdSync exeC Program Files AVG AVG avgtray exeC Windows ehome ehtray exeC Windows system wbem wmiprvse exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Windows ehome ehmsas exeC Windows system svchost exe -k WindowsMobileC Windows System mobsync exeC Program Files Hewlett-Packard Shared HpqToaster exeC Windows system taskeng exeC Program Files Synaptics SynTP SynTPHelper exec Program Files Hewlett-Packard HP Health Check hphc service exeC Program Files Windows Media Player wmpnetwk exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Windows system wuauclt exeC Windows system DllHost exeC Users Shankar Music Documents Downloads dds comC Windows system wbem wmiprvse exe Pseudo HJT Report uWindow Title Windows Internet Explorer provided by Yahoo uInternet Settings ProxyOverride localuURLSearchHooks The Pirate Bay Toolbar coloro blue - c program files the pirate bay tbThe dlluURLSearchHooks Yahoo Toolbar coloro blue - c program files yahoo companion installs cpn yt dllmURLSearchHooks The Pirate Bay Toolbar coloro blue - c program files the pirate bay tbThe dllBHO amp Yahoo Toolbar Helper coloro blue - c program files yahoo companion installs cpn yt dllBHO Acro... Read more

A:"C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is...

Hello Shankar.ish, to Bleeping Computer Virus, Trojan, Spyware, and Malware Removal Logs Forum. My Nick is Net_Surfer I'll be glad to help you with your computer problems. I will be working on your Malware issues, this may or may not solve other issues you may have with your machine. Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Please take note of the following which will make our fix go more smoothly:1. The cleaning process is not instant. Very seldom can we remove the entire infection in one go. Many of today's infections install other infections and for the most part they do not like to go quietly. Please continue to review my answers until I tell you your machine is clean. Just because a symptom "disappears" does not mean your system is clean. 2. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process. 3. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set aside enough time to complete all the steps in each post and follow the instructions in the order stated. 4. If you are running P2P filesharing program(s). My recommendation is you uninstall it/them. 5. Do NOT run any extra scans or fix programs not requested by me as it could change the results in the reports I request. 6. If there's anything that you don't understand, stop and ask your question(s) before proceeding with the fixes. 7. The forum is busy and we need to have replies as soon as possible. After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you have circumstances that you are aware of that will delay your response, then please let me know. This is to ensure that your topic remains open and I don't close it to start a new post. NOTE: In the upper right hand corner of the topic you will see a button called Options. If you click on this button, a drop-down menu will expand. By choosing Track this topic and then choosing Immediate Email Notification, followed by clicking Proceed, you will be advised when I respond to your topic. This facilitates the cleaning procedure.Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. If you can do these things, everything should go smoothly. One or more of the identified infections is a backdoor trojan/Rootkit.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format... Read more

http://www.bleepingcomputer.com/forums/t/307357/cwindowssystem32driversatapisys;virus-identified-win32patchedcg;object-is-white-listed-criticalsystem-file-that-should-not-be-removed/
Relevancy 86%

Hi

A friend of mine came over yesterday and solved the problem. So no help needed anyway. Sorry for the inconvenience.

I tried to delete the post (I really weren't all too happy with all the info on my computer laying around there for anybody to see; I guess it can't be abused, but since I'm a real newbie, I don't feel really too certain about that), but I couldn't. However, I could edit it, which is what I did.

Thanks, guys!
 

https://forums.techguy.org/threads/c-windows-system32-drivers-dnsfilter-sys-how-to-remove.855053/
Relevancy 82.99%

I recently ran an AVG test and got :

"";"C:\Windows\system32\DRIVERS\cdrom.sys";"Trojan horse Crypt.ANVH";"Object is white-listed (critical/system file that should not be removed)"

As my one and only problem.
It is white listed and is supposed to be crucial to operation.

Am I being trolled?

Edit : Also, my machine often has 100% CPU spikes for long periods of time and then goes down for a while only to start up again. I checked my Task Manager's processes as well as used Process Explorer to try to find a culprit, but no process shows up. can this virus be the root of the 100% CPU spikes?
 

https://forums.techguy.org/threads/c-windows-system32-drivers-cdrom-sys-trojan.1038176/
Relevancy 82.56%

Hello guys
A friend introduced me to this forum that if i was going to get help anywhere, you guys are the best.
I reside in Nigeria, in Africa and just got myself a laptop. I just installed AVG and it detected that i have a trojan affecting my atapi.exe in windows/system32/drivers/atapi

AVG says it is whitelisted and can't remove it. The trojan makes my system slow, sometimes goes into blue screen and mosttimes i go into google, it shuts down the webpage and re-opens it.

Please help. dunno what to do. not very good with computer technicalities.
Hope you guys find time out of your busy shedule and give a helping hand here.

IK

http://www.bleepingcomputer.com/forums/t/373906/help-please-problem-with-system32driversatapiexe/
Relevancy 82.13%

Well my computer was hit with the xp security 2012 bug. I have been trying to clean it out but my kaspersky anti virus program will not let me delete or quarantine the bad file. So I am following the suggestion on this post: http://forums.techguy.org/virus-other-malware-removal/896647-trojan-virus-c-windows-system32.html

I hope I am doing this right. Any help would be greatly appreciated.
 

A:Trojan virus-c:\windows\system32\drivers\mrxsmb.sys

here is my combofix report:

ComboFix 11-12-17.02 - jimm 12/17/2011 13:57:16.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1557 [GMT -6:00]
Running from: c:\documents and settings\jimm\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jimm\Application Data\completescan
c:\documents and settings\jimm\Application Data\install
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}\chrome\content\_cfg.js
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}\chrome\content\overlay.xul
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}\install.rdf
c:\documents and settings\jimm\Local Settings\Application Data\jqq.exe
C:\Install.exe
c:\windows\$NtUninstallKB37933$\2404632685
c:\windows\$NtUninstallKB37933$\318736082\@
c:\windows\$NtUninstallKB37933$\318736082\bckfg.tmp
c:\windows\$NtUninstallKB37933$\318736082\cfg.ini
c:\windows\$NtUninstallKB37933$\318736082\Desktop.ini
c:\windows\$NtUninstallKB37933$\318736082\keywords
c:\windows\$NtUninstallKB37933$\318736082\kwrd.dll
c:\windows\$NtUninstallKB37933$\318736082\L\lpcjoloj
c:\windows\$NtUninstallKB37933$\318736082\lsflt7.ver
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\system32\ctfmonxjl.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\$NtUninstallKB37933$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 03:57 . 2011-04-25 05:13 147856 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
2011-12-07 23:40 . 2011-12-07 23:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-12-07 23:40 . 2011-12-07 23:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-30 02:47 . 2011-11-30 02:47 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 17:15 . 2011-05-14 14:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows... Read more

https://forums.techguy.org/threads/trojan-virus-c-windows-system32-drivers-mrxsmb-sys.1031664/
Relevancy 82.13%

I have been battling a virus all day. The only piece that is remaining is in the c:\windows\system32\drivers\cdrom.sys

I have done a stupid thing. I was hoping for more virus support and upgraded from the free version of AVG to the version 9.0. And of course it wants me to reboot.

I am terrified to reboot for fear of extracting the virus.

I am not the computer savvy and would really like to save my hard drive.

Please help?

Reverend Lisa
 

Relevancy 82.13%

"Virus identified Packed.Protector.C";"

C:\WINDOWS\system32\drivers\cdrom.sys";

"Object is white-listed (critical/system file that should not be removed)";

"1/23/2010, 10:30:52 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

I have numerous scans with MBAM, each time MBAM touches C:\WINDOWS\system32\drivers\cdrom.sys", AVG sends up a threat notice. MBAM does not flag the file as infected.

When I run AVG it identifies the above "Virus identified Packed.Protector.C";" C:\WINDOWS\system32\drivers\cdrom.sys"; There were two viruses, and AVG was able to remove the first, but not this one.

My kids were downloading something yesterday when this happened.

PLease Help What do I do ? I have read the forums from the HJT Team, and the combofix, I think that I am in the same situation and I can not afford to have my computer hacked.

http://www.bleepingcomputer.com/forums/t/289684/please-help-trojan-virus-cwindowssystem32driverscdromsys;/
Relevancy 81.7%

Hello All:

This is my first post and I am hoping someone might be able to provide some assistance. My AVG antivirus keeps telling me I have a Trojan horse threat:
C:\Windows/system32\1_3449eb6b_zw0er_!

I have run the Spybot Search and Destroy and Virtumundo. I have done the Virtumundobegone in safe mode as well. However, my AVG keeps popping up the Trojan threats. If I try to move it/delete it/heal it - AVG tells me I can potentially cause my system to crash. I am not sure what else to do.

Thank you for any assistance.

A:How can I remove the Trojan Threat: C:\Windows/system32\1_3449eb6b_zw0er_!

Scan with MalwareBytes' Anti-Malware:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Then, submit log file ESET SysInspector, to see what the situation.Download ESET SysInspectorhttp://www.eset.com/download/sysinspector.php- Start program through the SysInspector.exeThe program will collect information about the situation on your machine.- When "inspector" is ready and log file - generated, select File> Save Log- Confirm their wishChoose to save the file somewhere and then upload on http://4storing.com/ (when you open the page, click on the Great Britain flag to open the page in English), then give me the link.

http://www.bleepingcomputer.com/forums/t/176859/how-can-i-remove-the-trojan-threat-cwindowssystem321-3449eb6b-zw0er/
Relevancy 81.27%

MalwareBytes and AVG show that system is clean when scanned. However I get an AVG pop up that states that this file, c:windows/system32/drivers/ipec.sys, has been isolated. I connect to the internet through a wireless connection. Status shows connected but browser unable to connect. System is XP Home. Dell Optiplex DIM3000, Pentium 2.80GHz 2GB RAM.
What should I do??
Thank you

A:c:windows/system32/drivers/ipec.sys trojan horse hider

DownloadSystem lookCopy this script
:filefind
ipsec.sysPaste it in the BOXClick on LookPost the log

http://www.bleepingcomputer.com/forums/t/435272/cwindowssystem32driversipecsys-trojan-horse-hider/
Relevancy 80.84%

My computer has been running slower lately I found this forum and read about someone else having a similar problem but not exactly here In the log from the link I posted SifuMike posted this Lets check your HOSTS file It's located at c windows system drivers etc C:\windows\system32... Free Found And Edition Scan: Avg C:\windows\system32\drivers\etc\hosts hosts You can open it up in Notepad If it's just some lines on top with a in front of it and followed by localhost then you don't need to post it however if there are others following localhost you may have to fix it Post it here if that's the case I opened up my HOSTS file at that location and there were other lines following localhost This is what was in there Copyright - Microsoft Corp This is a sample HOSTS file used by Microsoft TCP IP for Windows This file contains the mappings of IP addresses to host names Each entry should be Avg Free Edition Scan: Found C:\windows\system32\drivers\etc\hosts And C:\windows\system32... kept Avg Free Edition Scan: Found C:\windows\system32\drivers\etc\hosts And C:\windows\system32... on an individual line The IP address should be placed in the first column followed by the corresponding host name The IP address and the host name should be separated by at least one space Additionally comments such as these may be inserted on individual lines or following the machine name denoted by a ' ' symbol For example rhino acme com source server x acme com x client host localhost bin errorprotector com br errorsafe com br winantivirus com br winfixer com cdn drivecleaner com cdn errorsafe com cdn winsoftware com de errorsafe com de winantivirus com download cdn drivecleaner com download cdn errorsafe com download cdn winsoftware com download errorsafe com download systemdoctor com download winantispyware com download windrivecleaner com download winfixer com drivecleaner com dynamique drivecleaner com errorprotector com errorsafe com es winantivirus com fr winantivirus com fr winfixer com go drivecleaner com go errorsafe com go winantispyware com go winantivirus com hk winantivirus com instlog errorsafe com instlog winantivirus com instlog winfixer com jsp drivecleaner com kb errorsafe com kb winantivirus com nl errorsafe com se errorsafe com secure drivecleaner com secure errorsafe com secure winantispam com secure winantispy com secure winantivirus com support winantivirus com trial updates winsoftware com ulog winantivirus com utils errorsafe com utils winantivirus com utils winfixer com winantispyware com winantivirus com winfixer com winfixer com winsoftware com www drivecleaner com www errorprotector com www errorsafe com www systemdoctor com www utils winfixer com www win-anti-virus-pro com www win-virus-pro com www winantispam com www winantispy com www winantispyware com www winantivirus com www winantiviruspro com www windrivecleaner com www windrivesafe com www winfixer com www winfixer com www winsoftware com I don't know what those other lines are and what they mean My computer is running slower Even when I open folders on my computer they open slower with the little search flashlight with the folder icon thing coming up That never happened like that before My internet is slower also Does anyone know if I'm infected with any malware adware virus etc Please help Thanks

A:Avg Free Edition Scan: Found C:\windows\system32\drivers\etc\hosts And C:\windows\system32...

The entries you see below the local host are really BAD sites which are being redirected back to nowhere (your computer), so they can't call out. I don't know what put those entries in, quite possibly AVG or some other application you've used. They're a good thing. But ...In some computers, mine included, if a large hosts file is used, the DNS service has to be disabled. Otherwise the computer can get very, very slow for the internet access.More and better details herehttp://www.mvps.org/winhelp2002/hosts.htmand a quote:Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.To resolve this issue (manually) open the "Services Editor"Start | Run (type) "services.msc" (no quotes)Scroll down to "DNS Client", Right-click and select: PropertiesClick the drop-down arrow for "Startup type"Select: Manual, or Disabled (recommended) click Apply/Ok and restartrestart = REBOOT is a must. You can also stop and then disable the DNS service from Control Panel.See about the middle of that writeup. If I were you, I'd read the whole article. The thing that puzzles me a bit is that your hosts file isn't all that long and it sure is missing a lot of other very bad things.

http://www.bleepingcomputer.com/forums/t/113560/avg-free-edition-scan-found-cwindowssystem32driversetchosts-and-cwindowssystem32kernel32dll-change/
Relevancy 80.41%

Hello dear staff,

I've been having security issues. AVG antivirus keeps warning me about a threat C:\WINDOWS\system32\drivers\ndis.sys - Trojan horse Rootkit-Pakes.AA
It cannot remove it.
Also, after the scan on the reboot windows loads normaly but very very slow. The processor is on 100%
But if i interrupt the scan on the boot windows starts normally, the processor works fine.

Safe mode loads very slowly, using up 100% of the processor.

I have this problem for a long time (2 moths) but did'nt have time to take kare of it.
I was wandering if you could advise me what to do.
Thank You in advance
 

https://forums.techguy.org/threads/c-windows-system32-drivers-ndis-sys-trojan-horse-rootkit-pakes-aa.975096/
Relevancy 80.41%

An AVG scan in safe mode is showing a Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sys

Other scans showed more concerns, See Attached DDS, GMER & TDDSSKIller scan results

Thanks much in advance!

A:Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sysAn

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/452093/trojan-horse-agent-raww-in-cwindowssystem32driversnetbtsysan/
Relevancy 79.98%

I read someone else's post with the same problem he didn't have the shell dll one though and I did And Anti Avg Virus C:\windows\system32\shell32.dll Found C:\windows\system32\drivers\etc... what the other posts said Here is my HijackThis Log Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc... Please help me And also lately Spybot - Search Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc... amp Destroy hasn't been finding any spyware or anything at all It used to find something every time I ran it but not anymore I don't know if that has to do with these changes though My Sims game won't start anymore either It reads the CD but it never starts The game isn't scratched or anything maybe I just need to clean the drivers But I thought since one of these changes says drivers in it that might be the reason why my game won't start If you have any tips on how to help my computer run a little faster that'd be great too I feel like my computer goes slower than it should It's also been making a lot of weird noises lately I'm sorry for listing so many problems I don't know if I'm supposed to post these here but if you could help me with all of that that would be really great Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC WINDOWS system rundll exeC Program Files Windows Live Messenger usnsvc exeC WINDOWS system wisptis exeC Program Files Mozilla Firefox firefox exeC PROGRA Grisoft AVG avgamsvr exeC Program Files Smart Protector Pro SmartProtector-Pro exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize www yahoo comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride dynhost inetcam com register inetcam com localhostR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C PROGRA Yahoo Common yiesrvc dllO - BHO no name - C B A - DB - A -A CB-D BBFEB - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF... Read more

A:Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc...

..Update..A computer guy came and looked at my computer. He said I needed a new fan.. so I don't need help with that now. My Sims game also works now.I just need to know if I'm infected.. and if there's something wrong with my Spybot.. and how I could change my hosts back or whatever is wrong with them. Thanks. I have a new problem now though.. I can't watch videos on Mtv.com. When I pause them, they won't load anymore. Only if I play it.. and I don't have a very fast internet so.. it loads slow. So it always stops every 5 seconds. It's very annoying. It did it before.. but then worked sometimes. I thought it might have been the site or maybe a lot of people were watching it, but it hasn't been working at all now. Can you please help me with that too?

http://www.bleepingcomputer.com/forums/t/120285/avg-anti-virus-found-cwindowssystem32shell32dll-and-cwindowssystem32driversetchosts-changed/
Relevancy 79.12%

CD drive (D:) on my system doesn?t even exist, I have one DVD drive player and one DVD/CD burner named (F:) and (N:). When trying to manage drive letters in control panel under administrative tools disk management CD drive (D:) does not even show up, I usually have this letter reserved for an external hard drive, now none of my short cuts icons etc will work because I cannot change this letter back. The actual name of this mysterious drive in device manager is WDC WD3000JS-60PDB0, the drivers it uses is C:\windows\system32\Drivers\disk.sys and C:\windows\system32\drivers\PartMgr.sys any ideas on how to remove this. Thanks.

A:C:\windows\system32\drivers\disk.sys And C:\windows\system32\drivers\partmgr.sys

Well...you should use Disk Management to change drive letters...with the understanding that you cannot assign a letter that is already taken by any drive attached...until you change that drive's letter .This explains it better, Hard Drive Letter Assignments - http://support.microsoft.com/default.aspx?...844&sd=tech Louis

http://www.bleepingcomputer.com/forums/t/153003/cwindowssystem32driversdisksys-and-cwindowssystem32driverspartmgrsys/
Relevancy 78.69%

MOD EDIT Moved to different forum stevealmightyNOTE If it is deemed Avg C:\windows\system32\drivers... My Results C:\windows\system32\ntoskrnl.exe Says And Antivirus that the members computer is infect please start HERE to post a HJT log The reason why I did not move this to the misplaced HJT log thread is that a qualified malware expert may know right off whether you're infected or not just by looking at the title of the topic Any questions please feel free to PM me C Windows system ntoskrnl exe and C Windows system drivers etc hosts changed I ran an AVG antivirus scan and under the virus results it says that my C Windows system drivers etc hosts and C Windows system ntoskrnl exe have been Changed Object C Avg Antivirus Results Says My C:\windows\system32\ntoskrnl.exe And C:\windows\system32\drivers... Windows system ntoskrnl exe Results Change Status ChangedObject C Windows system drivers etc hosts Results Change Status ChangedShould i be concerened about this Have I been infected by some malicious program If so how do i solve it Help would be greatly appreciated Here is my HijackThis logfile Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files HP QuickPlay QPService exeC Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Java jre bin jusched exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Symantec AntiVirus VPTray exeC Program Files Lexmark - Series lxdimon exeC Program Files Lexmark - Series lxdiamon exeC Program Files iTunes iTunesHelper exeC Program Files Grisoft AVG avgcc exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Windows System mobsync exeC Windows System igfxtray exeC Windows System hkcmd exeC Windows System igfxpers exeC Program Files HP HP Software Update hpwuSchd exeC Program Files Windows Sidebar sidebar exeC Program Files MSN Messenger msnmsgr exeC Program Files DAEMON Tools daemon exeC Windows system igfxsrvc exeC Program Files Skype Phone Skype exeC PROGRA HEWLET Shared HPQTOA EXEC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Skype Plugin Manager skypePM exeC Program Files Grisoft AVG avgwb datC Program Files WIDCOMM Bluetooth Software BtStackServer exeC Program Files Mozilla Firefox firefox exeC Windows System notepad exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www np edu sg R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a O amp pf laptopR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a O amp pf laptopR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD-... Read more

A:Avg Antivirus Results Says My C:\windows\system32\ntoskrnl.exe And C:\windows\system32\drivers...

Go to Control panel > Programs and Features. Uninstall: DAEMON ToolsIt doesn't work with Vista.Next, Using Windows Explorer, navigate to and delete:C:\Program Files\DAEMON Tools Reboot/restart your computer.If you're still having problems, then please post a 'fresh' HJT log here (describing the problem(s)):http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

http://www.bleepingcomputer.com/forums/t/128928/avg-antivirus-results-says-my-cwindowssystem32ntoskrnlexe-and-cwindowssystem32driversetchosts-has-beenchanged-have-i-been-infected/
Relevancy 71.81%

Eset NOD is Eset atapi.sys trojan not remove will giving a red alert of an infection in Eset will not remove atapi.sys trojan C Windows System Drivers atapi sys as Trojan Win Olmarik py However it will not delete it Interestingly Eset's online scanner does not find it Neither does PC Tools ThreatFire nor does Combofix Yet with each of these applications being run the Eset red alert appears Attached are the required files you ask for Yes I have access to Install Disk Happy Thanksgiving to you all DDS Ver - - - NTFSx Run by Paul Goldman at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system Eset will not remove atapi.sys trojan svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Windows system AEADISRV EXE C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Systweak Advanced Vista Optimizer AVODefragService exe C Program Files Bonjour mDNSResponder exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Program Files ESET ESET NOD Antivirus ekrn exe C Windows system taskhost exe C Windows system taskeng exe C Windows system Dwm exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Windows Live Family Safety fsssvc exe C Program Files Common Files BinarySense disksvc exe C Program Files NeoSmart Technologies iReboot iRebootd exe C Windows Explorer EXE C Program Files ASUS AASP aaCenter exe C Program Files CyberLink Shared files RichVideo exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files Common Files SafeNet Sentinel Sentinel Keys Server sntlkeyssrvr exe C Program Files Common Files SafeNet Sentinel Sentinel Protection Server WinNT spnsrvnt exe C Program Files Personal Mail Server Pro SMTPListener exe C Windows system svchost exe -k imgsvc C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Canon CAL CALMAIN exe C Windows System svchost exe -k secsvcs C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files iTunes iTunesHelper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Analog Devices Core smax pnp exe C Program Files Java jre bin jusched exe C Windows system SearchIndexer exe C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files Free Download Manager fdm exe C Program Files Common Files ArcSoft Connection Service Bin ArcCon ac C Program Files Windows Media Player wmpnetwk exe C Program Files iPod bin iPodService exe C Program Files Windows Sidebar sidebar exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Program Files Microsoft Office Office OfficeSAS officeSASscheduler exe C Program Files Microsoft Office Office OfficeSAS OfficeSAS exe C Program Files Windows Mail WinMail exe C Program Files Yahoo Messenger ymsgr tray exe C Windows System svchost exe -k LocalServicePeerNet C PROGRA COMMON LogiShrd LComMgr COMMUN EXE C PROGRA COMMON LogiShrd LComMgr LVComSX exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files Malwarebytes' Anti-Malware mbamservice exe C Program Files Common Files aol ee aolsoftware exe C Program Files Common Files Real Update OB realsched exe C Program Files Mozilla Firefox firefox... Read more

Relevancy 70.95%

I am using Windows XP -SP amp have AVG Anti-Virus Free amp Zone Alarm Firewall free installed From yesterday morning on opening the system AVG is giving alert as follow Trojan horse Packed Protector C quot C WINDOWS system drivers atapi sys quot quot Object is white-listed critical system - Trojan drivers/dllcache atapi.sys Infection Virus file that should not be removed quot quot AM quot quot file quot Trojan Virus Infection atapi.sys - drivers/dllcache quot C WINDOWS system svchost exe quot Trojan horse Packed Protector C quot C WINDOWS system dllcache atapi sys quot quot Moved to Virus Vault quot quot AM quot quot file quot quot C WINDOWS system svchost exe quot Trojan horse BackDoor Agent ACVO quot C WINDOWS system drivers qol dbf sys quot quot Moved to Virus Vault quot quot AM quot quot file quot quot System quot Alerts are repeating whenever system is opened The virus is unable to heal remove amp reappear after moving to vault System is unable to restore to back date Please guide me what to do I thought of removing the infected file with fresh one but unable to find the same new file - not sure whether this would remove the problem There was compulsory system shut down by NT system also once in begginning today Hoping early help from advanced adviser Thanks Sunil Goyal nbsp

Relevancy 70.95%

i do have the same problem with user SunilGoyal4. alerts keep on popping that i am infected with this trojan horse virus:

Trojan horse Packed.Protector.C;"C:\WINDOWS\system32\drivers\atapi.sys";"Object is white-listed (critical/system file that should not be removed)"
Trojan horse Packed.Protector.C;"C:\WINDOWS\system32\dllcache\atapi.sys"

please guide me on what to do. i do want to follow the thread of SunilGoyal4 and dvk01, but i think my logs also have to be assessed.

Thanks.
Kevin
 

A:HELP with Trojan Virus Infection atapi.sys - drivers/dllcache

bump
 

https://forums.techguy.org/threads/help-with-trojan-virus-infection-atapi-sys-drivers-dllcache.883266/
Relevancy 70.52%

Hi all I m new here so excuse me if I don t understand something Recently Rootkit Pakes.U 7 Trojan atapi.sys- on Windows AVG free warned me about a Trojan Rootkit Pakes.U on atapi.sys- Windows 7 threat Trojan Trojan Rootkit Pakes.U on atapi.sys- Windows 7 Rootkit Pakes U and that it is located in C Windows System Drivers atapi sys I ve seen that a lot of people have this problem and that they have solved it with Combofix I tried one of those solutions once Trojan Rootkit Pakes.U on atapi.sys- Windows 7 but it seems Combofix doesn t work with Windows Please help my computer is running too slow compared to a few weeks ago here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at p m on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Windows SOUNDMAN EXE C Program Files AVG AVG avgtray exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files BitTorrent BitTorrent exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Windows system taskhost exe C Users Casa AppData Local Google Chrome Application chrome exe C Users Casa AppData Local Google Chrome Application chrome exe C Windows system taskeng exe C Program Files Internet Explorer IELowutil exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www topweb com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www topweb com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Aplicaci n auxiliar de inicio de sesi n - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dll O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run win c windows ini exe O - HKCU Run BitTorrent quot C Program Files BitTorrent BitTorrent exe quot O - HKCU Run Google Update quot C Users Casa AppData Local Google Update GoogleUpdate exe quot c O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot background O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOCAL SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User NETWORK SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User NETWORK SERVICE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Send to OneNote... Read more

https://forums.techguy.org/threads/trojan-rootkit-pakes-u-on-atapi-sys-windows-7.879601/
Relevancy 69.66%

When I start cannot Windows find 'C:\WINDOWS\system32\drivers\ntndis.exe up Windows cannot find 'C:\WINDOWS\system32\drivers\ntndis.exe my computer this message 'Windows cannot find 'C WINDOWS system drivers ntndis exe' Appears I'm not exactly sure what todo or whats going on and I was wondering if I could have some help with this Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS Explorer exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system svchost exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Program Files Java jre bin jusched exe C WINDOWS SOUNDMAN EXE C PROGRA AVG AVG avgtray exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files DNA btdna exe C Program Files Skype Phone Skype exe C PROGRA AVG AVG avgwdsvc exe C Program Files Chatango Chatango exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Messenger msmsgs exe C Program Files TP-LINK TL-WN G Wireless Utility Installer WINXP TWCU exe C Program Files Java jre bin jqs exe C WINDOWS System PSIService exe C WINDOWS system svchost exe C PROGRA AVG AVG avgemc exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files AVG AVG avgcsrvx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS System alg exe C WINDOWS System svchost exe C Program Files Skype Plugin Manager skypePM exe C Program Files Windows Live Contacts wlcomm exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files Skype Toolbars Shared SkypeNames exe C Program Files Windows Media Player wmplayer exe C Program Files Spotify spotify exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Search Page http search shareware pro lang en R - HKCU Software Microsoft Internet Explorer Main Start Page http search shareware pro lang en R - HKLM Software Microsoft Internet Explorer Search Default Search URL http toolbar ask com toolbarv askR amp gct amp gc amp q R - HKCU Software Microsoft Internet Explorer SearchURL Default http toolbar ask com toolbarv askR gct amp gc amp q s R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll R - URLSearchHook no name - C E B- - A - B- B BEFC DB - no file R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exe F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system sdra exe O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Ask Toolbar - d e-fd b- e -b - d b f - C Program Files AskBarDis bar bin askBar dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dll O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run S... Read more

A:Windows cannot find 'C:\WINDOWS\system32\drivers\ntndis.exe

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.


You appear to have infections that are often used to steal passwords, log in details etc. If you use any banking sites or other sites where you are required to log in using a password, I would recommend you use a known clean machine to change any passwords.



Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f50/windows-cannot-find-c-windows-system32-drivers-ntndis-exe-417138.html
Relevancy 68.37%

How can i get the popup window c:/windows/system32/yozogate.dll and c:/windows/system32/jazuyana.dll upon turning on my computer? It says file cannot be found. I beleive my Norton removed it but i still get the popup AND i am getting redirected when i get online and search everytime. Thanks!
 

https://forums.techguy.org/threads/how-do-i-remove-how-do-you-remove-a-c-windows-system32-yozogate-dll.844989/
Relevancy 67.51%

Please take a quick look at the attached and see if you can you help me remove the viri-

thx wood

A:C:\WINDOWS\system32\drivers\str.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/260200/cwindowssystem32driversstrsys/
Relevancy 67.51%

had "security tool" malware infection. Used the uninstall guidlines on this site and was doing fine until line 19
in the instructions. I was able to delete the windows\system32\drivers\etc\HOSTS, but I am lost as to what to do now.

A:where can I get windows\system32\drivers\etc

You can download the default HOSTS file for your operation system.Windows XP HOSTS File Download LinkWindows Vista HOSTS File Download LinkWindows 2003 Server HOSTS File Download LinkWindows 2008 Server HOSTS File Download LinkWindows 7 HOSTS File Download Link-- Note: If the contents of the HOSTS file opens in your browser when you click on the download link, then right-click on it and select Save Target As... if using Internet Explorer, or Save Link As... if using Firefox.Also see How to reset the hosts file back to the default. To do this automatically, click the button. Click Run in the file download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

http://www.bleepingcomputer.com/forums/t/361117/where-can-i-get-windowssystem32driversetc/
Relevancy 67.51%

I have a stand alone pc with windows xp these are located in C Windows System drivers etc do these look ok filename Quotes - what the heck is this for and why cant I open or delete it quot My spelling is Wobbly It s good spelling but it Wobbles and the letters get in the wrong places quot A A Milne - quot Man can climb to the highest summits but he cannot dwell there long quot George Bernard Shaw - quot In Heaven an angel is nobody in particular quot George Bernard Shaw - quot Assassination is the extreme form of censorship quot George Bernard Shaw - quot When a stupid man is doing something he is ashamed of he always declares that it is his duty quot George Bernard Shaw - quot We have no more right to C:\Windows\System32\drivers\etc? consume C:\Windows\System32\drivers\etc? happiness without producing it than to consume wealth without producing it quot George Bernard Shaw - quot We want a few mad people now See where the sane ones have landed us quot George Bernard Shaw - quot The secret of C:\Windows\System32\drivers\etc? being miserable is to have leisure to bother about whether you are happy or not The cure for it is occupation quot George Bernard Shaw - quot Here s the rule for bargains quot Do other men for they would do you quot That s the true business precept quot Charles Dickens - quot Oh the nerves the nerves C:\Windows\System32\drivers\etc? the mysteries of this machine called man Oh the little that unhinges it poor creatures that we are quot Charles Dickens - quot A wonderful fact to reflect upon that every human creature is constituted to be that profound secret and mystery to every other quot Charles Dickens - quot It was as true as taxes is And nothing s truer than them quot Charles Dickens - --------------------------------------------------------------------------- Protocol Copyright c - Microsoft Corp This file contains the Internet protocols as defined by RFC Assigned Numbers Format lt protocol name gt lt assigned number gt aliases lt comment gt ip IP Internet protocol icmp ICMP Internet control message protocol ggp GGP Gateway-gateway protocol tcp TCP Transmission control protocol egp EGP Exterior gateway protocol pup PUP PARC universal packet protocol udp UDP User datagram protocol hmp HMP Host monitoring protocol xns-idp XNS-IDP Xerox NS IDP rdp RDP quot reliable datagram quot protocol rvd RVD MIT remote virtual disk ------------------------------------------------------------------------------ Services Copyright c - Microsoft Corp This file contains port numbers for well-known services defined by IANA Format lt service name gt lt port number gt lt protocol gt aliases lt comment gt echo tcp echo udp discard tcp sink null discard udp sink null systat tcp users Active users systat tcp users Active users daytime tcp daytime udp qotd tcp quote Quote of the day qotd udp quote Quote of the day chargen tcp ttytst source Character generator chargen udp ttytst source Character generator ftp-data tcp FTP data ftp tcp FTP control telnet tcp smtp tcp mail Simple Mail Transfer Protocol time tcp timserver time udp timserver rlp udp resource Resource Location Protocol nameserver tcp name Host Name Server nameserver udp name Host Name Server nicname tcp whois domain tcp Domain Name Server domain udp Domain Name Server bootps udp dhcps Bootstrap Protocol Server bootpc udp dhcpc Bootstrap Protocol Client tftp udp Trivial File Transfer gopher tcp finger tcp http tcp www www-http World Wide Web kerberos tcp krb kerberos-sec Kerberos kerberos udp krb kerberos-sec Kerberos hostname tcp hostnames NIC Host Name Server iso-tsap tcp ISO-TSAP Class rtelnet tcp Remote Telnet Service pop tcp postoffice Post Office Protocol - Version pop tcp Post Office Protocol - Version sunrpc tcp rpcbind portmap SUN Remote Procedure Call sunrpc udp rpcbind portmap SUN Remote Procedure Call auth tcp ident tap Identification Protocol uucp-path tcp nntp tcp usenet Network News Transfer Protocol ntp udp Network Time Protocol epmap tcp loc-srv DCE endp... Read more

Relevancy 67.51%

Hello,

Recently, I have ran Malwarebyts multiple times and each time it tells me that C:/WINDOWS/drivers/system32/str.sys is an infected file that will be removed after my computer is restarted.
After multiple restarts, it still does not get removed.

This is my first time posting on this forum, and the "first steps" link does not really say what i need to have posted.

Please let me know what i need to do.

A:C:/WINDOWS/drivers/system32/str.sys

I just noticed the checklist, but every time i run the DDS, my computer goes into a bluescreen. Is there anything else i can do/try?

http://www.techsupportforum.com/forums/f100/c-windows-drivers-system32-str-sys-434760.html
Relevancy 67.08%

I am running windows ultimate bit and i installed avg internet security i found this threat in my computer quot C WINDOWS system drivers atapi sys quot quot Tr ojan horse Rootkit-Pakes U quot quot Object is white-listed critical system file that should not be removed quot I try to use malwarebytes and is says its clean but when i scan with virustotal com it detects a trojan they say that this site 7 horse Windows Trojan C:\WINDOWS\system32\d Rootkit-Pakes.U can help me fix my problem i don t now how to remove the trojan I tried to follow the steps from your site but PROBLEM ABOUT ROOTREPEAL it cant run with my computer it shows DEVICE CONTROL ERROR and i dont know why so i can only show you my DDShope you can HELP me thanks below are the results of my DDS and Result from my scan with VirusTotal comDDS Ver - - - NTFSx Run by Admin at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT SP Spybot - Search and Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\d Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE Running Processes C Windows system wininit exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Windows system lsm exeC Program Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\d Files AVG AVG avgcsrvx exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exeC Windows system taskhost exeC Windows system Dwm exeC Windows Explorer EXEC Program Files AVG AVG avgtray exeC Windows System igfxpers exeC Program Files Malwarebytes Anti-Malware mbamgui exeC Windows system igfxsrvc exeC Program Files Windows Sidebar sidebar exeC Back DAN leftsider leftsider exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files RocketDock RocketDock exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files AVG AVG avgfws exeC Program Files Bonjour mDNSResponder exeC Program Files O Micro Flash Memory Card Driver o flash exeC Windows system svchost exe -k imgsvcC Program Files TuneUp Utilities TuneUpUtilitiesService exeC Program Files Yahoo SoftwareUpdate YahooAUService exeC Program Files Spybot - Search amp Destroy SDWinSec exeC Program Files TuneUp Utilities TuneUpUtilitiesApp exeC Program Files AVG AVG avgam exeC Program Files AVG AVG avgnsx exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files AVG AVG Identity Protection agent bin avgidsmonitor exeC Windows system conhost exeC Program Files AVG AVG avgcsrvx exeC Program Files BitComet BitComet exeC Windows system wbem wmiprvse exeC Program Files Malwarebytes Anti-Malware mbamservice exeC Windows system sppsvc exeC Program Files Spybot - Search amp Destroy SpybotSD exeC Windows system svchost exe -k SDRSVCC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Windows system Macromed Flash FlashUtil d exeC Windows system DllHost exeC Windows system DllHost exeC Users Admin Desktop dds scrC Windows system conhost exeC Windows system wbem wmiprvse exe Pseudo HJT Report uSearch Page uStart Page hxxp google atcomet com b uSearch Bar mDefault Page URL hxxp www yahoo comuInternet Settings ProxyOverride localuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dlluURLSearchHooks Download Energy Toolbar bae c - f - d -a - f c a - c program files p p energy tbP P dllmURLSearchHooks Download Ener... Read more

A:Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\d

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/286852/windows-7-trojan-horse-rootkit-pakesu-cwindowssystem32d/
Relevancy 67.08%

hello,

"C:\Windows\System32\services.exe, Trojan horse Patched_c.LXT, Object is white-listed (critical/system file that should not be removed)"

thats what it says on my avg scanner.

no idea how to remove it

help?

thanks!

Relevancy 67.08%

Today I turned on my computer and a message from AVAST said that the file C Windows System Drivers szkimzl sys was infected So I pressed delete and I turned on my internet which was working fine the other day and it wouldn t work I thought it might have been firefox but I tried IE Chrome and Opera none of the worked I have three other computers which are all on the same modem and they all work fine Here s the DDS Log DDS Ver - - - NTFSx Run by HP Administrator at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Outdated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil C:\Windows\System32\Drivers\szkimzl.sys Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC PROGRA ALWILS Avast ashDisp exeC WINDOWS system RUNDLL EXEC Program Files Common Files C:\Windows\System32\Drivers\szkimzl.sys Real Update OB realsched exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS arservice exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Java jre bin jqs exeC Program Files Common Files LightScribe LSSrvc exeC Program Files MySQL MySQL Server bin mysqld-nt exesvchost exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system wscntfy exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system dllhost exeC Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www comcast net uInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyServer http BHO d -ce - - - d d a e - c windows system awttSlmm dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB E BD F- B D- E- BE-BE DF D AE - No FileTB A A -BACC- D - - A E E - No FileTB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe c windows system ctfmon exeuRun PlayNC Launcher uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exemRun avast c progra alwils avast ashDisp exemRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun TkBellExe quot c program files common files real update ob realsched exe quot -osbootmRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -startmRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottimemRun ISUSPM Startup c progra common instal update isuspm exe -startupdRun ctfmon exe c windows system ctfmon exedRun vmamyovr c windows system config systemprofile local settings application data jaahjq nnitsysguard exedRun ygua e yhuiesfha yfauy fe c windows temp ma xj exedPolicies-explorer NoFolderOptions x dPolicies-system DisableRegistryTools x IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube VideoIE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htmIE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dllIE B - CC- C -B BE- C C... Read more

A:C:\Windows\System32\Drivers\szkimzl.sys

Again, sorry but there isn't an option to add attachments.Here's the attach:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 6/27/2008 5:44:01 PMSystem Uptime: 1/13/2010 6:28:00 PM (1 hours ago)Motherboard: ASUSTek Computer INC. | | NODUSM3Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 224 GiB total, 162.984 GiB free.D: is RemovableE: is RemovableF: is RemovableG: is RemovableH: is FIXED (FAT32) - 9 GiB total, 0.535 GiB free.I: is CDROM ()J: is RemovableK: is CDROM (CDFS)L: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: TAP-Win32 Adapter V9Device ID: ROOT\NET\0000Manufacturer: TAP-Win32 Provider V9Name: TAP-Win32 Adapter V9PNP Device ID: ROOT\NET\0000Service: tap0901Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: TAP-Win32 Adapter V8Device ID: ROOT\NET\0001Manufacturer: TAP-Win32 ProviderName: TAP-Win32 Adapter V8PNP Device ID: ROOT\NET\0001Service: tap0801==== System Restore Points ===================No restore point in system.==== Installed Programs ======================????AAC DecoderAdobe Download ManagerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 7.0.5Adobe Shockwave PlayerAIM 6Apple Application SupportApple Mobile Device SupportApple Software UpdateAutoUpdateavast! AntivirusBonjourBufferChmCCleanerCollabCounter-StrikeCounter-Strike: SourceCP_AtenaShokunin1ConfigCP_CalendarTemplates1cp_LightScribeConfigcp_OnlineProjectsConfigCP_Package_Basic1CP_Package_Variety1CP_Package_Variety2CP_Package_Variety3CP_Panorama1Configcp_PosterPrintConfigcp_UpdateProjectsConfigCueTourCustomer Experience EnhancementData Fax SoftModem with SmartCPDaum ActiveX ??? - ??? ?????Daum ActiveX ??? - Daum ???? ????Daum ActiveX ??? - Daum?? ????DestinationsDeviceManagementQFolderDivX CodecDivX PlayerDivX Plus DirectShow FiltersDivX Version CheckerDivX Web PlayerDownload Updater (AOL LLC)Easy Internet Sign-upEnhanced Multimedia Keyboard SolutionFace of MankindFL Studio 8Free Audio CD Burner version 1.2FullDPAppQFolderFutureStream ClientGlassFish V2 UR1Google ChromeH.264 DecoderHeroes of NewerthHigh Definition Audio Driver Package - KB888111Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Player 10 (KB910393)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976098-v2)HP Boot OptimizerHP DigitalMedia ArchiveHP DVD Play 2.1HP Imaging Device Functions 7.0HP Photosmart for Media Center PCHP Photosmart Premier Software 6.5HP Software UpdateHP Web HelperHPPhotoSmartExpressHpSdpAppCoreAppIL Download ManagerInstantShareDevicesiTunesJava DB 10.4.1.3Java™ 6 Update 11Java™ 6 Update 12Java™ 6 Update 15Java™ SE Development Kit 6 Update 11Java™ SE Development Kit 6 Update 12LightScribe 1.4.105.1Malwarebytes' Anti-MalwareMapleStoryMicrosoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office Home and Student 2007 TrialMicrosoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Sp... Read more

http://www.bleepingcomputer.com/forums/t/286824/cwindowssystem32driversszkimzlsys/
Relevancy 67.08%

My Antivirus is Avira Free this Someone C:\WINDOWS\system32\drivers\synsenddrv.sys. Im Can new help with me Avira Detected this over and over C Im new Can Someone help me with this C:\WINDOWS\system32\drivers\synsenddrv.sys. WINDOWS system drivers synsenddrv sys My Combo Fix Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir Desktop sched exe C Program Files Avira AntiVir Desktop avguard exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system ASTSRV EXE C Program Files Bonjour mDNSResponder exe C WINDOWS Explorer EXE C WINDOWS system inetsrv inetinfo exe C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C Program Files Sandboxie SbieSvc exe C WINDOWS system svchost exe C WINDOWS system ZuneBusEnum exe C WINDOWS SOUNDMAN EXE C Program Files Avira AntiVir Desktop avgnt exe C Program Files IObit IObit SmartDefrag IObit SmartDefrag exe C Program Files Creative Shared Files CamTray exe C WINDOWS system ctfmon exe C WINDOWS system wscntfy exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Winamp winamp exe C Program Files iPod bin iPodService exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www hatero tk R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO btorbit com - B - B - -B F -F B EFC - C Program Files Orbitdownloader orbitcth dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C PROGRA Yahoo Companion Installs cpn YTSingleInstance dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run avgnt quot C Program Files Avira AntiVir Desktop avgnt exe quot min O - HKLM Run SmartDefrag quot C Program Files IObit IObit SmartDefrag IObit SmartDefrag exe quot StartUp O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKCU Run Creative WebCam Tray quot C Program Files Creative Shared Files CamTray exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Startup OneNote Screen Clipper and Launcher lnk C Program Files Microsoft Office Office ONEN... Read more

http://www.techsupportforum.com/forums/f284/im-new-can-someone-help-me-with-this-c-windows-system32-drivers-synsenddrv-sys-444412.html
Relevancy 67.08%

Hi

AVG is detecting C:\WINDOWS\system32\drivers\asyncmac.sys as a threat, google says it''s TrojanDropper:Win32/Dogrobot.E

Can anyone advise the best way to deal with this?

I've already ran super anti spyware and spybot search and destroy and the threat remains.

Thanks

Neil
 

https://forums.techguy.org/threads/c-windows-system32-drivers-asyncmac-sys.904039/
Relevancy 67.08%

The following error message appears when I power up my laptop: C:\Windows\System32\drivers\ntndis.exe. I get locked at that time and can't proceed with anything.

A:C:\windows\system32\drivers\ntndis.exe

Hi missyf,Check if this link helps you: http://www.bleepingcomputer.com/startups/n....exe-14934.html

http://www.bleepingcomputer.com/forums/t/130168/cwindowssystem32driversntndisexe/
Relevancy 67.08%

This was posted under Operating Systems which works fine until I connect it to other computer Then I have WINDOWS\SYSTEM32\DRIVERS\(multiple).SYS this problem how do i go about this I m gonna RE-INSTALL XP again and see if we can do quot VIRTUAL TECH quot Thats where YOU become the teacher as long as I haven t already tried it or your just not sure here s what happened Desktop board EEA w chipset E running windows - I decided to install windows XP from my Dell So I took out GB harddrive from EEA WINDOWS\SYSTEM32\DRIVERS\(multiple).SYS other computer and installed Windows XP cd I did windows updates intel updates for the controller and desktop board but what i did was connect the EEA harddrive to me secondary master and did the updates and install before connecting it to EEA NOW I can t even get into safe mode sometimes I can do F and Bios Set Up I can do First a blue Intel Desktop Board screen and then it goes blank or safe mode and while Im in the safe mode options and chose safe mode or any other one windows system drivers and a couple dozen extensions scroll down the page I thought plug n play could bring up the internal basics for start up i ve formatted harddrive and re-installed XP a few times with different installs but same outcome I ve done windows updates Intel latest bios utility tools and even tried to force an extraction from winzip But nothin I m sure its the drivers or just the desktop board thats not right I d like to know how or if i even can reset board somehow and have plug and play pick out the drivers AND THEN manually download drivers I m thinking i installed the wrong drivers at first but then ran Intels updates So how do I go about this Fresh XP Install and have plug and play use internal drives reset jumpers take out unneccassary sound cards any help would be greatly appreciated nbsp

Relevancy 67.08%

Hi Everyone I stupidly turned off my firewall while trying to serve on this computer It is a SuperMicro XP machine Service Pack Pentium R CPU GHz GHz GB RAM No CD Drive I bought an external one but the driver came on a little disk that the external CD drive won't read so C:\WINDOWS\system32\drivers\ntfs.sys I haven't been able to install it yet I have to download things I got this trojan and Time Warner Cable even called me to tell me my machine was being used as a zombie to send spam to other customers ESET NOD v identified C C:\WINDOWS\system32\drivers\ntfs.sys WINDOWS system drivers ntfs sys - a variant of Win Kryptik ABXas a C:\WINDOWS\system32\drivers\ntfs.sys file it couldn't clean I get dialup popup boxes saying connect to z-connect I close them and ESET then says attack blocked I configured my firewall with rules now to serve and block but I still can't get this thing off my machine Here is my Hijack this file I hope I'm posting in the right place Thank you in advance Best regards BALogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Files Apache Group Apache bin Apache exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files ESET ESET Smart Security ekrn exeC Program Files Java jre bin jqs exeC Program Files MySQL MySQL Server bin mysqld-nt exeC Program Files Apache Group Apache bin Apache exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files War-ftpd war-ftpd exeC Program Files RealVNC VNC WinVNC exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files ESET ESET Smart Security egui exeC WINDOWS system ctfmon exeC Documents and Settings Barbara Application Data Smilebox SmileboxTray exeC Program Files Linksys WUSB v Config Utility WUSB Cfg exeC Program Files Apache Group Apache bin ApacheMonitor exeC Program Files WinZip WZQKPICK EXEC Program Files War-ftpd WarTrayIcon exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Program Files Internet Explorer iexplore exeC WINDOWS explorer exeC WINDOWS system NOTEPAD EXEC PROGRA WINZIP winzip exeC Documents and Settings Barbara Desktop HijackThis exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - C Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D... Read more

A:C:\WINDOWS\system32\drivers\ntfs.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/256899/cwindowssystem32driversntfssys/
Relevancy 67.08%

I've deleted the c windows system drivers ntndis exe from my hijackthis log by selecting it and clicking on fix but my computer is still acting very slow and I believe i might have other viruses on my comp can you pls look at my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at AM on help with c:\windows\system32\drivers\ntndis.exe Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS help with c:\windows\system32\drivers\ntndis.exe system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe C PROGRA McAfee com PERSON MpfService exe C Program Files Intel Wireless Bin RegSrvc exe C PROGRA mcafee com agent mcagent exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files TOSHIBA ConfigFree NDSTray exe C PROGRA mcafee com agent mcagent exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exe c TOSHIBA IVP swupdate swupdtmr exe C WINDOWS RTHDCPL EXE C Program Files TOSHIBA TOSHIBA Applet TAPPSRV exe C WINDOWS system hkcmd exe C Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exe C WINDOWS system igfxpers exe C WINDOWS ehome ehtray exe C WINDOWS system TODDSrv exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system fxssvc exe C WINDOWS system TPSMain exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files ltmoh Ltmoh exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files Toshiba Tvs TvsTray exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files McAfee com VSO oasclnt exe C Program Files Synaptics SynTP Toshiba exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files Toshiba Tvs TvsTray exe C WINDOWS system TPSBattM exe C toshiba ivp ism pinger exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files McAfee com VSO oasclnt exe C PROGRA mcafee com vso mcvsshld exe C toshiba ivp ism pinger exe C PROGRA McAfee com PERSON MpfTray exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files QuickTime qttask exe C WINDOWS system ctfmon exe C PROGRA mcafee com vso mcvsshld exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C PROGRA McAfee com PERSON MpfTray exe C Program Files QuickTime qttask exe c progra mcafee com vso mcvsescn exe C WINDOWS system dllhost exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system RAMASST exe C WINDOWS eHome ehmsas exe C PROGRA McAfee com PERSON MpfAgent exe C Program Files Intel Wireless Bin Dot XCfg exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Internet Explorer iexplore exe C PROGRA Yahoo MESSEN ymsgr tray exe C WINDOWS Explorer exe C Documents and Settings Joslyn Local Settings Temporary Internet Files Content IE LA R T HiJackThis exe C PROGRA RACLE scanregw exe C PROGRA RACLE scanregw exe C PROGRA RACLE scanregw exe C PROGRA RACLE scanregw exe R - HKCU Software Microsoft Internet Explorer Main Start Page ... Read more

A:help with c:\windows\system32\drivers\ntndis.exe

Looking at QuickTime it looks like you have the latest Vundo infection....

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

http://www.techsupportforum.com/forums/f100/help-with-c-windows-system32-drivers-ntndis-exe-214424.html
Relevancy 67.08%

I have a friends laptop it is a sony vaio i believe its running vista home premium edition and anytime I begin to turn on the computer the \Windows\System32\drivers\ecache.sys vaio splash screen shows up and then it goes to a black screen with an \Windows\System32\drivers\ecache.sys error message telling me part of the boot \Windows\System32\drivers\ecache.sys file is corrupt or missing stating that the file is Windows System drivers ecache sys I attempted the f key while it starts up none of those options work and there isn't one for repair computer i've also attempted putting in two different startup repair disks for a while it was working but there is no system restore date available so i attempted some things through the command prompt after many fails I ran a C chkdsk f and was gunna follow it with a C chkdsk r but after restarting it the cd begins to load and promptly brings me to a black screen with only a mouse never to complete loading i'm at wits end and attempting to repair his computer without deleting all of his files for there are pictures of his childeren on there I quot m out of ideas and anyones help would be greatly appreciated I myself am using a dell xps m with the same running system thanks for the help ahead of time quot I haven't failed only found ways that won't work quot

A:\Windows\System32\drivers\ecache.sys

See if you can boot into the Recovery partition - press F10 during boot-up. Run System Repair.

If no-go, you need the Sony Vista recovery DVD for that system.

Regards. . .

jcgriff2

`

http://www.techsupportforum.com/forums/f217/windows-system32-drivers-ecache-sys-524739.html
Relevancy 67.08%

i've had this problem for quite a while now. when i start my computer, a window always pops up with this message on it, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." The "name" of the window says "C\WINDOWS\system32\drivers\ntndis.exe".

i dont know if this error has something to do with my problems like not being able to see the "folder options" on the "tools menu" and not being able to use the USB ports properly (i can't sync my ipod on my pc).

i havnt done anything yet for this prob.

i forget when i started to experience this but i think it has something to do with the spyware i got a long time ago.

hope you guys can help. thanks

A:C\windows\system32\ Drivers\ntndis.exe

Hi ewoks,This is often caused when you have removed this file - ntndis.exe - from your system and when Windows try to run it, it doesn't run. Thus, you get this error message. To do this, please follow the instruction carefully. Click Start > Run > type regedit and Click OK. Registry Editor should popup now and navigate to the following:HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RunOn the right panel, you should be able to see the following C\WINDOWS\system32\drivers\ntndis.exe under the column Data. Now look at the same row and under column Name, Right Click and select Delete.Note: If you do not see the value in your Registry, DO NOT attempt to delete any other value! If you do not feel comfortable with dealing with your Registry, please let me know so that I can suggest another fix.WARNING: As this is a registry edit you should backup the registry first. To do this, on the Registry Editor, under File, Click on Export and save it to a location.As for your "Folder Option" missing, you can try this fix from Kelly's Corner. Look for Restore Folder Options Under Tools - #129 on the left.WARNING: As this is a registry edit you should backup the registry first.Please let me know of any question you may have before trying the above fix.

http://www.bleepingcomputer.com/forums/t/99326/cwindowssystem32-driversntndisexe/
Relevancy 67.08%

Hi

I am unable to switch on the antivirus section of my PCGuard downloaded from Virgin Media. When I run the diagnostic it says the reason it fails is C:\WINDOWS\system32\drivers\klif.sys is not found, when I google this it says something about trojan viruses, is the case and what should I do next?

A:C:\WINDOWS\system32\drivers\klif.sys

klif.sys can be related to Kaspersky anti-virus - see here.Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Do you now or have you ever had a Kaspersky product installed on your system?

http://www.bleepingcomputer.com/forums/t/277214/cwindowssystem32driversklifsys/
Relevancy 67.08%

Hi there Been through all steps described scanned with Adaware AVG Network Ed SpybotStingerAll defs up to C:\windows\system32\drivers\smtpdrv.sys date and windows updates installed This little blighter keeps coming back c windows system drivers smtpdrv sys infected with Backdoor Generic c AEWBelow is the HijackThis log It goes without saying that I am extremely grateful for any help you may offer Many thanks ChambLogfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v C:\windows\system32\drivers\smtpdrv.sys Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost C:\windows\system32\drivers\smtpdrv.sys exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS system acs exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC Program Files TOSHIBA ConfigFree C:\windows\system32\drivers\smtpdrv.sys CFSvcs exeC WINDOWS system ThpSrv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system THotkey exeC Program Files Apoint K Apoint exeC WINDOWS AGRSMMSG exeC WINDOWS system TPSMain exeC WINDOWS system thpsrv exeC WINDOWS system TFNF exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC WINDOWS system TPSBattM exeC Program Files TOSHIBA TouchED TouchED ExeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files TOSHIBA Wireless Hotkey TosHKCW exeC WINDOWS System DLA DLACTRLW EXEC Program Files Apoint K Apntex exeC WINDOWS RTHDCPL EXEC PROGRA Grisoft AVG avgcc exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC WINDOWS system ctfmon exeC Documents and Settings All Users Application Data Macrovision FLEXnet Connect ISUSPM exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Microsoft Office OFFICE ONENOTEM EXEC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC PROGRA MICROS OFFICE OUTLOOK EXEC Program Files Microsoft Office OFFICE WINWORD EXEC WINDOWS system svchost exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn co uk SEENGB SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Search Page http g msn co uk SEENGB SAOS FORM TOOLBRR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn co uk SEENGB SAOS FORM TOOLBRO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -DelayO - HKLM Run THotkey C WINDOWS system THotkey exeO - HKLM Run Apoint C Program Files Apoint K Apoint exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run TPSMain TPSMain exeO - HKLM Run TPSODDCtl TPSODDCtl exeO - HKLM Run ThpSrv thpsrv logonO - HKLM Run TFNF TFNF exeO - HKLM Run SmoothView C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeO - HKLM Run TouchED C Program File... Read more

A:C:\windows\system32\drivers\smtpdrv.sys

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chambaMy name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop.Alternative Combofix download link HERE.Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/126703/cwindowssystem32driverssmtpdrvsys/
Relevancy 67.08%

I'm having various problems with both XP and Vista PC's but the XP problem is more urgent I have not been able to view some websites C:windows\system32\drivers\etc\hosts correctly Whether this 'thing' that AVG has picked up is anything to do with it I obviously haven't a clue The PC is running very slow and IE keeps closing When I go to some webites C:windows\system32\drivers\etc\hosts I am getting the page 'Internet Explorer cannot displaythe web page' or I can get to the first page but cannot view the category pictures - there is a small box with a red cross I hope I've explained this in enough detail It's doin' mi 'ead in Thanks in anticipation Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system lxddcoms exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system svchost exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Common Files Real Update OB realsched exeC Program Files Java jre bin jusched exeC Program Files Google Gmail Notifier gnotify exeC PROGRA Grisoft AVG avgcc exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files NETGEAR WG v WG v exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Kontiki KHost exeC Program Files Kontiki KService exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www tiscali co ukR - HKCU Software Microsoft Internet Explorer Main Start Page http www bbc co uk gardening R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http uk red clientapps yahoo com customi fo bt side htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http search aol co uk web isinit true amp query sR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO no name - B- FF- DD - -F BEDE EB - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Notifier BHO - AF DE - D - ... Read more

A:C:windows\system32\drivers\etc\hosts

Hello Dand-e-lionApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.NextPlease do an online scan with Kaspersky WebScannerClick on Accept ButtonYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:Save the file to your desktop.Copy and paste that information in your next post.

http://www.bleepingcomputer.com/forums/t/132743/cwindowssystem32driversetchosts/
Relevancy 67.08%

Help i think i have one of those stupid adobe reader fake update viruses.
My malware software and avast are not getting rid of it.
help help

A:windows\system32\drivers\mshcmd.sys.

Hello and welcome. I moved this to the Am I Infected forum.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Troubleshoot Malwarebytes' Anti-Malware Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the... Read more

http://www.bleepingcomputer.com/forums/t/405060/windowssystem32driversmshcmdsys/
Relevancy 67.08%

Hi friends,
Every time i start my pc it gives me an error that it cannot find this particular file. Can you please help me with it. I tried installing xp repair pro 2007 but it did not help. Also i m not a pro at using the computer so please explain me in simple terms what all i need to do to get rid of it. Any help will be appreciated.
 

Relevancy 67.08%

Hi,

I was having porblem accessing some webistes and was told to remove line(s) in this file using notepad. It only made things worse and I can't access things like google/gmail or other websites.

I need help, what do I have to do?

https://social.technet.microsoft.com/Forums/en-US/b70982b4-1a66-4503-9565-f91da9db7a3d/windowssystem32driversetchosts?forum=w7itprosecurity
Relevancy 67.08%

Hello, I have been battling a hidden service on my laptop for several days. I have done some extensive research on the web, but no luck. I have run a GMER and receiving a lot of red warnings about a "pragma" hidden service.What are the first steps to resolving this issue?Thanks,Bret

A:Windows\system32\drivers\pragmabvfquqsbfn.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

http://www.bleepingcomputer.com/forums/t/315683/windowssystem32driverspragmabvfquqsbfnsys/
Relevancy 67.08%

This notebook is years old When looking C:\Windows\system32\DRIVERS\usbfilter.sys up Device Manager USB Controllers this string is attached to each one and does not have a green checkmark in front of of it C Windows system DRIVERS usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys sysMarch motherboard was replaced by manufacturer under warranty April downloaded AVG to protect system from viruses May opened viscous email attachment and immediately realized my computer was attacked by a virus I ran AVG and it appeared to clean everything except one string Since this happened I have not been able to connect my printers nor fully connect my Blackberry smart phone device I thought my printer and Blackberry were defective so I purchased new devices August when attempting to use my newly purchased Canon printer I received the following error message Canon MX Series Printer USB quot Print data cannot be sent because of the current printer status quot July when connecting my new smart phone to the USB port a window appears prompting transferring files and or pictures but the Blackberry Desktop Manager does not recognize the connection not able to read window reads quot Before you begin verify your current Blackberry Device is connected to your computer quot I was on the phone w a Blackberry Tech who noticed the extra attachment in the USB driver details without a green check mark All malware software program scans used are not detecting this virus even GMER came up Clean the file is completely empty and I was not allowed to upload it How can that be My computer is not slow but this string appears to be foreign and is preventing me from fully accessing devices via my USB drivers Has something evil attached to my USB drives that is no longer removable PLEASE HELP IDENTIFY A SOLUTION DDS Ver - - - NTFS AMD Run by Owner at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Program Files x AVG AVG avgchsva exeC Program Files x AVG AVG avgrsa exeC Windows system lsm exeC Program Files x AVG AVG avgcsrva exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows system Ati evxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows system Ati evxx exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows SysWOW atashost exeC Program Files x AVG AVG avgwdsvc exeC Program Files x Canon IJPLM IJPLMSVC EXEC Program Files x Common Files Microsoft Shared VS Debug mdm exeC Windows System svchost exe -k HPZ C Program Files x O Micro Flash Memory Card Driver o flash exeC Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files x AVG AVG avgnsa exeC Windows system taskeng exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Program Files x Yahoo SoftwareUpdate YahooAUService exeC Program Files x Common Files Intuit Update Service IntuitUpdateService exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Synaptics SynTP SynTPEnh exeC Program Files Canon MyPrinter BJMYPRT EXEC Program Files x Yahoo Messenger YahooMessenger exeC Program Files x Common Files InstallShield UpdateService ISUSPM exeC Windows ehome ehtray exeC Program Files x Common Files Java Java Update jusched exeC Program Files x ATI Technologies ATI ACE Core-Static MOM exeC Program Files x HP HP Software Update hpwuSchd exeC Program Files x Camera Assistant Software for G... Read more

A:C:\Windows\system32\DRIVERS\usbfilter.sys

hi,Dont see any malware in the log. Are you having any signs of malware? You can download Malwarebytes to see if it can dig up anything. There is a website for USB problems that may help you.MBAM:Please download the free version of Malwarebytes to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform FULL SCAN, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click *Remove Selected.**A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txtPost the log in your reply.USB Man

http://www.bleepingcomputer.com/forums/t/352194/cwindowssystem32driversusbfiltersys/
Relevancy 67.08%

Since this change i have been unable to access my external C:\windows\system32\drivers\etc\hosts hard drive AVG antivirus picks up that dir C windows system drivers etc hosts has changed but doesn't do anything about it was wondering if you could help Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS Explorer EXEC Program Files Google Common Google Updater GoogleUpdaterService exeC WINDOWS System alg exeC Program Files Grisoft AVG Anti-Spyware avgas exeC PROGRA Grisoft AVG avgcc C:\windows\system32\drivers\etc\hosts exeC Program Files Java jre bin jusched exeC Program Files Philips Sound Agent qvecplsk exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Google Google Updater GoogleUpdater exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - C Program Files FlashGet getflash dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run Sony Ericsson PC Suite quot C Program Files Sony Ericsson Mobile Application Launcher Application Launcher exe quot startoptionsO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run QveCtl Tray C Program Files Philips Sound Agent qvecplsk exeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'NETWORK SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'SYSTEM' O - HKUS DEFAULT Run AVG... Read more

A:C:\windows\system32\drivers\etc\hosts

Hello daisacre,It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. General system maintenance can change the Hosts file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correct to the file would have caused it to appear changed.Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.

http://www.bleepingcomputer.com/forums/t/110813/cwindowssystem32driversetchosts/
Relevancy 67.08%

c:\windows\system32\drivers\pwzswbfdzrbrwme.sys

is corrupt according to test. I cannot get the pc to boot up in windows 7

I don't believe this is a real windows file, but may have been some virus to lock down windows.

Any ideas how to re start ( without doing a complete re boot from the W7 CD )

Thanks



Roger Kalter

A:c:\windows\system32\drivers\pwzswb

Hello Roger, welcome to the forums!

If you're able to boot into Safe Mode with Network (pressing F8 on the BIOS screen) you could run a Malware scan with Malwarebytes' Antimalware

Here: Malwarebytes' Anti-Malware: Malwarebytes

The free version does everything the paid one does, the main difference is that the free version does not run in real time, you have to do "on demand" scans.

Try that, because i can't find any info on the internet about that particular file, could be a virus.

Report back, please

http://www.sevenforums.com/bsod-help-support/140549-c-windows-system32-drivers-pwzswb.html
Relevancy 67.08%

Here are the files compiled from scans I have run per instructions from Boopme I have a Rootkit that needs to be deleted Thanks for any help DDS Ver - - - NTFSx Run by Dave C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows SYSTEM wininit C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k NetworkService C Windows system svchost exe -k LocalService C Windows system nvvsvc exe C Windows system nvvsvc exe C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Program Files Tall Emu Online Armor OAcat exe C Program Files Tall Emu Online Armor oasrv exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Windows System spoolsv exe C Windows SYSTEM taskeng exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system Dwm exe C Windows Explorer EXE C Windows SYSTEM taskeng exe C Windows SYSTEM taskeng exe C Program Files Windows Defender MSASCui exe C Program Files Tall Emu Online Armor oaui exe C Program Files Alwil Software Avast ashDisp exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Tall Emu Online Armor OAhlp exe C Program Files a-squared Free a service exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C Windows system WUDFHost exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Secunia PSI psi exe C Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Windows System mobsync exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Windows system wuauclt exe C Program Files Opera opera exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Users Dave Desktop dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp yahoo sbc com dsl uSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo com mStart Page hxxp www google com mDefault Page URL hxxp www google com mDefault Search URL hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com mSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo com mSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html uSearchAssistant hxxp www google com ie uSearchURL Default hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com mSearchAssistant hxxp www google com ie uURLSearchHooks H - No File mURLSearchHooks H - No File BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Yahoo IE Services Button bab... Read more

A:C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys

Hello curundu,You have a nasty rootkit on this computer. Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combo-Fix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" .**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

http://www.bleepingcomputer.com/forums/t/260510/cwindowssystem32driversesqulivowxinkvxtrwvipcceiyeeyipcswylpsys/
Relevancy 67.08%

I start my OS and I hear a orchastra sound every WINDOWS\System32|drivers\ntndis.exe minute or so with a redX and WINDOWS System drivers ntndis exe I went to HJT and dowdloaded and did scan Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system WINDOWS\System32|drivers\ntndis.exe winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS System svchost exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Trend Micro Antivirus Tmntsrv exe C Program Files Trend Micro Antivirus tmproxy exe C Program Files Viewpoint Common ViewpointService exe C Program Files Vongo VongoService exe C Program Files Webroot Spy Sweeper SpySweeper exe C WINDOWS system mqsvc exe C WINDOWS system mqtgsvc exe C WINDOWS system dllhost exe C WINDOWS system taskmgr exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system cmd exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY lion amp pf laptop R - HKCU Software Microsoft Internet Explorer Main Start Page http www dogpile com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY lion amp pf laptop R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TY lion amp pf laptop R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file R - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLL F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exe F - REG win ini load C WINDOWS system mllmn exe O - Toolbar Ask Toolbar - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSBAR DLL O - HKLM Run UserFaultCheck C WINDOWS system dumprep -u O - HKLM Run TM Outbreak Agent quot C Program Files Trend Micro Antivirus TMOAgent exe quot run O - HKLM Run SynTPEnh quot C Program Files Synaptics SynTP SynTPEnh exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SpySweeper C Program Files Webroot Spy Sweeper SpySweeperUI exe startintray O - HKLM Run runner C WINDOWS mrofinu exe A B BBF B B E C C A E C A O - HKLM Run RecGuard C Windows SMINST RecGuard exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKLM Run PSPVideo quot C Program Files pspvideo pspVideo exe quot -t O - HKLM Run PCClient exe quot C Program Files Trend Micro Antivirus PCClient exe quot O - HKLM Run pccguide exe quot C Program Files Trend Micro Antivirus pccguide exe quot O - HKLM Run nwiz quot nwiz exe quot installquiet nodetect O - HKLM Run NvMediaCenter quot RUNDLL EXE quot C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run MsmqIntCert regsvr s mqrt dll O - HKLM Run KernelFaultCheck C WINDOWS system dumprep -k O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -start O - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService isuspm exe quot -startup O - HKLM Run hpWirelessAssistant quot C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe quot O - HKLM Run HP Software Update quot C Program Files Hp HP Software Update HPWuSchd exe quot O - HKLM Run High Definition Audio Property Page Shortcut CHDAudPropShortcut exe O - HKLM... Read more

http://www.techsupportforum.com/forums/f284/windows-system32-drivers-ntndis-exe-212762.html
Relevancy 66.22%

I am trying to uninstall my Epson Scanner program so that I may reinstall it. The program is Epson Twain for Scanner 1260 Photo. I've had problems getting the computer to recognize it's existence and one tech recommended uninstalling.

when I try to uninstall this component, it tells me that there may be no applications requiring this, but if I uninstall it. other applications may not work. If I don't uninstall this dll file, then I can't uninstall this scanner component. What should I do?

thanks

A:can I remove windows/system32/escwian.dll

If the .dll was required by the software to run, then it will be recreated during the reinstall. You will be safe deleting it during the uninstall.

http://www.techsupportforum.com/forums/f10/can-i-remove-windows-system32-escwian-dll-17142.html
Relevancy 66.22%

Hi mods,
my anti virus detected virus in c:windows/system32/ACF7EF/74BE16.EXE, c:windows/system32/5A8DCC\*.FNE, *.EXE, *.FNR, *.FNE
please help how to remove them thanx.
 

https://forums.techguy.org/threads/how-to-remove-virus-in-c-windows-system32.919486/
Relevancy 66.22%

i have posted a topic in a different section and was told to post one in DDS HijackThis log i have run Malwwarebytes anti-malware but told it was outdated this is the result i got Malwarebytes Anti-Malware Database version Windows Service Pack AM mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed Remove 'windows\system32\uacinit.dll Cannot minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE UAC Rootkit Trace Cannot Remove 'windows\system32\uacinit.dll - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C WINDOWS system uacinit dll Trojan Agent - gt Delete on reboot It will delete the HKEY LOCAL MACHINE SOFTWARE UAC Cannot Remove 'windows\system32\uacinit.dll and sayd will delete Trojan on reboot but when i reboot and run again they both re-appear How can i get rid of this

A:Cannot Remove 'windows\system32\uacinit.dll

Hello Tash11. as there is no HJT log here I am moving this out of the HJT forum to "Am I Infected."IMPORTANT NOTE: uacinit.dll is related to a nasty variant of the TDSSSERV rootkit component. Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:What danger is presented by rootkits?Rootkits and how to combat themr00tkit Analysis: What Is A RootkitIf your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?What Should I Do If I've Become A Victim Of Identity Theft?Identity Theft Victims Guide - What to doAlthough the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:When should I re-format? How should I reinstall?Help: I Got Hacked. Now What Do I Do?Where to draw the line? When to recommend a format and reinstall?Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation. Let me know how you wish to proceed.

http://www.bleepingcomputer.com/forums/t/238216/cannot-remove-windowssystem32uacinitdll/
Relevancy 66.22%

I looked at someone else s thread and want to know what to do next I will paste what came up on notepad Could someone please help THANKS remove me help Please C:\WINDOWS\system32\mi1.exe[2r_samba.exe][ Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system Please help me remove C:\WINDOWS\system32\mi1.exe[2r_samba.exe][ winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Panda Software Panda Antivirus Firewall pavsrv exe C Program Files Panda Software Panda Antivirus Firewall AVENGINE EXE C WINDOWS system svchost exe C Program Files Panda Software Panda Antivirus Firewall TPSrv exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C Program Files Panda Software Panda Antivirus Firewall Please help me remove C:\WINDOWS\system32\mi1.exe[2r_samba.exe][ PsCtrls EXE C Program Files Panda Software Panda Antivirus Firewall PavFnSvr exe C Program Files Common Files Panda Software PavShld pavprsrv exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS c program files panda software panda antivirus firewall firewall PSHOST EXE C Program Files Panda Software Panda Antivirus Firewall PsImSvc exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS eHome ehmsas exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C Program Files Google Google Desktop Search GoogleDesktopIndex exe C WINDOWS stsystra exe C Program Files Motorola SMSERIAL sm hlpr exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Intel Wireless bin ZCfgSvc exe C WINDOWS system igfxsrvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Panda Software Panda Antivirus Firewall APVXDWIN EXE C Program Files Philips Philips Device Manager Bin DeviceManager exe C Program Files QuickTime qttask exe C Program Files PowerISO PWRISOVM EXE C Program Files Java jre bin jusched exe C Program Files Adobe Acrobat Acrobat Acrotray exe C WINDOWS system ctfmon exe C Program Files DAEMON Tools daemon exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files ToneThis tonethis exe C Program Files BigFix bigfix exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe c program files panda software panda antivirus firewall WebProxy exe C Program Files Panda Software Panda Antivirus Firewall AvltMain exe C Program Files Java jre bin jucheck exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Search URL http kingkongsearch com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www gateway com g startpage html Ch Retai... Read more

https://forums.techguy.org/threads/please-help-me-remove-c-windows-system32-mi1-exe-2r_samba-exe.641297/
Relevancy 66.22%

Hi can anyone help me remove c windows system ddcyx dll I have been trying for days now I have tried various things including vundofix amp NoAdware cannot remove this file too Here s my HJT log Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Remove c:\windows\system32\ddcyx.dll Explorer v Running processes C WINDOWS System smss exe C WINDOWS system csrss exe Remove c:\windows\system32\ddcyx.dll C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files McAfee VirusScan Enterprise Mcshield exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe c Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Program Files Network Associates Remove c:\windows\system32\ddcyx.dll Common Framework naPrdMgr exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS Explorer EXE C WINDOWS system svchost exe C WINDOWS System alg exe C Documents and Remove c:\windows\system32\ddcyx.dll Settings Scott Desktop utorrent exe C WINDOWS system igfxtray exe C Program Files Java jre bin jusched exe C Program Files Network Associates Common Framework UdaterUI exe C Program Files McAfee VirusScan Enterprise SHSTAT EXE C Program Files NoAdware NoAdware exe C Program Files Network Associates Common Framework McTray exe C WINDOWS system ctfmon exe C WINDOWS system taskmgr exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Scott Desktop hijackthis sfx exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKLM Software Microsoft Internet Explorer Main Local Page R - URLSearchHook Wisdom-soft Toolbar - dfc bb-bfff- a- - c fdf db - C Program Files Wisdom-soft tbWis dll O - Toolbar Wisdom-soft Toolbar - dfc bb-bfff- a- - c fdf db - C Program Files Wisdom-soft tbWis dll O - Toolbar no name - A AE -FBED- -A BF- AF - no file O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run McAfeeUpdaterUI quot C Program Files Network Associates Common Framework UdaterUI exe quot StartedFromRunKey O - HKLM Run ShStatEXE quot C Program Files McAfee VirusScan Enterprise SHSTAT EXE quot STANDALONE O - HKCU Run NoAdware quot C Program Files NoAdware NoAdware exe quot Min O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra Tools menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Options group INTERNATIONAL International O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - Protocol grooveLocalGWS ... Read more

https://forums.techguy.org/threads/remove-c-windows-system32-ddcyx-dll.653527/
Relevancy 66.22%

Hey guys I am having the following problem Whenever I start up my computer I get an error message before my wallpaper is displayed that says There is no disk in the drive Please insert disk into drive Device Harddisk DR I usually Help With Need Please! C:\windows\system32\drivers\ntndis.exe Error click on cancel or continue and then three other pop ups follow saying the same exact thing except they say Device Harddisk DR Device Harddisk DR and then Device Harddisk DR After I click continue or cancel on each of them my computer finally starts and says there is a problem with quot C Windows system drivers NTNDIS exe Below I have listed my HijackThis Log I would post my rootkit revealer but it says it is way too large to post Thanks Logfile of HijackThis v Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS Need Help With C:\windows\system32\drivers\ntndis.exe Error Please! system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS Explorer exeC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC Program Files Hewlett-Packard HP Boot Optimizer HPBootOp exeC Program Files HP HP Software Update HPwuSchd exeC Program Files Common Files AOL ee AOLSoftware Need Help With C:\windows\system32\drivers\ntndis.exe Error Please! exeC Program Files AOL Active Security Monitor ASMonitor exeC HP KBD KBD EXEC Program Files QuickTime qttask exeC Program Files Java jre bin jusched exeC Program Files Windows Defender MSASCui exeC SRNMIC SOLOSENT EXEC Program Files Winamp winampa exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS NCLAUNCH EXeC Program Files America Online waol exeC Program Files Common Files AOL ACS AOLAcsd exeC Program Files Common Files AOL TopSpeed aoltsmon exeC WINDOWS arservice exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS eHome ehmsas exeC WINDOWS system dllhost exeC Program Files Internet Explorer iexplore exeC Program Files America Online shellmon exeC Program Files AIM aim exeC Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exeC Program Files Need Help With C:\windows\system32\drivers\ntndis.exe Error Please! Adobe Photoshop Photoshop exeC Program Files Uniblue RegistryBooster RegistryBooster exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo comR - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Yahoo R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dllO - BHO no name - - F - ... Read more

A:Need Help With C:\windows\system32\drivers\ntndis.exe Error Please!

Hello and welcome to the forum

I would like to take a look at this log for you and will get back to you as soon as I can.

Thank You.

http://www.bleepingcomputer.com/forums/t/95365/need-help-with-cwindowssystem32driversntndisexe-error-please/
Relevancy 66.22%

I am in need of help with this as well this is my lof after the combofix runComboFix - - C - Gregg - - - NTFSx Running from C Documents and Settings Gregg Desktop ComboFix exe Other Deletions C WINDOWS system drivers core cache dsk failed to delete Files Created from - - to - - C:\windows\system32\drivers\core.cache.dsk - - - - --a------ C WINDOWS SYSTEM DRIVERS BB B C-E C - F- CC-A D C cxv - - - - --a------ C cmldr - - - - --a------ C Boot bak - - - - --a------ C WINDOWS SYSTEM DRIVERS DDBAC-B - - F - DF C cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS B D - AA- CE-BF - FEE AEE cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS A CA A- - B B-B - EB B cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS EA B - E - E E- F- C CA cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS EA D C-B C:\windows\system32\drivers\core.cache.dsk B- B C-B CE-D FBD A cxv - - - - --a------ C WINDOWS C:\windows\system32\drivers\core.cache.dsk SYSTEM DRIVERS FFCC - CC- C- CE- EBBFF B cxv - - - - lt DIR gt d-------- C Program Files PC Optimizer - - - - --a------ C WINDOWS SYSTEM DRIVERS EF- - FA -A D- AF B C cxv - - - - lt DIR gt d-------- C Program Files STOPzilla - - - - lt DIR gt d-------- C Program Files Common Files iS - - - - --a------ C WINDOWS SYSTEM DLLCACHE dosapp fon - - - - lt DIR gt d-------- C Program Files CCleaner - - - - --a------ C WINDOWS Nircmd exe - - - - --a------ C WINDOWS BM b f xml - - - - --a------ C WINDOWS pskt ini - - - - --------- C WINDOWS SYSTEM DRIVERS core cache dsk - - - - lt DIR gt d-------- C WINDOWS SYSTEM winzs - - - - lt DIR gt d-------- C WINDOWS SYSTEM nui - - - - lt DIR gt d-------- C WINDOWS SYSTEM extz - - - - lt DIR gt d-------- C WINDOWS SYSTEM comm - - - - --a------ C WINDOWS SYSTEM DRIVERS SymIDSCoo sys - - - - lt DIR gt d-------- C WINDOWS SYSTEM nGpxx - - - - lt DIR gt d-------- C Program Files Microsoft Silverlight - - - - lt DIR gt d-------- C Program Files iTunes - - - - lt DIR gt d-------- C Program Files XoftSpySE - - - - lt DIR gt d-------- C Program Files QuickTime - - - - lt DIR gt d-------- C WINDOWS SYSTEM edcA - - - - --a------ C WINDOWS SYSTEM QuickTimeVR qtx - - - - --a------ C WINDOWS SYSTEM QuickTime qts - - - - --a------ C WINDOWS SYSTEM DRIVERS pdiddcci sys - - - - --a------ C WINDOWS SYSTEM DRIVERS PdiPorts sys - - - - lt DIR gt d-------- C Program Files Portrait Displays - - - - lt DIR gt d-------- C Program Files Common Files Portrait Displays - - - - lt DIR gt d-------- C Program Files Nvu Find M Report - - --------- d-----w C Program Files Citrix - - --------- d--h--w C Program Files InstallShield Installation Information - - --------- d-----w C Program Files NetWaiting - - --------- d-----w C Program Files Yahoo - - --------- d-----w C Program Files iPod - - --------- d-----w C Program Files DivX - - ------w C WINDOWS system drivers cdralw k sys - - ------w C WINDOWS system drivers cdr xp sys - - ------w C WINDOWS system drivers pxhelp sys - - ----a-w C install dat snapshot - - - - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT- - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat- - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT- - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat- - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT- - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat Reg Loading Points Note empty entries amp legit default entries are not shown REGEDIT HKEY LOCAL MACHINE Browser Helper Objects F C -C - - - A E HKEY LOCAL MACHINE Browser Helper Objects F D DB-AFB - BCC- FBC- FFAC BF HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run ... Read more

A:C:\windows\system32\drivers\core.cache.dsk

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

http://www.bleepingcomputer.com/forums/t/128019/cwindowssystem32driverscorecachedsk/
Relevancy 66.22%

When I try to scan for spyware or virus I get the warning that the program cannot open C:\WINDOWS\system32\drivers\sptd.sys. Is this normal for this file? Is a virus preventing this file from being scan? My PC is not showing any signs of being infected. Running XP.
 

Relevancy 66.22%

Hi, I keep receiving the error c:\windows\system32\drivers\conime.exe when I start up my computer. It tells me it cannot find the file.
 

Relevancy 66.22%

hey there I have this real bad problem on my computer which is making it run extra ordinarily slow Whenever I start the computer I get the error it says there is a problem with quot C Windows system drivers NTNDIS exe Also I've got some adware popping up with the name OuterInfo error please!! Need with C:\Windows\system32\drivers\NTNDIS.exe help and whenever it comes up my Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! computer gives me a SERVER BUSY error These problems started occurring at the same time so I think they are related Below I have listed my HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Analog Devices SoundMAX Smax exe C WINDOWS AGRSMMSG exe C Program Files Apoint K Apoint exe C Program Files hpq HP Wireless Assistant HP Wireless Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! Assistant exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C Program Files QuickTime qttask exe C WINDOWS system hkcmd exe C Program Files iTunes iTunesHelper exe C WINDOWS system igfxtray exe C WINDOWS system svchost exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Apoint K Apoint exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C WINDOWS system rundll exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C WINDOWS mrofinu exe C Program Files iTunes iTunesHelper exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Yahoo Messenger YahooMessenger exe C WINDOWS system ctfmon exe C WINDOWS mrofinu exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Nokia Nokia PC Suite PcSync exe C Documents and Settings SpaNkiE Application Data icrosoft r ndll exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Nokia Nokia PC Suite PcSync exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Apoint K Apntex exe C PROGRA COMMON Nokia MPAPI MPAPI s exe C Program Files iPod bin iPodService exe C Program Files Common Files PCSuite Services ServiceLayer exe C Program Files HPQ Shared hpqwmi exe C Program Files Internet Explorer iexplore exe C WINDOWS System Rundll exe C Program Files Java jre bin jucheck exe C Program Files Internet Explorer iexplore exe C Program Files MSN Messenger usnsvc exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Pag... Read more

A:Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!!

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/forums/f284/need-help-with-c-windows-system32-drivers-ntndis-exe-error-please-214163.html
Relevancy 66.22%

I have a problem with a popup error that says it cannot locate the "c:windows\system32\drivers\detect.htm. Make sure the path or internet address is correct."

I have scanned with Spyware Doctor (full version) and it does not find anything. I installed AdAware (free version) and it did not find anything, so I removed it from my PC. Attached is a copy of my HJT logfile. Any ideas what malware is on my PC and what I can do to get my processor speed and memory back?

Thanks for your assistance.

Seriously. Thank you.
 

A:C:\WINDOWS\system32\drivers\detect.htm problem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:17 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\nnnopPgh.dll (file missing)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {CDC73B2F-23C4-42C5-83EA-91E8AA34087B} - C:\WINDOWS\system32\vtUnMDUO.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: targetedbanner browser optimizer - {e8b80c32-8b21-a6cf-0a9c-90fe265f485a} - C:\WINDOWS\system32\{f7d73437-8858-ecb0-c6d5-65a8bdc8052d}.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Pr... Read more

https://forums.techguy.org/threads/c-windows-system32-drivers-detect-htm-problem.724056/
Relevancy 66.22%

Hello everyone my girlfriend started complaining yesterday that her computer was running extremely slow so i remoted in to clean it up a little bit and see what i could do I went to missing completely windows/system32/drivers run hijackthis and to my suprise it came back and said it would not be able to give me a accurate scan because it couldnt access the host file so i started browising to the location only to find out that it doesnt even have a drivers fold under system let alone ETC hosts file The computer is windows bit I have full adminstrator privelages windows/system32/drivers completely missing I tried to make a drivers fold but it started telling me i didnt have access I ran an extensive scan with MBAM and avast but was unable to come up with anything i check out all the installed programs and services just to see if i could see anything out of the norm but there was nothing hijackthis had a few things with IE that i fixed but it was nothing major just the normal crap from browsing and toolbars I also went to MSCONFIG and made sure there was nothing running except what needed to be I took it down to safemode without going into safemode and still had no luck Any ideals would be great i dont want to have to reinstall windows but i am completely out of ideals and it would seem if something is able to remove my drivers folder it might be a good ideal anyway

A:windows/system32/drivers completely missing

Welcome to Seven Forums.

You may have to "Show hidden files and folders" in Folder Options.

Control Panel or go to the Tools Menu.

http://www.sevenforums.com/drivers/222130-windows-system32-drivers-completely-missing.html
Relevancy 66.22%

My laptop is running fine as far I can tell, but I was looking at the results that 'autoruns' was showing and came across:

c:\windows\system32\drivers\truesight.sys

Looking on Google there seems to be a lot of talk about a trojan.

One reply said that it was part of 'Roguekiller', which I use.

Any ideas?

A:Autoruns: c:\windows\system32\drivers\truesight.sys

You could submit the file to Virus Total to see what comes up.

https://www.virustotal.com/

Have you scanned with any other scanners such as AdwCleaner or MBAM?

I've seen Roguekiller flagged several times by a couple AV's, if this is a false positive or not, I can't say. I have used Roguekiller in the past also.

http://www.eightforums.com/system-security/54439-autoruns-c-windows-system32-drivers-truesight-sys.html
Relevancy 66.22%

I have a new laptop Lenovo running Windows and have set up a WAMP server for website development I need to modify my Host file to set up a Virtual Host I have always used Windows OS but not very knowledgeable about tech stuff beyond what I need to know for website development The problem I have is that my C Windows System Drivers etc folder is not there I started out by having problems setting up an Administrator account I tried to run lusrmgr msc and no luck On my Computer Management screen the Users and Groups folders were missing from Local Users C:\Windows\System32\Drivers\etc Folder Missing and Groups I thought maybe the Lenovo installed version of Windows was not full featured so I paid to upgrade to Windows Pro After the upgrade I was able to access the administrator account and the Users and Groups folders were visible But my C Windows System Drivers etc folder is still missing I had noticed it was missing before I upgraded to Windows Pro so I don't think that had anything to do with it Any ideas I have been stuck on this for days

A:Missing Folder C:\Windows\System32\Drivers\etc

This is a long shot, a straw-grasp on my part: have you tried booting rescue DVD or USB stick and running Startup Repair? I'm hoping it would sniff out that the Drivers directory is missing and reinstate it. I'm sure you have already clicked un-hide folders & files from within Folder Options.
Tweaking.com's Windows Repair (All in One), accept default clicks, add items #26 & 27 -- might be your first and best bet.
And, you're not using any 3rd party DriversUpdateManager, correct?
Before doing much more than the above: please make sure you have restorable image backups just in case.

http://www.eightforums.com/general-support/63679-missing-folder-c-windows-system32-drivers-etc.html
Relevancy 66.22%

Hello all I have a couple questions I'm hoping someone might be able to help identify what these detections might be First off my info dell dimension XPS Model DXP Windows Vista Home Premium SP Intel Core Quad CPU Q GHz GHz GB RAM C:\Windows\System32\Drivers\splf.sys Questions regarding: I run a very clean PC running Questions regarding: C:\Windows\System32\Drivers\splf.sys regular scheduled scans with Questions regarding: C:\Windows\System32\Drivers\splf.sys AVG Antivirus and I also run Microsoft Security Essentials with active real-time protection automatically updating I keep Spybot S amp D and Malwarebytes current and run regular scans with both Tonite I opened AVG Antivirus and started going through the scan detections from Scheduled Scans from previous weeks When I got to the detections from October I noticed an anomaly Scheduled Scan Infections Scheduled Scan Infections Scheduled Scan Infections Scheduled Scan Infections Scheduled Scan Questions regarding: C:\Windows\System32\Drivers\splf.sys Infections All of these were classified Medium Security risks by AVG Antivirus Every single one of these detections were identified in AVG by Anti-Rootkit and all point to object C Windows System Drivers splf sys The threat names vary widely Below are some examples atapi sys hooked import ataport SYS AtaPortWritePortUchar - gt splf sys x D C Windows System Drivers splf sys Infected IRP hook Driver volmgr IRP MJ INTERNAL DEVICE CONTROL - gt splf sys x CD C Windows System Drivers splf sys Infected IRP hook FileSystem Ntfs IRP MJ QUERY INFORMATION - gt splf sys x C C Windows System Drivers splf sys Infected IRP hook FileSystem Ntfs IRP MJ DIRECTORY CONTROL - gt splf sys x C C Windows System Drivers splf sys Infected This is the only detection anomaly I've ever documented in two years of weekly logs Nothing has been detected by AVG since this anomaly back in October NONE of the detections were removed by AVG All were categorized as Not removed These detections simply ceased after the scan on They have not come back since My questions Why would all detections be involving object name C Windows System Drivers splf sys Could this have been an organized attack or attempt Thanks in advance -ChriS

A:Questions regarding: C:\Windows\System32\Drivers\splf.sys

Hello,
 
Do you have Daemon Tools installed. The file is a part of the emulation driver used by Daemon Tools and it is harmless.
 
 
Regards,
Georgi

http://www.bleepingcomputer.com/forums/t/535992/questions-regarding-cwindowssystem32driverssplfsys/
Relevancy 66.22%

I have an old Dell Dimension DIMC desktop running Windows XP with service pack Recently my brother was using the computer and accidentally opened up a bunch of instances of the same game It was going really slow so he tried to turn off the computer normally but he eventually just held the power button down to turn it Windows Corrupt or Missing System32\DRIVERS\pci.sys XP off When he tried turning it back on he got a blue screen with the error Stop c a Fatal Windows XP System32\DRIVERS\pci.sys Missing or Corrupt System Error The Session manager initialization system process terminated unexpectedly with a status of xc c The system has been shut down The numbers in parenthesis may have been a little different After looking around on the internet he decided to try the recovery console using the XP installation disk He did a chkdisk r on the c drive and then restarted the computer This time we got a different error Windows could not start because the following file is missing or corrupt System DRIVERS pci sys You can Windows XP System32\DRIVERS\pci.sys Missing or Corrupt attempt to repair this file by starting Windows Setup using the original Setup CD-ROM Select r at the first screen to start repair After looking around some more he found out you could copy this file using copy c windows ServicePackFiles i pci sys c windows system drivers or copy c windows system dllcache pci sys c windows system drivers But when we tried these we got the message quot Access denied quot We also tried something like expand lt CD-ROM DRIVE gt i system drivers pci sy c WINDOWS system drivers to which we got the same message We then tried set AllowAllPaths true to which we got the message The SET command is currently disabled The SET command is only an option Recovery Console command that can only be enabled by using the the Security Configuration and Analysis snap-in So now we don t really know what to do We can t start the computer in any of the safe modes We ve run chkdisk r and p a couple of times but it s still giving us that same error I ve seen that the problem might be related to the hardware drivers If anyone knows how to fix this please let me know Thanks nbsp

Relevancy 66.22%

i can not boot from vista on my vaio laptop, i do not want to system restore
because i have valuable information.

the error i get is:

missing or corrupted

\windows\system32\DRIVERS\disk.sys

where do i get this file or how do i fix it?

thanks

art

A:error \windows\system32\DRIVERS\disk.sys

You must be able to boot to fix the problem. Can you boot in safe mode?

http://www.vistax64.com/crashes-debugging/290630-error-windows-system32-drivers-disk-sys.html
Relevancy 66.22%

ComboFix - - - Kristin - x Microsoft Windows XP Home Edition GMT - Running from c documents and settings Kristin Desktop ComboFix exeAV AVG Anti-Virus Free On-access scanning enabled infected c:\windows\system32\drivers\cdrom.sys Updated DDD - FF- F- c:\windows\system32\drivers\cdrom.sys infected E B- D D BF Other Deletions c documents and settings Kristin Application Data Dealioc documents and settings Kristin Application Data Dealio res widgets xmlc documents and settings Kristin Application Data Dealio temp http www dealio com rss coupons-deals dotd xmlc documents and settings Kristin Application Data FunWebProductsc documents and settings Kristin Application Data FunWebProducts Data Kristin avatar datc documents and settings Kristin Application Data FunWebProducts Data Kristin outfit datc documents and settings Kristin Application Data FunWebProducts Data Kristin register datc documents and settings Kristin Application Data FunWebProducts Data Kristin zbucks datc documents and settings Kristin Application Data FunWebProducts Data Kristin zevents datc documents and settings Kristin oashdihasidhasuidhiasdhiashdiuasdhasdc documents and settings Kristin proxy portc documents and settings Kristin Recent Thumbs dbc documents and settings kristin wuaucldt exeC mtwb datc progra MYWEBS bar bin mwsoemon exec program files Dealio Toolbarc program files Dealio Toolbar IE config inic program files Dealio Toolbar IE dealioToolbarIE dllc program files Dealio Toolbar Res amazon gifc program files Dealio Toolbar Res apple gifc program files Dealio Toolbar Res barnes gifc program files Dealio Toolbar Res bestbuy gifc program files Dealio Toolbar Res dealio logo gifc program files Dealio Toolbar Res dealio logo hover gifc program files Dealio Toolbar Res ebay gifc program files Dealio Toolbar Res icon settings gifc program files Dealio Toolbar Res macys gifc program files Dealio Toolbar Res newegg gifc program files Dealio Toolbar Res overstock gifc program files Dealio Toolbar Res search-button-hover gifc program files Dealio Toolbar Res search-button gifc program files Dealio Toolbar Res search-chevron-hover gifc program files Dealio Toolbar Res search-chevron gifc program files Dealio Toolbar Res search amazon gifc program files Dealio Toolbar Res search dealio gifc program files Dealio Toolbar Res search ebay gifc program files Dealio Toolbar Res search yahoo gifc program files Dealio Toolbar Res target gifc program files Dealio Toolbar Res walmart gifc program files Dealio Toolbar Res widgets xmlc program files Dealio Toolbar SearchSettings dllc program files Dealio Toolbar SearchSettings exec program files Dealio Toolbar SearchSettingsRes dllc program files Dealio Toolbar sscfg inic program files Dealio Toolbar WidgiHelper exec program files Error Repair Professionalc program files FunWebProductsc program files FunWebProducts Shared Cache SmileyCentralBtn htmlc program files MyWebSearchc program files MyWebSearch bar bin chrome M FFXTBR JARc program files MyWebSearch bar bin CHROME MANIFESTc program files MyWebSearch bar bin chrome M FFXTBR JARc program files MyWebSearch bar bin F BKGERR JPGc program files MyWebSearch bar bin F CJpeg dllc program files MyWebSearch bar bin F DTactl dllc program files MyWebSearch bar bin F HISTSW DLLc program files MyWebSearch bar bin F HKSTUB DLLc program files MyWebSearch bar bin F HTMLMU DLLc program files MyWebSearch bar bin F HTtpct dllc program files MyWebSearch bar bin F IMSTUB DLLc program files MyWebSearch bar bin F POPSWT DLLc program files MyWebSearch bar bin F PSSAVR SCRc program files MyWebSearch bar bin F REGHK DLLc program files MyWebSearch bar bin F REPROX DLLc program files MyWebSearch bar bin F RESTUB DLLc program files MyWebSearch bar bin F SCHMON EXEc program files MyWebSearch bar bin F SCrctr dllc program files MyWebSearch bar bin F SPACER WMVc program files MyWebSearch bar bin F WALLPP DATc program files MyWebSearch bar bin F WPHOOK DLLc progr... Read more

A:c:\windows\system32\drivers\cdrom.sys infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/330280/cwindowssystem32driverscdromsys-infected/
Relevancy 66.22%

Hey guys I am having the following problem Whenever I start up with Need help please!! error C:\Windows\system32\drivers\NTNDIS.exe my computer I get an Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! error Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! message before my wallpaper is displayed that says There is no disk in the drive Please insert disk into drive Device Harddisk DR I usually click on cancel or continue and then three other pop Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! ups follow saying the same exact thing except they say Device Harddisk DR Device Harddisk DR and then Device Harddisk DR After I click continue or cancel on each of them my computer finally starts and says there is a problem with quot C Windows system drivers NTNDIS exe Below I have listed my HijackThis Log I would post my rootkit revealer but it says it is way too large to post Thanks Logfile of HijackThis v Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS Explorer exe C WINDOWS ehome ehtray exe C WINDOWS RTHDCPL EXE C Program Files Hewlett-Packard HP Boot Optimizer HPBootOp exe C Program Files HP HP Software Update HPwuSchd exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files AOL Active Security Monitor ASMonitor exe C HP KBD KBD EXE C Program Files QuickTime qttask exe C Program Files Java jre bin jusched exe C Program Files Windows Defender MSASCui exe C SRNMIC SOLOSENT EXE C Program Files Winamp winampa exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS NCLAUNCH EXe C Program Files America Online waol exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C WINDOWS arservice exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS eHome ehmsas exe C WINDOWS system dllhost exe C Program Files Internet Explorer iexplore exe C Program Files America Online shellmon exe C Program Files AIM aim exe C Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exe C Program Files Adobe Photoshop Photoshop exe C Program Files Uniblue RegistryBooster RegistryBooster exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Yahoo R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Sea... Read more

A:Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!!

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)


---------------


1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Open notepad and copy/paste the text in the quotebox below into it:


Code:
File::
C:\WINDOWS\system32\drivers\ntndis.exe
C:\WINDOWS\system32\drivers\ntndis.sys:

Drivers::
ntndis
Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

http://www.techsupportforum.com/forums/f100/need-help-with-c-windows-system32-drivers-ntndis-exe-error-please-161362.html
Relevancy 66.22%

Hello HJT Team This is my first time posting I have had problems with my computer for "changed" C:\windows\system32\drivers\etc\hosts a while and I just do not know how to fix it I am ready to do anything and everthing C:\windows\system32\drivers\etc\hosts "changed" to get it running at optimum performance I am running windows XP and below is my HJT log I do not know what other info you may need but hopefully this is enough to get started When I run AVG it finds C WINDOWS system drivers etc hosts and says that it was changed and it does not find anything else Also the control center will not open Any other scans that I do get interrupted during the middle of the scan and I do not know why There are a lot of other little things that I notice as well Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeH Program Files aawservice exeC WINDOWS system spoolsv exeH Program Files AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system svchost exeC WINDOWS System alg exeC WINDOWS Explorer EXEC WINDOWS Mixer exeH Program Files ZoneAlarm zlclient exeC WINDOWS system ctfmon exeH Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system wscntfy exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system wbem wmiprvse exeH Security HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp def search ie htmlR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride F - REG system ini Shell F - REG win ini run F - REG system ini UserInit userinit exeO - BHO no name - - no file O - BHO no name - rsion - no file O - BHO no name - X - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - H PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO ZoneAlarm Spy Blocker BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLLO - BHO no name - - no file O - BHO no name - gt - no file O - Toolbar ZoneAlarm Spy Blocker - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLLO - HKLM Run QuickTime Task quot C Program Files QuickTime bak qttask exe quot -atboottimeO - HKLM Run C-Media Mixer Mixer exe startupO - HKLM Run ZoneAlarm Client quot H Program Files ZoneAlarm zlclient exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM RunServices winlog winlog exeO - HKCU Run Uniblue RegistryBooster H Program Files RegistryBooster RegistryBooster exe SO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run SpybotSD TeaTimer H Program Files Spybot - Search amp Destroy TeaTimer exeO - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'NETWO... Read more

A:C:\windows\system32\drivers\etc\hosts "changed"

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

http://www.bleepingcomputer.com/forums/t/134020/cwindowssystem32driversetchosts-changed/
Relevancy 66.22%

My aunt C:\windows\system32\drivers\wzeeitx.sys a Is virus, this believes there is a virus on her computer Microsoft security essentials periodically states to delete Is this a virus, C:\windows\system32\drivers\wzeeitx.sys quot C windows system drivers wzeeitx sys quot but when I try to it says quot cannot locate source file or disk quot I tried to delete it in command prompt but then it says quot a device attached is not functioning quot Whatever help would be greatly appreciated Thank youHere is the hijack this logLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exec Program Files Microsoft Security Essentials MsMpEng exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Analog Devices Core smax pnp exeC Program Files Windows Defender MSASCui exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files Zune ZuneLauncher exeC Program Files Microsoft Security Essentials msseces exeC WINDOWS system ctfmon exeC WINDOWS System spool DRIVERS W X E FATIFCA EXEC Program Files LTCM Client ltcmScheduler exeC Program Files Java jre bin jqs exeC WINDOWS system svchost exec WINDOWS system ZuneBusEnum exeC Program Files Internet Explorer iexplore exeC Program Files Uniblue RegistryBooster registrybooster exeC Program Files Internet Explorer iexplore exeC Documents and Settings Owner KIRA Desktop HijackThis exe

A:Is this a virus, C:\windows\system32\drivers\wzeeitx.sys

bump===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Elise - forum moderator

http://www.bleepingcomputer.com/forums/t/295491/is-this-a-virus-cwindowssystem32driverswzeeitxsys/
Relevancy 66.22%

Hello I have in rootkit C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys been receiving help from rootkit in C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys boopme in the am i infected forum They have had me run a number of scans and found a rootkit in C WINDOWS system drivers gasfkybavmluoy sys They sent me here for futher assistance The most noticeable problem I have been having is google search result links either leading to an quot internet explorer could not open this page quot the web address has a lot of numbers and capital letters in it or taking me to ad sites At the very beginning of my problem I received alerts - times that my computer was infected and it showed that my drives and documents were all infected There was a pop up box with a program it told me to run to clean it which I didn't do DDS Ver - - - NTFSx Run by Michelle at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV Trend Micro Internet Security On-access scanning enabled Updated D BC- CC- - E- E AF FW Trend Micro Personal Firewall enabled E E E- A D- -A F - EC F EB Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C Program Files Trend Micro BM TMBMSRV exe C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Microsoft SQL Server MSSQL VAIO VEDB Binn sqlservr exe C Program Files Apoint Apoint exe C WINDOWS RTHDCPL EXE C Program Files Java jre bin jusched exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Sony ISB Utility ISBMgr exe C Program Files Sony VAIO Update VAIOUpdt exe C Program Files Apoint Apntex exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system nvsvc exe C Program Files Sony VAIO Zone Remote Commander AvRmtCtr exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe C Program Files Trend Micro Internet Security UfSeAgnt exe C Program Files Trend Micro Internet Security SfCtlCom exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system ctfmon exe C Program Files Trend Micro Internet Security TmPfw exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Trend Micro Internet Security TmProxy exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Microsoft Office Office ONENOTEM EXE C Program Files Sony VAIO Event Service VESMgr exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files Sony Shared VAIO Entertainment VzRs VzRs exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office Office WINWORD EXE C Documents and Settings Michelle Desktop dds scr Pseudo HJT Report uStart Page hxxp www weather com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uS... Read more

A:rootkit in C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys

Hello Let's run Mbam and Combofix.Malwarebytes' Anti-MalwareDownload Malwarebytes' Anti-Malware here and save to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-MalwareThen click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtOr via the Logs tab when Malwarebytes' Anti-Malware is started.Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running.ComboFix will restart your computer if malware is found; allow it to do so.Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Please post Mbam results and Combofix log back here

http://www.bleepingcomputer.com/forums/t/262668/rootkit-in-cwindowssystem32driversgasfkybavmluoysys/
Relevancy 66.22%

Hello I can't seem to remove a Root Kit agent called quot C WINDOWS drivers system str sys C:/WINDOWS/drivers/system32/str.sys HELP! Rootkit.Agent quot sucessfully Malwarebytes keeps just telling me re-start my computer after the scan I have three times and each time I do another scan to make sure it's gone it still comes up This is the family computer and it's HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys used to check multiple bank accounts and whatnot so I need this to be removed A S A P Any help to remove this would be greatly apperciated Here's my HijackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Digital Media Reader readericon G exe C Program Files Canon MyPrinter BJMyPrt exe C Program Files ScanSoft OmniPageSE OpwareSE exe C Program Files iTunes iTunesHelper exe C WINDOWS RTHDCPL EXE C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files TomTom HOME HOMERunner exe C Program Files Kodak Kodak EasyShare software bin EasyShare exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system bgsvcgen exe C Program Files Java jre bin jqs exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system svchost exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C Program Files iTunes iTunes exe C Program Files Malwarebytes' Anti-Malware mbam exe C Program Files Internet Explorer iexplore exe c WINDOWS Microsoft NET Framework v Windows Communication Foundation infocard exe C Program Files trend micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www roadrunner com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run readericon quot C Program Files Digital Media Reader readericon G exe quot O - HKLM Run Recguard quot C WINDOWS SMINST RECGUARD EXE quot O - HKLM Run CanonMyPrinter quot C Program Files Canon MyPrinter BJMyPrt exe quot logon O - HKLM Run SSBkgdUpdate quot C Program Files Common Files Scansoft Shared SSBkgdUpdate SSBkgdupdate exe quot -Embedding -boot O - HKLM Run OpwareSE quot C Program Files ScanSoft OmniPageSE OpwareSE exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files Malwarebytes' Anti-Malware mbam exe quot runcleanupscript O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run RTHDCPL quot RTHDCPL EXE quot O - HKLM Run Alcmtr quot ALCMTR EXE quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon ex... Read more

A:HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

http://www.techsupportforum.com/forums/f284/help-rootkit-agent-c-windows-drivers-system32-str-sys-425522.html
Relevancy 66.22%

Hi Before I go into more detail I wanted to let you know my issue was originally posted here asking for help with this problem and they after many attempts at removal recommended I come here Here is the link Trojan Horse Generic yaf c windows system compstu dll This will not go away no matter WHAT I do Here's a summary of where I started and where I am now I am utilizing AVG antivirus as my main AV I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program The problem is that AVG keeps locating a virus and lists the following OBJECT C Windows System compstu dll RESULT Trojan horse Generic YAF STATUS Infected I downloaded MBAM and utilized it This did clean out the quot house quot however it did not see the compstu dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process The file ALWAYS comes back The AVG error that pops up Generic8.yaf/ Trojan (c:\windows\system32\compstu.dll) Downlad-gen/n_bho Horse Trojan is quot Threat Detected While opening file C Windows system compstu dll Trojan horse Generic YAF The file has also been identified as Trojan Download-Gen N BHO by another of my programs Since my original post SAS ATF and SDFix have been downloaded and utilized according to the instructions I had received from Chewy and others Many of the logs would come Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) up clean one time and then dirty Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) the next with various registy entries and of course the ever present Compstu library that can be found at C Windows System Compstu dll Also of note is that many times after downloading SAS updates the file would update again the next time I opened it requesting it update again and retrieving the same file I downloaded the first time Don't know if that is relevent but it sure is irritating Another oddity is a black DOS box that pops up and disappears faster than I can identify it So without further ado here are logs requested Deckard's System Scanner v Run by Toni too on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled attempting to re-enable success -- Last Restore Point s -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Toni too exe --------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Common Files Microsoft Shared VS DEBUG Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC PROGRA SPYWAR sp rsser exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Pure Networks Network Magic nmsrvc exeC WINDOWS system lxcrcoms exeC Program Files iPod bin iPodService exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Java jre bin jusched exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Common Files Ins... Read more

A:Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll)

Hello Spunky3174 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/150876/trojan-horse-generic8yaf-trojan-downlad-genn-bho-cwindowssystem32compstudll/
Relevancy 66.22%

I have a problem.. a huge number of mails are trying to go out from my system. I tried to find out with malwarebytes .Found some infected objects.and fixed.But the above mensioned file not able to remove c:/windows/system32/drivers/wjqgjxgz.sys.While trying to delete manually it says:cannot read from the source file or disk

.Please help as early as possible.. can i use combofix??. if so please help

A:help please.. cann't remove rootkit system32/drivers/wjqgjxgz.sys

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please be sure to include a description of your computer issues and what you have done to try to resolve them.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include a description of your computer issues. Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

http://www.bleepingcomputer.com/forums/t/341307/help-please-cannt-remove-rootkit-system32driverswjqgjxgzsys/
Relevancy 66.22%

A few Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U C:\WINDOWS\system32\gasfkygnybnltp.dll days ago my sister was infected with a rogue antispyware so i removed it and now im getting some reports back from my real C:\WINDOWS\system32\gasfkygnybnltp.dll Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U anivirus that theres a rootkit in the C WINDOWS system gasfkygnybnltp dll directory I have no idea how to remove rootkits myself so i really need your help you guys Thanks Here is my HJT log C:\WINDOWS\system32\gasfkygnybnltp.dll Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exec Program Files Microsoft Security Essentials MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files a-squared Free a service exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files TOSHIBA ConfigFree CFSvcs exeC WINDOWS Microsoft NET Framework v mscorsvw exeC WINDOWS system DVDRAMSV exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Hotspot Shield bin openvpnas exeC Program Files Hotspot Shield HssWPR hsssrv exeC Program Files Java jre bin jqs exeC Program Files Malwarebytes' Anti-Malware mbamservice exeC Program Files iDumpPro NMSAccessU exeC Program Files Intel Wireless Bin RegSrvc exec TOSHIBA IVP swupdate swupdtmr exeC Program Files TOSHIBA TOSHIBA Applet TAPPSRV exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system dllhost exeC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC WINDOWS system TDispVol exeC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC WINDOWS ehome ehtray exeC WINDOWS eHome ehmsas exeC Program Files Toshiba Toshiba Applet thotkey exeC WINDOWS System svchost exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files ltmoh Ltmoh exeC WINDOWS AGRSMMSG exeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files Synaptics SynTP Toshiba exeC Program Files Toshiba Tvs TvsTray exeC WINDOWS system TPSMain exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC WINDOWS system dla DLACTRLW exeC toshiba ivp ism pinger exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Hotspot Shield bin openvpntray exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Canon MyPrinter BJMyPrt exeC WINDOWS system TPSBattM exeC Program Files QuickTime QTTask exeC Program Files Malwarebytes' Anti-Malware mbamgui exeC Program Files Microsoft Security Essentials msseces exeC Program Files Malwarebytes' Anti-Malware mbam exeC WINDOWS system ctfmon exeC WINDOWS system wscntfy exeC Program Files Messenger msmsgs exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC Program Files AIM aim exeC PROGRA Intel Wireless Bin Dot XCfg exeC WINDOWS system RAMASST exeC Program Files Microsoft Office Office ONENOTEM EXEC Program Files PowerMenu PowerMenu exeC Program Files Secunia PSI psi exeC Program Files AIM aolsoftware exeC WINDOWS system msiexec exeC Program Files Wyzo wyzo exeC WINDOWS system rundll exeC Program Files Java jre bin java exeC WINDOWS system MsiExec exeC WINDOWS system MsiExec exeC WINDOWS system MsiExec exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www toshibadirect com dpdstartR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www toshibadirect com dpdstartR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - Hosts localh... Read more

A:C:\WINDOWS\system32\gasfkygnybnltp.dll Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U

Hello sinister65Welcome to Welcome to BleepingComputer Please request that this topic be closed please:http://www.malwarebytes.org/forums/index.p...mp;#entry146148Having 2 people help on the same issue is a waste of the helpers time.=====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as Results.log and copy/paste the contents in your next reply.Exit the program and re-enable all active protection when done.

http://www.bleepingcomputer.com/forums/t/265758/cwindowssystem32gasfkygnybnltpdll-trojanrootkit-trojanwin32alureongenu/
Relevancy 66.22%

When i boot up my computer it doesnt reach the user login screen before it loads of startup repair. It looks for a fix but it doesnt find one. In the diagnosis the only error it shows is 'Boot critical file C:\Windows\system32\drivers\vmbus.sys is corrupt'. I have booted kaspersky repair disk and run a full scan which found no viruses or malware etc. From the startup repair window i have tried a system restore which had the same problem when attempting to boot. I can only access the system recovery options screen.

I am running windows 7 32bit, and i dont have a windows 7 disk but do have the windows 7 32bit iso file that i used to install windows 7.

I would be grateful for any help to resolve this issue.

Thanks in advance.

A:Unable to boot into Windows 7: Boot critical file C:\Windows\system32\drivers\vmbus.sys is corrupt

but do have the windows 7 32bit iso file that i used to install windows 7
so burn the win7 iso to dvd and see if you can boot to it and run the repair

http://www.bleepingcomputer.com/forums/t/438268/unable-to-boot-into-windows-7-boot-critical-file-cwindowssystem32driversvmbussys-is-corrupt/
Relevancy 65.36%

I'm about ready to gouge out C:\windows\system32\pmnlk.dll Remove Cannot Malware my own eyes in frustration over malware in c windows system pmnlk dll that refuses to die It Cannot Remove Malware C:\windows\system32\pmnlk.dll causes irritating pop-ups in IE but who knows what else--my google search suggests this file has been linked to a variety of problems After trying the other suggestions on the Forum I know where the bugger is on my system but Autoruns and Spybot can't remove it as it's quot in use quot Ad-Aware doesn't even detect it I finally downloaded HijackThis in order to post a log and ask for help My HijackThis log file is below Please note that I know from my scans with other programs that pmnlk dll has infiltrated the following which interestingly didn't show up in the HijackThis scan -it's running as a module in the process C windows system lsass exe trying to kill this module in Spybot caused the system to crash and it re-installed on startup -it's autorunning as BHO FB B - CFD- - FDC- ABCD D A it respawns reactivates immediately when I tried to delete disable it in Autoruns and Spybot Actually now that I've double-checked it HijackThis doesn't detect any BHOs even in the detailed startup scan I know this is wrong because Autoruns and Spybot both detect BHOs for my Google Toolbar Adobe PDF RealPlayer JAVA and Spybot itself Hmmm very weird Thanks in advance for any help you can provide Matt HLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system brsvc a exeC WINDOWS system spoolsv exeC WINDOWS system brss a exeC Program Files Java jre bin jusched exeC Program Files ScanSoft PaperPort pptd nt exeC WINDOWS system nvraidservice exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exeC WINDOWS system CTHELPER EXEC Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXEC Program Files Brother ControlCenter brctrcen exeC PROGRA ALWILS Avast ashDisp exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Kodak Kodak EasyShare software bin EasyShare exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system CTsvcCDA EXEC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exeC Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Canon CAL CALMAIN exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Files iPod bin iPodService exeC WINDOWS system wbem unsecapp exeC WINDOWS System svchost exeC Program Files Opera Opera exeC HijackThis HiJackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www brocku ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Mai... Read more

A:Cannot Remove Malware C:\windows\system32\pmnlk.dll

A bit of new info that might help (especially since I see a flood of people with the same problem): I ran HijackThis again using the ADSspy utility. It doesn't find anything on a basic Windows scan, but when I scanned everything, with no exclusions, I got this little gem:

c:\windows\system32\svchost.exe: exm.exe

which google tells me is ADS malware. What should I do with it? Am I going to corrupt Windows if I delete it with HijackThis, since svchost.exe is a legit program?

http://www.bleepingcomputer.com/forums/t/120034/cannot-remove-malware-cwindowssystem32pmnlkdll/
Relevancy 65.36%

Hi This is my first post ever but have been reading lots recently and found some excellent help with a roguekit I am stuck with My problem is went on hols with Norton running and no problems and came back to find young relative had used and computer had viruses and Norton would not run and could not install malwarebytes Norton wanted as they 'windows\system32\uacinit.dll to last remove item said we had accepted a spoof virus program and it was not the fault of Norton After hours later of renaming and retrying and the internet redirecting me to other sites I managed with the help of bleepingcomputer previous logs to get it down to roguekit and with Norton and Malwarebytes working but not deleting the last rogue kit Attached malwarebytes log last item to remove 'windows\system32\uacinit.dll Malwarebytes Anti-Malware Database version Windows Service Pack mbam-log- - - - - txt Scan type Full Scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C WINDOWS system uacinit dll Trojan Agent - gt Delete on reboot Thanks in advance

A:last item to remove 'windows\system32\uacinit.dll

Please download Sophos Anti-rootkit & save it to your desktop.alternate download linkNote: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.If the scan did not start automatically, make sure the following are checked:Running processesWindows RegistryLocal Hard DrivesClick Start scan.Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.Files tagged as Removable: No are not marked for removal and cannot be removed.Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes. A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.After reboot, a dialog box displays the files you selected for removal and the action taken.Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.When done, go to Start > Run and type or copy/paste: %temp%\sarscan.logThis should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.Disconnect from the Internet or physically unplug you Internet cable connection.Clean out your temporary files. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

http://www.bleepingcomputer.com/forums/t/251996/last-item-to-remove-windowssystem32uacinitdll/
Relevancy 65.36%

malwarebytes log C:\WINDOWS\system32\antiwpa.dll I have a genuine windows , but was serviced two weeks ago , after scanned i found this . I dont know what to do.

Please excuse my English language, I am better in spanish but i tried. thanks a lot
 

Relevancy 65.36%

hi guys i must commend this life-saving service u r rendering i followed the instruction given someone on this topic up to a point where one is to copy and paste a log My message:C:\WINDOWS\system32\drivers\conime.exe error log is thus Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files error message:C:\WINDOWS\system32\drivers\conime.exe Network Associates Common Framework FrameworkService exe C Program Files Network Associates VirusScan Mcshield exe C Program Files Network Associates VirusScan VsTskMgr exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system CCM CLICOMP RemCtrl Wuser exe C WINDOWS system CCM CcmExec exe C WINDOWS Explorer exe C WINDOWS system rundll exe C WINDOWS system hkcmd exe C Program Files Network Associates VirusScan SHSTAT EXE C Program Files Network Associates Common Framework UpdaterUI exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe error message:C:\WINDOWS\system32\drivers\conime.exe C WINDOWS system wuauclt exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http zinblog com R - HKCU Software Microsoft Internet Explorer Main Search Page http zinblog com R - HKCU Software Microsoft Internet Explorer Main Start Page http zinblog com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http leadwayportal R - HKCU Software Microsoft Internet Explorer SearchURL Default error message:C:\WINDOWS\system32\drivers\conime.exe http zinblog com R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by Leadway Assurance Company F - REG system ini Shell Explorer exe C WINDOWS system drivers conime exe F - REG system ini UserInit userinit exe C WINDOWS system lsass exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run ShStatEXE quot C Program Files Network Associates VirusScan SHSTAT EXE quot STANDALONE O - HKLM Run McAfeeUpdaterUI quot C Program Files Network Associates Common Framework UpdaterUI exe quot O - HKLM Run SVCHOST C WINDOWS svchost exe O - HKLM Run Task Manager C WINDOWS svhost exe O - Global Startup Acrobat Assistant lnk C Program Files Adobe Acrobat Distillr acrotray exe O - HKCU Software Policies Microsoft Internet Explorer Control Panel present O - HKCU Software Microsoft Windows CurrentVersion Policies System DisableRegedit O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - IERESET INF START PAGE URL http leadwayportal O - DPF Casa rdPty - Misc - file C CitiDirect MS citidirect ie casathrdpty cab O - DPF Casa rdPty - Swing - file C CitiDirect MS citidirect ie casaswing cab O - DPF Casa rdPty ... Read more

A:error message:C:\WINDOWS\system32\drivers\conime.exe

Hi and welcome to TSG,

Download AVG Anti-Spyware from HERE and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
If you have any infections you will be prompted. Then select "Apply all actions."
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please go HERE to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

https://forums.techguy.org/threads/error-message-c-windows-system32-drivers-conime-exe.590618/
Relevancy 65.36%

I earlier on used WinUtilities to delete duplicate files on my computer to free up space, and it deleted nvgts.sys from system32 >.< I turned my computer off, then a couple of hours later wanted to go back on it and got the following error in BIOS:
Windows could not start because the following file is missing or corrupt: system32/DRIVERS/nvgts.sys
I later learned that this was a Graphics Driver from nVidia, and that it was needed to run the computer.
I have been searching for hours now, unable to get access to a recovery/reinstallation disk or make one of my own.
I set a recovery point before this happened but don't think I can access this in BIOS.
What else can I do now?!
Thanks for any help, much appreciated.
I am on Windows XP by the way
 

A:Missing File: System32/drivers/nvgts.sys - Windows XP

Try performing an XP repair:
http://michaelstevenstech.com/XPrepairinstall.htm

Next time, don't delete files!
 

http://www.techspot.com/community/topics/missing-file-system32-drivers-nvgts-sys-windows-xp.178290/