Windows Support Forum

C:\windows\system32\drivers\disk.sys And C:\windows\system32\drivers\partmgr.sys

Q: C:\windows\system32\drivers\disk.sys And C:\windows\system32\drivers\partmgr.sys

CD drive (D:) on my system doesn?t even exist, I have one DVD drive player and one DVD/CD burner named (F:) and (N:). When trying to manage drive letters in control panel under administrative tools disk management CD drive (D:) does not even show up, I usually have this letter reserved for an external hard drive, now none of my short cuts icons etc will work because I cannot change this letter back. The actual name of this mysterious drive in device manager is WDC WD3000JS-60PDB0, the drivers it uses is C:\windows\system32\Drivers\disk.sys and C:\windows\system32\drivers\PartMgr.sys any ideas on how to remove this. Thanks.

Relevancy 100%
Preferred Solution: C:\windows\system32\drivers\disk.sys And C:\windows\system32\drivers\partmgr.sys

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: C:\windows\system32\drivers\disk.sys And C:\windows\system32\drivers\partmgr.sys

Well...you should use Disk Management to change drive letters...with the understanding that you cannot assign a letter that is already taken by any drive attached...until you change that drive's letter .This explains it better, Hard Drive Letter Assignments - http://support.microsoft.com/default.aspx?...844&sd=tech Louis

http://www.bleepingcomputer.com/forums/t/153003/cwindowssystem32driversdisksys-and-cwindowssystem32driverspartmgrsys/
Relevancy 97.65%

Today I turned on my computer and a message from AVAST said that the file C Windows System Drivers szkimzl sys and C WINDOWS and C:\WINDOWS\system32\drivers\atapi.sys C:\Windows\System32\Drivers\szkimzl.sys system drivers atapi sys was infected So I pressed 'delete' and I turned on my internet which was working fine the other day C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys and it wouldn't work I thought it might have been firefox but I tried IE Chrome and Opera none of the worked I have three other computers which are all on the same modem and they all work fine DDS Log DDS Ver - - - NTFSx Run by HP Administrator at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Outdated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system RUNDLL EXE C WINDOWS ehome ehtray exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files MySQL MySQL Server bin mysqld-nt exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wscntfy exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www comcast net uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyServer http BHO d -ce - - - d d a e - c windows system awttSlmm dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB E BD F- B D- E- BE-BE DF D AE - No File TB A A -BACC- D - - A E E - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe c windows system ctfmon exe uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun avast c progra alwils avast ashDisp exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun ftutil rundll exe ftutil dll SetWriteCacheMode mRun ehTray c windows ehome ehtray exe mRun AlwaysReady Power Message APP ARPWRMSG EXE dRun ctfmon exe c windows system ctfmon exe dRun vmamyovr c windows system config systemprofile local settings application data jaahjq nnitsysguard exe dRun ygua e yhuiesfha yfauy fe c windows temp ma xj exe dPolicies-explorer NoFolderOptions x dPolicies-system DisableRegistryTools x IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube Video IE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htm IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dll IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF ECD A- D - AF -BA A- F B D - hxxp xiah gamescampus com luncher GamesC... Read more

A:C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys

Hello iJoe,

Is there any reason you ran RootRepeal instead of gmer? I'd prefer a log from gmer as outlined in our pre-posting topic.



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

http://www.techsupportforum.com/forums/f50/c-windows-system32-drivers-szkimzl-sys-and-c-windows-system32-drivers-atapi-sys-452479.html
Relevancy 97.03%

My computer has been running slower lately I found this forum and read about someone else having a similar problem but not exactly here In the log from the link I posted SifuMike posted this Lets check your HOSTS file It's located at c windows system drivers etc C:\windows\system32... Free Found And Edition Scan: Avg C:\windows\system32\drivers\etc\hosts hosts You can open it up in Notepad If it's just some lines on top with a in front of it and followed by localhost then you don't need to post it however if there are others following localhost you may have to fix it Post it here if that's the case I opened up my HOSTS file at that location and there were other lines following localhost This is what was in there Copyright - Microsoft Corp This is a sample HOSTS file used by Microsoft TCP IP for Windows This file contains the mappings of IP addresses to host names Each entry should be Avg Free Edition Scan: Found C:\windows\system32\drivers\etc\hosts And C:\windows\system32... kept Avg Free Edition Scan: Found C:\windows\system32\drivers\etc\hosts And C:\windows\system32... on an individual line The IP address should be placed in the first column followed by the corresponding host name The IP address and the host name should be separated by at least one space Additionally comments such as these may be inserted on individual lines or following the machine name denoted by a ' ' symbol For example rhino acme com source server x acme com x client host localhost bin errorprotector com br errorsafe com br winantivirus com br winfixer com cdn drivecleaner com cdn errorsafe com cdn winsoftware com de errorsafe com de winantivirus com download cdn drivecleaner com download cdn errorsafe com download cdn winsoftware com download errorsafe com download systemdoctor com download winantispyware com download windrivecleaner com download winfixer com drivecleaner com dynamique drivecleaner com errorprotector com errorsafe com es winantivirus com fr winantivirus com fr winfixer com go drivecleaner com go errorsafe com go winantispyware com go winantivirus com hk winantivirus com instlog errorsafe com instlog winantivirus com instlog winfixer com jsp drivecleaner com kb errorsafe com kb winantivirus com nl errorsafe com se errorsafe com secure drivecleaner com secure errorsafe com secure winantispam com secure winantispy com secure winantivirus com support winantivirus com trial updates winsoftware com ulog winantivirus com utils errorsafe com utils winantivirus com utils winfixer com winantispyware com winantivirus com winfixer com winfixer com winsoftware com www drivecleaner com www errorprotector com www errorsafe com www systemdoctor com www utils winfixer com www win-anti-virus-pro com www win-virus-pro com www winantispam com www winantispy com www winantispyware com www winantivirus com www winantiviruspro com www windrivecleaner com www windrivesafe com www winfixer com www winfixer com www winsoftware com I don't know what those other lines are and what they mean My computer is running slower Even when I open folders on my computer they open slower with the little search flashlight with the folder icon thing coming up That never happened like that before My internet is slower also Does anyone know if I'm infected with any malware adware virus etc Please help Thanks

A:Avg Free Edition Scan: Found C:\windows\system32\drivers\etc\hosts And C:\windows\system32...

The entries you see below the local host are really BAD sites which are being redirected back to nowhere (your computer), so they can't call out. I don't know what put those entries in, quite possibly AVG or some other application you've used. They're a good thing. But ...In some computers, mine included, if a large hosts file is used, the DNS service has to be disabled. Otherwise the computer can get very, very slow for the internet access.More and better details herehttp://www.mvps.org/winhelp2002/hosts.htmand a quote:Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.To resolve this issue (manually) open the "Services Editor"Start | Run (type) "services.msc" (no quotes)Scroll down to "DNS Client", Right-click and select: PropertiesClick the drop-down arrow for "Startup type"Select: Manual, or Disabled (recommended) click Apply/Ok and restartrestart = REBOOT is a must. You can also stop and then disable the DNS service from Control Panel.See about the middle of that writeup. If I were you, I'd read the whole article. The thing that puzzles me a bit is that your hosts file isn't all that long and it sure is missing a lot of other very bad things.

http://www.bleepingcomputer.com/forums/t/113560/avg-free-edition-scan-found-cwindowssystem32driversetchosts-and-cwindowssystem32kernel32dll-change/
Relevancy 96.1%

I read someone else's post with the same problem he didn't have the shell dll one though and I did And Anti Avg Virus C:\windows\system32\shell32.dll Found C:\windows\system32\drivers\etc... what the other posts said Here is my HijackThis Log Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc... Please help me And also lately Spybot - Search Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc... amp Destroy hasn't been finding any spyware or anything at all It used to find something every time I ran it but not anymore I don't know if that has to do with these changes though My Sims game won't start anymore either It reads the CD but it never starts The game isn't scratched or anything maybe I just need to clean the drivers But I thought since one of these changes says drivers in it that might be the reason why my game won't start If you have any tips on how to help my computer run a little faster that'd be great too I feel like my computer goes slower than it should It's also been making a lot of weird noises lately I'm sorry for listing so many problems I don't know if I'm supposed to post these here but if you could help me with all of that that would be really great Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC WINDOWS system rundll exeC Program Files Windows Live Messenger usnsvc exeC WINDOWS system wisptis exeC Program Files Mozilla Firefox firefox exeC PROGRA Grisoft AVG avgamsvr exeC Program Files Smart Protector Pro SmartProtector-Pro exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize www yahoo comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride dynhost inetcam com register inetcam com localhostR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C PROGRA Yahoo Common yiesrvc dllO - BHO no name - C B A - DB - A -A CB-D BBFEB - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF... Read more

A:Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc...

..Update..A computer guy came and looked at my computer. He said I needed a new fan.. so I don't need help with that now. My Sims game also works now.I just need to know if I'm infected.. and if there's something wrong with my Spybot.. and how I could change my hosts back or whatever is wrong with them. Thanks. I have a new problem now though.. I can't watch videos on Mtv.com. When I pause them, they won't load anymore. Only if I play it.. and I don't have a very fast internet so.. it loads slow. So it always stops every 5 seconds. It's very annoying. It did it before.. but then worked sometimes. I thought it might have been the site or maybe a lot of people were watching it, but it hasn't been working at all now. Can you please help me with that too?

http://www.bleepingcomputer.com/forums/t/120285/avg-anti-virus-found-cwindowssystem32shell32dll-and-cwindowssystem32driversetchosts-changed/
Relevancy 95.79%

i can not boot from vista on my vaio laptop, i do not want to system restore
because i have valuable information.

the error i get is:

missing or corrupted

\windows\system32\DRIVERS\disk.sys

where do i get this file or how do i fix it?

thanks

art

A:error \windows\system32\DRIVERS\disk.sys

You must be able to boot to fix the problem. Can you boot in safe mode?

http://www.vistax64.com/crashes-debugging/290630-error-windows-system32-drivers-disk-sys.html
Relevancy 94.86%

Alright, last week began noticing a google/bing redirect to blank page that would continue to correct page if you refreshed the page. Then Avast began detecting "C\Windows\system32\drivers\disk.sys" that it couldn't do anything with, continued to detect and/or ask for start up boot scans. Finally, the computer became unresponsive. It would start up, but nothing you tried to open or view would work and sometimes go to a black screen. In either case a hard shut down was the only way out.

Looking forward to cleaning this up, thanks

Attached are two reports, I couldn't find "attach.txt" from DDS? Unsure if I did something wrong there

I do have windows restore disk

A:redirect ~ then unresponsive (windows\system32\drivers\disk.sys

Found the "attach" report and it's on here as a zipped attachment

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Dimension4700 at 12:21:10.17 on Sun 02/20/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2439 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Dimension4700\Desktop\Set ups to move\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:64505
uURLSearchHooks: H - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dimens~1\appdata\roaming\mozilla\firefox\profiles\qll44dhz.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=723823&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64505
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\moz... Read more

http://www.techsupportforum.com/forums/f50/redirect-then-unresponsive-windows-system32-drivers-disk-sys-552803.html
Relevancy 94.55%

MOD EDIT Moved to different forum stevealmightyNOTE If it is deemed Avg C:\windows\system32\drivers... My Results C:\windows\system32\ntoskrnl.exe Says And Antivirus that the members computer is infect please start HERE to post a HJT log The reason why I did not move this to the misplaced HJT log thread is that a qualified malware expert may know right off whether you're infected or not just by looking at the title of the topic Any questions please feel free to PM me C Windows system ntoskrnl exe and C Windows system drivers etc hosts changed I ran an AVG antivirus scan and under the virus results it says that my C Windows system drivers etc hosts and C Windows system ntoskrnl exe have been Changed Object C Avg Antivirus Results Says My C:\windows\system32\ntoskrnl.exe And C:\windows\system32\drivers... Windows system ntoskrnl exe Results Change Status ChangedObject C Windows system drivers etc hosts Results Change Status ChangedShould i be concerened about this Have I been infected by some malicious program If so how do i solve it Help would be greatly appreciated Here is my HijackThis logfile Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files HP QuickPlay QPService exeC Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Java jre bin jusched exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Symantec AntiVirus VPTray exeC Program Files Lexmark - Series lxdimon exeC Program Files Lexmark - Series lxdiamon exeC Program Files iTunes iTunesHelper exeC Program Files Grisoft AVG avgcc exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Windows System mobsync exeC Windows System igfxtray exeC Windows System hkcmd exeC Windows System igfxpers exeC Program Files HP HP Software Update hpwuSchd exeC Program Files Windows Sidebar sidebar exeC Program Files MSN Messenger msnmsgr exeC Program Files DAEMON Tools daemon exeC Windows system igfxsrvc exeC Program Files Skype Phone Skype exeC PROGRA HEWLET Shared HPQTOA EXEC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Skype Plugin Manager skypePM exeC Program Files Grisoft AVG avgwb datC Program Files WIDCOMM Bluetooth Software BtStackServer exeC Program Files Mozilla Firefox firefox exeC Windows System notepad exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www np edu sg R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a O amp pf laptopR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a O amp pf laptopR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD-... Read more

A:Avg Antivirus Results Says My C:\windows\system32\ntoskrnl.exe And C:\windows\system32\drivers...

Go to Control panel > Programs and Features. Uninstall: DAEMON ToolsIt doesn't work with Vista.Next, Using Windows Explorer, navigate to and delete:C:\Program Files\DAEMON Tools Reboot/restart your computer.If you're still having problems, then please post a 'fresh' HJT log here (describing the problem(s)):http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

http://www.bleepingcomputer.com/forums/t/128928/avg-antivirus-results-says-my-cwindowssystem32ntoskrnlexe-and-cwindowssystem32driversetchosts-has-beenchanged-have-i-been-infected/
Relevancy 89.9%

when i look at driver details in some of my system devices i see a path that has the driver capitalized, adn when that is the case, in the gwneral tab the driver location is listed as unknown. anyone know the background on this?
 

https://forums.techguy.org/threads/system32-drivers-vs-system32-drivers-nd-driver-location-unknown.966000/
Relevancy 83.39%

Hello,

Recently, I have ran Malwarebyts multiple times and each time it tells me that C:/WINDOWS/drivers/system32/str.sys is an infected file that will be removed after my computer is restarted.
After multiple restarts, it still does not get removed.

This is my first time posting on this forum, and the "first steps" link does not really say what i need to have posted.

Please let me know what i need to do.

A:C:/WINDOWS/drivers/system32/str.sys

I just noticed the checklist, but every time i run the DDS, my computer goes into a bluescreen. Is there anything else i can do/try?

http://www.techsupportforum.com/forums/f100/c-windows-drivers-system32-str-sys-434760.html
Relevancy 83.39%

Please take a quick look at the attached and see if you can you help me remove the viri-

thx wood

A:C:\WINDOWS\system32\drivers\str.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/260200/cwindowssystem32driversstrsys/
Relevancy 83.39%

I have a stand alone pc with windows xp these are located in C Windows System drivers etc do these look ok filename Quotes - what the heck is this for and why cant I open or delete it quot My spelling is Wobbly It s good spelling but it Wobbles and the letters get in the wrong places quot A A Milne - quot Man can climb to the highest summits but he cannot dwell there long quot George Bernard Shaw - quot In Heaven an angel is nobody in particular quot George Bernard Shaw - quot Assassination is the extreme form of censorship quot George Bernard Shaw - quot When a stupid man is doing something he is ashamed of he always declares that it is his duty quot George Bernard Shaw - quot We have no more right to C:\Windows\System32\drivers\etc? consume C:\Windows\System32\drivers\etc? happiness without producing it than to consume wealth without producing it quot George Bernard Shaw - quot We want a few mad people now See where the sane ones have landed us quot George Bernard Shaw - quot The secret of C:\Windows\System32\drivers\etc? being miserable is to have leisure to bother about whether you are happy or not The cure for it is occupation quot George Bernard Shaw - quot Here s the rule for bargains quot Do other men for they would do you quot That s the true business precept quot Charles Dickens - quot Oh the nerves the nerves C:\Windows\System32\drivers\etc? the mysteries of this machine called man Oh the little that unhinges it poor creatures that we are quot Charles Dickens - quot A wonderful fact to reflect upon that every human creature is constituted to be that profound secret and mystery to every other quot Charles Dickens - quot It was as true as taxes is And nothing s truer than them quot Charles Dickens - --------------------------------------------------------------------------- Protocol Copyright c - Microsoft Corp This file contains the Internet protocols as defined by RFC Assigned Numbers Format lt protocol name gt lt assigned number gt aliases lt comment gt ip IP Internet protocol icmp ICMP Internet control message protocol ggp GGP Gateway-gateway protocol tcp TCP Transmission control protocol egp EGP Exterior gateway protocol pup PUP PARC universal packet protocol udp UDP User datagram protocol hmp HMP Host monitoring protocol xns-idp XNS-IDP Xerox NS IDP rdp RDP quot reliable datagram quot protocol rvd RVD MIT remote virtual disk ------------------------------------------------------------------------------ Services Copyright c - Microsoft Corp This file contains port numbers for well-known services defined by IANA Format lt service name gt lt port number gt lt protocol gt aliases lt comment gt echo tcp echo udp discard tcp sink null discard udp sink null systat tcp users Active users systat tcp users Active users daytime tcp daytime udp qotd tcp quote Quote of the day qotd udp quote Quote of the day chargen tcp ttytst source Character generator chargen udp ttytst source Character generator ftp-data tcp FTP data ftp tcp FTP control telnet tcp smtp tcp mail Simple Mail Transfer Protocol time tcp timserver time udp timserver rlp udp resource Resource Location Protocol nameserver tcp name Host Name Server nameserver udp name Host Name Server nicname tcp whois domain tcp Domain Name Server domain udp Domain Name Server bootps udp dhcps Bootstrap Protocol Server bootpc udp dhcpc Bootstrap Protocol Client tftp udp Trivial File Transfer gopher tcp finger tcp http tcp www www-http World Wide Web kerberos tcp krb kerberos-sec Kerberos kerberos udp krb kerberos-sec Kerberos hostname tcp hostnames NIC Host Name Server iso-tsap tcp ISO-TSAP Class rtelnet tcp Remote Telnet Service pop tcp postoffice Post Office Protocol - Version pop tcp Post Office Protocol - Version sunrpc tcp rpcbind portmap SUN Remote Procedure Call sunrpc udp rpcbind portmap SUN Remote Procedure Call auth tcp ident tap Identification Protocol uucp-path tcp nntp tcp usenet Network News Transfer Protocol ntp udp Network Time Protocol epmap tcp loc-srv DCE endp... Read more

Relevancy 83.39%

had "security tool" malware infection. Used the uninstall guidlines on this site and was doing fine until line 19
in the instructions. I was able to delete the windows\system32\drivers\etc\HOSTS, but I am lost as to what to do now.

A:where can I get windows\system32\drivers\etc

You can download the default HOSTS file for your operation system.Windows XP HOSTS File Download LinkWindows Vista HOSTS File Download LinkWindows 2003 Server HOSTS File Download LinkWindows 2008 Server HOSTS File Download LinkWindows 7 HOSTS File Download Link-- Note: If the contents of the HOSTS file opens in your browser when you click on the download link, then right-click on it and select Save Target As... if using Internet Explorer, or Save Link As... if using Firefox.Also see How to reset the hosts file back to the default. To do this automatically, click the button. Click Run in the file download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

http://www.bleepingcomputer.com/forums/t/361117/where-can-i-get-windowssystem32driversetc/
Relevancy 82.46%

I've deleted the c windows system drivers ntndis exe from my hijackthis log by selecting it and clicking on fix but my computer is still acting very slow and I believe i might have other viruses on my comp can you pls look at my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at AM on help with c:\windows\system32\drivers\ntndis.exe Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS help with c:\windows\system32\drivers\ntndis.exe system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe C PROGRA McAfee com PERSON MpfService exe C Program Files Intel Wireless Bin RegSrvc exe C PROGRA mcafee com agent mcagent exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files TOSHIBA ConfigFree NDSTray exe C PROGRA mcafee com agent mcagent exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exe c TOSHIBA IVP swupdate swupdtmr exe C WINDOWS RTHDCPL EXE C Program Files TOSHIBA TOSHIBA Applet TAPPSRV exe C WINDOWS system hkcmd exe C Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exe C WINDOWS system igfxpers exe C WINDOWS ehome ehtray exe C WINDOWS system TODDSrv exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system fxssvc exe C WINDOWS system TPSMain exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files ltmoh Ltmoh exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files Toshiba Tvs TvsTray exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files McAfee com VSO oasclnt exe C Program Files Synaptics SynTP Toshiba exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files Toshiba Tvs TvsTray exe C WINDOWS system TPSBattM exe C toshiba ivp ism pinger exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files McAfee com VSO oasclnt exe C PROGRA mcafee com vso mcvsshld exe C toshiba ivp ism pinger exe C PROGRA McAfee com PERSON MpfTray exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files QuickTime qttask exe C WINDOWS system ctfmon exe C PROGRA mcafee com vso mcvsshld exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C PROGRA McAfee com PERSON MpfTray exe C Program Files QuickTime qttask exe c progra mcafee com vso mcvsescn exe C WINDOWS system dllhost exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system RAMASST exe C WINDOWS eHome ehmsas exe C PROGRA McAfee com PERSON MpfAgent exe C Program Files Intel Wireless Bin Dot XCfg exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Internet Explorer iexplore exe C PROGRA Yahoo MESSEN ymsgr tray exe C WINDOWS Explorer exe C Documents and Settings Joslyn Local Settings Temporary Internet Files Content IE LA R T HiJackThis exe C PROGRA RACLE scanregw exe C PROGRA RACLE scanregw exe C PROGRA RACLE scanregw exe C PROGRA RACLE scanregw exe R - HKCU Software Microsoft Internet Explorer Main Start Page ... Read more

A:help with c:\windows\system32\drivers\ntndis.exe

Looking at QuickTime it looks like you have the latest Vundo infection....

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

http://www.techsupportforum.com/forums/f100/help-with-c-windows-system32-drivers-ntndis-exe-214424.html
Relevancy 82.46%

Hello, I have been battling a hidden service on my laptop for several days. I have done some extensive research on the web, but no luck. I have run a GMER and receiving a lot of red warnings about a "pragma" hidden service.What are the first steps to resolving this issue?Thanks,Bret

A:Windows\system32\drivers\pragmabvfquqsbfn.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

http://www.bleepingcomputer.com/forums/t/315683/windowssystem32driverspragmabvfquqsbfnsys/
Relevancy 82.46%

Help i think i have one of those stupid adobe reader fake update viruses.
My malware software and avast are not getting rid of it.
help help

A:windows\system32\drivers\mshcmd.sys.

Hello and welcome. I moved this to the Am I Infected forum.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Troubleshoot Malwarebytes' Anti-Malware Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the... Read more

http://www.bleepingcomputer.com/forums/t/405060/windowssystem32driversmshcmdsys/
Relevancy 82.46%

c:\windows\system32\drivers\pwzswbfdzrbrwme.sys

is corrupt according to test. I cannot get the pc to boot up in windows 7

I don't believe this is a real windows file, but may have been some virus to lock down windows.

Any ideas how to re start ( without doing a complete re boot from the W7 CD )

Thanks



Roger Kalter

A:c:\windows\system32\drivers\pwzswb

Hello Roger, welcome to the forums!

If you're able to boot into Safe Mode with Network (pressing F8 on the BIOS screen) you could run a Malware scan with Malwarebytes' Antimalware

Here: Malwarebytes' Anti-Malware: Malwarebytes

The free version does everything the paid one does, the main difference is that the free version does not run in real time, you have to do "on demand" scans.

Try that, because i can't find any info on the internet about that particular file, could be a virus.

Report back, please

http://www.sevenforums.com/bsod-help-support/140549-c-windows-system32-drivers-pwzswb.html
Relevancy 82.46%

I have a friends laptop it is a sony vaio i believe its running vista home premium edition and anytime I begin to turn on the computer the \Windows\System32\drivers\ecache.sys vaio splash screen shows up and then it goes to a black screen with an \Windows\System32\drivers\ecache.sys error message telling me part of the boot \Windows\System32\drivers\ecache.sys file is corrupt or missing stating that the file is Windows System drivers ecache sys I attempted the f key while it starts up none of those options work and there isn't one for repair computer i've also attempted putting in two different startup repair disks for a while it was working but there is no system restore date available so i attempted some things through the command prompt after many fails I ran a C chkdsk f and was gunna follow it with a C chkdsk r but after restarting it the cd begins to load and promptly brings me to a black screen with only a mouse never to complete loading i'm at wits end and attempting to repair his computer without deleting all of his files for there are pictures of his childeren on there I quot m out of ideas and anyones help would be greatly appreciated I myself am using a dell xps m with the same running system thanks for the help ahead of time quot I haven't failed only found ways that won't work quot

A:\Windows\System32\drivers\ecache.sys

See if you can boot into the Recovery partition - press F10 during boot-up. Run System Repair.

If no-go, you need the Sony Vista recovery DVD for that system.

Regards. . .

jcgriff2

`

http://www.techsupportforum.com/forums/f217/windows-system32-drivers-ecache-sys-524739.html
Relevancy 82.46%

Hi there Been through all steps described scanned with Adaware AVG Network Ed SpybotStingerAll defs up to C:\windows\system32\drivers\smtpdrv.sys date and windows updates installed This little blighter keeps coming back c windows system drivers smtpdrv sys infected with Backdoor Generic c AEWBelow is the HijackThis log It goes without saying that I am extremely grateful for any help you may offer Many thanks ChambLogfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v C:\windows\system32\drivers\smtpdrv.sys Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost C:\windows\system32\drivers\smtpdrv.sys exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS system acs exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC Program Files TOSHIBA ConfigFree C:\windows\system32\drivers\smtpdrv.sys CFSvcs exeC WINDOWS system ThpSrv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system THotkey exeC Program Files Apoint K Apoint exeC WINDOWS AGRSMMSG exeC WINDOWS system TPSMain exeC WINDOWS system thpsrv exeC WINDOWS system TFNF exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC WINDOWS system TPSBattM exeC Program Files TOSHIBA TouchED TouchED ExeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files TOSHIBA Wireless Hotkey TosHKCW exeC WINDOWS System DLA DLACTRLW EXEC Program Files Apoint K Apntex exeC WINDOWS RTHDCPL EXEC PROGRA Grisoft AVG avgcc exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC WINDOWS system ctfmon exeC Documents and Settings All Users Application Data Macrovision FLEXnet Connect ISUSPM exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Microsoft Office OFFICE ONENOTEM EXEC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC PROGRA MICROS OFFICE OUTLOOK EXEC Program Files Microsoft Office OFFICE WINWORD EXEC WINDOWS system svchost exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn co uk SEENGB SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Search Page http g msn co uk SEENGB SAOS FORM TOOLBRR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn co uk SEENGB SAOS FORM TOOLBRO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -DelayO - HKLM Run THotkey C WINDOWS system THotkey exeO - HKLM Run Apoint C Program Files Apoint K Apoint exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run TPSMain TPSMain exeO - HKLM Run TPSODDCtl TPSODDCtl exeO - HKLM Run ThpSrv thpsrv logonO - HKLM Run TFNF TFNF exeO - HKLM Run SmoothView C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeO - HKLM Run TouchED C Program File... Read more

A:C:\windows\system32\drivers\smtpdrv.sys

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chambaMy name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop.Alternative Combofix download link HERE.Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/126703/cwindowssystem32driverssmtpdrvsys/
Relevancy 82.46%

Hi

AVG is detecting C:\WINDOWS\system32\drivers\asyncmac.sys as a threat, google says it''s TrojanDropper:Win32/Dogrobot.E

Can anyone advise the best way to deal with this?

I've already ran super anti spyware and spybot search and destroy and the threat remains.

Thanks

Neil
 

https://forums.techguy.org/threads/c-windows-system32-drivers-asyncmac-sys.904039/
Relevancy 82.46%

Hi,

I was having porblem accessing some webistes and was told to remove line(s) in this file using notepad. It only made things worse and I can't access things like google/gmail or other websites.

I need help, what do I have to do?

https://social.technet.microsoft.com/Forums/en-US/b70982b4-1a66-4503-9565-f91da9db7a3d/windowssystem32driversetchosts?forum=w7itprosecurity
Relevancy 82.46%

The following error message appears when I power up my laptop: C:\Windows\System32\drivers\ntndis.exe. I get locked at that time and can't proceed with anything.

A:C:\windows\system32\drivers\ntndis.exe

Hi missyf,Check if this link helps you: http://www.bleepingcomputer.com/startups/n....exe-14934.html

http://www.bleepingcomputer.com/forums/t/130168/cwindowssystem32driversntndisexe/
Relevancy 82.46%

I start my OS and I hear a orchastra sound every WINDOWS\System32|drivers\ntndis.exe minute or so with a redX and WINDOWS System drivers ntndis exe I went to HJT and dowdloaded and did scan Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system WINDOWS\System32|drivers\ntndis.exe winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS System svchost exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Trend Micro Antivirus Tmntsrv exe C Program Files Trend Micro Antivirus tmproxy exe C Program Files Viewpoint Common ViewpointService exe C Program Files Vongo VongoService exe C Program Files Webroot Spy Sweeper SpySweeper exe C WINDOWS system mqsvc exe C WINDOWS system mqtgsvc exe C WINDOWS system dllhost exe C WINDOWS system taskmgr exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system cmd exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY lion amp pf laptop R - HKCU Software Microsoft Internet Explorer Main Start Page http www dogpile com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY lion amp pf laptop R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TY lion amp pf laptop R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file R - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLL F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exe F - REG win ini load C WINDOWS system mllmn exe O - Toolbar Ask Toolbar - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSBAR DLL O - HKLM Run UserFaultCheck C WINDOWS system dumprep -u O - HKLM Run TM Outbreak Agent quot C Program Files Trend Micro Antivirus TMOAgent exe quot run O - HKLM Run SynTPEnh quot C Program Files Synaptics SynTP SynTPEnh exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SpySweeper C Program Files Webroot Spy Sweeper SpySweeperUI exe startintray O - HKLM Run runner C WINDOWS mrofinu exe A B BBF B B E C C A E C A O - HKLM Run RecGuard C Windows SMINST RecGuard exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKLM Run PSPVideo quot C Program Files pspvideo pspVideo exe quot -t O - HKLM Run PCClient exe quot C Program Files Trend Micro Antivirus PCClient exe quot O - HKLM Run pccguide exe quot C Program Files Trend Micro Antivirus pccguide exe quot O - HKLM Run nwiz quot nwiz exe quot installquiet nodetect O - HKLM Run NvMediaCenter quot RUNDLL EXE quot C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run MsmqIntCert regsvr s mqrt dll O - HKLM Run KernelFaultCheck C WINDOWS system dumprep -k O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -start O - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService isuspm exe quot -startup O - HKLM Run hpWirelessAssistant quot C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe quot O - HKLM Run HP Software Update quot C Program Files Hp HP Software Update HPWuSchd exe quot O - HKLM Run High Definition Audio Property Page Shortcut CHDAudPropShortcut exe O - HKLM... Read more

http://www.techsupportforum.com/forums/f284/windows-system32-drivers-ntndis-exe-212762.html
Relevancy 82.46%

Here are the files compiled from scans I have run per instructions from Boopme I have a Rootkit that needs to be deleted Thanks for any help DDS Ver - - - NTFSx Run by Dave C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows SYSTEM wininit C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k NetworkService C Windows system svchost exe -k LocalService C Windows system nvvsvc exe C Windows system nvvsvc exe C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Program Files Tall Emu Online Armor OAcat exe C Program Files Tall Emu Online Armor oasrv exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Windows System spoolsv exe C Windows SYSTEM taskeng exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system Dwm exe C Windows Explorer EXE C Windows SYSTEM taskeng exe C Windows SYSTEM taskeng exe C Program Files Windows Defender MSASCui exe C Program Files Tall Emu Online Armor oaui exe C Program Files Alwil Software Avast ashDisp exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Tall Emu Online Armor OAhlp exe C Program Files a-squared Free a service exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C Windows system WUDFHost exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Secunia PSI psi exe C Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Windows System mobsync exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Windows system wuauclt exe C Program Files Opera opera exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Users Dave Desktop dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp yahoo sbc com dsl uSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo com mStart Page hxxp www google com mDefault Page URL hxxp www google com mDefault Search URL hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com mSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo com mSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html uSearchAssistant hxxp www google com ie uSearchURL Default hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com mSearchAssistant hxxp www google com ie uURLSearchHooks H - No File mURLSearchHooks H - No File BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Yahoo IE Services Button bab... Read more

A:C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys

Hello curundu,You have a nasty rootkit on this computer. Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combo-Fix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" .**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

http://www.bleepingcomputer.com/forums/t/260510/cwindowssystem32driversesqulivowxinkvxtrwvipcceiyeeyipcswylpsys/
Relevancy 82.46%

This notebook is years old When looking C:\Windows\system32\DRIVERS\usbfilter.sys up Device Manager USB Controllers this string is attached to each one and does not have a green checkmark in front of of it C Windows system DRIVERS usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys sysMarch motherboard was replaced by manufacturer under warranty April downloaded AVG to protect system from viruses May opened viscous email attachment and immediately realized my computer was attacked by a virus I ran AVG and it appeared to clean everything except one string Since this happened I have not been able to connect my printers nor fully connect my Blackberry smart phone device I thought my printer and Blackberry were defective so I purchased new devices August when attempting to use my newly purchased Canon printer I received the following error message Canon MX Series Printer USB quot Print data cannot be sent because of the current printer status quot July when connecting my new smart phone to the USB port a window appears prompting transferring files and or pictures but the Blackberry Desktop Manager does not recognize the connection not able to read window reads quot Before you begin verify your current Blackberry Device is connected to your computer quot I was on the phone w a Blackberry Tech who noticed the extra attachment in the USB driver details without a green check mark All malware software program scans used are not detecting this virus even GMER came up Clean the file is completely empty and I was not allowed to upload it How can that be My computer is not slow but this string appears to be foreign and is preventing me from fully accessing devices via my USB drivers Has something evil attached to my USB drives that is no longer removable PLEASE HELP IDENTIFY A SOLUTION DDS Ver - - - NTFS AMD Run by Owner at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Program Files x AVG AVG avgchsva exeC Program Files x AVG AVG avgrsa exeC Windows system lsm exeC Program Files x AVG AVG avgcsrva exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows system Ati evxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows system Ati evxx exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows SysWOW atashost exeC Program Files x AVG AVG avgwdsvc exeC Program Files x Canon IJPLM IJPLMSVC EXEC Program Files x Common Files Microsoft Shared VS Debug mdm exeC Windows System svchost exe -k HPZ C Program Files x O Micro Flash Memory Card Driver o flash exeC Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files x AVG AVG avgnsa exeC Windows system taskeng exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Program Files x Yahoo SoftwareUpdate YahooAUService exeC Program Files x Common Files Intuit Update Service IntuitUpdateService exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Synaptics SynTP SynTPEnh exeC Program Files Canon MyPrinter BJMYPRT EXEC Program Files x Yahoo Messenger YahooMessenger exeC Program Files x Common Files InstallShield UpdateService ISUSPM exeC Windows ehome ehtray exeC Program Files x Common Files Java Java Update jusched exeC Program Files x ATI Technologies ATI ACE Core-Static MOM exeC Program Files x HP HP Software Update hpwuSchd exeC Program Files x Camera Assistant Software for G... Read more

A:C:\Windows\system32\DRIVERS\usbfilter.sys

hi,Dont see any malware in the log. Are you having any signs of malware? You can download Malwarebytes to see if it can dig up anything. There is a website for USB problems that may help you.MBAM:Please download the free version of Malwarebytes to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform FULL SCAN, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click *Remove Selected.**A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txtPost the log in your reply.USB Man

http://www.bleepingcomputer.com/forums/t/352194/cwindowssystem32driversusbfiltersys/
Relevancy 82.46%

I know my computer is infected becasue when I try to click on a link I m redirected to another site and sometimes I get some weird popups I ran SUPERAntiSpyware and AVG and it just says I have C:\WINDOWS\system32\drivers\atapi.sys tracking ads but C:\WINDOWS\system32\drivers\atapi.sys nothing else but every so often I get a warning from AVG about C C:\WINDOWS\system32\drivers\atapi.sys WINDOWS system drivers atapi sys being infected but nothing happensThanks for your help DDS Ver - - - NTFSx Run by Administrator at on Thu Internet Explorer Microsoft Windows XP Professional GMT - AV Paladin Antivirus On-access scanning enabled Outdated e e b- e- - c-f c d b Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system S EvMon exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Program Files Common Files Microsoft Shared Ink KeyboardSurrogate exesvchost exesvchost exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system spoolsv exeC Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files AVG AVG avgfws exeC Program Files Bonjour mDNSResponder exeC WINDOWS System digtizer exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system RegSrvc exeC Program Files AVG AVG avgam exeC Program Files AVG AVG avgnsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system ZCfgSvc exeC WINDOWS SYSTEM WISPTIS EXEC WINDOWS System tabbtnu exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC WINDOWS system XConfig exeC Program Files Common Files Microsoft Shared Ink TCServer exeC WINDOWS AGRSMMSG exeC Program Files Fujitsu Utils fjevents exeC Program Files Fujitsu Utils FjDspMon exeC Program Files Fujitsu Utils FjMnuIco exeC Program Files Fujitsu Fujitsu Hotkey Utility IndicatorUty exeC Program Files Fujitsu BtnHnd BtnHnd exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC PROGRA AVG AVG avgtray exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system igfxext exeC Program Files Common Files Microsoft Shared Ink TabTip exeC Program Files AVG AVG Identity Protection agent bin avgidsmonitor exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files iTunes iTunes exeC Program Files Adobe Acrobat Reader AcroRd exeC WINDOWS system calc exeC Documents and Settings Administrator Local Settings Temporary Internet Files Content IE XUKRUP Defogger exeC Documents and Settings Administrator Local Settings Temporary Internet Files Content IE V GGL Z dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Connection Wizard ShellNext hxxp us fujitsu com computersBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat reader activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB CCC A -B CA- -B A - F DD - No FileuRun ctfmon exe c windows system ctfmon exeuRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exemRun TabletWizard c windows help SplshWrp exemRun TabletTip quot c program files common files microsoft shared ink tabtip exe quot resumemRun HotKeysCmds c windows system hkcmd exemRun AGRSMMSG AGRSMMSG exemRun lt NO NAME gt mRun FjEvents c program files fujitsu utils fjevents exemRun FjDspMon c program files fujitsu utils FjDspMon exemRun Fujitsu Menu c program files fujitsu utils FjMnuIco exemRun IndicatorUtility c p... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hi aweber422,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.************Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsDownload ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.You will get a warning about the not trusted download sites for ComboFix, click Yes.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/304114/cwindowssystem32driversatapisys/
Relevancy 82.46%

Hi Everyone I stupidly turned off my firewall while trying to serve on this computer It is a SuperMicro XP machine Service Pack Pentium R CPU GHz GHz GB RAM No CD Drive I bought an external one but the driver came on a little disk that the external CD drive won't read so C:\WINDOWS\system32\drivers\ntfs.sys I haven't been able to install it yet I have to download things I got this trojan and Time Warner Cable even called me to tell me my machine was being used as a zombie to send spam to other customers ESET NOD v identified C C:\WINDOWS\system32\drivers\ntfs.sys WINDOWS system drivers ntfs sys - a variant of Win Kryptik ABXas a C:\WINDOWS\system32\drivers\ntfs.sys file it couldn't clean I get dialup popup boxes saying connect to z-connect I close them and ESET then says attack blocked I configured my firewall with rules now to serve and block but I still can't get this thing off my machine Here is my Hijack this file I hope I'm posting in the right place Thank you in advance Best regards BALogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Files Apache Group Apache bin Apache exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files ESET ESET Smart Security ekrn exeC Program Files Java jre bin jqs exeC Program Files MySQL MySQL Server bin mysqld-nt exeC Program Files Apache Group Apache bin Apache exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files War-ftpd war-ftpd exeC Program Files RealVNC VNC WinVNC exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files ESET ESET Smart Security egui exeC WINDOWS system ctfmon exeC Documents and Settings Barbara Application Data Smilebox SmileboxTray exeC Program Files Linksys WUSB v Config Utility WUSB Cfg exeC Program Files Apache Group Apache bin ApacheMonitor exeC Program Files WinZip WZQKPICK EXEC Program Files War-ftpd WarTrayIcon exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Program Files Internet Explorer iexplore exeC WINDOWS explorer exeC WINDOWS system NOTEPAD EXEC PROGRA WINZIP winzip exeC Documents and Settings Barbara Desktop HijackThis exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - C Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D... Read more

A:C:\WINDOWS\system32\drivers\ntfs.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/256899/cwindowssystem32driversntfssys/
Relevancy 82.46%

Since this change i have been unable to access my external C:\windows\system32\drivers\etc\hosts hard drive AVG antivirus picks up that dir C windows system drivers etc hosts has changed but doesn't do anything about it was wondering if you could help Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS Explorer EXEC Program Files Google Common Google Updater GoogleUpdaterService exeC WINDOWS System alg exeC Program Files Grisoft AVG Anti-Spyware avgas exeC PROGRA Grisoft AVG avgcc C:\windows\system32\drivers\etc\hosts exeC Program Files Java jre bin jusched exeC Program Files Philips Sound Agent qvecplsk exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Google Google Updater GoogleUpdater exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - C Program Files FlashGet getflash dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run Sony Ericsson PC Suite quot C Program Files Sony Ericsson Mobile Application Launcher Application Launcher exe quot startoptionsO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run QveCtl Tray C Program Files Philips Sound Agent qvecplsk exeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'NETWORK SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'SYSTEM' O - HKUS DEFAULT Run AVG... Read more

A:C:\windows\system32\drivers\etc\hosts

Hello daisacre,It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. General system maintenance can change the Hosts file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correct to the file would have caused it to appear changed.Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.

http://www.bleepingcomputer.com/forums/t/110813/cwindowssystem32driversetchosts/
Relevancy 82.46%

My Antivirus is Avira Free this Someone C:\WINDOWS\system32\drivers\synsenddrv.sys. Im Can new help with me Avira Detected this over and over C Im new Can Someone help me with this C:\WINDOWS\system32\drivers\synsenddrv.sys. WINDOWS system drivers synsenddrv sys My Combo Fix Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir Desktop sched exe C Program Files Avira AntiVir Desktop avguard exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system ASTSRV EXE C Program Files Bonjour mDNSResponder exe C WINDOWS Explorer EXE C WINDOWS system inetsrv inetinfo exe C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C Program Files Sandboxie SbieSvc exe C WINDOWS system svchost exe C WINDOWS system ZuneBusEnum exe C WINDOWS SOUNDMAN EXE C Program Files Avira AntiVir Desktop avgnt exe C Program Files IObit IObit SmartDefrag IObit SmartDefrag exe C Program Files Creative Shared Files CamTray exe C WINDOWS system ctfmon exe C WINDOWS system wscntfy exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Winamp winamp exe C Program Files iPod bin iPodService exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www hatero tk R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO btorbit com - B - B - -B F -F B EFC - C Program Files Orbitdownloader orbitcth dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C PROGRA Yahoo Companion Installs cpn YTSingleInstance dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run avgnt quot C Program Files Avira AntiVir Desktop avgnt exe quot min O - HKLM Run SmartDefrag quot C Program Files IObit IObit SmartDefrag IObit SmartDefrag exe quot StartUp O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKCU Run Creative WebCam Tray quot C Program Files Creative Shared Files CamTray exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Startup OneNote Screen Clipper and Launcher lnk C Program Files Microsoft Office Office ONEN... Read more

http://www.techsupportforum.com/forums/f284/im-new-can-someone-help-me-with-this-c-windows-system32-drivers-synsenddrv-sys-444412.html
Relevancy 82.46%

This was posted under Operating Systems which works fine until I connect it to other computer Then I have WINDOWS\SYSTEM32\DRIVERS\(multiple).SYS this problem how do i go about this I m gonna RE-INSTALL XP again and see if we can do quot VIRTUAL TECH quot Thats where YOU become the teacher as long as I haven t already tried it or your just not sure here s what happened Desktop board EEA w chipset E running windows - I decided to install windows XP from my Dell So I took out GB harddrive from EEA WINDOWS\SYSTEM32\DRIVERS\(multiple).SYS other computer and installed Windows XP cd I did windows updates intel updates for the controller and desktop board but what i did was connect the EEA harddrive to me secondary master and did the updates and install before connecting it to EEA NOW I can t even get into safe mode sometimes I can do F and Bios Set Up I can do First a blue Intel Desktop Board screen and then it goes blank or safe mode and while Im in the safe mode options and chose safe mode or any other one windows system drivers and a couple dozen extensions scroll down the page I thought plug n play could bring up the internal basics for start up i ve formatted harddrive and re-installed XP a few times with different installs but same outcome I ve done windows updates Intel latest bios utility tools and even tried to force an extraction from winzip But nothin I m sure its the drivers or just the desktop board thats not right I d like to know how or if i even can reset board somehow and have plug and play pick out the drivers AND THEN manually download drivers I m thinking i installed the wrong drivers at first but then ran Intels updates So how do I go about this Fresh XP Install and have plug and play use internal drives reset jumpers take out unneccassary sound cards any help would be greatly appreciated nbsp

Relevancy 82.46%

Once I started my computer Pop-ups from AVAST said that C WINDOWS system drivers C:\WINDOWS\system32\drivers\atapi.sys atapi sys was infected I do not know how to remove or fix the problem Here's the DDS DDS Ver - - - NTFSx Run by HP Administrator C:\WINDOWS\system32\drivers\atapi.sys at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost C:\WINDOWS\system32\drivers\atapi.sys exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system RUNDLL EXE C Program Files Common Files Real Update OB realsched exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system spoolsv exe C Program Files Pando Networks Media Booster PMB exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files AIM aolsoftware exe C Program Files Common Files LightScribe LSSrvc exe C Program Files MySQL MySQL Server bin mysqld-nt exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Alwil Software Avast ashMaiSv exe C WINDOWS system wscntfy exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C Program Files Adobe Acrobat Reader AcroRd exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www daum net uInternet Connection Wizard ShellNext iexplore BHO d -ce - - - d d a e - c windows system awttSlmm dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB E BD F- B D- E- BE-BE DF D AE - No File TB A A -BACC- D - - A E E - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe uRun ctfmon exe c windows system ctfmon exe uRun PlayNC Launcher uRun Aim quot c program files aim aim exe quot d locale en-US ee aol imApp uRun Pando Media Booster c program files pando networks media booster PMB exe mRun avast c progra alwils avast ashDisp exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun TkBellExe quot c program files common files real update ob realsched exe quot -osboot mRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -start mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscript mRun ISUSPM Startup c progra common instal update isuspm exe -startup dRun ctfmon exe c windows system ctfmon exe IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube Video IE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htm IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREElle

http://www.bleepingcomputer.com/forums/t/280819/cwindowssystem32driversatapisys/
Relevancy 82.46%

Today I turned on my computer and a message from AVAST said that the file C Windows System Drivers szkimzl sys was infected So I pressed delete and I turned on my internet which was working fine the other day and it wouldn t work I thought it might have been firefox but I tried IE Chrome and Opera none of the worked I have three other computers which are all on the same modem and they all work fine Here s the DDS Log DDS Ver - - - NTFSx Run by HP Administrator at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Outdated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil C:\Windows\System32\Drivers\szkimzl.sys Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC PROGRA ALWILS Avast ashDisp exeC WINDOWS system RUNDLL EXEC Program Files Common Files C:\Windows\System32\Drivers\szkimzl.sys Real Update OB realsched exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS arservice exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Java jre bin jqs exeC Program Files Common Files LightScribe LSSrvc exeC Program Files MySQL MySQL Server bin mysqld-nt exesvchost exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system wscntfy exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system dllhost exeC Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www comcast net uInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyServer http BHO d -ce - - - d d a e - c windows system awttSlmm dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB E BD F- B D- E- BE-BE DF D AE - No FileTB A A -BACC- D - - A E E - No FileTB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe c windows system ctfmon exeuRun PlayNC Launcher uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exemRun avast c progra alwils avast ashDisp exemRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun TkBellExe quot c program files common files real update ob realsched exe quot -osbootmRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -startmRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottimemRun ISUSPM Startup c progra common instal update isuspm exe -startupdRun ctfmon exe c windows system ctfmon exedRun vmamyovr c windows system config systemprofile local settings application data jaahjq nnitsysguard exedRun ygua e yhuiesfha yfauy fe c windows temp ma xj exedPolicies-explorer NoFolderOptions x dPolicies-system DisableRegistryTools x IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube VideoIE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htmIE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dllIE B - CC- C -B BE- C C... Read more

A:C:\Windows\System32\Drivers\szkimzl.sys

Again, sorry but there isn't an option to add attachments.Here's the attach:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 6/27/2008 5:44:01 PMSystem Uptime: 1/13/2010 6:28:00 PM (1 hours ago)Motherboard: ASUSTek Computer INC. | | NODUSM3Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 224 GiB total, 162.984 GiB free.D: is RemovableE: is RemovableF: is RemovableG: is RemovableH: is FIXED (FAT32) - 9 GiB total, 0.535 GiB free.I: is CDROM ()J: is RemovableK: is CDROM (CDFS)L: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: TAP-Win32 Adapter V9Device ID: ROOT\NET\0000Manufacturer: TAP-Win32 Provider V9Name: TAP-Win32 Adapter V9PNP Device ID: ROOT\NET\0000Service: tap0901Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: TAP-Win32 Adapter V8Device ID: ROOT\NET\0001Manufacturer: TAP-Win32 ProviderName: TAP-Win32 Adapter V8PNP Device ID: ROOT\NET\0001Service: tap0801==== System Restore Points ===================No restore point in system.==== Installed Programs ======================????AAC DecoderAdobe Download ManagerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 7.0.5Adobe Shockwave PlayerAIM 6Apple Application SupportApple Mobile Device SupportApple Software UpdateAutoUpdateavast! AntivirusBonjourBufferChmCCleanerCollabCounter-StrikeCounter-Strike: SourceCP_AtenaShokunin1ConfigCP_CalendarTemplates1cp_LightScribeConfigcp_OnlineProjectsConfigCP_Package_Basic1CP_Package_Variety1CP_Package_Variety2CP_Package_Variety3CP_Panorama1Configcp_PosterPrintConfigcp_UpdateProjectsConfigCueTourCustomer Experience EnhancementData Fax SoftModem with SmartCPDaum ActiveX ??? - ??? ?????Daum ActiveX ??? - Daum ???? ????Daum ActiveX ??? - Daum?? ????DestinationsDeviceManagementQFolderDivX CodecDivX PlayerDivX Plus DirectShow FiltersDivX Version CheckerDivX Web PlayerDownload Updater (AOL LLC)Easy Internet Sign-upEnhanced Multimedia Keyboard SolutionFace of MankindFL Studio 8Free Audio CD Burner version 1.2FullDPAppQFolderFutureStream ClientGlassFish V2 UR1Google ChromeH.264 DecoderHeroes of NewerthHigh Definition Audio Driver Package - KB888111Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Player 10 (KB910393)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976098-v2)HP Boot OptimizerHP DigitalMedia ArchiveHP DVD Play 2.1HP Imaging Device Functions 7.0HP Photosmart for Media Center PCHP Photosmart Premier Software 6.5HP Software UpdateHP Web HelperHPPhotoSmartExpressHpSdpAppCoreAppIL Download ManagerInstantShareDevicesiTunesJava DB 10.4.1.3Java™ 6 Update 11Java™ 6 Update 12Java™ 6 Update 15Java™ SE Development Kit 6 Update 11Java™ SE Development Kit 6 Update 12LightScribe 1.4.105.1Malwarebytes' Anti-MalwareMapleStoryMicrosoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office Home and Student 2007 TrialMicrosoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Sp... Read more

http://www.bleepingcomputer.com/forums/t/286824/cwindowssystem32driversszkimzlsys/
Relevancy 82.46%

i've had this problem for quite a while now. when i start my computer, a window always pops up with this message on it, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." The "name" of the window says "C\WINDOWS\system32\drivers\ntndis.exe".

i dont know if this error has something to do with my problems like not being able to see the "folder options" on the "tools menu" and not being able to use the USB ports properly (i can't sync my ipod on my pc).

i havnt done anything yet for this prob.

i forget when i started to experience this but i think it has something to do with the spyware i got a long time ago.

hope you guys can help. thanks

A:C\windows\system32\ Drivers\ntndis.exe

Hi ewoks,This is often caused when you have removed this file - ntndis.exe - from your system and when Windows try to run it, it doesn't run. Thus, you get this error message. To do this, please follow the instruction carefully. Click Start > Run > type regedit and Click OK. Registry Editor should popup now and navigate to the following:HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RunOn the right panel, you should be able to see the following C\WINDOWS\system32\drivers\ntndis.exe under the column Data. Now look at the same row and under column Name, Right Click and select Delete.Note: If you do not see the value in your Registry, DO NOT attempt to delete any other value! If you do not feel comfortable with dealing with your Registry, please let me know so that I can suggest another fix.WARNING: As this is a registry edit you should backup the registry first. To do this, on the Registry Editor, under File, Click on Export and save it to a location.As for your "Folder Option" missing, you can try this fix from Kelly's Corner. Look for Restore Folder Options Under Tools - #129 on the left.WARNING: As this is a registry edit you should backup the registry first.Please let me know of any question you may have before trying the above fix.

http://www.bleepingcomputer.com/forums/t/99326/cwindowssystem32-driversntndisexe/
Relevancy 82.46%

Hi

I am unable to switch on the antivirus section of my PCGuard downloaded from Virgin Media. When I run the diagnostic it says the reason it fails is C:\WINDOWS\system32\drivers\klif.sys is not found, when I google this it says something about trojan viruses, is the case and what should I do next?

A:C:\WINDOWS\system32\drivers\klif.sys

klif.sys can be related to Kaspersky anti-virus - see here.Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Do you now or have you ever had a Kaspersky product installed on your system?

http://www.bleepingcomputer.com/forums/t/277214/cwindowssystem32driversklifsys/
Relevancy 82.46%

Hi friends,
Every time i start my pc it gives me an error that it cannot find this particular file. Can you please help me with it. I tried installing xp repair pro 2007 but it did not help. Also i m not a pro at using the computer so please explain me in simple terms what all i need to do to get rid of it. Any help will be appreciated.
 

Relevancy 82.46%

when i try to install windows service pack 4 it says that
c:\windows\system32\drivers\atapi.sys is open or in use by another application
 

A:c:\windows\system32\drivers\atapi.sys

Found this on google.
do you have a cd-emulator (like daemon-tools) installed ?
I needed to uninstall it to get sp1 running.
 

https://forums.techguy.org/threads/c-windows-system32-drivers-atapi-sys.337823/
Relevancy 82.46%

I'm having various problems with both XP and Vista PC's but the XP problem is more urgent I have not been able to view some websites C:windows\system32\drivers\etc\hosts correctly Whether this 'thing' that AVG has picked up is anything to do with it I obviously haven't a clue The PC is running very slow and IE keeps closing When I go to some webites C:windows\system32\drivers\etc\hosts I am getting the page 'Internet Explorer cannot displaythe web page' or I can get to the first page but cannot view the category pictures - there is a small box with a red cross I hope I've explained this in enough detail It's doin' mi 'ead in Thanks in anticipation Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system lxddcoms exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system svchost exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Common Files Real Update OB realsched exeC Program Files Java jre bin jusched exeC Program Files Google Gmail Notifier gnotify exeC PROGRA Grisoft AVG avgcc exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files NETGEAR WG v WG v exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Kontiki KHost exeC Program Files Kontiki KService exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www tiscali co ukR - HKCU Software Microsoft Internet Explorer Main Start Page http www bbc co uk gardening R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http uk red clientapps yahoo com customi fo bt side htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http search aol co uk web isinit true amp query sR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO no name - B- FF- DD - -F BEDE EB - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Notifier BHO - AF DE - D - ... Read more

A:C:windows\system32\drivers\etc\hosts

Hello Dand-e-lionApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.NextPlease do an online scan with Kaspersky WebScannerClick on Accept ButtonYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:Save the file to your desktop.Copy and paste that information in your next post.

http://www.bleepingcomputer.com/forums/t/132743/cwindowssystem32driversetchosts/
Relevancy 81.53%

My laptop is running fine as far I can tell, but I was looking at the results that 'autoruns' was showing and came across:

c:\windows\system32\drivers\truesight.sys

Looking on Google there seems to be a lot of talk about a trojan.

One reply said that it was part of 'Roguekiller', which I use.

Any ideas?

A:Autoruns: c:\windows\system32\drivers\truesight.sys

You could submit the file to Virus Total to see what comes up.

https://www.virustotal.com/

Have you scanned with any other scanners such as AdwCleaner or MBAM?

I've seen Roguekiller flagged several times by a couple AV's, if this is a false positive or not, I can't say. I have used Roguekiller in the past also.

http://www.eightforums.com/system-security/54439-autoruns-c-windows-system32-drivers-truesight-sys.html
Relevancy 81.53%

Hello I have in rootkit C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys been receiving help from rootkit in C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys boopme in the am i infected forum They have had me run a number of scans and found a rootkit in C WINDOWS system drivers gasfkybavmluoy sys They sent me here for futher assistance The most noticeable problem I have been having is google search result links either leading to an quot internet explorer could not open this page quot the web address has a lot of numbers and capital letters in it or taking me to ad sites At the very beginning of my problem I received alerts - times that my computer was infected and it showed that my drives and documents were all infected There was a pop up box with a program it told me to run to clean it which I didn't do DDS Ver - - - NTFSx Run by Michelle at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV Trend Micro Internet Security On-access scanning enabled Updated D BC- CC- - E- E AF FW Trend Micro Personal Firewall enabled E E E- A D- -A F - EC F EB Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C Program Files Trend Micro BM TMBMSRV exe C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Microsoft SQL Server MSSQL VAIO VEDB Binn sqlservr exe C Program Files Apoint Apoint exe C WINDOWS RTHDCPL EXE C Program Files Java jre bin jusched exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Sony ISB Utility ISBMgr exe C Program Files Sony VAIO Update VAIOUpdt exe C Program Files Apoint Apntex exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system nvsvc exe C Program Files Sony VAIO Zone Remote Commander AvRmtCtr exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe C Program Files Trend Micro Internet Security UfSeAgnt exe C Program Files Trend Micro Internet Security SfCtlCom exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system ctfmon exe C Program Files Trend Micro Internet Security TmPfw exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Trend Micro Internet Security TmProxy exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Microsoft Office Office ONENOTEM EXE C Program Files Sony VAIO Event Service VESMgr exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files Sony Shared VAIO Entertainment VzRs VzRs exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office Office WINWORD EXE C Documents and Settings Michelle Desktop dds scr Pseudo HJT Report uStart Page hxxp www weather com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uS... Read more

A:rootkit in C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys

Hello Let's run Mbam and Combofix.Malwarebytes' Anti-MalwareDownload Malwarebytes' Anti-Malware here and save to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-MalwareThen click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtOr via the Logs tab when Malwarebytes' Anti-Malware is started.Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running.ComboFix will restart your computer if malware is found; allow it to do so.Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Please post Mbam results and Combofix log back here

http://www.bleepingcomputer.com/forums/t/262668/rootkit-in-cwindowssystem32driversgasfkybavmluoysys/
Relevancy 81.53%

Hi

A friend of mine came over yesterday and solved the problem. So no help needed anyway. Sorry for the inconvenience.

I tried to delete the post (I really weren't all too happy with all the info on my computer laying around there for anybody to see; I guess it can't be abused, but since I'm a real newbie, I don't feel really too certain about that), but I couldn't. However, I could edit it, which is what I did.

Thanks, guys!
 

https://forums.techguy.org/threads/c-windows-system32-drivers-dnsfilter-sys-how-to-remove.855053/
Relevancy 81.53%

Hello HJT Team This is my first time posting I have had problems with my computer for "changed" C:\windows\system32\drivers\etc\hosts a while and I just do not know how to fix it I am ready to do anything and everthing C:\windows\system32\drivers\etc\hosts "changed" to get it running at optimum performance I am running windows XP and below is my HJT log I do not know what other info you may need but hopefully this is enough to get started When I run AVG it finds C WINDOWS system drivers etc hosts and says that it was changed and it does not find anything else Also the control center will not open Any other scans that I do get interrupted during the middle of the scan and I do not know why There are a lot of other little things that I notice as well Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeH Program Files aawservice exeC WINDOWS system spoolsv exeH Program Files AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system svchost exeC WINDOWS System alg exeC WINDOWS Explorer EXEC WINDOWS Mixer exeH Program Files ZoneAlarm zlclient exeC WINDOWS system ctfmon exeH Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system wscntfy exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system wbem wmiprvse exeH Security HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp def search ie htmlR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride F - REG system ini Shell F - REG win ini run F - REG system ini UserInit userinit exeO - BHO no name - - no file O - BHO no name - rsion - no file O - BHO no name - X - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - H PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO ZoneAlarm Spy Blocker BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLLO - BHO no name - - no file O - BHO no name - gt - no file O - Toolbar ZoneAlarm Spy Blocker - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLLO - HKLM Run QuickTime Task quot C Program Files QuickTime bak qttask exe quot -atboottimeO - HKLM Run C-Media Mixer Mixer exe startupO - HKLM Run ZoneAlarm Client quot H Program Files ZoneAlarm zlclient exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM RunServices winlog winlog exeO - HKCU Run Uniblue RegistryBooster H Program Files RegistryBooster RegistryBooster exe SO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run SpybotSD TeaTimer H Program Files Spybot - Search amp Destroy TeaTimer exeO - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'NETWO... Read more

A:C:\windows\system32\drivers\etc\hosts "changed"

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

http://www.bleepingcomputer.com/forums/t/134020/cwindowssystem32driversetchosts-changed/
Relevancy 81.53%

I am in need of help with this as well this is my lof after the combofix runComboFix - - C - Gregg - - - NTFSx Running from C Documents and Settings Gregg Desktop ComboFix exe Other Deletions C WINDOWS system drivers core cache dsk failed to delete Files Created from - - to - - C:\windows\system32\drivers\core.cache.dsk - - - - --a------ C WINDOWS SYSTEM DRIVERS BB B C-E C - F- CC-A D C cxv - - - - --a------ C cmldr - - - - --a------ C Boot bak - - - - --a------ C WINDOWS SYSTEM DRIVERS DDBAC-B - - F - DF C cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS B D - AA- CE-BF - FEE AEE cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS A CA A- - B B-B - EB B cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS EA B - E - E E- F- C CA cxv - - - - --a------ C WINDOWS SYSTEM DRIVERS EA D C-B C:\windows\system32\drivers\core.cache.dsk B- B C-B CE-D FBD A cxv - - - - --a------ C WINDOWS C:\windows\system32\drivers\core.cache.dsk SYSTEM DRIVERS FFCC - CC- C- CE- EBBFF B cxv - - - - lt DIR gt d-------- C Program Files PC Optimizer - - - - --a------ C WINDOWS SYSTEM DRIVERS EF- - FA -A D- AF B C cxv - - - - lt DIR gt d-------- C Program Files STOPzilla - - - - lt DIR gt d-------- C Program Files Common Files iS - - - - --a------ C WINDOWS SYSTEM DLLCACHE dosapp fon - - - - lt DIR gt d-------- C Program Files CCleaner - - - - --a------ C WINDOWS Nircmd exe - - - - --a------ C WINDOWS BM b f xml - - - - --a------ C WINDOWS pskt ini - - - - --------- C WINDOWS SYSTEM DRIVERS core cache dsk - - - - lt DIR gt d-------- C WINDOWS SYSTEM winzs - - - - lt DIR gt d-------- C WINDOWS SYSTEM nui - - - - lt DIR gt d-------- C WINDOWS SYSTEM extz - - - - lt DIR gt d-------- C WINDOWS SYSTEM comm - - - - --a------ C WINDOWS SYSTEM DRIVERS SymIDSCoo sys - - - - lt DIR gt d-------- C WINDOWS SYSTEM nGpxx - - - - lt DIR gt d-------- C Program Files Microsoft Silverlight - - - - lt DIR gt d-------- C Program Files iTunes - - - - lt DIR gt d-------- C Program Files XoftSpySE - - - - lt DIR gt d-------- C Program Files QuickTime - - - - lt DIR gt d-------- C WINDOWS SYSTEM edcA - - - - --a------ C WINDOWS SYSTEM QuickTimeVR qtx - - - - --a------ C WINDOWS SYSTEM QuickTime qts - - - - --a------ C WINDOWS SYSTEM DRIVERS pdiddcci sys - - - - --a------ C WINDOWS SYSTEM DRIVERS PdiPorts sys - - - - lt DIR gt d-------- C Program Files Portrait Displays - - - - lt DIR gt d-------- C Program Files Common Files Portrait Displays - - - - lt DIR gt d-------- C Program Files Nvu Find M Report - - --------- d-----w C Program Files Citrix - - --------- d--h--w C Program Files InstallShield Installation Information - - --------- d-----w C Program Files NetWaiting - - --------- d-----w C Program Files Yahoo - - --------- d-----w C Program Files iPod - - --------- d-----w C Program Files DivX - - ------w C WINDOWS system drivers cdralw k sys - - ------w C WINDOWS system drivers cdr xp sys - - ------w C WINDOWS system drivers pxhelp sys - - ----a-w C install dat snapshot - - - - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT- - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat- - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT- - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat- - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT - - ----a-w C WINDOWS erdnt Hiv-backup Users NTUSER DAT- - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat - - ----a-w C WINDOWS erdnt Hiv-backup Users UsrClass dat Reg Loading Points Note empty entries amp legit default entries are not shown REGEDIT HKEY LOCAL MACHINE Browser Helper Objects F C -C - - - A E HKEY LOCAL MACHINE Browser Helper Objects F D DB-AFB - BCC- FBC- FFAC BF HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run ... Read more

A:C:\windows\system32\drivers\core.cache.dsk

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

http://www.bleepingcomputer.com/forums/t/128019/cwindowssystem32driverscorecachedsk/
Relevancy 81.53%

Hello all I have a couple questions I'm hoping someone might be able to help identify what these detections might be First off my info dell dimension XPS Model DXP Windows Vista Home Premium SP Intel Core Quad CPU Q GHz GHz GB RAM C:\Windows\System32\Drivers\splf.sys Questions regarding: I run a very clean PC running Questions regarding: C:\Windows\System32\Drivers\splf.sys regular scheduled scans with Questions regarding: C:\Windows\System32\Drivers\splf.sys AVG Antivirus and I also run Microsoft Security Essentials with active real-time protection automatically updating I keep Spybot S amp D and Malwarebytes current and run regular scans with both Tonite I opened AVG Antivirus and started going through the scan detections from Scheduled Scans from previous weeks When I got to the detections from October I noticed an anomaly Scheduled Scan Infections Scheduled Scan Infections Scheduled Scan Infections Scheduled Scan Infections Scheduled Scan Questions regarding: C:\Windows\System32\Drivers\splf.sys Infections All of these were classified Medium Security risks by AVG Antivirus Every single one of these detections were identified in AVG by Anti-Rootkit and all point to object C Windows System Drivers splf sys The threat names vary widely Below are some examples atapi sys hooked import ataport SYS AtaPortWritePortUchar - gt splf sys x D C Windows System Drivers splf sys Infected IRP hook Driver volmgr IRP MJ INTERNAL DEVICE CONTROL - gt splf sys x CD C Windows System Drivers splf sys Infected IRP hook FileSystem Ntfs IRP MJ QUERY INFORMATION - gt splf sys x C C Windows System Drivers splf sys Infected IRP hook FileSystem Ntfs IRP MJ DIRECTORY CONTROL - gt splf sys x C C Windows System Drivers splf sys Infected This is the only detection anomaly I've ever documented in two years of weekly logs Nothing has been detected by AVG since this anomaly back in October NONE of the detections were removed by AVG All were categorized as Not removed These detections simply ceased after the scan on They have not come back since My questions Why would all detections be involving object name C Windows System Drivers splf sys Could this have been an organized attack or attempt Thanks in advance -ChriS

A:Questions regarding: C:\Windows\System32\Drivers\splf.sys

Hello,
 
Do you have Daemon Tools installed. The file is a part of the emulation driver used by Daemon Tools and it is harmless.
 
 
Regards,
Georgi

http://www.bleepingcomputer.com/forums/t/535992/questions-regarding-cwindowssystem32driverssplfsys/
Relevancy 81.53%

When I try to scan for spyware or virus I get the warning that the program cannot open C:\WINDOWS\system32\drivers\sptd.sys. Is this normal for this file? Is a virus preventing this file from being scan? My PC is not showing any signs of being infected. Running XP.
 

Relevancy 81.53%

Hi, I keep receiving the error c:\windows\system32\drivers\conime.exe when I start up my computer. It tells me it cannot find the file.
 

Relevancy 81.53%

hey there I have this real bad problem on my computer which is making it run extra ordinarily slow Whenever I start the computer I get the error it says there is a problem with quot C Windows system drivers NTNDIS exe Also I've got some adware popping up with the name OuterInfo error please!! Need with C:\Windows\system32\drivers\NTNDIS.exe help and whenever it comes up my Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! computer gives me a SERVER BUSY error These problems started occurring at the same time so I think they are related Below I have listed my HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Analog Devices SoundMAX Smax exe C WINDOWS AGRSMMSG exe C Program Files Apoint K Apoint exe C Program Files hpq HP Wireless Assistant HP Wireless Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! Assistant exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C Program Files QuickTime qttask exe C WINDOWS system hkcmd exe C Program Files iTunes iTunesHelper exe C WINDOWS system igfxtray exe C WINDOWS system svchost exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Apoint K Apoint exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C WINDOWS system rundll exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C WINDOWS mrofinu exe C Program Files iTunes iTunesHelper exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Yahoo Messenger YahooMessenger exe C WINDOWS system ctfmon exe C WINDOWS mrofinu exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Nokia Nokia PC Suite PcSync exe C Documents and Settings SpaNkiE Application Data icrosoft r ndll exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Nokia Nokia PC Suite PcSync exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Apoint K Apntex exe C PROGRA COMMON Nokia MPAPI MPAPI s exe C Program Files iPod bin iPodService exe C Program Files Common Files PCSuite Services ServiceLayer exe C Program Files HPQ Shared hpqwmi exe C Program Files Internet Explorer iexplore exe C WINDOWS System Rundll exe C Program Files Java jre bin jucheck exe C Program Files Internet Explorer iexplore exe C Program Files MSN Messenger usnsvc exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe C WINDOWS APPATC wuauboot exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Pag... Read more

A:Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!!

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/forums/f284/need-help-with-c-windows-system32-drivers-ntndis-exe-error-please-214163.html
Relevancy 81.53%

I have an old Dell Dimension DIMC desktop running Windows XP with service pack Recently my brother was using the computer and accidentally opened up a bunch of instances of the same game It was going really slow so he tried to turn off the computer normally but he eventually just held the power button down to turn it Windows Corrupt or Missing System32\DRIVERS\pci.sys XP off When he tried turning it back on he got a blue screen with the error Stop c a Fatal Windows XP System32\DRIVERS\pci.sys Missing or Corrupt System Error The Session manager initialization system process terminated unexpectedly with a status of xc c The system has been shut down The numbers in parenthesis may have been a little different After looking around on the internet he decided to try the recovery console using the XP installation disk He did a chkdisk r on the c drive and then restarted the computer This time we got a different error Windows could not start because the following file is missing or corrupt System DRIVERS pci sys You can Windows XP System32\DRIVERS\pci.sys Missing or Corrupt attempt to repair this file by starting Windows Setup using the original Setup CD-ROM Select r at the first screen to start repair After looking around some more he found out you could copy this file using copy c windows ServicePackFiles i pci sys c windows system drivers or copy c windows system dllcache pci sys c windows system drivers But when we tried these we got the message quot Access denied quot We also tried something like expand lt CD-ROM DRIVE gt i system drivers pci sy c WINDOWS system drivers to which we got the same message We then tried set AllowAllPaths true to which we got the message The SET command is currently disabled The SET command is only an option Recovery Console command that can only be enabled by using the the Security Configuration and Analysis snap-in So now we don t really know what to do We can t start the computer in any of the safe modes We ve run chkdisk r and p a couple of times but it s still giving us that same error I ve seen that the problem might be related to the hardware drivers If anyone knows how to fix this please let me know Thanks nbsp

Relevancy 81.53%

Hey guys I am having the following problem Whenever I start up my computer I get an error message before my wallpaper is displayed that says There is no disk in the drive Please insert disk into drive Device Harddisk DR I usually Help With Need Please! C:\windows\system32\drivers\ntndis.exe Error click on cancel or continue and then three other pop ups follow saying the same exact thing except they say Device Harddisk DR Device Harddisk DR and then Device Harddisk DR After I click continue or cancel on each of them my computer finally starts and says there is a problem with quot C Windows system drivers NTNDIS exe Below I have listed my HijackThis Log I would post my rootkit revealer but it says it is way too large to post Thanks Logfile of HijackThis v Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS Need Help With C:\windows\system32\drivers\ntndis.exe Error Please! system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS Explorer exeC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC Program Files Hewlett-Packard HP Boot Optimizer HPBootOp exeC Program Files HP HP Software Update HPwuSchd exeC Program Files Common Files AOL ee AOLSoftware Need Help With C:\windows\system32\drivers\ntndis.exe Error Please! exeC Program Files AOL Active Security Monitor ASMonitor exeC HP KBD KBD EXEC Program Files QuickTime qttask exeC Program Files Java jre bin jusched exeC Program Files Windows Defender MSASCui exeC SRNMIC SOLOSENT EXEC Program Files Winamp winampa exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS NCLAUNCH EXeC Program Files America Online waol exeC Program Files Common Files AOL ACS AOLAcsd exeC Program Files Common Files AOL TopSpeed aoltsmon exeC WINDOWS arservice exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS eHome ehmsas exeC WINDOWS system dllhost exeC Program Files Internet Explorer iexplore exeC Program Files America Online shellmon exeC Program Files AIM aim exeC Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exeC Program Files Need Help With C:\windows\system32\drivers\ntndis.exe Error Please! Adobe Photoshop Photoshop exeC Program Files Uniblue RegistryBooster RegistryBooster exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo comR - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Yahoo R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dllO - BHO no name - - F - ... Read more

A:Need Help With C:\windows\system32\drivers\ntndis.exe Error Please!

Hello and welcome to the forum

I would like to take a look at this log for you and will get back to you as soon as I can.

Thank You.

http://www.bleepingcomputer.com/forums/t/95365/need-help-with-cwindowssystem32driversntndisexe-error-please/
Relevancy 81.53%

Hello I can't seem to remove a Root Kit agent called quot C WINDOWS drivers system str sys C:/WINDOWS/drivers/system32/str.sys HELP! Rootkit.Agent quot sucessfully Malwarebytes keeps just telling me re-start my computer after the scan I have three times and each time I do another scan to make sure it's gone it still comes up This is the family computer and it's HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys used to check multiple bank accounts and whatnot so I need this to be removed A S A P Any help to remove this would be greatly apperciated Here's my HijackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Digital Media Reader readericon G exe C Program Files Canon MyPrinter BJMyPrt exe C Program Files ScanSoft OmniPageSE OpwareSE exe C Program Files iTunes iTunesHelper exe C WINDOWS RTHDCPL EXE C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files TomTom HOME HOMERunner exe C Program Files Kodak Kodak EasyShare software bin EasyShare exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system bgsvcgen exe C Program Files Java jre bin jqs exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system svchost exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C Program Files iTunes iTunes exe C Program Files Malwarebytes' Anti-Malware mbam exe C Program Files Internet Explorer iexplore exe c WINDOWS Microsoft NET Framework v Windows Communication Foundation infocard exe C Program Files trend micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www roadrunner com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run readericon quot C Program Files Digital Media Reader readericon G exe quot O - HKLM Run Recguard quot C WINDOWS SMINST RECGUARD EXE quot O - HKLM Run CanonMyPrinter quot C Program Files Canon MyPrinter BJMyPrt exe quot logon O - HKLM Run SSBkgdUpdate quot C Program Files Common Files Scansoft Shared SSBkgdUpdate SSBkgdupdate exe quot -Embedding -boot O - HKLM Run OpwareSE quot C Program Files ScanSoft OmniPageSE OpwareSE exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files Malwarebytes' Anti-Malware mbam exe quot runcleanupscript O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run RTHDCPL quot RTHDCPL EXE quot O - HKLM Run Alcmtr quot ALCMTR EXE quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon ex... Read more

A:HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

http://www.techsupportforum.com/forums/f284/help-rootkit-agent-c-windows-drivers-system32-str-sys-425522.html
Relevancy 81.53%

Hey guys I am having the following problem Whenever I start up with Need help please!! error C:\Windows\system32\drivers\NTNDIS.exe my computer I get an Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! error Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! message before my wallpaper is displayed that says There is no disk in the drive Please insert disk into drive Device Harddisk DR I usually click on cancel or continue and then three other pop Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!! ups follow saying the same exact thing except they say Device Harddisk DR Device Harddisk DR and then Device Harddisk DR After I click continue or cancel on each of them my computer finally starts and says there is a problem with quot C Windows system drivers NTNDIS exe Below I have listed my HijackThis Log I would post my rootkit revealer but it says it is way too large to post Thanks Logfile of HijackThis v Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS Explorer exe C WINDOWS ehome ehtray exe C WINDOWS RTHDCPL EXE C Program Files Hewlett-Packard HP Boot Optimizer HPBootOp exe C Program Files HP HP Software Update HPwuSchd exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files AOL Active Security Monitor ASMonitor exe C HP KBD KBD EXE C Program Files QuickTime qttask exe C Program Files Java jre bin jusched exe C Program Files Windows Defender MSASCui exe C SRNMIC SOLOSENT EXE C Program Files Winamp winampa exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS NCLAUNCH EXe C Program Files America Online waol exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C WINDOWS arservice exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS eHome ehmsas exe C WINDOWS system dllhost exe C Program Files Internet Explorer iexplore exe C Program Files America Online shellmon exe C Program Files AIM aim exe C Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exe C Program Files Adobe Photoshop Photoshop exe C Program Files Uniblue RegistryBooster RegistryBooster exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Yahoo R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Sea... Read more

A:Need help with C:\Windows\system32\drivers\NTNDIS.exe error please!!

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)


---------------


1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Open notepad and copy/paste the text in the quotebox below into it:


Code:
File::
C:\WINDOWS\system32\drivers\ntndis.exe
C:\WINDOWS\system32\drivers\ntndis.sys:

Drivers::
ntndis
Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

http://www.techsupportforum.com/forums/f100/need-help-with-c-windows-system32-drivers-ntndis-exe-error-please-161362.html
Relevancy 81.53%

This ATAPI.SYS infection seems to have installed on my PC. So far I'm not having too many problems on Windows 7 32 bit apart from AVG Free popping up and telling me that it detected an infection. I want to get rid of it though. I googled the problem and read that it could be removed with ComboFix. I ran it twice and AVG still sees the file. I read afterwards that I shouldn't have ran the file myself.....I want to post the log file of ComboFix's first scan, but unfortunately the second one overwrote it...Here's the second one: http://rapidshare.com/files/348612046/ComboFix.txt.htmlAnyone have any ideas on what I could do to get this cleaned up?

A:Windows/system32/drivers/atapi.sys problem

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/294645/windowssystem32driversatapisys-problem/
Relevancy 81.53%

My aunt C:\windows\system32\drivers\wzeeitx.sys a Is virus, this believes there is a virus on her computer Microsoft security essentials periodically states to delete Is this a virus, C:\windows\system32\drivers\wzeeitx.sys quot C windows system drivers wzeeitx sys quot but when I try to it says quot cannot locate source file or disk quot I tried to delete it in command prompt but then it says quot a device attached is not functioning quot Whatever help would be greatly appreciated Thank youHere is the hijack this logLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exec Program Files Microsoft Security Essentials MsMpEng exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Analog Devices Core smax pnp exeC Program Files Windows Defender MSASCui exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files Zune ZuneLauncher exeC Program Files Microsoft Security Essentials msseces exeC WINDOWS system ctfmon exeC WINDOWS System spool DRIVERS W X E FATIFCA EXEC Program Files LTCM Client ltcmScheduler exeC Program Files Java jre bin jqs exeC WINDOWS system svchost exec WINDOWS system ZuneBusEnum exeC Program Files Internet Explorer iexplore exeC Program Files Uniblue RegistryBooster registrybooster exeC Program Files Internet Explorer iexplore exeC Documents and Settings Owner KIRA Desktop HijackThis exe

A:Is this a virus, C:\windows\system32\drivers\wzeeitx.sys

bump===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Elise - forum moderator

http://www.bleepingcomputer.com/forums/t/295491/is-this-a-virus-cwindowssystem32driverswzeeitxsys/
Relevancy 81.53%

ComboFix - - - Kristin - x Microsoft Windows XP Home Edition GMT - Running from c documents and settings Kristin Desktop ComboFix exeAV AVG Anti-Virus Free On-access scanning enabled infected c:\windows\system32\drivers\cdrom.sys Updated DDD - FF- F- c:\windows\system32\drivers\cdrom.sys infected E B- D D BF Other Deletions c documents and settings Kristin Application Data Dealioc documents and settings Kristin Application Data Dealio res widgets xmlc documents and settings Kristin Application Data Dealio temp http www dealio com rss coupons-deals dotd xmlc documents and settings Kristin Application Data FunWebProductsc documents and settings Kristin Application Data FunWebProducts Data Kristin avatar datc documents and settings Kristin Application Data FunWebProducts Data Kristin outfit datc documents and settings Kristin Application Data FunWebProducts Data Kristin register datc documents and settings Kristin Application Data FunWebProducts Data Kristin zbucks datc documents and settings Kristin Application Data FunWebProducts Data Kristin zevents datc documents and settings Kristin oashdihasidhasuidhiasdhiashdiuasdhasdc documents and settings Kristin proxy portc documents and settings Kristin Recent Thumbs dbc documents and settings kristin wuaucldt exeC mtwb datc progra MYWEBS bar bin mwsoemon exec program files Dealio Toolbarc program files Dealio Toolbar IE config inic program files Dealio Toolbar IE dealioToolbarIE dllc program files Dealio Toolbar Res amazon gifc program files Dealio Toolbar Res apple gifc program files Dealio Toolbar Res barnes gifc program files Dealio Toolbar Res bestbuy gifc program files Dealio Toolbar Res dealio logo gifc program files Dealio Toolbar Res dealio logo hover gifc program files Dealio Toolbar Res ebay gifc program files Dealio Toolbar Res icon settings gifc program files Dealio Toolbar Res macys gifc program files Dealio Toolbar Res newegg gifc program files Dealio Toolbar Res overstock gifc program files Dealio Toolbar Res search-button-hover gifc program files Dealio Toolbar Res search-button gifc program files Dealio Toolbar Res search-chevron-hover gifc program files Dealio Toolbar Res search-chevron gifc program files Dealio Toolbar Res search amazon gifc program files Dealio Toolbar Res search dealio gifc program files Dealio Toolbar Res search ebay gifc program files Dealio Toolbar Res search yahoo gifc program files Dealio Toolbar Res target gifc program files Dealio Toolbar Res walmart gifc program files Dealio Toolbar Res widgets xmlc program files Dealio Toolbar SearchSettings dllc program files Dealio Toolbar SearchSettings exec program files Dealio Toolbar SearchSettingsRes dllc program files Dealio Toolbar sscfg inic program files Dealio Toolbar WidgiHelper exec program files Error Repair Professionalc program files FunWebProductsc program files FunWebProducts Shared Cache SmileyCentralBtn htmlc program files MyWebSearchc program files MyWebSearch bar bin chrome M FFXTBR JARc program files MyWebSearch bar bin CHROME MANIFESTc program files MyWebSearch bar bin chrome M FFXTBR JARc program files MyWebSearch bar bin F BKGERR JPGc program files MyWebSearch bar bin F CJpeg dllc program files MyWebSearch bar bin F DTactl dllc program files MyWebSearch bar bin F HISTSW DLLc program files MyWebSearch bar bin F HKSTUB DLLc program files MyWebSearch bar bin F HTMLMU DLLc program files MyWebSearch bar bin F HTtpct dllc program files MyWebSearch bar bin F IMSTUB DLLc program files MyWebSearch bar bin F POPSWT DLLc program files MyWebSearch bar bin F PSSAVR SCRc program files MyWebSearch bar bin F REGHK DLLc program files MyWebSearch bar bin F REPROX DLLc program files MyWebSearch bar bin F RESTUB DLLc program files MyWebSearch bar bin F SCHMON EXEc program files MyWebSearch bar bin F SCrctr dllc program files MyWebSearch bar bin F SPACER WMVc program files MyWebSearch bar bin F WALLPP DATc program files MyWebSearch bar bin F WPHOOK DLLc progr... Read more

A:c:\windows\system32\drivers\cdrom.sys infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/330280/cwindowssystem32driverscdromsys-infected/
Relevancy 81.53%

I recently ran an AVG test and got :

"";"C:\Windows\system32\DRIVERS\cdrom.sys";"Trojan horse Crypt.ANVH";"Object is white-listed (critical/system file that should not be removed)"

As my one and only problem.
It is white listed and is supposed to be crucial to operation.

Am I being trolled?

Edit : Also, my machine often has 100% CPU spikes for long periods of time and then goes down for a while only to start up again. I checked my Task Manager's processes as well as used Process Explorer to try to find a culprit, but no process shows up. can this virus be the root of the 100% CPU spikes?
 

https://forums.techguy.org/threads/c-windows-system32-drivers-cdrom-sys-trojan.1038176/
Relevancy 81.53%

I have a new laptop Lenovo running Windows and have set up a WAMP server for website development I need to modify my Host file to set up a Virtual Host I have always used Windows OS but not very knowledgeable about tech stuff beyond what I need to know for website development The problem I have is that my C Windows System Drivers etc folder is not there I started out by having problems setting up an Administrator account I tried to run lusrmgr msc and no luck On my Computer Management screen the Users and Groups folders were missing from Local Users C:\Windows\System32\Drivers\etc Folder Missing and Groups I thought maybe the Lenovo installed version of Windows was not full featured so I paid to upgrade to Windows Pro After the upgrade I was able to access the administrator account and the Users and Groups folders were visible But my C Windows System Drivers etc folder is still missing I had noticed it was missing before I upgraded to Windows Pro so I don't think that had anything to do with it Any ideas I have been stuck on this for days

A:Missing Folder C:\Windows\System32\Drivers\etc

This is a long shot, a straw-grasp on my part: have you tried booting rescue DVD or USB stick and running Startup Repair? I'm hoping it would sniff out that the Drivers directory is missing and reinstate it. I'm sure you have already clicked un-hide folders & files from within Folder Options.
Tweaking.com's Windows Repair (All in One), accept default clicks, add items #26 & 27 -- might be your first and best bet.
And, you're not using any 3rd party DriversUpdateManager, correct?
Before doing much more than the above: please make sure you have restorable image backups just in case.

http://www.eightforums.com/general-support/63679-missing-folder-c-windows-system32-drivers-etc.html
Relevancy 81.53%

I have a problem with a popup error that says it cannot locate the "c:windows\system32\drivers\detect.htm. Make sure the path or internet address is correct."

I have scanned with Spyware Doctor (full version) and it does not find anything. I installed AdAware (free version) and it did not find anything, so I removed it from my PC. Attached is a copy of my HJT logfile. Any ideas what malware is on my PC and what I can do to get my processor speed and memory back?

Thanks for your assistance.

Seriously. Thank you.
 

A:C:\WINDOWS\system32\drivers\detect.htm problem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:17 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\nnnopPgh.dll (file missing)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {CDC73B2F-23C4-42C5-83EA-91E8AA34087B} - C:\WINDOWS\system32\vtUnMDUO.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: targetedbanner browser optimizer - {e8b80c32-8b21-a6cf-0a9c-90fe265f485a} - C:\WINDOWS\system32\{f7d73437-8858-ecb0-c6d5-65a8bdc8052d}.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Pr... Read more

https://forums.techguy.org/threads/c-windows-system32-drivers-detect-htm-problem.724056/
Relevancy 81.53%

Hello everyone my girlfriend started complaining yesterday that her computer was running extremely slow so i remoted in to clean it up a little bit and see what i could do I went to missing completely windows/system32/drivers run hijackthis and to my suprise it came back and said it would not be able to give me a accurate scan because it couldnt access the host file so i started browising to the location only to find out that it doesnt even have a drivers fold under system let alone ETC hosts file The computer is windows bit I have full adminstrator privelages windows/system32/drivers completely missing I tried to make a drivers fold but it started telling me i didnt have access I ran an extensive scan with MBAM and avast but was unable to come up with anything i check out all the installed programs and services just to see if i could see anything out of the norm but there was nothing hijackthis had a few things with IE that i fixed but it was nothing major just the normal crap from browsing and toolbars I also went to MSCONFIG and made sure there was nothing running except what needed to be I took it down to safemode without going into safemode and still had no luck Any ideals would be great i dont want to have to reinstall windows but i am completely out of ideals and it would seem if something is able to remove my drivers folder it might be a good ideal anyway

A:windows/system32/drivers completely missing

Welcome to Seven Forums.

You may have to "Show hidden files and folders" in Folder Options.

Control Panel or go to the Tools Menu.

http://www.sevenforums.com/drivers/222130-windows-system32-drivers-completely-missing.html
Relevancy 81.22%

I am running windows 7 ultimate 32 bit and i installed avg internet security 9.0. i found this threat in my computer

\"C:\\WINDOWS\\system32\\drivers\\atapi.sys\";\"Tr ojan horse Rootkit-Pakes.U\";\"Object is white-listed (critical/system file that should not be removed)\".

I try to use malwarebytes and is says its clean.. but when i scan with virustotal.com, it detects a trojan... they say that this site can help me fix my problem. i don't now how to remove the trojan....

hope you can HELP me...

thanks....

A:Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\drivers\atapi.sys

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/windows-7-trojan-horse-rootkit-pakes-u-c-windows-system32-drivers-atapi-sys-450979.html
Relevancy 80.91%

If some one could help me please I would really appreciate it I have my logs you requested right here in the attached zip folder My computer apparently has a trjan and I would really like to remove it Please help DDS Ver - - - NTFSx Run by James at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - Running Processes C Windows system wininit exe C Program Files AVG AVG avgchsvx exe How to 7 WIndows C:\windows\system32\drivers\atapi.sys remove Trojan C Program Files AVG AVG avgrsx exe C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Program Files DisplayLink Core Software DisplayLinkService exe C Windows system svchost exe -k NetworkService C Windows System spoolsv C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove exe C Windows system taskhost exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Sony VAIO Update VAIOUpdt exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove C Program Files Sony VAIO Event Service VESMgr exe C Program Files AVG AVG avgam exe C Windows system DRIVERS xaudio exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgemc exe C Program Files Sony VAIO Event Service VESMgrSub exe C Program Files Sony VAIO Care VCsystray exe C Program Files AVG AVG avgcsrvx exe C Windows system igfxext exe C Windows system igfxsrvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Sony ISB Utility ISBMgr exe C Program Files Apoint Apoint exe C Program Files DisplayLink Core Software DisplayLinkUI exe C Windows System igfxpers exe C Program Files AVG AVG avgtray exe C Windows system igfxsrvc exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Windows Sidebar sidebar exe C Program Files AIM aim exe C Program Files Skype Phone Skype exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Apoint ApMsgFwd exe C Program Files Apoint Apntex exe C Windows system conhost exe C Users James AppData Local Apps MH QVRYR R A KG X ZJZ HTZ curs tion eee a d CurseClient exe C Program Files AVG AVG avgcsrvx exe C Windows system SearchIndexer exe C Program Files iPod bin iPodService exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files Mozilla Firefox firefox exe C Windows system ctfmon exe C Program Files Skype Plugin Manager skypePM exe C Program Files Sony VAIO Update VUAgent exe C Users James AppData Local Temp Zgc exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users James Downloads dds scr C Windows system conhost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uInternet Settings ProxyOverride local uURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll mURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg ... Read more

A:C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no evidence of the "atapi" infection. What led you to that conclusion? Is your browser being redirected? You are infected though.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick the 'Display Run' or 'Run command' box > OK > OK.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/c-windows-system32-drivers-atapi-sys-trojan-windows-7-how-to-remove-456801.html
Relevancy 80.91%

Sometimes my avg shows windows system drivers etc hosts as a quot changed quot file It has done this times now However it was not scans in a row there were completely clean scans between them I have scanned with Adaware and Spybot S amp D both scans came up clean I followed the steps listed on these forums and have gotten a HijackThis log file Any help would be very much appreciated Logfile Shows Windows/system32/drivers/etc/hosts Changed Avg As of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot Avg Shows Windows/system32/drivers/etc/hosts As Changed mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC WINDOWS Explorer EXEC WINDOWS CTHELPER EXEC Program Files Logitech G-series Software LGDCore exeC Program Files Logitech G-series Software LCDMon exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files Java jre bin jusched exeC PROGRA Grisoft AVG avgcc exeC Program Files iTunes iTunesHelper exeC Program Files Logitech G-series Software Applets LCDMedia exeC Program Files Logitech G-series Software Applets LCDClock exeC WINDOWS system ctfmon exeC Program Files iPod bin iPodService exeC Mozilla Firefox Beta firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run CTHelper CTHELPER EXEO - HKLM Run CTxfiHlp CTXFIHLP EXEO - HKLM Run Launch LGDCore quot C Program Files Logitech G-series Software LGDCore exe quot SHOWHIDEO - HKLM Run Launch LCDMon quot C Program Files Logitech G-series Software LCDMon exe quot O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run AdobeUpdater C Program Files Common Files Adobe Updater AdobeUpdater exeO - HKCU Run Steam quot c program files steam steam exe quot -silentO - HKCU Run DAEMON Tools quot C Program Files DAEMON Tools daemon exe quot -lang O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'NETWORK SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'SYSTEM' O - HKUS DEFAULT Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'Default user' O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Reader Reader reader sl exeO - Global S... Read more

A:Avg Shows Windows/system32/drivers/etc/hosts As Changed

Please delete this post, I have fixed the problem.

Thanks.

http://www.bleepingcomputer.com/forums/t/133520/avg-shows-windowssystem32driversetchosts-as-changed/
Relevancy 80.91%

I am trying to download SP3 for windows xp but the error message "c:\windows\system32\drivers\atapi.sys is open or in use by another application. close all other applications and click retry." I have uninstalled (and deleted the folders) all virtual drivers, and even the cd/dvd drive. I have scanned my computer for viruses, malware, and spyware and removed all threats as well. I have also tried moving "atapi" to a different folder and renaming it but when I try a message comes up that says it is in use. I have no more ideas and the internet solutions are not working or don't apply. I am very frusterated! Please help!
 

A:Solved: c:\windows\system32\drivers\atapi.sys is open or in use

Solve 1:

This may occur if u have these programs installed
Alcohol 120% ,Daemon tools
http://support.microsoft.com/kb/884675/en-us
Check this link to continue with ur installation..

Solve 2:

If you are unable to determine which 3rd-party software is causing this issue, then here is a method of installing SP3 that avoids most 3rd-party conflicts:​ - download the stand-alone SP3 installer from http://www.microsoft.com/downloads/...A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en and save it at a known place on hard disk.​ - use "msconfig" to select "Diagnostic Startup", and re-boot Windows.​ - dismiss "msconfig" when it pops up after restart.​ - now launch the SP3 updater from the known place where you saved it.​ - when the SP3 update has all finished (involves at least one restart), use "msconfig" to select "Normal Startup", and re-boot Windows.

Solve 3:

Check out this 3 step process:-

Step1:
Go google "Unlocker Assistance" and download the software (or the link is provided below), it's free and very useful program. This program can unlock or kill or delete any files that's being used, no matter what situation the file is on, it can unlock the file or kill the process which is using it. (The icon looks like a star magic wand, that's the right program)
Download the software below if you have trouble finding it.
http://ccollomb.free.fr/unlocker/

Step 2:
After you install the program, then go in your My Computer, and right click on the C:\ and click on Search. Then find the keyword "atapi.sys" that the error message mentioned. You will see an icon that looks like a white sheet of paper, right click on that and choose "Unlocker" on the menu. This might start by default . After that a window should pop up showing you which program is currently using the file, I think it was "System". Now you need to click either on the "Unlock" or "Unlock All".

Step 3:
After that, the "atapi.sys" file should be unlocked. Now, go back to the error message and you should see "Retry" or something like that, then just click on that. the process will continue on.

BEFORE INSTALLING SP3: (items in bold are imperative)
Run CCleaner to get rid of unnecessary junk on my system
Make sure to have at least 900MB of available disk space on the C: (system) drive
Run CHKDSK on my C: (system) drive to make sure it is OK
Run a full scan with anti-virus and anti-spyware apps to make sure there is no malware on my system
Run the defragmenter
Make a full backup of my C: (system) drive(for restoring if things dont work out well)
Shut down all user applications and processes
Disable my network connection
Shut down my firewall
Disable all active anti-virus and anti-spyware applications
Disable any other security software

 

https://forums.techguy.org/threads/solved-c-windows-system32-drivers-atapi-sys-is-open-or-in-use.923813/
Relevancy 80.91%

I ran rkill to check of problems with my system XP/SP3. The file mqac.sys does no have a valid digital signature. I have 6 copies of this file on my system from past sp's. how do  determine which one to use as a replacement? How do I check to see if it is signed, and if it is do I just swap them out?
 
Have already cleaned system, getting rid of old files, cleaning the registry, I.e. a deep cleaning to speed up my system and clear up problems. I have no malware or virus' that Avast and several other scan tools and detect.

A:no digital signature on mqac.sys in %windows%\system32\drivers

from what I can gather, mqac.sys is part of the message queing system (MSMQ) that is not part of a standard XP install, but is a free add-on (at least for XP Pro) if you wanted to install it. It might be part of something called 'Snap Desktop' (which I also don't have)
 
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_desktop_msmq.mspx?mfr=true
 
Does this sound like something that you would have installed on your machine?
 
If so, I doubt that it's malware, even though there are multiple copies without signatures. I'm pretty sure I have a few Windows system files that aren't signed.
 
Unless you think they are harmful, I would just leave them be- don't fix what ain't broke. 

http://www.bleepingcomputer.com/forums/t/532347/no-digital-signature-on-mqacsys-in-windowssystem32drivers/
Relevancy 80.91%

i am trying to use my ipod through my phone server and trying to download music into it.. it boots up and is looking for a driver sustucau.sys that is suppose to be located at C:\ WINDOWS\ system32\ drivers\ sustucau.sys. i did a search for the driver..and it is not in my system at all.. How can I put this onto my system.. With the information that I have.. it seems like it is suppose to be there.. so did I have a virus that removed it? But i do need the driver.. Help please..

A:Driver can't be found C:\ WINDOWS\ system32\ drivers\ sustucau.sys.

Hi canadaguide and welcome to TSF !

Did you get any CD with the ipod ? Install the bundled software.

http://www.techsupportforum.com/forums/f10/driver-cant-be-found-c-windows-system32-drivers-sustucau-sys-177966.html
Relevancy 80.91%

During recent update Windows 7 failed to boot. Various attempts to "repair" also failed. One attempt did report it was due to a corrupt file:\Windows\system32\drivers\aswvmm.sys.
 
Have seen this mentioned several times here in the forum and always with a custom result. Can you help me.
 
Thanks
Amgeek

A:Win 7 won't boot corrupt Windows\system32\drivers\aswvmm.sys

Any time you are posting about a problem like this it is a considerable help to list the make and model of your computer or - if it is a self-build - the main components and the details of your OS such as SP1, 32 or 64 bit. But, no matter.
 
Have you tried booting in 'Safe mode' - usually achieved by tapping 'F8' while the BIOS screen is showing (the one with the maker's name all over it) ?  If you have tried 'Safe mode' will it boot into it ?
 
If you can get into 'Safe mode', choose the 'with command prompt' option. When you get to the command prompt type 'sfc /scannow' - note without the quotes and that there is a space between 'sfc' and /scannow - this will then attempt to fix any corrupted files. When it has finished running if your computer doesn't automatically re-boot, re-boot and see what happens.
 
If this doesn't work for you, post back with the details of your computer and a note of what 'various attempts' you have tried. After all, there is no point in asking you to repeat something you have tried and didn't work.
 
Chris Cosgrove

http://www.bleepingcomputer.com/forums/t/541814/win-7-wont-boot-corrupt-windowssystem32driversaswvmmsys/
Relevancy 80.91%

hi i have been getting this result after scanning with AVG Antivirus for this file C WINDOWS system drivers etc hosts Result Change Status Changed Even when I scan again I am getting the same result Has the file really been changed healed or do I have a problem Thank You here is my processes logfile Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Infected? C:\windows\system32\drivers\etc\hosts This Is File Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc Is This File Infected? C:\windows\system32\drivers\etc\hosts exeF PROGRA Grisoft AVGFRE avgamsvr exeF PROGRA Grisoft AVGFRE avgupsvc exeF PROGRA Grisoft AVGFRE avgemc exef Program Files IVT Corporation BlueSoleil BTNtService exeF Program Is This File Infected? C:\windows\system32\drivers\etc\hosts Files Symantec Norton Ghost GhostStartService exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS Explorer EXEF PROGRA Grisoft AVGFRE avgcc exeF Program Files Zone Labs ZoneAlarm zlclient exeC Program Files MSN Messenger MsnMsgr ExeF Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system ctfmon exeC Program Files MSN Messenger usnsvc exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeF Program Files Microsoft Office OFFICE WINWORD EXEC Program Files Internet Explorer IEXPLORE EXEF PROGRA Grisoft AVGFRE avgwb datF Downloaded Programs HiJackThis HijackThis exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - F Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D Is This File Infected? C:\windows\system32\drivers\etc\hosts - - D F - F PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run AVG CC F PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run Zone Labs Client quot F Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run ZoneAlarm Client quot F Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM RunServices RegisterDropHandler F Program Files ScannerU TBRIDGE BIN RegisterDropHandler exeO - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot backgroundO - HKCU Run SpybotSD TeaTimer F Program Files Spybot - Search amp Destroy TeaTimer exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKUS S- - - Run AVG Run F PROGRA Grisoft AVGFRE avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run F PROGRA Grisoft AVGFRE avgw exe RUNONCE User 'NETWORK SERVICE' O - HKUS S- - - Run AVG Run F PROGRA Grisoft AVGFRE avgw exe RUNONCE User 'SYSTEM' O - HKUS DEFAULT Run AVG Run F PROGRA Grisoft AVGFRE avgw exe RUNONCE User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res F PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra button Create Mobile Favorite - EAF BB - F- D - - C FAE D F - F PROGRA MICROS INetRepl dllO - Extra button no name - EAF BB - F- D - - C FAE D F - F PROGRA MICROS INetRepl dllO - E... Read more

A:Is This File Infected? C:\windows\system32\drivers\etc\hosts

Hello flossist,It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. General system maintenance can change the Hosts file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correct to the file would have caused it to appear changed.Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.

http://www.bleepingcomputer.com/forums/t/112966/is-this-file-infected-cwindowssystem32driversetchosts/
Relevancy 80.91%

Hello everyone I ve had triple boot on my PC st partition Windows Vista nd partition Windows XP and on the other partitions Debian System XP - windows\system32\Drivers\Mups.sys hangs Ubuntu extended partition I m using Grub XP System hangs - windows\system32\Drivers\Mups.sys as my boot loader everything XP System hangs - windows\system32\Drivers\Mups.sys was working fine booting all OSs was no problem About months ago my Vista OS stoped working because I did some bad things with it actually it isn t that important how I did that because XP kept working and Linux of course too Like weeks ago I decided to remove Vista so I removed it using gParted by simply formating the st partition to an empty partition Now my XP stoped working - I thought it was because the boot ini was placed on Vista s partition So I used my XP installation CD to do fixboot etc even fixmbr and I ran a chkdsk over the XP partition Unfortunately this didn t help XP kept reporting an error something like quot Missing Or Corrupt Hal dll quot I kept trying to fix the problem with help of the XP installation CD it somehow worked because now XP starts too boot with the XP logo and then hangs up When booting XP in safe mode it stops at the entry quot windows system Drivers Mups sys quot Since then I haven t found any further solution s I d be happy if someone could help me out and tell me how to fix that problem This is all information I can give you I hope you could understand everything my english isn t too good I think If you have questions just ask best regards watain nbsp

Relevancy 80.91%

I have been battling a virus all day. The only piece that is remaining is in the c:\windows\system32\drivers\cdrom.sys

I have done a stupid thing. I was hoping for more virus support and upgraded from the free version of AVG to the version 9.0. And of course it wants me to reboot.

I am terrified to reboot for fear of extracting the virus.

I am not the computer savvy and would really like to save my hard drive.

Please help?

Reverend Lisa
 

Relevancy 80.91%

my win 7 cant start getting this error repir disk or Usb cant correct it and tried FixMbr FixBoot rebuildbcd also but non of them are working. I hae dual win 7 and 10 but 10 is working fine

http://www.computing.net/answers/windows-7/how-to-solve-filewindowssystem32drivers4de1959e7a77a3006/19617.html
Relevancy 80.91%

My computer has been having problems lately I couldn't figure it out and then I C:\\windows\system32\drivers\etc\hosts Avg Found Changed My saw this forum about quot host quot change c WINDOWS SYSTEM DRIVERS etc HOSTS CHANGED in AVG and realized I have the same thing If it is a trojan of some sort I have no clue on how to fix it and realize I will need guidance just as another member was guided through it to fix the problem I have a HIJACK THIS log to share and would love some help to resolve this problem I am pretty sure that if it is a trojan of some sort that is responsible for slowing my computer and such it is probably because My Avg Found C:\\windows\system32\drivers\etc\hosts Changed I was using BITLORD and most likely downloaded some corrupt file or something So far I have removed mostly all of my files from my computer I have removed programs and defrag'd my pc I scanned it with Norton AVG and SPYSWEEPER as well as SpyBot and Hijack AVG picked up the host change thing and My Avg Found C:\\windows\system32\drivers\etc\hosts Changed my Norton keeps telling me a recent attack to my computer was blocked I My Avg Found C:\\windows\system32\drivers\etc\hosts Changed don't know if that message keeps popping up because I have AVG and Norton or if is this possible trojan or what Here is my hijack this log please help Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared AppCore AppSvc exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Microsoft SQL Server MSSQL Binn sqlservr exeC Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exeC Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exeC Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Webroot Spy Sweeper SpySweeper exeC WINDOWS system MsPMSPSv exeC Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exeC Program Files Hewlett-Packard HP Software Update HPWuSchd exeC WINDOWS system spool drivers w x hpztsb exeC PROGRA Grisoft AVG avgcc exeC Program Files NVIDIA Corporation NetworkAccessManager bin nTrayFw exeC WINDOWS system RUNDLL EXEC Program Files Common Files Symantec Shared ccApp exeC Program Files Webroot Spy Sweeper SpySweeperUI exeC WINDOWS system ctfmon exeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Common Files Ahead Lib NMIndexingService exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC PROGRA Symantec LIVEUP LUCOMS EXEC Program Files Mozilla Firefox firefox exeC PROGRA Grisoft AVG avgwb datC Program Files Webroot Spy Sweeper SSU EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize www yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page http movies yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink... Read more

A:My Avg Found C:\\windows\system32\drivers\etc\hosts Changed

Hello jazzyul23, It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. General system maintenance can change the Hosts file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correct to the file would have caused it to appear changed.Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.*******************************************I don't know if that message keeps popping up because I have AVG and Norton or if is this possible trojan or what.I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove one of these. AVG Antivirus or Norton/Symantec Antivirus*******************************************Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Reboot and post a fresh Hijackthis log.

http://www.bleepingcomputer.com/forums/t/110876/my-avg-found-cwindowssystem32driversetchosts-changed/
Relevancy 80.91%

Running Windows XP. I've been having google searches redirected for about three weeks and results often come up in German. Have always used AVG free and recently downloaded superantispyware, malwarebytes, ad aware trying to fix my current issue.

Running malwarebytes I found this C:\WINDOWS\system32\drivers\rwbog.sys (Rootkit.Agent) and was prompted to reboot to complete removal. Upon reboot, I get a black screen saying boot up failed and I could not boot into safe mode, so I restored to most recent known setting and I can boot back up, but then I run scans again and the issue is still there and just repeats itself.

Through my research, I wonder if I should run combofix, but thought I'd do this the "right way" and post the issue first. lil help would be much appreciated.

A:C:\WINDOWS\system32\drivers\rwbog.sys (Rootkit.Agent)

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. Then bullet the immediate notification bubble. Finally, press submit.Please download Dr. Web the free version & save it to your desktop. DO NOT perform a scan yet.Scan with Dr. Web Cureit as follows: ? Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version ? Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs. ? The Express scan will automatically begin.(This is a short scan of files currently running in memory, boot sectors, and targeted folders). ? If prompted to dowload the Full version Free Trial, ignore and click the X to close the window. ? If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. ? When complete, click Select All, then choose Cure > Move incurable.(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)? Now put a check next to Complete scan to scan all local disks and removable media. ? In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok. ? Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo. ? When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found. ? Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable". ? In the top menu, click file and choose save report list. ? Save the DrWeb.csv report to your desktop. ? Exit Dr.Web Cureit when done. ? Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. ? After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

http://www.bleepingcomputer.com/forums/t/280315/cwindowssystem32driversrwbogsys-rootkitagent/
Relevancy 80.91%

Well my computer was hit with the xp security 2012 bug. I have been trying to clean it out but my kaspersky anti virus program will not let me delete or quarantine the bad file. So I am following the suggestion on this post: http://forums.techguy.org/virus-other-malware-removal/896647-trojan-virus-c-windows-system32.html

I hope I am doing this right. Any help would be greatly appreciated.
 

A:Trojan virus-c:\windows\system32\drivers\mrxsmb.sys

here is my combofix report:

ComboFix 11-12-17.02 - jimm 12/17/2011 13:57:16.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1557 [GMT -6:00]
Running from: c:\documents and settings\jimm\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jimm\Application Data\completescan
c:\documents and settings\jimm\Application Data\install
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}\chrome\content\_cfg.js
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}\chrome\content\overlay.xul
c:\documents and settings\jimm\Local Settings\Application Data\{D7F7DE3F-0ACA-4796-9D84-FB743DEA81F7}\install.rdf
c:\documents and settings\jimm\Local Settings\Application Data\jqq.exe
C:\Install.exe
c:\windows\$NtUninstallKB37933$\2404632685
c:\windows\$NtUninstallKB37933$\318736082\@
c:\windows\$NtUninstallKB37933$\318736082\bckfg.tmp
c:\windows\$NtUninstallKB37933$\318736082\cfg.ini
c:\windows\$NtUninstallKB37933$\318736082\Desktop.ini
c:\windows\$NtUninstallKB37933$\318736082\keywords
c:\windows\$NtUninstallKB37933$\318736082\kwrd.dll
c:\windows\$NtUninstallKB37933$\318736082\L\lpcjoloj
c:\windows\$NtUninstallKB37933$\318736082\lsflt7.ver
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\$NtUninstallKB37933$\318736082\U\[email protected]
c:\windows\system32\ctfmonxjl.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\$NtUninstallKB37933$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 03:57 . 2011-04-25 05:13 147856 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
2011-12-07 23:40 . 2011-12-07 23:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-12-07 23:40 . 2011-12-07 23:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-30 02:47 . 2011-11-30 02:47 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 17:15 . 2011-05-14 14:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows... Read more

https://forums.techguy.org/threads/trojan-virus-c-windows-system32-drivers-mrxsmb-sys.1031664/
Relevancy 80.91%

I earlier on used WinUtilities to delete duplicate files on my computer to free up space, and it deleted nvgts.sys from system32 >.< I turned my computer off, then a couple of hours later wanted to go back on it and got the following error in BIOS:
Windows could not start because the following file is missing or corrupt: system32/DRIVERS/nvgts.sys
I later learned that this was a Graphics Driver from nVidia, and that it was needed to run the computer.
I have been searching for hours now, unable to get access to a recovery/reinstallation disk or make one of my own.
I set a recovery point before this happened but don't think I can access this in BIOS.
What else can I do now?!
Thanks for any help, much appreciated.
I am on Windows XP by the way
 

A:Missing File: System32/drivers/nvgts.sys - Windows XP

Try performing an XP repair:
http://michaelstevenstech.com/XPrepairinstall.htm

Next time, don't delete files!
 

http://www.techspot.com/community/topics/missing-file-system32-drivers-nvgts-sys-windows-xp.178290/
Relevancy 80.91%

"Virus identified Packed.Protector.C";"

C:\WINDOWS\system32\drivers\cdrom.sys";

"Object is white-listed (critical/system file that should not be removed)";

"1/23/2010, 10:30:52 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

I have numerous scans with MBAM, each time MBAM touches C:\WINDOWS\system32\drivers\cdrom.sys", AVG sends up a threat notice. MBAM does not flag the file as infected.

When I run AVG it identifies the above "Virus identified Packed.Protector.C";" C:\WINDOWS\system32\drivers\cdrom.sys"; There were two viruses, and AVG was able to remove the first, but not this one.

My kids were downloading something yesterday when this happened.

PLease Help What do I do ? I have read the forums from the HJT Team, and the combofix, I think that I am in the same situation and I can not afford to have my computer hacked.

http://www.bleepingcomputer.com/forums/t/289684/please-help-trojan-virus-cwindowssystem32driverscdromsys;/
Relevancy 80.91%

I've been following the instructions for removing Security Tool Malware that has infected my computer. One of the last steps instructs me to delete the C:\Windows\System32\Drivers\etc\HOSTS file. I used Windows Explorer to try and find the file, but I am unable to see it anywhere in any of the folders under my Windows folder.

Any ideas where I would find this file?

Thanks!

A:Cannot Find C:\Windows\System32\Drivers\etc\HOSTS File

Problem solved! I was able to get the answer on the live chat!

http://www.bleepingcomputer.com/forums/t/305659/cannot-find-cwindowssystem32driversetchosts-file/
Relevancy 80.91%

hi guys i must commend this life-saving service u r rendering i followed the instruction given someone on this topic up to a point where one is to copy and paste a log My message:C:\WINDOWS\system32\drivers\conime.exe error log is thus Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files error message:C:\WINDOWS\system32\drivers\conime.exe Network Associates Common Framework FrameworkService exe C Program Files Network Associates VirusScan Mcshield exe C Program Files Network Associates VirusScan VsTskMgr exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system CCM CLICOMP RemCtrl Wuser exe C WINDOWS system CCM CcmExec exe C WINDOWS Explorer exe C WINDOWS system rundll exe C WINDOWS system hkcmd exe C Program Files Network Associates VirusScan SHSTAT EXE C Program Files Network Associates Common Framework UpdaterUI exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe error message:C:\WINDOWS\system32\drivers\conime.exe C WINDOWS system wuauclt exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http zinblog com R - HKCU Software Microsoft Internet Explorer Main Search Page http zinblog com R - HKCU Software Microsoft Internet Explorer Main Start Page http zinblog com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http leadwayportal R - HKCU Software Microsoft Internet Explorer SearchURL Default error message:C:\WINDOWS\system32\drivers\conime.exe http zinblog com R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by Leadway Assurance Company F - REG system ini Shell Explorer exe C WINDOWS system drivers conime exe F - REG system ini UserInit userinit exe C WINDOWS system lsass exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run ShStatEXE quot C Program Files Network Associates VirusScan SHSTAT EXE quot STANDALONE O - HKLM Run McAfeeUpdaterUI quot C Program Files Network Associates Common Framework UpdaterUI exe quot O - HKLM Run SVCHOST C WINDOWS svchost exe O - HKLM Run Task Manager C WINDOWS svhost exe O - Global Startup Acrobat Assistant lnk C Program Files Adobe Acrobat Distillr acrotray exe O - HKCU Software Policies Microsoft Internet Explorer Control Panel present O - HKCU Software Microsoft Windows CurrentVersion Policies System DisableRegedit O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - IERESET INF START PAGE URL http leadwayportal O - DPF Casa rdPty - Misc - file C CitiDirect MS citidirect ie casathrdpty cab O - DPF Casa rdPty - Swing - file C CitiDirect MS citidirect ie casaswing cab O - DPF Casa rdPty ... Read more

A:error message:C:\WINDOWS\system32\drivers\conime.exe

Hi and welcome to TSG,

Download AVG Anti-Spyware from HERE and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
If you have any infections you will be prompted. Then select "Apply all actions."
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please go HERE to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

https://forums.techguy.org/threads/error-message-c-windows-system32-drivers-conime-exe.590618/
Relevancy 80.91%

Hi everyone i am using windows on Windows\System32\drivers\etc edit file how - do i my host in my HP laptop I am trying to edit my host file This is a sample HOSTS file used by Microsoft TCP IP for Windows The location of the file is C Windows System drivers etc The systems on my how do i edit my host file in Windows\System32\drivers\etc - laptop seem to be incorrectly configured to prevent me from editing how do i edit my host file in Windows\System32\drivers\etc - this file i opened the host file doc with notepad and then tried to edit it and save the file However each time i tried to edit the file my system gave me the following message You don't have permission to save in this location Contact the administrator to obtain permission Would you like to save in the My Documents folder instead this has to be incorrect - as i entered notepad as a system administrator So i don't know why its giving this message is there anywhere where i can go on the system to reconfigure windows to allow me to edit this folder or to grant permission to the system administrator to edit the folder warm regards Andreea

A:how do i edit my host file in Windows\System32\drivers\etc -

you need to turn off UAC first.

User Account Control - UAC - Change Notification Settings

remember to turn it back on if that is your preference

http://www.sevenforums.com/general-discussion/292817-how-do-i-edit-my-host-file-windows-system32-drivers-etc.html
Relevancy 80.91%

I have got quite a few issues that i really don't know what to do with before i shut down to do all the scans you have advised Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys I believe my machine is hijacked and my head is bursting with months of constantly researching files Finding malware rootkits browsers Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys my control buttons all changing to other misleading images I don't know who is genuine Microsoft and who are hijackers I am finding my pc being advertized very openly on game sites My IP address and all information My emails been hacked for second Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys time different account Iost three pc's at the end of last year When i got new windows put on i was taken over straight away I cant connect with my own provider as all the defaults change and they are not secure Or i find bat files I am trying to learn but it's all too much I am pleased that i have managed to keep my pc from getting closed down like the others But i cant go on staying up for days just removing and researching My proper window OS disappears and i have clung on to my USB using it for all my work which is mainly images I have Faronics Deep Freeze which i think is the only thing that has stopped me loosing my pc's I always work with So i am now realizing the viruses are passed back and forth There seems to be a problem with all keys start up and clocks when windows updates I think it is because the old drivers don't mix Or it can be the Ethernet driver I found this file Even though it is beyond me i think it may be the answer to the change from window to Then i find out that MS are installing part of windows sneakily http www edugeek net forums enterprise-software -java- -update- -silent-install-via-sccm- html I got this file from here http www bleepingcomputer com forums t windows- - x-unbootable-problem-code- THIS WAS WHAT I FOUND WHEN I RESEARCHED A DESK TOP ini notepad https bugzilla redhat com show bug cgi id instead of me being safely connected to my Provider with a password i am connected to this and i cant get on the site to comment http forum tp-link com showthread php -UPNP-Problem http www tp-link com en products categoryid i am sorry i have just ranted and don't really know what i am asking you to help me with now I will be changing operating systems and getting as far away from sharing and caring with IT It is not for me I have Tunnel Adapter Isatap dlink com which is the link above stopping me connecting to my Provider I am not sure whether to run combo fix before i know what to do with this rootkit And a big Thanks You Bleebing Computers have helped me more than you know I am very new to pcs as you probably guessed I would be very grateful for a little advice please

A:Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys

Hello Oscar, with rootkit infections it is best to get a deeper look for proper removal.Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

http://www.bleepingcomputer.com/forums/t/568001/unknown-rootkit-cwindowssystem32driversoem-drv86sys/
Relevancy 110.94%

When I start cannot Windows find 'C:\WINDOWS\system32\drivers\ntndis.exe up Windows cannot find 'C:\WINDOWS\system32\drivers\ntndis.exe my computer this message 'Windows cannot find 'C WINDOWS system drivers ntndis exe' Appears I'm not exactly sure what todo or whats going on and I was wondering if I could have some help with this Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS Explorer exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system svchost exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Program Files Java jre bin jusched exe C WINDOWS SOUNDMAN EXE C PROGRA AVG AVG avgtray exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files DNA btdna exe C Program Files Skype Phone Skype exe C PROGRA AVG AVG avgwdsvc exe C Program Files Chatango Chatango exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Messenger msmsgs exe C Program Files TP-LINK TL-WN G Wireless Utility Installer WINXP TWCU exe C Program Files Java jre bin jqs exe C WINDOWS System PSIService exe C WINDOWS system svchost exe C PROGRA AVG AVG avgemc exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files AVG AVG avgcsrvx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS System alg exe C WINDOWS System svchost exe C Program Files Skype Plugin Manager skypePM exe C Program Files Windows Live Contacts wlcomm exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files Skype Toolbars Shared SkypeNames exe C Program Files Windows Media Player wmplayer exe C Program Files Spotify spotify exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Search Page http search shareware pro lang en R - HKCU Software Microsoft Internet Explorer Main Start Page http search shareware pro lang en R - HKLM Software Microsoft Internet Explorer Search Default Search URL http toolbar ask com toolbarv askR amp gct amp gc amp q R - HKCU Software Microsoft Internet Explorer SearchURL Default http toolbar ask com toolbarv askR gct amp gc amp q s R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll R - URLSearchHook no name - C E B- - A - B- B BEFC DB - no file R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file F - REG system ini Shell Explorer exe C WINDOWS system drivers ntndis exe F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system sdra exe O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Ask Toolbar - d e-fd b- e -b - d b f - C Program Files AskBarDis bar bin askBar dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dll O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run S... Read more

A:Windows cannot find 'C:\WINDOWS\system32\drivers\ntndis.exe

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.


You appear to have infections that are often used to steal passwords, log in details etc. If you use any banking sites or other sites where you are required to log in using a password, I would recommend you use a known clean machine to change any passwords.



Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f50/windows-cannot-find-c-windows-system32-drivers-ntndis-exe-417138.html
Relevancy 110.94%

Hello, I have this problem with my computer. system32\drivers\pci.sys Is there a easy way to repair the computer without erasing everything on the harddrive of the laptop? It is a Sony Vaio CR notebook.

A:computer not loading windows: Error message: system32\drivers\pci.sys

Boot up from an XP installation CD and do a "repair install"

If you don't have an XP installation CD (A recovery CD is no good as that won't let you do a repair install, it will completely wipe what's on currently the C: drive) you can borrow one if you know a friend who has one.

How to Perform a Windows XP Repair Install

http://www.techsupportforum.com/forums/f10/computer-not-loading-windows-error-message-system32-drivers-pci-sys-555593.html
Relevancy 110.94%

i have this running in my computer running in ie but i have tried many thinks and i need some help
 

A:C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

https://forums.techguy.org/threads/c-windows-system32-drivers-core-cache-dsk-failed-to-delete.677699/
Relevancy 110.94%

Hey there Well a few months ago I picked up some kind of nasty malware that s wreaking havoc on my computer At Nasty else hiding something icons and that is C:\windows\system32\drivers\TrueSight.sys first it made my computer go in an endless cycle of turning on and off Then it hid just about every file folder in my computer I ve since gotten the computer back to minimum functionality so I can seek help with this So in a nutshell Avast shows C windows system Nasty C:\windows\system32\drivers\TrueSight.sys and something else that is hiding icons drivers TrueSight sys as Win Malware-genMalwarebytes isn t detecting anythingSuperantispyware isn t detecting anythingIt turned my computer on off when I first got itIt hid nearly every file folderIt seemingly randomly picked an album art picture to attach itself to and place it on my desktop When I go to delete it it says it s a system file It s supposed to just be a jpegIt is seriously bogging down my computerIt seems to be interfering with various USB devices when hooked up to the computerI am running Windows XPThank you so much in advance for any and all help with this - Joe M

A:Nasty C:\windows\system32\drivers\TrueSight.sys and something else that is hiding icons

Truesight.sys is part of Roguekiller.Did you use Roguekiller to remove infections?

http://www.bleepingcomputer.com/forums/t/484300/nasty-cwindowssystem32driverstruesightsys-and-something-else-that-is-hiding-icons/
Relevancy 110.94%

After I log into my Windows profile I am greeted with this message Error in c windows system spool drivers w x DLCGtime dll Missing entry RunDLLEntry Thanks for the help Logfile of Trend Micro HijackThis v Error in c:\windows\system32\spool\drivers\w32x86\3\DLCGtim e.dll Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS SYSTEM winlogon exe Error in c:\windows\system32\spool\drivers\w32x86\3\DLCGtim e.dll C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files COMODO Firewall cmdagent exe C Program Files Digidesign Drivers MMERefresh exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS System svchost exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C WINDOWS system svchost exe C WINDOWS system fxssvc exe C Program Files Intel IntelDH Intel R Quick Resume Technology Drivers Elservice exe C WINDOWS system dllhost exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C WINDOWS stsystra exe C WINDOWS system ctfmon exe C WINDOWS SYSTEM taskmgr exe C PROGRA FLOCK FLOCK FLOCK EXE C Program Files FlashFXP FlashFXP exe C Program Files K-Lite Codec Pack Media Player Classic mplayerc exe C WINDOWS system NOTEPAD EXE C WINDOWS system NOTEPAD EXE C WINDOWS system NOTEPAD EXE C WINDOWS system NOTEPAD EXE C WINDOWS system NOTEPAD EXE C WINDOWS system calc exe C Program Files Java jre bin java exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd R - URLSearchHook Yahoo u C - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll R - URLSearchHook ICQ Toolbar - F B - D - fe - A -BBB - C PROGRA ICQTOO toolbaru dll O - Hosts www warez-bb org O - BHO amp Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO XTTBPos - FD D- A - e - D-DC B D - C PROGRA ICQTOO toolbaru dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Fake Name Generator Toolbar - ed ba d- cd - e - c-a c dae d - C Program Files Fake Name Generator tbFak dll O - BHO Alcohol Toolbar Helper - A A -BFD - FE-BBDF-BFB CF E - C Program Files Alcohol Toolbar v Alcohol Toolbar dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO CBrowserHelperObject Object - CA C - B... Read more

A:Error in c:\windows\system32\spool\drivers\w32x86\3\DLCGtim e.dll

anyone?
 

https://forums.techguy.org/threads/error-in-c-windows-system32-spool-drivers-w32x86-3-dlcgtime-dll.736661/
Relevancy 110.94%

Laptop - Dell Inspiron 1525 
Windows Vista
 
Been getting this message on failed start up repair since yesterday. System restore runs and says its completed successfully but then it just boots up doing the system repair again. I can't even get into the computer via safe mode (to see if there are any files on there that I really need)
 
Is there anyway to get into the computer to get my files that I might need off or fix this problem? 
 
Someone told me that I'd need the Windows DVD version of my version of Windows to fix this and a repair install doing? I have no idea what that means and the only DVD I have is a recovery one I made via the laptop a month or so ago, which someone told me if I use could wipe all my data and I really don't want that to happen. 
 

 
 
Thank you for reading. 

A:boot critical file c\windows\system32\drivers\ksedd.sys

Try performing a repair installation.  This will require the installation disc, if you do not have one you can download a ISO image and burn it to a disc to create one in the instruction as Window Vista Forums.

http://www.bleepingcomputer.com/forums/t/519840/boot-critical-file-cwindowssystem32driverskseddsys/
Relevancy 110.94%

Please help me with this issue. My son was running with an antivirus program not up to date.His lap top started to have problems at first he had the blue screen come up saying it was dumping virtual memory.

I tried to install webroot and update his anti-virus but no luck. next i went to safe mode with no results. Now when we start computer the start up repair comes on and runs we get the following message:

boot critical file c:/windows/system32/drivers/sshrmd.sys

My son has all his pictures on this computer {i know silly not to back up}

Could anyone tell me how to fix this problem?

http://www.techsupportforum.com/forums/f217/boot-critical-anyone-know-how-to-fix-file-c-windows-system32-drivers-sshrmd-sys-316674.html
Relevancy 110.94%

Hi I got these (Rootkit.Agent) -> No C:\WINDOWS\system32\drivers\eceuh.sys action taken. nasty viruses on my computer and you guys have been awesome in helping me in the past so I used that knowledge to clean out my computer but my computer still has some more funk C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken. in it that I need to get rid of and i dont know how to deal with it Here is a scan I ran and this is what comes up Please help I want to completely purge my comp if that is at all possible Thanks Geo Malwarebytes Anti-Malware Database version Windows Service Pack Internet Explorer PM mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken. Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken. No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C WINDOWS system drivers eceuh sys Rootkit Agent - gt No action taken

A:C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken.

As no logs have been posted, I am shifting this topic from the specialized Malware Removal forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

http://www.bleepingcomputer.com/forums/t/295382/cwindowssystem32driverseceuhsys-rootkitagent-no-action-taken/
Relevancy 110.94%

DDS TXT Log DDS Ver - - - NTFSx Run by OEM Preinstall at on Fri Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV AntiVir Desktop On-access scanning enabled Updated AD - F - A-A -FDD C AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir Desktop sched exe svchost exe C Program Files comcasttb ComcastSpywareScan ComcastAntiSpyService exe C Program Files Avira AntiVir in with located Pakes.u Infected C:/windows/system32/drivers/atapisys.dll Desktop avguard exe C Infected with Pakes.u located in C:/windows/system32/drivers/atapisys.dll Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C WINDOWS system gearsec exe C Program Files CA PPRT bin ITMRTSVC exe C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe c Infected with Pakes.u located in C:/windows/system32/drivers/atapisys.dll PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files AVG AVG avgnsx exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system svchost exe -k imgsvc C Program Files providerComcast bin tgsrvc exe C WINDOWS system SearchIndexer exe c PROGRA mcafee com agent mcagent exe C WINDOWS Explorer EXE C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files HP HP Software Update HPWuSchd exe C Program Files QuickTime QTTask exe C PROGRA AVG AVG avgtray exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files comcasttb ComcastSpywareScan ComcastAntispy exe C WINDOWS system ctfmon exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Nikon PictureProject NkbMonitor exe C Program Files Windows Desktop Search WindowsSearch exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files comcasttb CIDGlobalLight exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings OEM Preinstall Desktop dds scr C WINDOWS system SearchProtocolHost exe Pseudo HJT Report mStart Page hxxp www google com uInternet Settings ProxyOverride lt local gt uURLSearchHooks H - No File BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO scriptproxy db d a - - e -b d- f c - c progra mcafee viruss scriptsn dll TB Comcast Toolbar ceea e-c - - e b- b a f b - c program files comcasttb comcastdx dll TB E BD F- B D- E- BE-BE DF D AE - No File uRun updateMgr c program files adobe acrobat reader AdobeUpdateManager exe AcRdB uRun ComcastAntispyClient quot c program files comcasttb comcastspywarescan ComcastAntispy exe quot hide uRun ctfmon exe c windows system ctfmon exe mRun igfxtray c windows system igfxtray exe mRun igfxhkcmd c windows system hkcmd exe mRun igfxpers c windows system igfxpers exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun NeroFilterCheck c program files common files ahead lib NeroCheck exe mRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun mcagent exe quot c program file... Read more

A:Infected with Pakes.u located in C:/windows/system32/drivers/atapisys.dll

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/268170/infected-with-pakesu-located-in-cwindowssystem32driversatapisysdll/
Relevancy 110.94%

MalwareBytes and AVG show that system is clean when scanned. However I get an AVG pop up that states that this file, c:windows/system32/drivers/ipec.sys, has been isolated. I connect to the internet through a wireless connection. Status shows connected but browser unable to connect. System is XP Home. Dell Optiplex DIM3000, Pentium 2.80GHz 2GB RAM.
What should I do??
Thank you

A:c:windows/system32/drivers/ipec.sys trojan horse hider

DownloadSystem lookCopy this script
:filefind
ipsec.sysPaste it in the BOXClick on LookPost the log

http://www.bleepingcomputer.com/forums/t/435272/cwindowssystem32driversipecsys-trojan-horse-hider/
Relevancy 109.65%

An AVG scan in safe mode is showing a Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sys

Other scans showed more concerns, See Attached DDS, GMER & TDDSSKIller scan results

Thanks much in advance!

A:Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sysAn

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/452093/trojan-horse-agent-raww-in-cwindowssystem32driversnetbtsysan/
Relevancy 109.65%

Hi my AVG anti-virus says that the status of quot C WINDOWS system drivers etc hosts quot is 'changed' should i be worried and if so how do i fix it ThanksDeckard's System Scanner v Extra logfile - please post this as an attachment with your post ---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional build SP Architecture X Language EnglishCPU Intel Pentium III processorPercentage of Memory in Use Physical Memory total avail MiB MiBPagefile Memory total avail MiB MiBVirtual Memory total avail MiB MiBA is Removable No Media C is Fixed FAT - GiB total GiB free D is CDROM No Media E is Fixed FAT - GiB total GiB free F is CDROM No Media PHYSICALDRIVE - ExcelStor Technology J - GiB - partition PARTITION bootable - Unknown - GiB - E PHYSICALDRIVE - FUJITSU MPD AT - GiB - partition PARTITION bootable - Unknown - GiB - C -- Security Center -------------------------------------------------------------AUOptions is set to notify before download Windows Internal Firewall is enabled AV AVG v Grisoft HKLM System CurrentControlSet Services SharedAccess Parameters FirewallPolicy DomainProfile AuthorizedApplications List quot windir system sessmgr exe quot quot windir system sessmgr exe enabled xpsp res dll - quot quot windir Network Diagnostic xpnetdiag exe quot quot windir Network Diagnostic xpnetdiag exe Enabled xpsp res dll - quot HKLM System CurrentControlSet Services SharedAccess Parameters FirewallPolicy StandardProfile AuthorizedApplications List quot windir system sessmgr exe quot quot windir system sessmgr exe enabled xpsp res dll - quot quot windir Network Diagnostic xpnetdiag exe quot quot windir Network Diagnostic xpnetdiag exe Enabled xpsp res dll - quot quot C Program Files Grisoft AVG avginet exe quot quot C Program Files Grisoft AVG avginet exe Enabled avginet exe quot quot C Program Files Grisoft AVG avgamsvr exe quot quot C Program Files Grisoft Do C:\windows\system32 Anti How Found Avg Changed Hosts It? \drivers\etc\ Fix I Virus AVG avgamsvr exe Enabled avgamsvr exe quot Avg Anti Virus Found C:\windows\system32 \drivers\etc\ Hosts Changed How Do I Fix It? quot C Program Files Grisoft AVG avgcc exe quot quot C Program Files Grisoft AVG avgcc exe Enabled avgcc exe quot quot C Program Files Grisoft AVG Avg Anti Virus Found C:\windows\system32 \drivers\etc\ Hosts Changed How Do I Fix It? avgemc exe quot quot C Program Files Grisoft AVG avgemc exe Avg Anti Virus Found C:\windows\system32 \drivers\etc\ Hosts Changed How Do I Fix It? Enabled avgemc exe quot quot C Program Files Messenger MSMSGS EXE quot quot C Program Files Messenger MSMSGS EXE Enabled Windows Messenger quot quot E Program Files Yahoo Messenger YahooMessenger exe quot quot E Program Files Yahoo Messenger YahooMessenger exe Enabled Yahoo Messenger quot quot E Program Files Yahoo Messenger YServer exe quot quot E Program Files Yahoo Messenger YServer exe Enabled Yahoo FT Server quot quot C Program Files Huawei technologies Huawei UMTS Data Card USB Modem exe quot quot C Program Files Huawei technologies Huawei UMTS Data Card USB Modem exe Enabled USB Modem quot quot E Program Files EA GAMES MOHAA MOHAA exe quot quot E Program Files EA GAMES MOHAA MOHAA exe Enabled Medal of Honor Allied Assault quot quot E Program Files EA GAMES MOHAA moh spearhead exe quot quot E Program Files EA GAMES MOHAA moh spearhead exe Enabled Medal of Honor Allied Assault Spearhead quot quot E Program Files EA GAMES MOHAA fpupdate exe quot quot E Program Files EA GAMES MOHAA fpupdate exe Enabled fpupdate quot quot C Program Files Internet Explorer IEXPLORE EXE quot quot C Program Files Internet Explorer IEXPLORE EXE Disabled Internet Explorer quot -- Environment Variables -------------------------------------------------------ALLUSERSPROFILE C Documents and... Read more

A:Avg Anti Virus Found C:\windows\system32 \drivers\etc\ Hosts Changed How Do I Fix It?

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
That frequently comes up in scans from AVG and does not usually indicate malware.

I don't see any indication of malware in your log. As long as you are not experiencing problems I don't think you have anything to worry about.

http://www.bleepingcomputer.com/forums/t/144913/avg-anti-virus-found-cwindowssystem32-driversetc-hosts-changed-how-do-i-fix-it/
Relevancy 109.65%

The following file keeps coming up as bad when I scan with Norton Power Eraser C windows system drivers rikvm C F sys Have asked various companies if this file is one of theirs and they say no but also suggest it s not a bad file Have no idea where this file came from and my computer continues to have difficulty Difficulty such as not being able to play my computer games Computers slows and my computer is no slouch Have completed a complete recovery and file is still there Mind you I completed Norton Power Eraser after installing printer and a few programs However I using showing when keeps power norton C:\windows\system32\drivers\rikvm_C6F09094.sys eraser noticed a thread started on this very issue which is now C:\windows\system32\drivers\rikvm_C6F09094.sys keeps showing when using norton power eraser locked and wanted help as well I have been scanning my computer with Norton Spy Doctor and I ve scanned it once with AVG and it comes up clean Please help and I would be interested in how my fellow member here resolves this very issue

A:C:\windows\system32\drivers\rikvm_C6F09094.sys keeps showing when using norton power eraser

Welcome aboard Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.NOTE. Make sure to reverse the above changes, when done with this step.Upload following files to http://www.virustotal.com/ for security check:- C:\windows\system32\drivers\rikvm_C6F09094.sys IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.Post scan results.

http://www.bleepingcomputer.com/forums/t/419066/cwindowssystem32driversrikvm-c6f09094sys-keeps-showing-when-using-norton-power-eraser/
Relevancy 109.65%

Ok im new here but I just had this trouble I downloaded and opened an adobe reader C:windows\system32\drivers\etc\hosts too) 7.5 detected Host a In file Change (log Avg file and since im paranoid about viruses i scanned my laptop after i did this Spybot didn t find anything but Avg Free Edition found that there was a Avg Hosts change in C WINDOWS system drivers etc hosts So i think i might have gotten something so heres my hijackthis log file Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System Avg 7.5 detected a Host Change In C:windows\system32\drivers\etc\hosts (log file too) smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe c Avg 7.5 detected a Host Change In C:windows\system32\drivers\etc\hosts (log file too) Program Files Common Files Symantec Shared ccSetMgr exe c Program Files Common Files Symantec Shared ccEvtMgr exe c Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe c Program Files Common Files Symantec Shared SNDSrvc exe c Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C WINDOWS system ctfmon exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS System svchost exe C Program Files Common Files LightScribe LSSrvc exe c Program Files Norton Internet Security Norton AntiVirus navapsvc exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C Program Files Vongo VongoService exe C WINDOWS system mqsvc exe C Program Files Hewlett-Packard Shared hpqwmiex exe C WINDOWS system mqtgsvc exe C Program Files iPod bin iPodService exe C WINDOWS system lxcrcoms exe C WINDOWS system dllhost exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe c Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C Program Files Microsoft Office OFFICE WINWORD EXE C WINDOWS system wscntfy exe C Program Files Mozilla Firefox firefox exe C DOCUME IFEOMA LOCALS Temp e C Program Files Common Files Real Update OB realsched exe C Program Files Adobe Acrobat Reader AcroRd exe C Program Files Spybot - Search amp Destroy SpybotSD exe C Program Files Grisoft AVG avgcc exe C Program Files Grisoft AVG avgwb dat C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd pavilion amp pf laptop R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll file missing O... Read more

A:Avg 7.5 detected a Host Change In C:windows\system32\drivers\etc\hosts (log file too)

bump
 

https://forums.techguy.org/threads/avg-7-5-detected-a-host-change-in-c-windows-system32-drivers-etc-hosts-log-file-too.736351/
Relevancy 109.65%

Hi, my AVG anti-virus says that the status of "C:\WINDOWS\system32\drivers\etc\hosts" is 'changed', should i be worried and if so how do i fix it?

Thanks.

A:Avg Anti Virus Found C:\windows\system32 \drivers\etc\ Hosts Changed.

Something nasty may have changed it. Do the following to confirm.Read this: Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer Then post a Hijack This log here: HijackThis Logs and Analysis

http://www.bleepingcomputer.com/forums/t/79840/avg-anti-virus-found-cwindowssystem32-driversetc-hosts-changed/