Tech Problem Aggregator

boot critical file c\windows\system32\drivers\ksedd.sys

Q: boot critical file c\windows\system32\drivers\ksedd.sys

Laptop - Dell Inspiron 1525 
Windows Vista
 
Been getting this message on failed start up repair since yesterday. System restore runs and says its completed successfully but then it just boots up doing the system repair again. I can't even get into the computer via safe mode (to see if there are any files on there that I really need)
 
Is there anyway to get into the computer to get my files that I might need off or fix this problem? 
 
Someone told me that I'd need the Windows DVD version of my version of Windows to fix this and a repair install doing? I have no idea what that means and the only DVD I have is a recovery one I made via the laptop a month or so ago, which someone told me if I use could wipe all my data and I really don't want that to happen. 
 

 
 
Thank you for reading. 

A: boot critical file c\windows\system32\drivers\ksedd.sys

Try performing a repair installation.  This will require the installation disc, if you do not have one you can download a ISO image and burn it to a disc to create one in the instruction as Window Vista Forums.

1 more replies
Answer Match 81%

Please help me with this issue. My son was running with an antivirus program not up to date.His lap top started to have problems at first he had the blue screen come up saying it was dumping virtual memory.

I tried to install webroot and update his anti-virus but no luck. next i went to safe mode with no results. Now when we start computer the start up repair comes on and runs we get the following message:

boot critical file c:/windows/system32/drivers/sshrmd.sys

My son has all his pictures on this computer {i know silly not to back up}

Could anyone tell me how to fix this problem?

More replies
Answer Match 78.9%

When i boot up my computer it doesnt reach the user login screen before it loads of startup repair. It looks for a fix but it doesnt find one. In the diagnosis the only error it shows is 'Boot critical file C:\Windows\system32\drivers\vmbus.sys is corrupt'. I have booted kaspersky repair disk and run a full scan which found no viruses or malware etc. From the startup repair window i have tried a system restore which had the same problem when attempting to boot. I can only access the system recovery options screen.

I am running windows 7 32bit, and i dont have a windows 7 disk but do have the windows 7 32bit iso file that i used to install windows 7.

I would be grateful for any help to resolve this issue.

Thanks in advance.

A:Unable to boot into Windows 7: Boot critical file C:\Windows\system32\drivers\vmbus.sys is corrupt

but do have the windows 7 32bit iso file that i used to install windows 7
so burn the win7 iso to dvd and see if you can boot to it and run the repair

25 more replies
Answer Match 76.44%

After getting my laptop (esystem) back from a charlatan that wanted to charge me 80 quid for getting rid of my bios password, i found the password and found that windows xp had been installed on it! the os was vista, i tried to reinstall vista but to no avail due to a message saying : windows failed to load because a critical system driver is missing or corrupt staus 0xc00000e9 file: windows\system32\drivers\acpi.sys
ican't get past this
any help would be appriciated, thanks.
 

A:Critical system driver is missing or corrupt staus 0xc00000e9 file: windows\system32\

hm ... I think that is referring to your HDD drivers. If you don't have a drivers disk already, then:

1.) Enter your BIOS
2.) Write down the make and model of your HDD
3.) Download the drivers for your HDD from it's manufacturer's website.
4.) Burn the driver to a disk (a jump drive might work, I can't remember)
5.) Your Windows installation menu should have a "load drivers" option some where.

EDIT: Nice catch, Archean! My tired brain didn't pick-up on that time-saving possibility.
 

3 more replies
Answer Match 75.18%

Good evening all,

New to the forum and I'm experiencing problems with my desktop running Windows XP Pro.

If I try to boot I get the message System32/drivers/ntfs.sys missing or corrupt

I have searched the forum and tried to do as advised here http://forums.techguy.org/windows-xp/923352-system32-drivers-ntfs-sys-missing.html

When I try to run Windows recovery console I get a blue screen with the same message :-( at part 3. of the above advice.

I'm guessing my drive has gave up the ghost but in true tight style I'm praying it is something silly and not the drive.

Any help or advice would be much appreciated. I'm not very good at fault finding but I know my way a round a PC well enough to do virus removal etc so not totally illiterate and able to follow any instructions given to me.

Plllllllllease someone help

 

A:Solved: System32/drivers/ntfs file missing or corrupt Cant boot or do anything I've t

16 more replies
Answer Match 75.18%

Hi.
I made a post in the hijack section already but I thought if anyone else in here has run into this problem b4 and solved it.
starting from tday, my pc just wont boot into the Vista32 OS and i get the following message:

Critical error - system32\drivers\ndis.sys missing or corrupt.
0x45d
0x80000FFFF (in log)

as a result, i cant get into windows to start removing the virus, so im stuck and i dont know what to do from here. all i can open is MSDOS using the Vista DVD.

plz plz help!

A:Critical error: system32\drivers\ndis.sys

Just to be more specific:

"system32\drivers\ndis.sys
0xc0000221
Microsoft failed to load because a critical system driver is missing, or corrupt"

5 more replies
Answer Match 70.56%

I earlier on used WinUtilities to delete duplicate files on my computer to free up space, and it deleted nvgts.sys from system32 >.< I turned my computer off, then a couple of hours later wanted to go back on it and got the following error in BIOS:
Windows could not start because the following file is missing or corrupt: system32/DRIVERS/nvgts.sys
I later learned that this was a Graphics Driver from nVidia, and that it was needed to run the computer.
I have been searching for hours now, unable to get access to a recovery/reinstallation disk or make one of my own.
I set a recovery point before this happened but don't think I can access this in BIOS.
What else can I do now?!
Thanks for any help, much appreciated.
I am on Windows XP by the way
 

A:Missing File: System32/drivers/nvgts.sys - Windows XP

Try performing an XP repair:
http://michaelstevenstech.com/XPrepairinstall.htm

Next time, don't delete files!
 

1 more replies
Answer Match 70.56%

Hi everyone

i am using windows 7 on my HP laptop.

I am trying to edit my host file . This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

The location of the file is: C:\Windows\System32\drivers\etc

The systems on my laptop seem to be incorrectly configured to prevent me from editing this file.

i opened the host file doc with notepad and then tried to edit it and save the file.

However, each time i tried to edit the file, my system gave me the following message:

You don't have permission to save in this location. Contact the administrator to obtain permission
Would you like to save in the My Documents folder instead?

this has to be incorrect - as i entered notepad as a system administrator . So i don't know why its giving this message.

is there anywhere where i can go on the system to reconfigure windows to allow me to edit this folder/ or to grant permission to the system administrator to edit the folder?

warm regards

Andreea

A:how do i edit my host file in Windows\System32\drivers\etc -

you need to turn off UAC first.

User Account Control - UAC - Change Notification Settings

remember to turn it back on if that is your preference

6 more replies
Answer Match 70.56%

hi i have been getting this result after scanning with AVG Antivirus for this file C:\WINDOWS\system32\drivers\etc\hosts; Result: Change, Status: Changed. Even when I scan again I am getting the same result. Has the file really been changed/healed or do I have a problem. Thank You. here is my processes logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:40:35 AM, on 10/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeF:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeF:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeF:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exef:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeF:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEF:\PROGRA~1\Grisoft\AVG... Read more

A:Is This File Infected? C:\windows\system32\drivers\etc\hosts

Hello flossist,It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. General system maintenance can change the Hosts file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correct to the file would have caused it to appear changed.Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.

2 more replies
Answer Match 70.56%

I've been following the instructions for removing Security Tool Malware that has infected my computer. One of the last steps instructs me to delete the C:\Windows\System32\Drivers\etc\HOSTS file. I used Windows Explorer to try and find the file, but I am unable to see it anywhere in any of the folders under my Windows folder.

Any ideas where I would find this file?

Thanks!

A:Cannot Find C:\Windows\System32\Drivers\etc\HOSTS File

Problem solved! I was able to get the answer on the live chat!

3 more replies
Answer Match 70.56%

my win 7 cant start getting this error repir disk or Usb cant correct it and tried FixMbr FixBoot rebuildbcd also but non of them are working. I hae dual win 7 and 10 but 10 is working fine

More replies
Answer Match 70.14%

During recent update Windows 7 failed to boot. Various attempts to "repair" also failed. One attempt did report it was due to a corrupt file:\Windows\system32\drivers\aswvmm.sys.
 
Have seen this mentioned several times here in the forum and always with a custom result. Can you help me.
 
Thanks
Amgeek

A:Win 7 won't boot corrupt Windows\system32\drivers\aswvmm.sys

Any time you are posting about a problem like this it is a considerable help to list the make and model of your computer or - if it is a self-build - the main components and the details of your OS such as SP1, 32 or 64 bit. But, no matter.
 
Have you tried booting in 'Safe mode' - usually achieved by tapping 'F8' while the BIOS screen is showing (the one with the maker's name all over it) ?  If you have tried 'Safe mode' will it boot into it ?
 
If you can get into 'Safe mode', choose the 'with command prompt' option. When you get to the command prompt type 'sfc /scannow' - note without the quotes and that there is a space between 'sfc' and /scannow - this will then attempt to fix any corrupted files. When it has finished running if your computer doesn't automatically re-boot, re-boot and see what happens.
 
If this doesn't work for you, post back with the details of your computer and a note of what 'various attempts' you have tried. After all, there is no point in asking you to repeat something you have tried and didn't work.
 
Chris Cosgrove

6 more replies
Answer Match 69.72%

Hello, im in desperate need of help here! So far everything ive tried has not worked. Upon browsing today i stumbled across a website that was deemed a possible "Attack site" by Firefox, shortly after i closed the page the following error message popped up repeatedly;Windows - delayed write failedFailed to save all the components for the file \\system32\000024b5. The file is corrupted or unreadable. This error may be caused by a PC hardware problem. This message pops up literally about 30-40 times every time i restart or attempt to close them, each error has different numbers/letters following \\system32\On top of this my desktop background has gone black, system check keeps popping up and cannot be closed only paused and most importantly almost everything within my username ie music/files/folders/desktop icons has disappeared!! which is a huge problem because a lot of it isnt backed up and theres work related things i cant afford to lose on there! My hard drive is telling me the same amount of space is being used as before so im hoping they havent ACTUALLY been deleted but when i try to view the main user folder it just says its empty?!...also programs/control panel/shortcuts to my documents have disappeared from the start menu.Two random messages saying "hardrive clusters are partially damaged. Segment load failure" and "RAM memory reliability is extremely low..." occasionally pop up from the ta... Read more

A:Critical error! Failed to save all the components for the file \\system32\....

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

13 more replies
Answer Match 69.3%

--------------------------------------------------------------------------------

Hi, i tried microsofts suggestion of renaming it to ntfs.old, then recopying it from the "disk" to c:\windows\system32\drivers.

recovery console came installed on my computer, so i did
"copy d:\i386\ntfs.sys c:\windows\system32\drivers"
it copied it back into it, so when i checked "dir c:\windows\system32\drivers" both "ntfs.old" and "ntfs.sys" were there.

i typed exit and my pc rebooted and i had the same ERROR.
my pc is a compaq presario s6500nx
before having this error i had the same error except instead of SYSTEM32\DRIVERS\NTFS.SYS it was SYSTEM32\DRIVERS\ISAPNP.SYS

i fixed that error the same way and it worked, so i am confused
as soon as i fixed the ISAPNP.SYS, i rebooted and the new error came up.

I have been locked out of my pc since Friday!! PLEASE HELP! cannot enter windows, even in safe mode. or last known good

sorry for the length of post
P.S. ran chkdsk /r already

THanks in advance!

A:"windows Could Not Start Because The Following File Is Missing Or Corrupt: System32\drivers\ntfs.sys" Please...

Hi, duncod2, welcome to BC!Try performing a Repair Install of Windows XP. This will reinstall Windows without erasing any of your data. You will, however, need to reinstall most programs.

1 more replies
Answer Match 69.3%

Ok, im new here, but I just had this trouble. I downloaded and opened an adobe reader file and since im paranoid about viruses i scanned my laptop after i did this. Spybot didn't find anything but Avg Free Edition 7.5
found that there was a Avg Hosts change in C:WINDOWS\system32\drivers\etc\hosts

So i think i might have gotten something so heres my hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:22 PM, on 8/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:... Read more

A:Avg 7.5 detected a Host Change In C:windows\system32\drivers\etc\hosts (log file too)

bump
 

1 more replies
Answer Match 68.88%

Hello.

I'm not sure what nasty I have. In normal mode, I get three critical error messages like below with different file numbers.

---------------
Critical Error!
Windows was unable to save all the components for the file \System32\496A8300. The file is corrupted or unreadable. The error may be caused by a PC hardware problem.
-------------

I have a black screen, can run nothing, cannot access files, cannot connect to the internet.

In safe mode, I can get the files to display and can access a CD and external hard drive, but still cannot access the internet.

I used a laptop to transfer DeFogger, DDS, and GMER. I ran Defogger, obtained DDS logs, but twice GMER caused a stop screen error: RQL_NOT_LESS_OR_EQUAL and dumped the memory - had to reboot.

Previously, I had run rkill, TDSS, and MBAM. Once, the TDSS log indicated it had stopped C:\WINDOWS\system32\grpcon.exe - I believe it was the third time I ran it. Otherwise I get zero files terminated. I cannot run MBAM. I get run-time error '53' mbamnet. I tried using randmbam.exe, but was still unsuccessful after 10 attempts.

I get locked up in safe mode and have to turn off the computer and restart the whole process. This morning, I missed the safe mode tap and when starting up in normal, Spybot popped up and stated it had terminated a file called win32.zbot.

Thank you for any help you can give me. I'm stumped on this one. I've been working with it for two days now and can&#... Read more

A:Critical Error! Failed to save components ..... file \System32\0006784

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

20 more replies
Answer Match 65.94%

Today I turned on my computer and a message from AVAST said that the file C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys was infected. So, I pressed 'delete' and I turned on my internet, which was working fine the other day, and it wouldn't work. I thought it might have been firefox, but I tried IE, Chrome, and Opera, none of the worked. I have three other computers, which are all on the same modem and they all work fine.

DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 11:17:07.84 on Sat 01/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.594 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1296 [VPS 100101-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WIN... Read more

A:C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys

Hello iJoe,

Is there any reason you ran RootRepeal instead of gmer? I'd prefer a log from gmer as outlined in our pre-posting topic.



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

1 more replies
Answer Match 65.94%

CD drive (D:) on my system doesn?t even exist, I have one DVD drive player and one DVD/CD burner named (F:) and (N:). When trying to manage drive letters in control panel under administrative tools disk management CD drive (D:) does not even show up, I usually have this letter reserved for an external hard drive, now none of my short cuts icons etc will work because I cannot change this letter back. The actual name of this mysterious drive in device manager is WDC WD3000JS-60PDB0, the drivers it uses is C:\windows\system32\Drivers\disk.sys and C:\windows\system32\drivers\PartMgr.sys any ideas on how to remove this. Thanks.

A:C:\windows\system32\drivers\disk.sys And C:\windows\system32\drivers\partmgr.sys

Well...you should use Disk Management to change drive letters...with the understanding that you cannot assign a letter that is already taken by any drive attached...until you change that drive's letter .This explains it better, Hard Drive Letter Assignments - http://support.microsoft.com/default.aspx?...844&sd=tech Louis

9 more replies
Answer Match 65.94%

My computer has been running slower lately. I found this forum and read about someone else having a similar problem, but not exactly here. In the log from the link I posted, SifuMike, posted this:Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.I opened up my HOSTS file at that location and there were other lines following 127.0.0.1 localhost. This is what was in there:# Copyright ? 1993-1999 Microsoft Corp.# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.# This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.# Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.# For example:#102.54.94.97 rhino.acme.com # source server #38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 bin.errorprotector.com 127.0.0.1 br.errorsafe.com 127.0.0.1 br.winantivirus.com 127.0.0.1 br.winfixer.com 127.0.0.1 cdn.drivecleaner.com 127.0.0.1 cdn.errorsafe.com 127.0... Read more

A:Avg Free Edition Scan: Found C:\windows\system32\drivers\etc\hosts And C:\windows\system32...

The entries you see below the local host are really BAD sites which are being redirected back to nowhere (your computer), so they can't call out. I don't know what put those entries in, quite possibly AVG or some other application you've used. They're a good thing. But ...In some computers, mine included, if a large hosts file is used, the DNS service has to be disabled. Otherwise the computer can get very, very slow for the internet access.More and better details herehttp://www.mvps.org/winhelp2002/hosts.htmand a quote:Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.To resolve this issue (manually) open the "Services Editor"Start | Run (type) "services.msc" (no quotes)Scroll down to "DNS Client", Right-click and select: PropertiesClick the drop-down arrow for "Startup type"Select: Manual, or Disabled (recommended) click Apply/Ok and restartrestart = REBOOT is a must. You can also stop and then disable the DNS service from Control Panel.See about the middle of that writeup. If I were you, I'd read the whole article. The thing that puzzles me a bit is that your hosts file isn't all that long and it sure is missing a lot of other very bad things.

5 more replies
Answer Match 65.1%

I read someone else's post with the same problem.. (he didn't have the shell32.dll one though) and I did what the other posts said. Here is my HijackThis Log. Please help me. And also.. lately Spybot - Search & Destroy hasn't been finding any spyware or anything at all. It used to find something every time I ran it.. but not anymore. I don't know if that has to do with these changes though. My Sims 2 game won't start anymore either. It reads the CD but it never starts. The game isn't scratched or anything.. maybe I just need to clean the drivers. But I thought since one of these changes says drivers in it.. that might be the reason why my game won't start. If you have any tips on how to help my computer run a little faster.. that'd be great too. I feel like my computer goes slower than it should. It's also been making a lot of weird noises lately. I'm sorry for listing so many problems.. I don't know if I'm supposed to post these here.. but if you could help me with all of that.. that would be really great. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:55:39 AM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files ... Read more

A:Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc...

..Update..A computer guy came and looked at my computer. He said I needed a new fan.. so I don't need help with that now. My Sims game also works now.I just need to know if I'm infected.. and if there's something wrong with my Spybot.. and how I could change my hosts back or whatever is wrong with them. Thanks. I have a new problem now though.. I can't watch videos on Mtv.com. When I pause them, they won't load anymore. Only if I play it.. and I don't have a very fast internet so.. it loads slow. So it always stops every 5 seconds. It's very annoying. It did it before.. but then worked sometimes. I thought it might have been the site or maybe a lot of people were watching it, but it hasn't been working at all now. Can you please help me with that too?

10 more replies
Answer Match 64.68%

On clean install of windows 10 immidiately after Setup begins getmessage--Windows Setup could nt install one or more boot critical drivers. To install WINDOWS, make sure that the drivers are valid and restart installation.-- How do I proceed? How doItell which drivers have failed to install and how do Idetermine if they are valid?

More replies
Answer Match 64.26%

MOD EDIT: Moved to different forum ~ stevealmightyNOTE: If it is deemed that the members computer is infect, please start HERE to post a HJT log. The reason why I did not move this to the misplaced HJT log thread is that a qualified malware expert may know right off whether you're infected or not just by looking at the title of the topic.Any questions, please feel free to PM me!C:\Windows\system32\ntoskrnl.exe and C:\Windows\system32\drivers\etc\hosts "changed"I ran an AVG antivirus scan, and under the virus results, it says that my C:\Windows\system32\drivers\etc\hosts and C:\Windows\system32\ntoskrnl.exe have been Changed. Object: C:\Windows\system32\ntoskrnl.exe Results:Change Status:ChangedObject: C:\Windows\system32\drivers\etc\hosts Results:Change Status:ChangedShould i be concerened about this? Have I been infected by some malicious program? If so, how do i solve it?Help would be greatly appreciated.Here is my HijackThis logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:58 AM, on 2/2/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Pack... Read more

A:Avg Antivirus Results Says My C:\windows\system32\ntoskrnl.exe And C:\windows\system32\drivers...

Go to Control panel > Programs and Features. Uninstall: DAEMON ToolsIt doesn't work with Vista.Next, Using Windows Explorer, navigate to and delete:C:\Program Files\DAEMON Tools Reboot/restart your computer.If you're still having problems, then please post a 'fresh' HJT log here (describing the problem(s)):http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

3 more replies
Answer Match 63.42%

I know a version of this forum has been started on here, but everything I have read, it is being said that they need to use the OS disc and run the repair and all that. But this is a Netbook with no CDROM drive. USB and SDcard drives, that's all. Is it possible to repair this without the CD? Even the onscreen message is the same message everyone gets, "You can attempt to repair this file by starting Windows Setup using the Original Setup CD-ROM." But no drive to do this.
It is an ASUS Netbook
OS is XP
 

A:Boot issue on netbook, missing or corrupted file Windows\System32\Config\System

Do you have or can borrow an external DVD drive? Then go into the BIOS and change the order so that USB is first boot option. Samsung and Lite-on do USB powered DVD RW drives made to use with netbooks, no doubt they could see a market for them with the millions of netbooks being sold ! Then you need an OS disc of the type you are using, and you can try a repair.
 

4 more replies
Answer Match 63.42%

If autoruns.exe finds entries which say "File not found" can I delete them in Autoruns window?I have these:i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys 0 File not found: About:Home UnlockerShellExtension File not found: CLSID\{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}\InprocServer32 ASCTRM File not found: C:\WINDOWS\System32\Drivers\ASCTRM.sys ATE_PROCMON File not found: C:\WINDOWS\System32\Drivers\ATE_PROCMON.sys bdfdll File not found: C:\WINDOWS\System32\Drivers\bdfdll.sys BW2NDIS5 File not found: C:\WINDOWS\System32\Drivers\BW2NDIS5.sys catchme File not found: C:\WINDOWS\System32\Drivers\catchme.sys Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys DarkSpy File not found: C:\WINDOWS\System32\Drivers\DarkSpy.syslbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys MEMSWEEP2 File not found: C:\WINDOWS\system32\26.tmp PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys PDRFRAME File not found: C:\WINDOWS\System32\Drivers... Read more

A:I2omgmt File Not Found: C:\windows\system32\drivers\i2omgmt.sys

What to uncheck and what notCan you remove File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys?Simple answer: no - as long as we are talking about these entries...They have always existed. Only Autoruns prior to v8.72 did not list them, because inside the registry the image path is not specified. "Image path" simply means the foldername plus the filename where the file is located.The fact that Autoruns v8.72 displays these driver entries does not qualify them for deletion.A valid driver entry does not necessarily have to include a valid image path. If there is none, then Windows will assume the default driver path which is "%Systemroot%\system32\drivers" plus filename.Autoruns "missing files"

3 more replies
Answer Match 62.58%

My computer is running fine without this file I just wanted to restore a older version of iOS for my iPod Touch and I apparently need to edit this file. Step 3

I know that I can create the 'hosts' file with MS Notepad but when I go to save it I get the message attached.

In the etc folder I have 'lmhosts' 'networks' 'protocol' and 'services'

This may help:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4057 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1805 Mb
Hard Drives: C: Total - 290204 MB, Free - 63897 MB; D: Total - 14999 MB, Free - 5592 MB;
Motherboard: Dell Inc., 0G848F
Antivirus: Microsoft Security Essentials, Updated and Enabled

Thanks
 

A:No 'hosts' file in system32\drivers\etc

6 more replies
Answer Match 62.58%

I had zero access and/or sirefef virus.  I have been able to remove the problem and all scans show no problems.  Problem now is slow computer.  when I start systernals autoruns I find this :
 
 
huunisen   File not found: C:\Windows\system32\drivers\huunisen.sys 
FileDisk   File not found: C:\Windows\System32\Drivers\FileDisk.sys 
efavdrv   File not found: C:\Windows\system32\drivers\efavdrv.sys 
dgderdrv   File not found: System32\drivers\dgderdrv.sys 
catchme   File not found: C:\Users\Darin\AppData\Local\Temp\catchme.sys 
 
 
Other symptoms: 
 
Can't create new file in explorer
QuickBooks will not load under my user name but will load under guest account.  I spent 4 hours with tec support from quick books looking at problem.  No solution.  ( I noticed quickbooks sending information to "amazonaw.cloudfront.net") 
I have un-installed and re-installed quick books, Iexplorer 11, and got rid of some other programs. 
I am running Intel I5  8gb ram and 128gig ssd  Eset smart security 7
 
Can anyone help with this? 
 

A:system32/drivers/ file not found

Hi DarinG,
 
I can't help you on huunisen.sys, however for the remainder I can offer the following:
 
efadrv.sys is part of Eset Smart Security - I would run a repair install which should rectify this problem
catchme.sys is a malware remnant and the entry can be deleted
Filedisk.sys probably belongs to Iolo System Mechanic
dgderdrv.sys belongs to Device Error Recovery SDK
 
 
If you have either of these last two programs installed, then a repair install should resolve the problems.  If not the entries can be removed.
 
Also, you can run sfc /scannow from an elevated command prompt which may replace any missing or corrupt system files.  Windows Repair (All In One) - http://www.bleepingcomputer.com/download/windows-repair-all-in-one/ - may also help.

1 more replies
Answer Match 62.16%

It seem I have the same problem as GW7777 C;\CI.dll Corrupt if any one could help I would really appreciate it. I have a Asus 64 bit laptop. When I tried Sfc/ scannow it kept telling me one is pending. I tried the dvds that came with the laptop but they wont even open up please help

A:Boot Critical File

Will anyone help me here?

9 more replies
Answer Match 62.16%

I have a system that I am tring to load Windows XP Pro on. Now I am running Windows 2000 Professional. I have the full blown XP Pro disk, but I am just trying to ungrade so I don't lose my data. I keep getting an error message.

Setup was unable to create, locate, or modify a critical file (C:\boot.ini) needed to start Windows XP. The parametrer is incorrect.
 

More replies
Answer Match 62.16%

My internet stopped working tonight, so I restarted it. When it restart it went directly to Startup Repair, it wasn't able to automatically fix anything. I've tried restarting it and even removed the hardrive and it does the same thing. I can't get past the startup repair screen. It is more or less shutdown and restart, contact the administrator or your computer provider. The "root cause" seems to be the following:

Boot critical file C:\Windows\System32\Drivers\uolbyzn.sys is corrupt

Any thoughts would be greatly appreciated. I am running on Vista Home Basic

A:Need Help:Boot Critical File C

Hello,

This is very strange. Normally from this position we would insert the Windows CD, boot to the Recovery Console and we would send you a list of commands to copy back the file from your Vista DVD. However, I do not have this file on my working Vista Home Premium, and searching Google comes up with not a single hit. It is a bit strange for a virus, but I suppose it could be. It is not any normal System file, or any normal file of any program. It is not even showing up in manual virus removal websites. Also, have you tried Safe Mode and Last Known Good Configuration?

Richard

10 more replies
Answer Match 62.16%

Hello Forum,

My wife's computer won't boot. I get the message, "Windows can not start because a file is missing or corrupt" System32\DRIVERS\pci.sys

It appears that the CD ROM was not operating properly for awhile prior to this problem although the computer was operating. Since the error message, the monitor has quit as well. The monitor will now not operate with or without being connected to the computer. I suppose that this may be just a coincedence.

I have searched the internet for fixes for this problem with System32\DRIVERS\pci.sys and have found numerous bits of information, advice and fixes but I still have not had any success. I tried using the XP Setup Boot Disk with no success. I was in the Recovery Console with no success. The Restore CD that came with the computer did nothing.

I am also looking for a way to tell if the CD ROM is working or not. I am wondering if there is a way to access the DOS window even though the XP is not loading and I have no access to "Start" or "run" etc.

Thanks for any help,
gal

A:Error: Corrupt File - System32\DRIVERS\pci.sys

Gal

You said you have tried various fixes buy have you tried this:

http://www.jsiinc.com/SUBK/tip5400/rh5410.htm

1 more replies
Answer Match 62.16%

Hi all, i cant start my p.c up into any sort of safe mode, or via xp cd or from E.R.D Floppy disks because i keep getting the following message:

windows xp could not start because the following file is missing or corrupt:

system32/DRIVERS/pci.sys

Please run windows xp setup cd and press 'r' to repair

but the thing is i cant access the cd because it wont auto boot and the E.R.D floppys get an error or another missing file: setupdd.sys and dmio.sys????

Anyone help?

A:Corrupt or missing file: system32/DRIVERS/pci.sys

Is BIOS set to boot from CD as first device?

3 more replies
Answer Match 61.32%

When I turn on my computer the following message comes up.
Windows could not start because the following file is missing or corrupt: system32\DRIVERS\isapnp.sys
You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM.
Select 'r' at the first screen to repair.

Can anyone give me step by step instruction on how to fix this???
Appreciated <3
 

A:following file is missing or corrupt : system32\DRIVERS\isapnp.sys

6 more replies
Answer Match 61.32%

"PLEASE 911" Was system restoring then on reboot screen went black and said windows could

not start because the following file is missing or corrupt: system32\drivers\nvatabus.sys

Do not have original set up cd tried last known good config does not work and safe mode as well not work

Anyone "PLEASE HELP" TY TY TY TY TY

ROBERT

A:File Missing Or Corrupt: System32\drivers\nvatabus.sys

There are a host of topics about that file. Below are 2 links that may help you even more.http://www.nforcershq.com/article637.htmlhttp://forums.nvidia.com/lofiversion/index.php?t10716.htmlAlso, do a search for that file name and read up on it, but those links above should give you a great start and fix to your problem.From what I read, it's a common problem and can be fixed.Hope that helps!

12 more replies
Answer Match 61.32%

Hi there,
 
Woke up this morning to a Malware bytes notice that I had this and it was listed 5 times. Ran MBR again twice, removed them, then ran Spybot. Rebooted, ran both again and it looks like they are gone however I just want to be sure I don't need to do anything else.
 
I've posted my FRST and Addition files below. Please let me know if there's anything to be concerned about or if I need to run anything else to ensure I've cleaned everything out. Thanks in advance!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Lysa (administrator) on LYSA-PC (22-01-2016 14:34:44)
Running from C:\Users\Lysa\Desktop\FIX
Loaded Profiles: Lysa (Available Profiles: Lysa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Pr... Read more

A:Hijack.Host file in System32\drivers\etc\hosts

Hello Han2013 and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do ... Read more

29 more replies
Answer Match 61.32%

A computer of a family member of mine has recently started showing the following message :
_____________________________________

Boot critical file is corrupt.
Repair action. File Repair

Result failed. Error code = 0x2
_____________________________________

I can still use windows fine, however this is a big nuisance, and i can think of no explanation of why this is happening. I have installed no new apps or hardware of any sort in the recent months either.

It is running Windows Vista Premium [ No service pack ]

I was wondering if anyone has had this problem, or if anyone knows how to fix this problem ?

Thank you in advance

Oliver

[ apologies if this thread is in the wrong area ]

A:Boot critical file is corrupt

Try startup repair and SFC. And install SP1.

Startup Repair
System Files - SFC Command
http://www.vistax64.com/software-too...heck-tool.html

1 more replies
Answer Match 61.32%

I was downloading a file from the internet, about half way through the download the computer shutdown and restarted.

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I suspect that I am infected and would appreciate your help and guidance on this.

Thank you.

Jan Soall

A:Boot critical file c:\ci.dll is corrupt

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

34 more replies
Answer Match 61.32%

Hello, I was downloading what appeared to be an update for Java but about halfway through the download my computer shut down and restarted.

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I suspect I have the exact same problem as referenced by Jan Soall and solved by m0le and farbar (http://www.bleepingcomputer.com/forums/topic396014.html). My computer is also a Toshiba and does not come with a disk to re-install Windows. I've picked up right where farbar started assisting on the thread and have downloaded and run frst64.exe. The resulting log is below.

Thank you SO MUCH for helping me with this.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1
Ran by SYSTEM at 2011-06-27 09:22:06
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: []
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-05-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 201... Read more

A:Boot critical file c:\ci.dll is corrupt

Hi Adam Liebman,Welcome to this forum and apologies for the delay.Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart and let the computer boot normally and tell me how it went.

6 more replies
Answer Match 61.32%

Hi,

PC spec - Windows 7 Pro (32-bit) Intel Core 2 Duo, 4GB Ram, 2x 250GB HDD

I think I have succesfully removed a Root Kit virus using Kaspersky TDSS Killler but would just like to make sure no other malware etc remains. I'll explain from the beginning.

1. PC was running fine then Windows start-up repair appeared. In the diagnostic & repair details it spotted an error - Boot Critical File E:\CI.dll is corrupt

2. could not repair, restarted, PC would'nt boot up

2. I searched online and found a thread recommending to use Kaspersky TDSS Killer.

3. the thread advised to boot-up with signature verification disabled (F10) - This worked but before I could use the TDSSKiller, the PC crashed. There was also several Trojans and worms being detected, eg: W32/Blaster.worm by what looked like windows defender, but not sure - having searched google about these, it may be a fake Anti Virus software running. I read W32/Blaster.worm does not affect windows 7? and nothing is being found on scans.

The signature verification option did'nt work after that PC crashed

4 Instead I created a windows recovery CD using a different PC - this allowed me to start the PC into Command Prompt MS DOS.

5 I ran the TDSS Killer Software directly from the a CD - after scan finished it said something about MBR, and use standard boot option, (sorry can't remember exact line) I clicked on yes to use standard.

6 PC restarted again as normal and everything seems to be running fine.

... Read more

More replies
Answer Match 61.32%

Hi my inspiron 1525 dell laptop keeps on shutting down . When restart repairs scans it comes up with the following errors

Root cause
Bugcheck C000021A
Boot Critical file is corrupt
Repair action :file repair
Result Failed error code=0x2

My Norton security is now not working due to the error

Can anyone help me

cheers cait

A:my boot critical file is corrupt

hi i did a restart scan and everything is ok now ... thank god

2 more replies
Answer Match 61.32%

The problems started yesterday when my computer went to blue screen and automatically shut down and restarted. This happened twice, then I did an AVG scan in Safe Mode. It placed several infections and a few malwares into the virus vault. However, it "did not test" dozens of files because they were "locked". There were Boot directeries that were listed among the locked files.

I restarted in Normal Mode, and got a message that Windows found a malicious file and "partially removed" it. When I clicked on the message to find details about the file, this webpage popped up: Encyclopedia entry: TrojanOS/Alureon.A - Learn more about malware - Microsoft Malware Protection Center
So the infection was TrojanOS/Alureon.A (edited to add: the smiley face appears where : D [without the space] is in the trojan filename)

About an hour later, the computer crashed and restarted again, then again a few minutes later. I did another scan and no malicious files were found.

When I turned the computer on 20 minutes ago, I got a screen telling me that the computer was unable to start, and Windows was searching for solutions. It apparently worked because I'm using the computer now. However, when I clicked to see the details of what happened, I saw this: "Boot critical file c:\windows\system32\kdcom.dll is corrupt".

So I don't know if it fixed the file or if it's still corrupt. I'm concerned my computer will have trouble rebooting. Thanks for any help in... Read more

A:Boot critical file is corrupt

Yes, use bootable Defender. I would later replace AVG crapware with Microsoft Security Essentials.

Work through Troubleshooting Windows 7 Failure to Boot.

If the infection doesn't clean up then post it up in our Security forum for expert help with specialized scans.

9 more replies
Answer Match 61.32%

Sup guys, every time i turn on my PC or restart it jumps to Windows is loading file and then starts doing start up repair and later on it would show me error log:

Root cause found:
Boot critical file C:\\ci.dll is corrupt

And then it would say:

Repair action:
Repair the file

What should i do?

A:Boot Critical File c:\\ci.dll Corrupted - HELP!

Another one?

There have been a few of these lately.

CI checks for unsigned drivers and checks that various system files haven’t been mucked about with by any nasties.

Suggest you try running sfc SFC /SCANNOW : Run in Command Prompt at Boot

Try a malware scan from a bootable a/v Avira AntiVir Rescue System - Download

If necessary replace ci.dll from another source e.g installation dvd.

9 more replies
Answer Match 61.32%

In a stupid moment I ran an exe which probaly contained malware... I saw MSE popping-up a warning that it detected 2 virus infections but before I had the chance to click "Remove it" the PC rebooted. It got into an endless loop of failing to repair startup issues. Within the log file, there was a bit of helpful information, ?Boot Critical File d:\ci.dll Corrupted?. Searching Google I found it is probably a rootkit or something like that.

From the recovery console i tried following things:
I tried restoring to the previous system restore point.
I tried restoring the ci.dll with sfc /scanfile=d:\ci.dll but that fails with the message: "There is a system repair pending which requires reboot to complete..."
Then I tried restoring the master boot record using bootsect /nt60 d: but that failes with the message "... The update may be unreliable since volume could not be locked during the update: Access is denied".
I also tried running FRST64.Exe but that crashes during the scan: "Line 3294 (File F:/FRST64.exe) Error: Error in expression"

Anybody who can help resolve this or is the only way out a clean install and does that guarantee that the rootkit is removed?

A:Boot Critical File c:\\ci.dll Corrupted

Well, the problem is resolved. I stumbled right after writing this message on the following article:http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspxSo the fix was as easy as running bootrec.exe /fixmbr

1 more replies
Answer Match 61.32%

i!

I have tried to solve this problem by myself but I dont get anywhere, so I need experts help. Recently my computer have blue screened a couple of
times: Usually when I run Pro Tools (music program) for some reason and used Internet at the same time. And yesterday it
went blue for the last time. Now when I try to restart the computer says it will try to fix the problems but it cant. My
computer only starts normally when use the last option (dont remember what it is called) in the boot option menu. So ive
downloaded the farbar recovery tool and it ran perfect. I will post the file here.
And also i should add, I?ve tried to run ESET online and it found a kryptik.PMR trojan!
So here is the post from farbar tool:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1
Ran by SYSTEM at 2011-06-27 08:48:55
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-24] (ECAREME)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-11] (AlcorMicro Co., Ltd.)
HKLM\...\... Read more

A:boot critical file c:ci.dll is corrupt

Hi,Welcome and I will be assisting you with this issue.Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
Folder: C:\Users\All Users\oB28601HbLnM28601
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart and let the computer boot normally and tell me how it went.

2 more replies
Answer Match 60.9%

when i look at driver details in some of my system devices i see a path that has the driver capitalized, adn when that is the case, in the gwneral tab the driver location is listed as unknown. anyone know the background on this?
 

More replies
Answer Match 60.9%

Ok so here is the problem,

I come to boot up the computer

Windows XP - Home

when booting in normal mode or safe mode I get the message

system32/drivers/ntfs.sys is missing or corrupt

please insert original windows disk and press 'r' on the first screen.

so i put in the disk and it says boot CD but then after a while it just comes up with the same message telling me to insert original disk.

I have tried this now with 2 different windows disks, iv changed to boot settings and this still does not work.

HELP

Matt
 

A:System32/drivers/ntfs.sys missing or corrupt (Cant boot)

To restore a missing or corrupt ntfs.sys file you must have the Windows XP CD and follow the below steps.

1.Insert the Windows XP CD into the computer and restart the computer.
2.As the computer is starting make sure to press a key to boot from the CD.
3.In the Windows XP setup screen press the 'R' key to run the Windows Recovery Console.
4.If prompted enter the number of Windows installation you're repairing.
5.At the command prompt type the below command.

copy x:\i386\ntfs.sys c:\windows\system32\drivers

* In the above example you would replace x: with the letter of your CD-ROM drive. Many computers have the CD-ROM drive configured as the D: drive.

6.If ntfs.sys is still on the computer you'll be prompted if you wish to overwrite the file. If prompted, press the Y key for Yes to overwrite the file.
7.Once the file has been successfully copied remove the CD and reboot your computer.
 

1 more replies
Answer Match 60.9%

Hi, i know there are other people with the same problem i have but i have it different.

" windows could not start because the followinf file is missing or corrupt:
system32\drivers\pci.sys "

And it says to select 'r' at the first screnn to start repair. i have the cd i i did the prossedure before but at this time the computer doens't read the cd , i hold the 'C' key , it worked before but not now , it just goes to the same screen with the message above.

Please, what shuld i do ? Can i just donload this file to my pen drive and boot just it ? i tryed to press the f12 key when it starts and when i choose cd\dvd or whatever it just send me back to BIOS.

i have: Toshiba Satellite M115-S1061
Windows XP

and all of my files are storaged in external hard drives and i just have a few simple softwares.

Please Help Me !!

A:system32\drivers\pci.sys error and boot cd doesn't load ! please help !

So have you tried booting from a Windows CD and attempted a repair off the CD?

10 more replies
Answer Match 60.9%

Please help if you know about system32\DRIVERS\pci.sys boot problem of Sony Vaio P4/XP. I have tried recovery, driver recovery discs but it seem to not get passed the boot straps at all..

Please help.. or any ideas to try...???
Thanks,
HapHazard
 

A:system32\DRIVERS\pci.sys boot problem of Sony Vaio P4/XP

Have you tried MSCONFIG?

If not run it and click on "expand file" (general tab)

File to expand: pci.sys
From: X:\I386
To: C:\Windows\system32

Where X is whatever letter is assigned your CD drive (you need your WinXP CD
for this), change it accordingly. If your system was preinstalled, you may
find this instead on the hard drive under C:\Windows\I386. If so, change the
"from" line accordingly. Reboot when finished.
 

1 more replies
Answer Match 60.9%

Please help if you know about system32\DRIVERS\pci.sys boot problem of Sony Vaio P4/XP. I have tried recovery, driver recovery discs but it seem to not get passed the boot straps at all..

Please help.. or any ideas to try...???
Thanks,
HapHazard
 

A:system32\DRIVERS\pci.sys boot problem of Sony Vaio P4/XP

Have you tried MSCONFIG?

If not run it and click on "expand file" (general tab)

File to expand: pci.sys
From: X:\I386
To: C:\Windows\system32

Where X is whatever letter is assigned your CD drive (you need your WinXP CD
for this), change it accordingly. If your system was preinstalled, you may
find this instead on the hard drive under C:\Windows\I386. If so, change the
"from" line accordingly. Reboot when finished.
 

1 more replies
Answer Match 60.9%

Will not boot just black screen with these words do not have recovery cd

will not go into safe mode or last good config- either PLEASE HELP 911

TY TY TY TY TY TY TY TY

ROBERT

A:Missing Or Corrupt File System32\drivers\nvatabus.sys Dont Now What Else To Do

What make/model of PC do you have?
Do you have the Recovery Console installed? If so, you can try running system restore from there.

1 more replies
Answer Match 60.9%

When I start up the computer I get the message:

Windows could not start because the following file is missing or corrupt

system32\DRIVERS\pci.sys

You can attempt to repair this file by starting Windows Setup using the original setup cd-rom
Select 'r' at first screen to start repair
I recently purcased a external hard drive with some software for data back up (Nero) I think I started getting these problems after the installatyion of the software.

What can I do to get Windows up and running again?

I can't put in windows setup disk because the computer came with XP preinstalled and I wasn't given the operating system on disk.

A:Why does the missing file 'system32/DRIVERS/pci.sys' prevent 'puter booting up?

Pci.sys is a very basic system driver that's loaded very early and therefore the boot process is stopped very early. the chances that other drivers are missing or corrupt are pretty good. Once you replace that driver, another one will cause the error and then that driver will have to be replaced, and so on. That said, you most likely need to do a repair install of windows, but you need a disk to do it. If you are able to replace it, you might be able to put the hard drive in another computer and copy pci.sys from that computer onto the hard drive. You also might be able to do it if you can get a bootable linux cd as there should be a backup copy of pci.sys in windows\system32\dllcache

3 more replies
Answer Match 60.9%

I was downloading a file from the internet, about half way through the download the computer shutdown and restarted.

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I would appreciate some help and guidance on this. Thank you.

A:[SOLVED] Boot critical file c:/ci.dll is corrupt

This error has been known to be caused by Windows Updates. Every reference I've read on that issue required a re-install of Windows 7 since nothing else worked.

Provided you've taken the sensible precaution of backing up your files before that happened, re-installing will not involve losing anything. Better still, if you've created a "System Image" which Windows 7 allows you to do (& which everyone should do as soon as possible after installation), restoring Windows will be even easier.

14 more replies
Answer Match 60.9%

Received a rather alarming error message when I tried to boot up my laptop earlier, after the first restart post-antimalware doctor removal.

Error message reads as follows: "Boot critical file c:\windows\system32\drivers\grpwcyi.sys is corrupt"

I have no Vista install disk, as it came pre-installed on my HP hard drive. Am I completely screwed, or is there some way to fix this that I haven't thought of yet? Any help whatsoever is appreciated.

A:Boot Critical File for Vista 32x is Corrupt!

grpwcyi.sys is not a legit file, so you're still infected.With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

1 more replies
Answer Match 60.9%

Hiya,

The missus has a mini notebook (ee) that has Windows 7 starter on it. Whilst using it last night, there were some updates from Microsoft available, and I set the updates in motion.

One of them was to install Explorer 9, and I declined that, as this is the wifes computer and she uses it for work, didn't want to stuff anything up.

Delayed doing the restart for a while as i was still doing some minoer work on a Word doc.

When it went to restart, it went into a screen trying to auto fix and issue. After much time and multiple attempts, it could not do it, and any restart went into the same mode.

In the end, it could not fix the issue.

From the error report, the following message comes up ;

Boot critical file
c:\windows\system\system32\ntkrnlpa.exe is corrupt
Error code 0xa

As this is a mini notebook, it doesn't have any floppy disc etc, and I can't even get it to start in safe mode to try and fix.

Help !!!

Thanks

Michael

A:Boot critical file corrupt - Win 7 starter

Quote:





Originally Posted by bacchy



Boot critical file
c:\windows\system\system32\ntkrnlpa.exe is corrupt
Error code 0xa




That is the Windows NT Kernel.

Try and boot using the HDD recovery partition - try system repair from there.

While the timing with the Windows Updates may make hardware failure seem unlikely - it is a possibility.

0xa = driver referenced invalid or bad memory. It could be either software or hardware (specifically RAM) related.

Regards. . .

jcgriff2

`

1 more replies
Answer Match 60.9%

I was surfing the net with Firefox just after an update. When suddenly my laptop restarted and started a Startup Repair. I let it run but it still repeated so i tried to do a system restore, but that didn't work either, I even tried to run sfc /scannow which told me to restart my computer. Right now, I'm using my friend's computer looking for solutions when i came upon another thread on this site with the same issue. And feel that I might have the same problem.I read through the thread and followed it up to the getting a scan with the Farbar Recovery Scan Tool x64, but stopped their.Here's what I received:-----------Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1Ran by SYSTEM at 2011-06-25 00:09:17Running from G:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry ==========================HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [IgfxTray] C:\Windows�... Read more

A:Error: Boot Critical File c:\ci.dll is corrupt

Hi,Welcome to this forum.Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsOpen notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
2011-06-23 09:34 - 2011-06-23 09:34 - 0000000 ____D C:\Users\Steven\Desktop\ESO_v375
2011-06-22 21:49 - 2011-06-22 23:07 - 2726873889 ____A C:\Users\Steven\Desktop\ESO_v375.rar
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on ... Read more

11 more replies
Answer Match 60.06%

Hi,

I'm an intern with an NGO organization where one of the desktop computers started having problems about a week ago. The computer is a Dell running Windows 7. Every morning, the first person to turn it on sees a whole bunch of updates being installed. The boot screen is irregular, it doesn't include the F2 or F12 options for changing the setup, and it never goes to the log screen. Instead, it goes to a "Startup Repair" window, runs a "scan" that can't be canceled, and then reports that Windows was unable to fix the problem and offers an option to restart. If I click to see the full diagnostic, everything checks out except the last item, which says that "critical boot file ci.dll is corrupt." If I go to "Advanced Diagnostic Tools," it doesn't allow to me do a system restore or much of anything else besides open the command prompt, and I can do only limited diagnostic tasks from there. If I restart, though, it restarts and functions perfectly normally. I installed Avast on there when I started working with it and the full virus scan finds no problems. The computer functions normally for the rest of the day; however, when I go to shut it down after 5 oclock, it says that it's installing 67 updates, every single day.

I can't figure out whether this is some bizarre virus that just makes it take a little longer to use the computer every morning, or a much more malicious virus whose effects simply haven't mani... Read more

A:Once-a-day startup problems, saying "boot critical file c:\ci.dll is corrupt"

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwareNOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program bef... Read more

2 more replies
Answer Match 59.64%

Every time the computer is turned on or restarted it runs Starup Repair. When i look at the diagnosis it says 'boot critical file c:\ci.dll is corrupt'. I have already tried to restore the computer but i don't have the discs where i have backed up the computer. I have also run a virus scan with Avira and it did pick up 4 viruses and i removed them but the error still occurs. If someone could help me and give me guidance it'll be much appreciated.

A:Startup Repair error : Boot critical file c:\ci.dll is corrupted

After the PC tries the start up repair, select advanced options. From there you should be able to access CMD.

Once you get CMD open run this command. sfc /scannow -This will scan the integrity of all protected system files and repairs the system files if needed.

2 more replies
Answer Match 59.64%

Hi there, can anyone please help me?I am totally new to computers, have vista home basic. When I start my computer in the morning it comes up saying boot critical file corrupt. I go throught the motions of searching for a solution and it says the following:

Bugcheck c000021a
Parameters = 0x8c40140, 0x0
0xc0000001, 0x1004c8.
Boot critical file corrupt.

Repair action: File repair
Result: Failed, error code - 0x34
Timetaken = 3588 ms

Repair action: Sysyem restore
Result: Failed, error code = 0xe
Time taken = 44944 ms

Repair action: Systems File integrity check and repair
Result: Failed: Error code = 0xe
Time taken = 14102 ms

I am told to shut computer down, and when I restart everything is fine. Does anyone know what this is and how to fix it?
Any help very much appreciated1!!

A:Trouble starting computer (Boot critical file corrupt).

boot from the vista dvd
on the bottom left of the install screen
click on the repair option
run
chkdsk /r

1 more replies
Answer Match 59.22%

Hi There!My housemate's laptop has a virus and they asked me to help fix it. By the looks of it they have the "Data Recovery Virus" on their laptop. Ran various virus scans and removed about 200 malicious files, but still no joy. Upon startup several boxes pop up stating:"Failed to save all the components for the file \System32\0000390c. The file is corrupted or unreadable." Each box has a different sys32 file, including ..em32\00004509 and ..em32\0000767d. I've ran spybot and SUPERAntiSpyware, both removed a whole load of crap on the laptop but not the damn virus im after!Also ran Security Check: Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: MVPS Hosts File Spybot - Search & Destroy Java™ 6 Update 22 Out of date Java installed! Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date! Mozilla Firefox (x86 en-GB..) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ``````````End of Log```````````` Running a comprehensive virus scan (again) atm, will post SAS results when its done.Any help with this would be greatly appreciated

A:Data recovery virus - Failed to save components for the file \System32\(several system32 files). The file is corrupte...

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/27/2011 at 04:10 PM

Application Version : 5.0.1134

Core Rules Database Version : 7856

Trace Rules Database Version: 5668

Scan type : Complete Scan

Total Scan Time : 01:16:31

Operating System Information

Windows 7 Home Premium 64-bit (Build 6.01.7600)

UAC Off - Administrator

Memory items scanned : 306

Memory threats detected : 0

Registry items scanned : 71337

Registry threats detected : 0

File items scanned : 225087

File threats detected : 18

Adware.Agent/Gen-Pinball

C:\PROGRAM FILES (X86)\MOSSYSKY\BIN\1.0.16.0\MOSSYSKYSACB.EXE

C:\Windows\Prefetch\MOSSYSKYSACB.EXE-0EB24479.pf

Trojan.Agent/Gen-FakeAlert[Local]

C:\PROGRAMDATA\1KALMIG2KB7FZP.EXE

Adware.Tracking Cookie

cdn1.image.freeporn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

ec.atdmt.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

files.youporn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

ia.media-imdb.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

s0.2mdn.net [ C:\USERS\LISA\APPDATA\ROAMING&#... Read more

6 more replies
Answer Match 58.8%

I was using the computer when all of a sudden it shut down. When I turn it back it on, it automatically tries to do a Startup Repair. After several minutes, I get the message: "Startup Repair cannot this repair this computer automatically." When I click on "View problem details," everything looks fine except for "Root cause found: Boot critical file D:\CI.dll is corrupt." This happens every time I try to retart the computer. I've tried System Restore and System Image Recovery to no avail.

Thanks in advance for your help.

A:Computer won't restart: "Root cause found: Boot critical file D:\CI.dl

1. Insert the Windows installation DVD into the DVD-ROM; Click Exit if the auto-menu pops up.
2. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
3. At the command prompt, type the following command, and then press ENTER:
sfc /scannow

9 more replies
Answer Match 57.96%

I have only one problem with my laptop and that is at the start-up. I open up my laptop, and what I see is that there are several drivers that Windows is searching for, but cannot find.

So, as a pretty advanced user, I simply downloaded the required drivers and installed them.

But when I re-started my computer, the "Searching for Drivers" pop up came up again.

So, I took the software approach. I downloaded Driver Genius, and then Driver Robot to install drivers that are supposedly missing. They installed the drivers, but when I re-started the computer, the deplorable screen cam up again.

I realised then, that the drivers are actually installed, but Windows cannot seem to be able to find them at all....

Kindly help me with this, as there seems to be some serious driver problems.

Kind Regards,
RawVix
Newbie

UPDATE:

The Driver that the System cannot find is Intel 5 Series Chipset 3400 - SMBus SB30.

I hate tried re-installing the Chipset, but it does not install for some reason...

Any help?

A:Critical Drivers not found on Windows Start-up, but are really present

  
Quote: Originally Posted by RawVix


I have only one problem with my laptop and that is at the start-up. I open up my laptop, and what I see is that there are several drivers that Windows is searching for, but cannot find.

So, as a pretty advanced user, I simply downloaded the required drivers and installed them.

But when I re-started my computer, the "Searching for Drivers" pop up came up again.

So, I took the software approach. I downloaded Driver Genius, and then Driver Robot to install drivers that are supposedly missing. They installed the drivers, but when I re-started the computer, the deplorable screen cam up again.

I realised then, that the drivers are actually installed, but Windows cannot seem to be able to find them at all....

Kindly help me with this, as there seems to be some serious driver problems.

Kind Regards,
RawVix
Newbie

UPDATE:

The Driver that the System cannot find is Intel 5 Series Chipset 3400 - SMBus SB30.

I hate tried re-installing the Chipset, but it does not install for some reason...

Any help?


Hi RawVix, if there are no win 7 drivers available for the chipset try downloading the vista drivers and install them in compatibility mode Compatibility Mode

1 more replies
Answer Match 57.54%

We made the mistake of ordering Dell pcs for work (Never Again & we advise against it!) because they do not include Windows OS disks with the units. They include it on a partition of the HD: (-nice of them).

Now one system will not boot up and it is completely out of the question to restore the system to it's original factory setting because of the monetary value of the files that will be lost.

Technically, all it's missing is the WINDOWS/SYSTEM32/... file(s) and on any "normal" pc, popping in the WinXP disc on boot and hitting "r" usually solves that problem. However, F5 and booting the system at its last working condition does not work. Thanks to Microsoft's security features, we cannot use another XP disc to fix this problem. And I will never contact Dell's support line since they've tried to charge us for technical support before they'd give us any help. And this was on a brand new pc that we just purchased. (For some reason did not boot up and they wanted to charge us in order to get it started! - Main reason I will NEVER purchase a computer from Dell ever again.... no CD's is the 2nd reason.)

Anyway, the only option we have is to take it in for servicing or place the HD in a second pc.

Any other options?

Thanks.
 

A:Dell pc missing System32 file: won't boot.

13 more replies
Answer Match 57.54%

You probably heard it a 100 times, but would you please help me as well?
This is making me extreamly mad. I have a new PC and it came with the problem.
Here is the file you may need:

Logfile of HijackThis v1.97.7
Scan saved at 7:46:04 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Progra... Read more

A:system32 file opening at startup/boot

9 more replies
Answer Match 56.7%

hi i was infected with the trojan csrss.exe and could not delete it, so tried in safe mode and still coudlnt delete it.

i did a search and found 3 verisons of csrss.exe, i deleted 2 of them but 1 was in the system32 folder and has caused my laptop to power up and then restart again

i have read a few other people threads on this and have found that the onyl way may be to restore windows, however with my laptop i received no software disc as it was pre installed by sony.

when truning the laptop on it gets past the boot screen and i then get the message

"Stop: x000021a {Fatal System Error}
The session manager initialization system process terminated unexpectedly with a ststus of 0xc0000034 (0x00000000 0x00000000).
The system has been shut down

i have tried starting in safe mode, last known good configuration, and also disabeling automatic restart

would really appreciate it if anybody could help me as i am really struggeling!

Thankyou in advance

A:Deleted csrss.exe from system32 file and cannot boot up anymore

sounds messy.

I would perform a repair installation of windows xp.

Method 2: Reinstall Windows XP by starting your computer from the Windows XP CD
To reinstall Windows XP by starting your computer from the Windows XP CD, follow these steps:
1. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
2. When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.

Note Your computer must be configured to start from the CD-ROM or DVD-ROM drive. For more information about how to configure your computer to start from the CD-ROM or DVD-ROM drive, see your computer's documentation or contact your computer manufacturer.
3. You receive the following message on the Welcome to Setup screen that appears:
This portion of the Setup program prepares Microsoft Windows XP to run on your computer:

To setup Windows XP now, press ENTER.

To repair a Windows XP installation using Recovery Console, press R.

To quit Setup without installing Windows XP, press F3.
Press ENTER to set up Windows XP.
4. On the Windows XP Licensing Agreement screen, press F8 to agree to the license agreement.
5. Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
6. Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of... Read more

9 more replies
Answer Match 56.7%

Hi,

My girlfriends laptop recently stopped booting, and started displaying the following:

Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

I've looked on loads of different sites that explain how to fix it. I've tried fixing it via the recovery console (by using the windows xp disc), but it always says the file to be copied cannot be found, so now Dell (the manufacturer) think it could be a problem with the dvd drive that is reading the windows xp disc.

Does anyone know of any other way to fix this?

Thanks

A:system32\config\system file missing on boot? help please!

Hello and Welcome to TSF

You can replace the drive to see if it is actually the drive that is not reading the cd
Are you sure you are directing it to the correct drive?

3 more replies
Answer Match 56.7%

I had to do a system recovery a week ago. Ever since then computer constantly Freezes and Crashes.
HP Pavillion Slimline s5713w, with Windows 7 Home Premium x64, SP-1.
Went to System Info: many Drivers are listed as "critical"
Went to Windows Error reporting: many "Fault bucket" (including: blue screen, AppCrash)
I think I need to wipe the whole thing out and start over???
Any help would be appreciated.

More replies
Answer Match 56.7%

I have a stand alone pc with windows xp
these are located in C:\Windows\System32\drivers\etc

do these look ok?

filename : Quotes - what the heck is this for and why cant I open or delete it?

"My spelling is Wobbly. It's good spelling but it Wobbles, and the letters
get in the wrong places." A. A. Milne (1882-1958)
%
"Man can climb to the highest summits, but he cannot dwell there long."
George Bernard Shaw (1856-1950)
%
"In Heaven an angel is nobody in particular." George Bernard Shaw (1856-1950)
%
"Assassination is the extreme form of censorship."
George Bernard Shaw (1856-1950)
%
"When a stupid man is doing something he is ashamed of, he always declares
that it is his duty." George Bernard Shaw (1856-1950)
%
"We have no more right to consume happiness without producing it than to
consume wealth without producing it." George Bernard Shaw (1856-1950)
%
"We want a few mad people now. See where the sane ones have landed us!"
George Bernard Shaw (1856-1950)
%
"The secret of being miserable is to have leisure to bother about whether
you are happy or not. The cure for it is occupation."
George Bernard Shaw (1856-1950)
%
"Here's the rule for bargains: "Do other men, for they would do you."
That's the true business precept." Charles Dickens (1812-70)
%
"Oh the nerves, the nerves; the mysteries of this machine called man!
Oh the little that unhinges it, poor crea... Read more

A:C:\Windows\System32\drivers\etc?

6 more replies
Answer Match 56.7%

Hello,

Recently, I have ran Malwarebyts multiple times and each time it tells me that C:/WINDOWS/drivers/system32/str.sys is an infected file that will be removed after my computer is restarted.
After multiple restarts, it still does not get removed.

This is my first time posting on this forum, and the "first steps" link does not really say what i need to have posted.

Please let me know what i need to do.

A:C:/WINDOWS/drivers/system32/str.sys

I just noticed the checklist, but every time i run the DDS, my computer goes into a bluescreen. Is there anything else i can do/try?

19 more replies
Answer Match 56.7%

had "security tool" malware infection. Used the uninstall guidlines on this site and was doing fine until line 19
in the instructions. I was able to delete the windows\system32\drivers\etc\HOSTS, but I am lost as to what to do now.

A:where can I get windows\system32\drivers\etc

You can download the default HOSTS file for your operation system.Windows XP HOSTS File Download LinkWindows Vista HOSTS File Download LinkWindows 2003 Server HOSTS File Download LinkWindows 2008 Server HOSTS File Download LinkWindows 7 HOSTS File Download Link-- Note: If the contents of the HOSTS file opens in your browser when you click on the download link, then right-click on it and select Save Target As... if using Internet Explorer, or Save Link As... if using Firefox.Also see How to reset the hosts file back to the default. To do this automatically, click the button. Click Run in the file download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

5 more replies
Answer Match 56.7%

Please take a quick look at the attached and see if you can you help me remove the viri-

thx wood

A:C:\WINDOWS\system32\drivers\str.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more

2 more replies
Answer Match 55.86%

Today I turned on my computer and a message from AVAST said that the file C:\Windows\System32\Drivers\szkimzl.sys was infected. So, I pressed 'delete' and I turned on my internet, which was working fine the other day, and it wouldn't work. I thought it might have been firefox, but I tried IE, Chrome, and Opera, none of the worked. I have three other computers, which are all on the same modem and they all work fine.Here's the DDS Log:DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 19:56:43.29 on Wed 01/13/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.592 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: avast! antivirus 4.8.1296 [VPS 100101-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1... Read more

A:C:\Windows\System32\Drivers\szkimzl.sys

Again, sorry but there isn't an option to add attachments.Here's the attach:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 6/27/2008 5:44:01 PMSystem Uptime: 1/13/2010 6:28:00 PM (1 hours ago)Motherboard: ASUSTek Computer INC. | | NODUSM3Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 224 GiB total, 162.984 GiB free.D: is RemovableE: is RemovableF: is RemovableG: is RemovableH: is FIXED (FAT32) - 9 GiB total, 0.535 GiB free.I: is CDROM ()J: is RemovableK: is CDROM (CDFS)L: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: TAP-Win32 Adapter V9Device ID: ROOT\NET\0000Manufacturer: TAP-Win32 Provider V9Name: TAP-Win32 Adapter V9PNP Device ID: ROOT\NET\0000Service: tap0901Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: TAP-Win32 Adapter V8Device ID: ROOT\NET\0001Manufacturer: TAP-Win32 ProviderName: TAP-Win32 Adapter V8PNP Device ID: ROOT\NET\0001Service: tap0801==== System Restore Points ===================No restore point in system.==== Installed Programs ======================????AAC DecoderAdobe Download ManagerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 7... Read more

2 more replies
Answer Match 55.86%

Hi

I am unable to switch on the antivirus section of my PCGuard downloaded from Virgin Media. When I run the diagnostic it says the reason it fails is C:\WINDOWS\system32\drivers\klif.sys is not found, when I google this it says something about trojan viruses, is the case and what should I do next?

A:C:\WINDOWS\system32\drivers\klif.sys

klif.sys can be related to Kaspersky anti-virus - see here.Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Do you now or have you ever had a Kaspersky product installed on your system?

1 more replies
Answer Match 55.86%

Hi there,Been through all steps described, scanned with:Adaware 2007AVG Network Ed 7.5 SpybotStingerAll defs up to date and windows updates installed.This little blighter keeps coming back:c:\windows\system32\drivers\smtpdrv.sys infected with Backdoor.Generic_c.AEWBelow is the HijackThis log.It goes without saying that I am extremely grateful for any help you may offer.Many thanks,ChambLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:09:52, on 20/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\ThpSrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32 ... Read more

A:C:\windows\system32\drivers\smtpdrv.sys

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chambaMy name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of a... Read more

1 more replies
Answer Match 55.86%

Hi,

I was having porblem accessing some webistes and was told to remove line(s) in this file using notepad. It only made things worse and I can't access things like google/gmail or other websites.

I need help, what do I have to do?

More replies
Answer Match 55.86%

I'm having various problems with both XP and Vista PC's but the XP problem is more urgent. I have not been able to view some websites correctly. Whether this 'thing' that AVG has picked up is anything to do with it I obviously haven't a clue. The PC is running very slow and IE keeps closing. When I go to some webites I am getting the page 'Internet Explorer cannot displaythe web page' or I can get to the first page but cannot view the category pictures - there is a small box with a red cross. I hope I've explained this in enough detail. It's doin' mi 'ead in!Thanks in anticipation.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:27:33, on 23/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Goog... Read more

A:C:windows\system32\drivers\etc\hosts

Hello Dand-e-lionApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.NextPlease do an online scan with Kaspersky WebScannerClick on Accept ButtonYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:Save the f... Read more

4 more replies
Answer Match 55.86%

Once I started my computer, Pop-ups from AVAST said that C:\WINDOWS\system32\drivers\atapi.sys was infected. I do not know how to remove or fix the problem.

Here's the DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 11:00:05.28 on Tue 12/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.421 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1296 [VPS 091222-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\i... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Answer Match 55.86%

Here are the files compiled from scans I have run per instructions from Boopme. I have a Rootkit that needs to be deleted.

Thanks for any help.
DDS (Ver_09-09-24.01) - NTFSx86
Run by Dave at 16:23:06.12 on Sat 09/26/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.377 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Softwar... Read more

A:C:\Windows\System32\drivers\ESQULivowxinkvxtrwvipcceiyeeyipcswylp.sys

Hello curundu,You have a nasty rootkit on this computer. Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect ... Read more

11 more replies
Answer Match 55.86%

I start my OS and I hear a orchastra sound every minute or so with a redX and WINDOWS\System32|drivers\ntndis.exe
I went to HJT and dowdloaded and did scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:20 AM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/sv... Read more

More replies
Answer Match 55.86%

The following error message appears when I power up my laptop: C:\Windows\System32\drivers\ntndis.exe. I get locked at that time and can't proceed with anything.

A:C:\windows\system32\drivers\ntndis.exe

Hi missyf,Check if this link helps you: http://www.bleepingcomputer.com/startups/n....exe-14934.html

1 more replies
Answer Match 55.86%

This was posted under Operating Systems, which works fine until I connect it to other computer..Then I have this problem..how do i go about this? I'm gonna RE-INSTALL XP again, and see if we can do "VIRTUAL TECH" .Thats where YOU become the teacher, as long as I haven't already tried it, or your just not sure..here's what happened...

Desktop board 815EEA w/chipset 815E running windows 98-2000.. I decided to install windows XP from my Dell...So I took out 20GB harddrive from 815EEA(other computer) and installed Windows XP cd. I did windows updates, intel updates for the controller and desktop board...but,what i did was connect the 815EEA harddrive to me secondary master and did the updates and install before connecting it to 815EEA...NOW I can't even get into safe mode, sometimes I can do F8, and Bios Set Up I can do..First a blue Intel Desktop Board screen and then it goes blank or safe mode...and while Im in the safe mode options and chose safe mode or any other one... windows\system32\drivers and a couple dozen extensions scroll down the page..I thought plug n play could bring up the internal basics for start up, i've formatted harddrive and re-installed XP a few times with different installs but same outcome..I've done windows updates, Intel latest bios, utility tools, and even tried to force an extraction from winzip..But nothin..I'm sure its the drivers or just the desktop board thats not right.I'd like to know how or if... Read more

A:WINDOWS\SYSTEM32\DRIVERS\(multiple).SYS

6 more replies
Answer Match 55.86%

Help i think i have one of those stupid adobe reader fake update viruses.
My malware software and avast are not getting rid of it.
help help

A:windows\system32\drivers\mshcmd.sys.

Hello and welcome. I moved this to the Am I Infected forum.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and c... Read more

3 more replies
Answer Match 55.86%

I have a friends laptop it is a sony vaio, 2009 i believe, its running vista home premium edition. and anytime I begin to turn on the computer the vaio splash screen shows up and then it goes to a black screen with an error message telling me part of the boot file is corrupt or missing. stating that the file is \Windows\System32\drivers\ecache.sys I attempted the f8 key while it starts up, none of those options work and there isn't one for repair computer, i've also attempted putting in two different startup repair disks. for a while it was working but there is no system restore date available so i attempted some things through the command prompt, after many fails I ran a C: chkdsk \f and was gunna follow it with a C: chkdsk \r but after restarting it, the cd begins to load and promptly brings me to a black screen with only a mouse, never to complete loading... i'm at wits end and attempting to repair his computer without deleting all of his files for there are pictures of his childeren on there. I"m out of ideas and anyones help would be greatly appreciated. I myself am using a dell xps m1530 with the same running system. thanks for the help ahead of time

"I haven't failed, only found 10,000 ways that won't work"

A:\Windows\System32\drivers\ecache.sys

See if you can boot into the Recovery partition - press F10 during boot-up. Run System Repair.

If no-go, you need the Sony Vista recovery DVD for that system.

Regards. . .

jcgriff2

`

1 more replies
Answer Match 55.86%

I know my computer is infected becasue when I try to click on a link I'm redirected to another site and sometimes I get some weird popups.I ran SUPERAntiSpyware and AVG and it just says I have tracking ads but nothing else but every so often I get a warning from AVG about C:\WINDOWS\system32\drivers\atapi.sys being infected but nothing happensThanks for your help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 15:41:12.44 on Thu 03/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.189 [GMT -7:00]AV: Paladin Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\S24EvMon.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Pro... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hi aweber422,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.************Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsDownload ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe &... Read more

13 more replies
Answer Match 55.86%

Hi friends,
Every time i start my pc it gives me an error that it cannot find this particular file. Can you please help me with it. I tried installing xp repair pro 2007 but it did not help. Also i m not a pro at using the computer so please explain me in simple terms what all i need to do to get rid of it. Any help will be appreciated.
 

A:C:\WINDOWS\system32\drivers\conime.exe

16 more replies
Answer Match 55.86%

Hi Everyone,I stupidly turned off my firewall while trying to serve on this computer. It is a SuperMicro XP machine, Service Pack 2, Pentium R 4 CPU 3,00 GHz, 2.99 GHz, 1 GB RAM. No CD Drive. I bought an external one, but the driver came on a little disk that the external CD drive won't read so I haven't been able to install it yet. I have to download things. I got this trojan, and Time Warner Cable even called me to tell me my machine was being used as a zombie to send spam to other customers. ESET NOD 32 v. 4417 identified C:\WINDOWS\system32\drivers\ntfs.sys - a variant of Win32/Kryptik.ABXas a file it couldn't clean. I get dialup popup boxes saying connect to z-connect. I close them, and ESET then says attack blocked. I configured my firewall with rules now to serve and block, but I still can't get this thing off my machine. Here is my Hijack this file. I hope I'm posting in the right place. Thank you in advance.Best regards,BALogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:08:29 PM, on 9/11/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Progra... Read more

A:C:\WINDOWS\system32\drivers\ntfs.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 55.86%

Hello, I have been battling a hidden service on my laptop for several days. I have done some extensive research on the web, but no luck. I have run a GMER and receiving a lot of red warnings about a "pragma" hidden service.What are the first steps to resolving this issue?Thanks,Bret

A:Windows\system32\drivers\pragmabvfquqsbfn.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

3 more replies
Answer Match 55.86%

Hi

AVG is detecting C:\WINDOWS\system32\drivers\asyncmac.sys as a threat, google says it''s TrojanDropper:Win32/Dogrobot.E

Can anyone advise the best way to deal with this?

I've already ran super anti spyware and spybot search and destroy and the threat remains.

Thanks

Neil
 

More replies
Answer Match 55.86%

c:\windows\system32\drivers\pwzswbfdzrbrwme.sys

is corrupt according to test. I cannot get the pc to boot up in windows 7

I don't believe this is a real windows file, but may have been some virus to lock down windows.

Any ideas how to re start ( without doing a complete re boot from the W7 CD )

Thanks



Roger Kalter

A:c:\windows\system32\drivers\pwzswb

Hello Roger, welcome to the forums!

If you're able to boot into Safe Mode with Network (pressing F8 on the BIOS screen) you could run a Malware scan with Malwarebytes' Antimalware

Here: Malwarebytes' Anti-Malware: Malwarebytes

The free version does everything the paid one does, the main difference is that the free version does not run in real time, you have to do "on demand" scans.

Try that, because i can't find any info on the internet about that particular file, could be a virus.

Report back, please

3 more replies
Answer Match 55.86%

Since this change i have been unable to access my external hard drive. AVG antivirus picks up that dir C:\windows\system32\drivers\etc\hosts has changed but doesn't do anything about it. was wondering if you could help?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:15:06, on 03/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\alg.exeC:\Program File... Read more

A:C:\windows\system32\drivers\etc\hosts

Hello daisacre,It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. General system maintenance can change the Hosts file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correct to the file would have caused it to appear changed.Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.

2 more replies
Answer Match 55.86%

when i try to install windows service pack 4 it says that
c:\windows\system32\drivers\atapi.sys is open or in use by another application
 

A:c:\windows\system32\drivers\atapi.sys

Found this on google.
do you have a cd-emulator (like daemon-tools) installed ?
I needed to uninstall it to get sp1 running.
 

3 more replies
Answer Match 55.86%

My Antivirus is Avira Free.
Avira Detected this over and over
C:\WINDOWS\system32\drivers\synsenddrv.sys

My Combo Fix Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:12 PM, on 12/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\iPod\bin\i... Read more

More replies
Answer Match 55.86%

I've deleted the c:\windows\system32\drivers\ntndis.exe from my hijackthis log by selecting it and clicking on fix. but my computer is still acting very slow and I believe i might have other viruses on my comp. can you pls look at my hijackthis log??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:21 AM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent .exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey .exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\TOSHIBA\IVP\swupdate\s... Read more

A:help with c:\windows\system32\drivers\ntndis.exe

Looking at QuickTime it looks like you have the latest Vundo infection....

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For ... Read more

12 more replies