Over 1 million tech questions and answers.

res://C:\WINNT\system32\shdocvn.dll/errorAPI.htm#ID=PX8594;

Q: res://C:\WINNT\system32\shdocvn.dll/errorAPI.htm#ID=PX8594;

I can't get rid of spyware and always have res://C:\WINNT\system32\shdocvn.dll/errorAPI.htm#ID=PX8594; in IE. Can anyone help me??

Logfile of HijackThis v1.99.1
Scan saved at 22:26:24, on 2005/08/15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\imejpmgr.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panasonic\NSelect\NSelect.exe
C:\Program Files\Panasonic\WheelPad\wheelpad.exe
C:\WINNT\system32\conime.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MP00791\Desktop\HijackThis.exe

O1 - Hosts: 128.1.100.1 Ni.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: @msdxmLC.dll,[email protected],ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\system32\hkeyman.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuikShield] qkshield.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\system32\msmsgs.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Start Page] C:\WINNT\system32\svcnt32.exe home
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [updatelavasoft] C:\WINNT\system32\updatelavasoft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {770B4FAA-4BE4-4C5D-846C-A0D4224286F0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {770B4FAA-4BE4-4C5D-846C-A0D4224286F0} - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124112167172
O16 - DPF: {7D40ADF2-AD68-4959-ACEC-DA96BF5E6EB7} (SpyBouncer.SBDownloader) - http://spywareremover.spybouncer.com/downloader.ocx
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AllWirelessLansService - Unknown owner - C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ephelio-VPN PS Manager - Unknown owner - C:\Program Files\Ephelio-VPNイージーキット\PS認証ソフトウエア\NscMgr.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LanSupportService - Unknown owner - C:\Program Files\Common Files\3Com\LanSupportService.exe
O23 - Service: Panasonic Opdoff Utility (OPDOFFSV) - Panasonic - C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

RELEVANCY SCORE 200
Preferred Solution: res://C:\WINNT\system32\shdocvn.dll/errorAPI.htm#ID=PX8594;

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: res://C:\WINNT\system32\shdocvn.dll/errorAPI.htm#ID=PX8594;

Moved to HJT forum

Read other 2 answers
RELEVANCY SCORE 66

i downloaded a file from kazaa and recieved a trojan virus called tro\justin after using my antivirus to delete i keep getting this message every time i start windows C:WINNT\SYSTEM32\SYSTEM32.EXE IS MISSING ETC

I AM NOT VERY GOOD WITH COMPUTERS SO TAKE IT SLOW PLEEEASE HELP?

Logfile of HijackThis v1.97.2
Scan saved at 09:52:03, on 17/09/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\Program Files\Common Files\Vbox\Common\VboxClient-en-us.exe
C:\PROGRA... Read more

A:(Solved) c:\winnt\system32\system32.exe is imissing

Welcome to TSG, jaswells9

Restart Hijack This and check the following:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINNT\System32\system32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\System32\system32.exe
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {5843A29E-1246-11D4-BA8C-0050DA707ACD} - C:\WINNT\System32\crs32.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem214.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem214.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Microsoft Tray] C:\Program Files\Kazaa\My Shared Folder\Games.exe
O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB

Click Fix Checked

Restart your computer

Go to C:\Winnt folder
Open it, find, right click and delete the following entries:

crs32.dll
wsem214.dll
nem214.dll

Also double check that system32.exe does not appear in the system32 folder, if it does, delete that too
 

Read other 3 answers
RELEVANCY SCORE 61.6

I have windows 2000 professional version on Intel(R) 4 CPU 240GHz
For some time now I have been having a pop up problem from my trend micro of a program trying to access the internet now I have isolated the problem I think but am unable to get to the bottom of the problem. I downloaded and ran ComboFix. Now I see the problem is in the hidden files in Winnt\system32. I have gone to the control panel and made sure the hidden files and folders is not on and it wasn’t.. I have run ComboFix twice (maybe should not have done that)
Here is the first log
omboFix 08-01-18.5 - Computer Owner 01/18/2008 14:09:56.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.142 [GMT -5:00]
Running from: C:\Documents and Settings\Computer Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 14:10 . 01/18/08 02:10p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4c8.dat
2008-01-18 14:08 . 08/31/00 08:00a 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-16 17:01 . 01/17/08 08:12p 645,368 ---h----- C:\WINNT\ShellIconCache
2008-01-16 16:33 . 01/16/08 04:33p 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-01-16 16:33 . 01/16/08 04:33p 1,409 --a------ C:\WINNT\QTFont.for
2008-01-09 10:31 . 01/09/08 10:31a <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-06 13:42 . 01/06/08 01:42p <DIR> d-------- C:... Read more

Read other answers
RELEVANCY SCORE 61.6

My kid's laptop has a big file folder that shows up on when the system is booted up. The file name is C:\WINNT\system32. I wasn't sure about it so I tried to run Norton Antivirus, but whenever I try to start it just shuts down within a few seconds. The OS is Windows 2000 Professional. My son isn't very good about downloading patches, and updates. What do I have? How can I fix it?

Actually it doesn't shut down at all. It just won't let me access Norton Antivirus, Microsoft Downloads, or perform uninstalls.
 

A:C:\WINNT\system32

Read other 6 answers
RELEVANCY SCORE 61.6

Dear all,

I have a problem with my windows 2000 server running oracle....

At start up, i get a error message like

Services.exe Bad image
--- Application or Dll c:\winnt\system32\x is not a valid windows image.. please insert diskette
Here is the hijackthis logs i have captured on that machine:
StartupList report, 12/19/2008, 1:03:07 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
F:\Utils\CDCAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\CBA\pds.exe
c:\winnt\ImagePoint\srvany.exe
c:\winnt\ImagePoint\srvany.exe
c:\winnt\ImagePoint\srvany.exe
c:\winnt\ImagePoint\srvany.exe
c:\winnt\ImagePoint\srvany.exe
c:\winnt\ImagePoint\srvany.exe
c:\winnt\ImagePoint\SMServerE2H.ex... Read more

Read other answers
RELEVANCY SCORE 61.6

My kid's laptop has a big file folder that shows up on when the system is booted up. The file name is C:\WINNT\system32. I wasn't sure about it so I tried to run Norton Antivirus, but whenever I try to start it just shuts down within a few seconds. The OS is Windows 2000 Professional. My son isn't very good about downloading patches, and updates. What do I have? How can I fix it?

Actually it doesn't shut down at all. It just won't let me access Norton Antivirus, Microsoft Downloads, or perform uninstalls.
 

A:C:\WINNT\system32

Read other 15 answers
RELEVANCY SCORE 60.8

When I try to reinstall items that I have had previously installed on my Windows 2000 machine ( i.e. Paperport, etc..., I get the following message):

C:\winnt\system32\autoexec.nt The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose close.....

I loaded this program and a couple of others when I first installed the Windows 2000, and they worked fine. At one point it stopped working and I have not been able to reload it even after doing a full uninstall of the program.

Secondarily, I tried to run the msconfig program from the RUN command window and got the message:

Cannot find the file "msconfig"(or one of its components).

I know that I have used it before and am very curious to know how it could be restored.

Thank you for your help.
wardriod
 

A:winnt\system32\autoexec.nt

Easy, you can use Elvandil's restore available in this post:

http://forums.techguy.org/2178768-post2.html
 

Read other 3 answers
RELEVANCY SCORE 60.8

Bot and below is my HijackThis log. Server is W2K SP4.

Thanks,

Cameron
Logfile of HijackThis v1.97.7
Scan saved at 2:28:26 PM, on 1/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\Ddcu.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\Documents and Settings\Administrator.ATLDOMAIN\Local Settings\Temp\HijackThis.exe
C:\WINNT\system32... Read more

A:C:\WINNT\system32\MtyJ63F.exe

Read other 16 answers
RELEVANCY SCORE 60.8

Hi, I downloaded the msconfig program which was posted here. It states to download to C:\WINNT\system32 and then type msconfig in run, but I can't find winnt\system 32. I have windows 2000 proffessional. Thankyou for any help.
 

A:(Solved) where is C:\WINNT\system32

Read other 8 answers
RELEVANCY SCORE 60.8

hi hows it going? im new to the forum. i do have a question. i work in a tech shop an i did a virus scan and removal now i get the error saying that c:\winnt\system32\fservice.ee cant be found. this file was one of the virus' that was deleted. i turned everything off in start up in hope that windows would stop looking for the file. this is on a win xp system. if any one can help that would be great.
-tm

A:c:\winnt\system32\fservice.exe

Well there tech shop guy, I would expect you can discover the startup program by looking in MSCONFIG's startup list.

Click on Start/Run/type MSCONFIG and click OK. Got to startup tab and look for offending entry.

If you can't find it, do this:
Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

Read other 4 answers
RELEVANCY SCORE 60.4

hi,
i noticed a service C-DillaCdaC11BA which starts on my computer !!!

C:\WINNT\system32\drivers\CDAC11BA.EXE

am i being hacked??
 

A:C:\WINNT\system32\drivers\CDAC11BA.EXE

Read other 10 answers
RELEVANCY SCORE 60.4

I found this on a search:
It details my problem, but i'm not sure how to go
about the second instruction.

"CD into your winnt\system32\drivers directory. "
Getting a blue Screen with an error message: Bad_Pool_Header.

PROBLEM:
After installing Windows XP SP2, your PC keeps rebooting, or blue screens with an error message: Bad_Pool_Header.

SOLUTION:

To resolve this issue, you need to do the following:
During the startup phase, hit the F8 key and select Safe Mode.

CD into your winnt\system32\drivers directory.

Rename the hclnfs.sys driver to hclnfs.old.

Now you should be able to boot in normally. At this point, download and install the latest Hummingbird Connectivity Update Pack available. To obtain the latest Hummingbird Connectivity Update Pack, contact Technical Support or login to WebSupport and download the patch.

Thanks in advance.
 

A:CD into your winnt\system32\drivers directory. ?

From Safe mode, use Explorer to browse to \drivers and do the rename

If that doesn't work, reboot, selecting Command mode

Then, at the prompt enter
CD \Winnt\System32\Drivers
then
Ren hclnfs.sys hclnfs.old
 

Read other 1 answers
RELEVANCY SCORE 60.4

Hi everybody. This problem all started about 7 o'clock on the 3rd of July. Dont know if thats important or not but figured it cant hurt. The first thing I noticed is that the sound is gone from the computer. So I tried the ole restart trick and not only did it not work but when the screen came up there were two black boxes that said C:\winnt\system32\svchost.exe at the top. They are just black boxes with a blinking cursor in them. So, here I am! Any ideas on how bad it is? thanks for any and all help!DDS (Ver_10-03-17.01) - FAT32x86 Run by Barry at 21:40:12.29 on Sat 07/03/2010Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_13Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.766.450 [GMT -6:00]============== Running Processes ===============C:\WINNT\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\PC Tools Firewall Plus\FWService.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\mspmspsv.exeC:\WINNT\Explorer.EXEC:\... Read more

A:Problems with C:\winnt\system32\svchost.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 60.4

help this is the message i am recieving with this problem.
1. Please select the operating system to start:
Microsoft Windows XP Home Edition
Microsoft Windows XP Home Edition

"the first option was selected Microsoft Windows XP..."

2. Windows could not start because the following file is missing or currupt:
\winnt\system32\config\system

you can attempt to repair this file by starting Windows Setup using the orgiginal Setup CD - ROM
Select 'r' at the first screen to start repair.

Question: " I have done the selected repair, but it still doesn't solve my problem. I went into safe mode with no luck. Under the 2 Microsoft Windows XP Home Edition option, I have tons of
file under this partition or whatever you call it. I don't want to lose this stuff. I don't have a backup. I don't want to reformat my drive neither. Please tell me, how can I go under this 2 operating system " was orginally the first operating system, I install the last or windows 1 or the first option, in order to fix the problem but I still can't fix my original Windows Partition. Help, what can I do?
 

A:\winnt\system32\config\system

Read other 9 answers
RELEVANCY SCORE 60.4

Yesterday the following showed up on my computer

DLLC:/WINNT/System32/wowfx.dll

Can anyone help in removing this problem

CTM
 

Read other answers
RELEVANCY SCORE 60.4

Since removing various BHO's etc from my machine (as well as msg117.dll) my computer has been running slow when starting up and when logging on to internet. After reboot, and entering password, a box saying "Executing C:\WINNT\system32\msg117.dll.." runs for about 30sec. Oh yeah... I think I removed msg117.dll improperly
Any ideas?
 

A:[Solved] C:\WINNT\system32\msg117.dll

Read other 16 answers
RELEVANCY SCORE 60.4

...and I can't delete it. When I try I get the message "Cannot delete jfgifgf: The specified file is being used by Windows." I have run CWShredder, H/T, Adaware and spybot search, rebooted and I still can't delete it. After I run the above my homepage is "blank". However if I reset my homepage to yahoo.com and then close and then reopen the browser I'm stuck with some ******** search page. And the above dll is still around. I don't know if this is causing the hijacking but I suspect it is. How do I get rid of it? What is it doing? Why is windows using it? Can anyone help me?

Thanks,
Jarkeld_ia
 

A:jfgifgf.dll in my C:winnt\system32 folder...

Read other 14 answers
RELEVANCY SCORE 60.4

My laptop got infected by a couple of trojans today while shopping on Ebay. One was detected immediately by AVG Free and quarantined. The other was detected by Kaspersky's online scanner, which unfortunately doesn't do fixes unless I buy the full program. That one is called Trojan-Downloader.BAT.Ftp.ab (or Backdoor.BotGet.FtpB.Gen or W32/Sdbot.ftp).

I read elsewhere in this forum, I believe, that this may also be called Trojan.Wayphisher, and that it tries to interfere with banking...? Is there anything in particular I have to do to protect myself from this thing? I don't do any banking online, other than to occasionally buy online. Today it was a couple of purchases with PayPal.

I'm running AVG Free, Sunbelt Personal Firewall, ZoneAlarm. I also have AdAware. I've been using Ewido's online scanner, which also didn't find this one. I tried to download more security programs, but I don't have enough memory to pull it off (128 MB RAM, hopefully to be maxed out to 256 MB RAM soon, which is still so little...), so whatever solutions to this problem will have to be light on memory...

Is it possible to just delete the file it's in? Or would that be a potential problem. The file is WINNT\system\i and it says it was created today.
If not, is there any small program, online scanner, etc. that would take care of this problem?

I'm not terribly computer savvy, so please explain like talking to a 2nd grader. Also, could someone tell me what actually happens to the infectio... Read more

Read other answers
RELEVANCY SCORE 60.4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

nmihyv----------C:\WINNT\SYSTEM32\vqec.exe

Specimen is here

Removed possible malicious link.

WHAT IS THIS?? ANYONE CAN ANALYSE IT?

THANKS~


 

A:nmihyv----------C:\WINNT\SYSTEM32\vqec.exe

Read other 7 answers
RELEVANCY SCORE 60.4

It says on my computer that c:winnt\system32\poller.exe back up copy infected.How do i get this off my computer?Everytime i get on my computer it keeps poping up.HELP PLEASE
 

A:Need help to get winnt\system32\poller.exe off my computer

http://home9.inet.tele.dk/le01/Sikkerhed.htm - get ABIremover.zip, extract it and run ABIremover.exe

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
AdAware SE 1.05 http://www.majorgeeks.com/download506.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
MS AntiSpy - http://download.microsoft.com/downl...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Do these and reboot before the next step.

Then get HiJack This http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file
And let it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
 

Read other 1 answers
RELEVANCY SCORE 60.4

C:\Winnt\system32\cftmon.exe is missing.How important is this in xp?How can I be able to track some other windows executable files that are missing and how would I replace them?

A:C:\winnt\system32\cftmon.exe Is Missing

http://www.liutilities.com/products/wintas...library/ctfmon/

Read other 3 answers
RELEVANCY SCORE 60.4

Hello,

I'm hoping you can help me get rid of an annoying problem I'm having with my PC.

First off, my machine runs Windows 2000 Professional and is upgraded with Windows update. I'm using Kerio Personal Firewall as a firewall, a bought copy of McAfee VirusScan, and Microsoft AntiSpyware beta. Also running are TCMonitor from TheCleaner and TCActive!

My problem is that .exe files keep getting added to my c:\winnt\system32\ directory, and I can't figure out what is causing it. When these .EXEs try to run either the Firewall reports that one of them is trying to execute the other, or (most of the time) McAfee says that this executable contains a virus (with a generic name like Win32.Worm.Gen or New Malware.h) and scans the whole disk. It then sometimes finds more of these .EXEs in the same location, or in the Local Settings of my user.

I'm not able to pin this problem down to the usage of one application or Web site, nor does my registry look suspicious. Can you help me find out where the problem is?

Below is a log of HijackThis; I've checked its contents using the Article on merijn.org, but I can't find anything wrong.

Logfile of HijackThis v1.99.0
Scan saved at 10:49:08 AM, on 6/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsas... Read more

A:Unwanted .exe files in winnt\system32

Read other 16 answers
RELEVANCY SCORE 60.4

I am using windows 2000. I have the most recent service pack #4. I tried to install AQUARIUM BY SERENE SCENE. During the install it said there is an error with uninstall. Then it would only install part of it. When I tried to click on the screensaver tab to choose my screensaver, and error message came up and now I cannot select any screen saver. The error message is:
An error occurred while windows was working with the control panel file C:\winnt\system32\desk.cpl
I tried to find this on the microsoft web page, but it only refers to C:\windows\system\desk.cpl, this is not what problem I have.
I have sent numerous e-mails to the company that makes the screensaver, but they seem not to be able to figure out what is wrong. Not good technical support at all.
I have tried deleting the programs folder and all the files in it. Since uninstall will not work, I am sure there are other files elsewhere, but I don't know their names or where they are. I have tried deleting the file: desk.cpl , and putting a good copy in its place, just in case it was corrupt, but that did no good. I saw in one of your threads that another user had almost the same problem and he deleted the screensaver files and then he was ok. Unfortunately I don't know what or where these files are.
I would really appreciate some help.
 

Read other answers
RELEVANCY SCORE 60.4

My computer is getting slower by the day. I have so many running processes and I don't know what most of them are.

BTW this continues to come back no matter how many times I tell HJT to fix it: R3 - URLSearchHook: (no name) - ò - (no file)

Any info to help me with this is appreciated.

Suzan
Logfile of HijackThis v1.98.2
Scan saved at 11:00:05 AM, on 10/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\wisptis.exe... Read more

A:What the heck are all these WINNT/system32 things?

Hi SuzanS,

The files in the C:\Winnt\System32 are the 'muscles' of Windows ! There is nothing wrong in your log. However, you fixed the R3 entry.
 

Read other 1 answers
RELEVANCY SCORE 59.6

The AVG detected Trojan Generic on my computer.

After moving it to the valet, the C:/winnt/System 32 was damaged and I can't open the Explorer or use the internet in any other way.

PLEASE you suggestions for help

Riki
 

Read other answers
RELEVANCY SCORE 59.6

I just started getting a warning when booting up that s.m.a.r.t. is detecting a possible problem with my hard drive so that could be part of my problem here. When starting up win2k it hung so I rebooted and then got the message about "missing or corrupt \winnt\system32\config\system" and I didn't create an emergency repair disk that it tells me I need to repair this problem.

So is there anyway I can get another system file from my install cd or is one created anywhere and then maybe I could move it the config directory using the repair console?

Or should I just re-install win2k over the top of itself? Also I have winxp on a second partition dual booting.

I have another hard drive to move everything to so maybe I should transfer everything to the new drive first?

Thanks,
-George
 

A:corrupt \winnt\system32\config\system

I noticed there was another file named system.alt that was the same size as the orginal system file so I renamed it to system and the got it going again.

Now I want to copy everything to a new, larger drive but I have win2k & XP dual booting on this drive so can I use the data lifeguard tools that come with a western digital drive to copy everything over or do I need to use something else?

Thanks
 

Read other 1 answers
RELEVANCY SCORE 59.6

My computer was acting slow and strange so I rebooted and upon doing so when it got to the starting windows page it stopped and gave me that error message saying the file was corrupt or missing.

Any clues and/or suggestions on how to proceed??

Thanks!
 

A:winnt\system32\config\system error

Read other 9 answers
RELEVANCY SCORE 59.6

Hello [email protected]
I see that you have been doing a really good job of helping people getting rid of this Vundo Trojan. This same Trojan is effecting me and really appreciate you help in getting this removed from my machine.

Thanks.

This was the error Norton was giving me earlier (it seems to not show up now after trying the fixes from symantic site)

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Vundo
File: C:\WINNT\system32\iifde.dll
Location: C:\WINNT\system32
Computer: *****
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sunday, October 09, 2005 8:57:55 PM

there is the log file from HijackThis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 1:20:48 AM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT... Read more

A:Trojan.Vundo C:\WINNT\system32\iifde.dll

Read other 10 answers
RELEVANCY SCORE 59.6

I am trying to get rid of a window that loads after users login to the network-win2k AD. Running Kix for the login script. The c:\winnt\system32 window opens to the middle of the screen after some people log in. I have checked the machines with adware programs and the virus scan is up to date. I can not figureout why this window is still loading after login. There is no error generated in Event Viewer or problem created when it does this it is just very annoying. Any help on this would be very much appreciated.
Thank you muchly in advance!
 

A:winnt/system32 window opens on login

Read other 6 answers
RELEVANCY SCORE 59.6

This cant be good!!! It keeps popping up. Could it be related to the virus that is coming from "[email protected]"?
 

A:Cannot find the file C:\\WINNT\System32\SysReg

Read other 14 answers
RELEVANCY SCORE 59.6

this happened after installing a Logitech driver and the restore features haven't done anything to help me out. It seems to be limited to something the computer loads on a normal startup because it will hang or have problems (blue screen or message concerning the file in question) after about 5 min. but there will be no problems at all in 'safe mode'.
I would like to know if there is a way to fix the c:\winnt\system32\config\system file short of a reinstall.
Also, is the information in the system file very unique or a generic type of file that can be obtained from another system that is working properly?
I'm thinking it's probably unique. Anyway, I do have another install on the same partition that is working fine because it's using a different system file in that path. I could copy over the vital information to the WinNT2 folder and then customize the new installation, but I would rather see if there is a way to fix the old one without throwing it away.
 

A:corrupted c:\winnt\system32\config\system

Corrupted or Missing \WINDOWS\SYSTEM32\CONFIG
Added 2/9/03
If you get the error:
Windows could not start because the following files is missing or corrupt
\WINDOWS\SYSTEM32\CONFIG\SYSTEM or \WINDOWS\SYSTEM32\CONFIG\SOFTWARE
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Enter in the administrator password when requested
5. cd \windows\system32\config
6. Depending on which section was corrupted:
ren software software.bad or ren system system.bad
7. Depending on which section was corrupted
copy \windows\repair\system
copy \windows\repair\software
8. Take out the CD ROM and type exit
 

Read other 1 answers
RELEVANCY SCORE 59.6

I have attached my log file ran in safe mode on a 2000 advanced server machine. Could someone please advise what entrys can be deleted and how to proceed? Thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 5:20:35 PM, on 3/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: ATDP Class - {E3D3AFEE-2172-4ef5-8509-1638AFFF0374} - C:\WINNT\atlassw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ServUTrayIcon] C:\PROGRA~1\Serv-U\SERVUT~1.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - Startup: eFax Live Menu 3.4.lnk = C:\Progra... Read more

A:Log file help! (res://C:\WINNT\system32\shdoclc.dll/navcancl.htm)

It best if we have a log scanned in normal mode please...

Please do NOT run Hijack This in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/

Read other 3 answers
RELEVANCY SCORE 59.6

My computer tells me I have a Trojan horse in the file. When I open to see what it is, it has nothing. When I try to run AVG under SafeMode it dosent work. I searched the file to deleted it and it wouldnt let me delete it. Im running out of things to try. When I dont have my computer in safe mode, a popup comes up telling me to run AVG, but when I click "ok" and go to run it my computer restarts. My best guess it to delete it in safe mode, but i dont know how to. Please help!
 

A:Trouble Deleting C:WINNT/system32/winslpack.dll !HELP!

Please help..I need an aswer ASAP!
 

Read other 1 answers
RELEVANCY SCORE 59.6

I can't seem to do anything with this file and not real sure what to do.C:\winnt\system32\jkkjk.dllaccess denied in use by another person or programI have completed the preparation guide for posting a hijackthis log.I'm a total novice at working with registries. Just a little bit afraid of doing anything without some expert advise. Norton sure doesn't offer any help and its always running and up to date.Norton just keeps running a virus alert dialogue box saying I have a virus.this line looks like its one of the problemsO20 - Winlogon Notify: jkkjk - C:\WINNT\system32\jkkjk.dllOh well here is my hijackthis logThanks for taking a lookLogfile of HijackThis v1.99.1Scan saved at 11:43:14 PM, on 11/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\CTHELPER.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\iRiver\iRiver Manager\Updater\Updater.exeC:\Progra... Read more

A:Trojan.vundo Winnt\system32\jkkjk.dll

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click the Free Trial link under to "SpySweeper" to download the program. Install it. Once the program is installed, it will open. It will prompt you to update to the latest definitions, click Yes. Once the definitions are installed, click Sweep Now on the left side. Click the Start button. When it's done scanning, click the Next button. Make sure everything has a check next to it, then click the Next button. It will remove all of the items found. Click Session Log in the upper right corner, copy everything in that window. Click the Summary tab and click Finish. Paste the contents of the session log you copied into your next reply.Then reboot your computer - IMPORTANTThen post a new HJT logDavid

Read other 3 answers
RELEVANCY SCORE 59.6

Hello, and thanks for helping a newbie out with this problem!

Whenever I launch Internet Explorer, the page comes up as: res://C:\WINNT\system32\shdoclc.dll/navcancl.htm and then it proceeds to go to my regular home page. I have ran many virus, adware, spyware programs but it didn't fix the problem until I heard about HiJackThis.

Thank you so much for your help!!

Here is my Hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 5:30:36 PM, on 3/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AMD\PowerNow!\GemServ.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\PELMICED.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusche... Read more

A:Problem: res://C:\WINNT\system32\shdoclc.dll/navcancl.htm

bump

Not sure if this is the right place to help solve this problem. Please direct me to the correct forum if I posted this to the wrong place.

Thanks!

Read other 1 answers
RELEVANCY SCORE 59.6

When I went to start my laptop (Toshiba M15 S405) I get the message missing or currupt \WINNT\SYSTEM32\CONFIG\SYSTEMced. I go to the recovery console and dont know where to go from there.

Help Please

Thank you in advance
 

A:missing WINNT\SYSTEM32\CONFIG\SYSTEMced

Read other 13 answers
RELEVANCY SCORE 58.8

My operating system is windows xp professional and I I have an error loading message saying "c:/winnt/system32/msiefr40.dll specific module can not be found". What does this message mean and how does one fix this problem. Any assistance would be greatly appreciated.
 

A:[SOLVED] error loading c:/winnt/system32/msiefr40.dll

Read other 10 answers
RELEVANCY SCORE 58.8

I have a similar issue as prior persons have . Here is my Hijack log. Thanks in advance.

Logfile of HijackThis v1.99.0
Scan saved at 1:48:20 PM, on 2/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Creative\S... Read more

A:Recurring IE Hijack (res://C:WINNT\system32\shdoclc.dll/navcancl.htm)

Welcome to TSF.

Please don't post your log in someone else's thread. I have split up your post and created a new thread for you.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn o... Read more

Read other 3 answers
RELEVANCY SCORE 58.8

First thing - I admire you all for offering the support you do so freely. Very cool - and very deserving of donations.

My laptop browser (IE) got hijacked this evening (well, actually my EMPLOYER's laptop - oops). I have learned a lot over the past 6 and 1/2 hours - amazing what google, persistence, and fear can do for you :) And though I have made progress by gleaning many of your previous posts to people in my situation, the hijack recurs when I restart the browser. Anyway, here is info on the machine and what I have done:

Laptop - Win2k, McAfee Antivirus and Firewall always running.

The problem: IE homepage became http://default.home and went to a search site/ implemented an STool bar, introduced a Pop-up that crashed IE (needed to quit with task manager).

Steps I have taken:
1. Ran most thorough scans of HD with McAfee, Stinger, SpyBot, and AdAware. These identified a number of malicious zip files (e.g., Alexarelated1.zip, AvenueAlnc3.zip, DoubleClick.zip, DSOExploit.zip, Mediaplex1.zip, catalog.z, and about 8 others). AdAware got rid of the SToolbar.
2. Ran HijackThis and fixed two R0 - HKCU\... ..., start page =http://default.home entries and one O13 - WWW Prefix: http://ehttp.cc/? entry.

Result - upon opening the browser for the first time, I could get to google and mail.yahoo.com. But then I hit the Home icon and it redirects to res://C:\winnt\system32...shdoclc.dll/navcancl.htm. Then it directs me to a DIFFERENT homepage ("Your home ... Read more

A:Recurring IE Hijack (res://C:WINNT\system32\shdoclc.dll/navcancl.htm)

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\Documents and Settings\DuerrJM\Start Menu\Programs\Startup\CLOCK.EXE

Run a scan... Read more

Read other 6 answers
RELEVANCY SCORE 58.8

I am running a Gateway with XP Home. This computer was given to me and had Norton's secutity expired so I remomed it for more disk space. Now I can't open windows because I get registry error: Windows could not start because the following is missing or corrupt: \WINNT\SYSTEM32\CONFIG\SYSTEM

I have tried the OS installation disk and get the following after Windows setup: Shut down Windows to prevent damage to computer.

Clicked (r) to go to the recovery console: my only option was, 1: C:\WINNT, so tried that and get: problem has been detected and windows has been shut down to prevent damage to your computer. Registry _Error***Stop: 0x00000051 (0x00000001,0xE1195468,0x0076B000,0x000001D5)

What now? Thanks

A:\WINNT\SYSTEM32\CONFIG\SYSTEM missing or corrupt

you know the old adage if it aint broke dont fix it....

now is this the original restore disk that came with the gateway and has it ever worked before to load xp or repair xp???

Read other 6 answers
RELEVANCY SCORE 58.8

I have a machine with WIN2K on it. I am getting the following error when I try to boot my machine.
"Windows 2000 could not start because the following field is missing or corrupt: WINNT\SYSTEM32\CONFIG\SYSTEM, You can attempt to repair this file by starting Windows 2000 by using the original Setup CD-ROM. Select 'r' at the first screen to start repair."

When I follow these instructions and try to boot with using WIN2K CD, the system tells me that I need to put in my WIN2K Emergency Repair Disk. I have never created that disk from the WIN2K backup utility on that machine.

My question is can I create a Emergency Repair disk on another WIN2K machine and use that to recover my broken down machine? Will that cause configuration problems with the machine I am trying to repair?
 

A:WINNT\SYSTEM32\CONFIG\SYSTEM error message

ERD's are unique to the machine they were created on so it will not work.
 

Read other 3 answers
RELEVANCY SCORE 58.8

Hi ,
Can someone help me with this one to delete it , please ?
This is the name of my one res://C:\WINNT\System32\shdoclc.dll/navcancl.htm#C:\WINNT\Web\desktop.html .
Here is my log file . Thanks in advanced .


Logfile of HijackThis v1.99.1
Scan saved at 23:17:14, on 15/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\internat.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files... Read more

A:a new variant of the res://C:WINNT\system32\shdoclc.dll/navcancl.htm hijack

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Just follow the instructions on the site to run the online scan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis.... Read more

Read other 16 answers
RELEVANCY SCORE 58.8

I have been having some minor problems recently on my computer. I currently have a small program by the name of Tiny personal firewall. I have to allow programs to access the internet. Recently a friend of mine found he had several trojans on his computer and I decided to delete all of the things I was allowing to access the internet in my personal firewall settings. I noticed that this one prevents me from being able to access the internet through internet explorer when I deny that it can have access.
I did a search on yahoo for c:\winnt\system32\services.exe and found your site. I downloaded the hijackthis program and am posting the log that was generated.
I am very smart when it comes to computers and can find my way around for the most part but cant seem to find the file that was fixed on another one of your posts.. if anyone can help me with interpreting this log file to correct some of the problems on my computer, I would greatly appreciate it.

some of the things that have been happening are..
a blue screen that says dumping physical memory and my computer will reboot and then hang. I have to do a force shutdown and then it taked my computer over 20 minutes to do a scan that has never taken more than a few minutes in the past.
I have also gone to a few hackers sites recently and ended up with porn mail and porn pop ups in the last week.. if there is a way to correct this please let me know.

Logfile of HijackThis v1.97.7
Scan saved at 5:38:48 PM, on 1/4/2004
Platform... Read more

A:[SOLVED] Win2000 pro c:\winnt\system32\services.exe question?

Rescan with hijack once more and put a check next to each of the following then close all browser windows. then please click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
Post back if it continues.
 

Read other 3 answers
RELEVANCY SCORE 58.4

I have a corporate laptop computer (no admin privileges) with Symantec firewall and virus cleaning software. Just got back from using the laptop in Korea. Seemed to have picked up some sort of virus or malware. Every time I open IE, I get the above page which tries to go to a spyware vendor (I think). I'm running Windows 2000. I just downloaded HJT software today, so I'm no expert at how to use it. My log looks like:
(apologies if I pasted this into the forum improperly)
Where do I go from here??

Logfile of HijackThis v1.99.1
Scan saved at 12:10:39 PM, on 1/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\hijackThis... Read more

A:how to eliminate 'res:C:\\WINNT\system32\shdoclc.dll/navcancl from my IE home page

Hi SoDakota, Welcome to TSF !!
I recommend you Subscribe to this thread (if you have not already done so) so you are notified of any replies via email
To do this :
Click Thread Tools, then click Subscribe to this Thread
Make sure it is set to Instant Notification by email, then click Subscribe

You may wish to print out a copy of these instructions to follow while you complete this procedure

Go to Start, Control Panel, Add/Remove Programs and Uninstall the following : (if present)

MyWebSearch

Do Not reboot if it asks

When finished uninstalling close Control Panel

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download SmitfraudFix? by S!Ri to your Desktop.

Download ATF (Atribune Temp File) Cleaner? by Atribune

Download and Install AVG Anti-Spyware? by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Double-cl... Read more

Read other 4 answers
RELEVANCY SCORE 57.6

After installing an HP Scanner and drivers on my win 2000 machine, upon rebooting I received the following error message...

Windows 2000 could not start because the following file is missing or corrupt;\WINNT\SYSTEM32\CONFIG\SYSTEM

It says I can attempt to repair this file by starting Win 2000 setup using boot disc or CDrom.

I do not have the OS disc, how can I fix, bypass this and how could this have happend from just installing a scanner.

Please help.

Dazzl
 

A:Win 2000 Will Not Boot Missing or Corrupt /winnt/system32/config/system

If it was by chance a parallel port scanner [the type that hooks up to the printer port], then yes it can cause all types of problems with win2k. As to your problem; can you boot into safe mode and uninstall the driver / software from safe mode? Without the install disk that is about the only thing I know to try.
 

Read other 2 answers
RELEVANCY SCORE 57.6

Hello,

I have a win2000 pc with the rdriv.sys problem. Norton Anti-virus will remove 'rdriv.sys' in safe mode, but it keeps coming back when I return to normal mode. I've ran 'Ad-Aware', rebooted the computer, performed an online scan using trendmicro & used HijackThis with HijackThisAnalyzer to produce the log shown below.

I use Win2000 service pak 4, CWshredder, Adaware, NAV, Microsoft anti-spyware, Hijackthis and Hijackthis analyzer. I also use a zonealarm
firewall.

The log for HijackThis and HijackThisAnalyzer is shown below.

Any help would be appreciated.

Thank You

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtSe... Read more

A:rdriv.sys file in C:\winnt\system32 - Norton will not delete! (trojan.cachecachekit)

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Please follow all instructions as specified. Print these instructions to ensure all are followed.

Please download the following programs, but do not run them yet:

* rdrivRem.zip
*Unzip it to your desktop.
* Ewido Security Suite
*Install ewido security suite
*Launch ewido, there should be a big E icon on your desktop, double-click it.
*The program will prompt you to update click the OK button
*The program will now go to the main screen
*You will need to update ewido to the latest definition files.
*On the left hand side of the main screen click update
*Click on Start
*The update will start and a progress bar will show the updates being installed.
*After the updates are installed exit Ewido.

*Cleanup
Download an... Read more

Read other 10 answers