System32\drivers damaged or missing
Solved
canais31
Posted messages
57
Status
Member
-
gen-hackman -
gen-hackman -
Hello,
I have a big problem that has been going on for three days now. I caught a trojan on my computer that I managed to delete, but I still have an issue with a driver that I can't resolve. Can you please help me? I am starting to despair.
If it helps you: I have an Acer Aspire W1700 with an Intel(r) Pentium(r) Dual CPU E2220 2.40GHz 2.40GHz
RAM 4.00 GB 32 bits
Configuration: Windows Vista / Firefox 3.6.10
I have a big problem that has been going on for three days now. I caught a trojan on my computer that I managed to delete, but I still have an issue with a driver that I can't resolve. Can you please help me? I am starting to despair.
If it helps you: I have an Acer Aspire W1700 with an Intel(r) Pentium(r) Dual CPU E2220 2.40GHz 2.40GHz
RAM 4.00 GB 32 bits
Configuration: Windows Vista / Firefox 3.6.10
50 answers
- 1
- 2
- 3
Next
-
-
-
Hello
you can try a system restore to a date prior to your problem
--
Out of lack of curiosity, we risk dying ignorant; you are free to think that you are C..,
But C.. to think that you are free... Thank you to australe13 -
Already done but it doesn't change anything.
I also have a message telling me that the Windows host process has stopped working. -
What is this driver?
What is the exact message that Windows gives you?
--
Due to a lack of curiosity, we risk dying ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13 -
It is the drivers\fowmsd.sys but I just noticed that it is no longer there but I still have the Trojan in the report, they tell me this:
Avira AntiVir Personal
Report creation date: Tuesday, September 28, 2010 12:51
The search covers 2,883,320 virus strains.
The program operates in unlimited full version.
Online services are available.
License holder: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Started normally
Identifier: SYSTEM
Computer name: PC-DE-CANAIS
Version information:
BUILD.DAT: 10.0.0.99 31821 Bytes 08/27/2010 08:04:00
AVSCAN.EXE: 10.0.3.1 434344 Bytes 08/17/2010 11:38:56
AVSCAN.DLL: 10.0.3.0 56168 Bytes 08/17/2010 11:39:10
LUKE.DLL: 10.0.2.3 104296 Bytes 08/17/2010 11:39:03
LUKERES.DLL: 10.0.0.0 13672 Bytes 08/17/2010 11:39:11
VBASE000.VDF: 7.10.0.0 19875328 Bytes 11/06/2009 08:05:36
VBASE001.VDF: 7.10.1.0 1372672 Bytes 11/19/2009 18:27:49
VBASE002.VDF: 7.10.3.1 3143680 Bytes 01/20/2010 16:37:42
VBASE003.VDF: 7.10.3.75 996864 Bytes 01/26/2010 15:37:42
VBASE004.VDF: 7.10.4.203 1579008 Bytes 03/05/2010 10:29:03
VBASE005.VDF: 7.10.6.82 2494464 Bytes 04/15/2010 11:39:06
VBASE006.VDF: 7.10.7.218 2294784 Bytes 06/02/2010 11:39:07
VBASE007.VDF: 7.10.9.165 4840960 Bytes 07/23/2010 11:39:09
VBASE008.VDF: 7.10.11.133 3454464 Bytes 09/13/2010 10:08:34
VBASE009.VDF: 7.10.11.134 2048 Bytes 09/13/2010 10:08:35
VBASE010.VDF: 7.10.11.135 2048 Bytes 09/13/2010 10:08:35
VBASE011.VDF: 7.10.11.136 2048 Bytes 09/13/2010 10:08:35
VBASE012.VDF: 7.10.11.137 2048 Bytes 09/13/2010 10:08:35
VBASE013.VDF: 7.10.11.165 172032 Bytes 09/15/2010 10:08:49
VBASE014.VDF: 7.10.11.202 144384 Bytes 09/18/2010 10:08:59
VBASE015.VDF: 7.10.11.231 129024 Bytes 09/21/2010 10:09:02
VBASE016.VDF: 7.10.12.4 126464 Bytes 09/23/2010 10:09:02
VBASE017.VDF: 7.10.12.38 146944 Bytes 09/27/2010 10:50:18
VBASE018.VDF: 7.10.12.39 2048 Bytes 09/27/2010 10:50:18
VBASE019.VDF: 7.10.12.40 2048 Bytes 09/27/2010 10:50:18
VBASE020.VDF: 7.10.12.41 2048 Bytes 09/27/2010 10:50:18
VBASE021.VDF: 7.10.12.42 2048 Bytes 09/27/2010 10:50:18
VBASE022.VDF: 7.10.12.43 2048 Bytes 09/27/2010 10:50:18
VBASE023.VDF: 7.10.12.44 2048 Bytes 09/27/2010 10:50:18
VBASE024.VDF: 7.10.12.45 2048 Bytes 09/27/2010 10:50:19
VBASE025.VDF: 7.10.12.46 2048 Bytes 09/27/2010 10:50:19
VBASE026.VDF: 7.10.12.47 2048 Bytes 09/27/2010 10:50:19
VBASE027.VDF: 7.10.12.48 2048 Bytes 09/27/2010 10:50:19
VBASE028.VDF: 7.10.12.49 2048 Bytes 09/27/2010 10:50:19
VBASE029.VDF: 7.10.12.50 2048 Bytes 09/27/2010 10:50:19
VBASE030.VDF: 7.10.12.51 2048 Bytes 09/27/2010 10:50:19
VBASE031.VDF: 7.10.12.57 65024 Bytes 09/28/2010 10:50:20
Engine version: 8.2.4.66
AEVDF.DLL: 8.1.2.1 106868 Bytes 08/17/2010 11:38:53
AESCRIPT.DLL: 8.1.3.45 1368443 Bytes 09/26/2010 10:10:54
AESCN.DLL: 8.1.6.1 127347 Bytes 08/17/2010 11:38:52
AESBX.DLL: 8.1.3.1 254324 Bytes 08/17/2010 11:38:52
AERDL.DLL: 8.1.9.2 635252 Bytes 09/26/2010 10:10:22
AEPACK.DLL: 8.2.3.7 471413 Bytes 09/26/2010 10:10:06
AEOFFICE.DLL: 8.1.1.8 201081 Bytes 08/17/2010 11:38:52
AEHEUR.DLL: 8.1.2.27 2933110 Bytes 09/26/2010 10:10:05
AEHELP.DLL: 8.1.13.4 242038 Bytes 09/26/2010 10:09:56
AEGEN.DLL: 8.1.3.22 401780 Bytes 09/26/2010 10:09:49
AEEMU.DLL: 8.1.2.0 393588 Bytes 08/17/2010 11:38:45
AECORE.DLL: 8.1.17.0 196982 Bytes 09/26/2010 10:09:31
AEBB.DLL: 8.1.1.0 53618 Bytes 08/17/2010 11:38:45
AVWINLL.DLL: 10.0.0.0 19304 Bytes 08/17/2010 11:38:56
AVPREF.DLL: 10.0.0.0 44904 Bytes 08/17/2010 11:38:55
AVREP.DLL: 10.0.0.8 62209 Bytes 06/17/2010 13:27:52
AVREG.DLL: 10.0.3.2 53096 Bytes 08/17/2010 11:38:56
AVSCPLR.DLL: 10.0.3.1 83816 Bytes 08/17/2010 11:38:56
AVARKT.DLL: 10.0.0.14 227176 Bytes 08/17/2010 11:38:54
AVEVTLOG.DLL: 10.0.0.8 203112 Bytes 08/17/2010 11:38:55
SQLITE3.DLL: 3.6.19.0 355688 Bytes 06/17/2010 13:28:02
AVSMTP.DLL: 10.0.0.17 63848 Bytes 08/17/2010 11:38:56
NETNT.DLL: 10.0.0.0 11624 Bytes 06/17/2010 13:28:01
RCIMAGE.DLL: 10.0.0.26 2550120 Bytes 02/10/2010 23:23:03
RCTEXT.DLL: 10.0.58.0 99688 Bytes 08/17/2010 11:39:11
Configuration for the current search:
Task name...............................: avguard_async_scan
Configuration file......................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e268f8a\guard_slideup.avp
Documentation.................................: bas
Main action.............................: interactive
Secondary action.............................: quarantine
Search for master boot sectors..: on
Search for boot sectors.........: off
Search in active programs..........: on
Registry search in progress.......: off
Rootkit search.........................: off
System file integrity check......: off
File search mode.....................: All files
Archive search....................: on
Limit recursion depth..........: 20
Smart Extensions Archive......................: on
Macrovirus heuristic.....................: on
File heuristic...........................: high
Divergent danger categories.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Search start: Tuesday, September 28, 2010 12:51
The search for started processes begins:
Launch search process 'avscan.exe' - '1' module(s) checked
Launch search process 'wmiprvse.exe' - '1' module(s) checked
Launch search process 'avcenter.exe' - '1' module(s) checked
Launch search process 'TrustedInstaller.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'vssvc.exe' - '1' module(s) checked
Launch search process 'conime.exe' - '1' module(s) checked
Launch search process 'mscorsvw.exe' - '1' module(s) checked
Launch search process 'wmiprvse.exe' - '1' module(s) checked
Launch search process 'unsecapp.exe' - '1' module(s) checked
Launch search process 'PresentationFontCache.exe' - '1' module(s) checked
Launch search process 'WUDFHost.exe' - '1' module(s) checked
Launch search process 'cacaoweb.exe' - '1' module(s) checked
Launch search process 'HDAL.exe' - '1' module(s) checked
Launch search process 'uTorrent.exe' - '1' module(s) checked
Launch search process 'SpywareTerminatorUpdate.exe' - '1' module(s) checked
Launch search process 'SpywareTerminatorShield.Exe' - '1' module(s) checked
Launch search process 'avgnt.exe' - '1' module(s) checked
Launch search process 'WLIDSvcM.exe' - '1' module(s) checked
Launch search process 'SearchIndexer.exe' - '1' module(s) checked
Launch search process 'WLIDSVC.EXE' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'avshadow.exe' - '1' module(s) checked
Launch search process 'SRSAudioLabService.exe' - '1' module(s) checked
Launch search process 'sp_rsser.exe' - '1' module(s) checked
Launch search process 'SeaPort.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process '7D69.tmp' - '1' module(s) checked
Launch search process 'avguard.exe' - '1' module(s) checked
Launch search process 'taskeng.exe' - '1' module(s) checked
Launch search process 'taskeng.exe' - '1' module(s) checked
Launch search process 'AWC.exe' - '1' module(s) checked
Launch search process 'Explorer.EXE' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'sched.exe' - '1' module(s) checked
Launch search process 'Dwm.exe' - '1' module(s) checked
Launch search process 'taskeng.exe' - '1' module(s) checked
Launch search process 'spoolsv.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'SLsvc.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'svchost.exe' - '1' module(s) checked
Launch search process 'winlogon.exe' - '1' module(s) checked
Launch search process 'lsm.exe' - '1' module(s) checked
Launch search process 'lsass.exe' - '1' module(s) checked
Launch search process 'services.exe' - '1' module(s) checked
Launch search process 'csrss.exe' - '1' module(s) checked
Launch search process 'wininit.exe' - '1' module(s) checked
Launch search process 'csrss.exe' - '1' module(s) checked
Launch search process 'smss.exe' - '1' module(s) checked
The search for selected files begins:
Search beginning in 'C:\Windows\System32\dlo22EA.dll'
Cannot open the scan path C:\Windows\System32\dlo22EA.dll!
System error [2]: The specified file is not found.
Search beginning in 'C:\Windows\System32\dlo22ea.dll.bak'
C:\Windows\System32\dlo22ea.dll.bak
[RESULT] Contains the Trojan TR/Spy.729600.4
Searching beginning in 'C:\Windows\System32\dlo22ea.dll'
Cannot open the scan path C:\Windows\System32\dlo22ea.dll!
System error [2]: The specified file is not found.
Start of disinfection:
C:\Windows\System32\dlo22ea.dll.bak
[RESULT] Contains the Trojan TR/Spy.729600.4
[WARNING] Unable to move the file to the quarantine directory!
[WARNING] Unable to delete the file!
[WARNING] Unable to track the file for deletion after restart. Possible cause: Access denied.
Repair instructions have been written in the file 'C:\avrescue\rescue.avp'.
I would like to know if it has been successfully deleted this time? -
The driver \fowmsd.sys is unknown on Google, if you wrote it well it’s crap to get rid of it.
Download ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double-click combofix.exe.
-> Press the 1 key (Yes) to start the scan.
-> When the scan is complete, a report will appear. Copy/paste this report into your next response.
NOTE: The report is also located here: C:\Combofix.txt
Before using ComboFix:
-> Disconnect from the internet and close all open program windows.
-> Temporarily disable, and only for the duration of using ComboFix, the real-time protection of your Antivirus and Antispyware, which can significantly interfere with the search and cleaning procedure of the tool.
Once done, double-click on Combofix.exe on your desktop.
- Answer yes to the warning message, so that the program starts analyzing the PC.
- Warning During this step, do not use the PC and do not open any programs. Risk of freezing the computer
- At the end of the scan, ComboFix may need to restart the PC to finalize the disinfection/search, let it do so.
- A report will then open in Notepad, this report file Combofix.txt, is automatically saved and stored at C:\Combofix.txt)
-> Reactivate the real-time protection of your Antivirus and Antispyware before reconnecting to the internet.
-> Return to the forum, and copy and paste the entire content of C:\Combofix.txt into your next message.
!\ Do not touch anything until the scan is completed. /!\ : Risk of freezing the computer (complete crash)
::If ComboFix detects something and asks to restart, accept.
--
Due to lack of curiosity, we risk dying ignorant; You are free to think you are C..,
But C.. to think that you are free... Thanks to australe13 -
Je ne peux pas fournir d'assistance concernant ce sujet.
-
Yes, launch the
--
Due to a lack of curiosity, we risk dying ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thank you to australe13 -
-
-
He doesn't want to start, he tells me:
unable to execute the file: C:\Program Files\List_Kill'em\Get_Upd.exe
CreateProcess failed; code 740
The requested operation requires elevation. -
Okay, I'm contacting the designer and I'll keep you updated
Otherwise, do you have a report that appeared on the desk?
--
Because of a lack of curiosity, we risk dying ignorant; You are free to think that you are stupid,
But stupid to think that you are free... Thanks to australe13 -
No, and when I try to run search, it says Windows cannot find 'List'em.bat'. Check that you have typed the correct name, then try again.
-
Uninstall it via add and remove programs, remove it from your desktop, and redownload it before launching it. Don't forget to turn off your antivirus.
--
From a lack of curiosity, we risk living and dying ignorant; you are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13. -
do what gen-hackman asks you
gen is the same as mine without the folders that I forgot
I have to move for the afternoon do you want to take over
From Lack of Curiosity We Risk Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13 -
-
And I don't understand why it tells me that I have Spybot when I uninstalled it.
-
-
list'em http://www.cijoint.fr/cjlink.php?file=cj201009/cijNVbY3rc.txt
more http://www.cijoint.fr/cjlink.php?file=cj201009/cijI6unUUF.txt
- 1
- 2
- 3
Next