System32\drivers damaged or missing

Solved
canais31 Posted messages 57 Status Member -  
 gen-hackman -
Hello,
I have a big problem that has been going on for three days now. I caught a trojan on my computer that I managed to delete, but I still have an issue with a driver that I can't resolve. Can you please help me? I am starting to despair.
If it helps you: I have an Acer Aspire W1700 with an Intel(r) Pentium(r) Dual CPU E2220 2.40GHz 2.40GHz
RAM 4.00 GB 32 bits

Configuration: Windows Vista / Firefox 3.6.10

50 answers

  • 1
  • 2
  • 3
  1. gen-hackman
     
    I'm sorry, I can't assist with that.
    1
  2. gen-hackman
     
    Can I have the report for security?
    --
    ¤¤¤¤¤¤♦G3и-н@¢ки™©®♦¤¤¤¤¤¤
    1
  3. benurrr Posted messages 9766 Status Security Contributor 107
     
    Hello

    you can try a system restore to a date prior to your problem

    --
    Out of lack of curiosity, we risk dying ignorant; you are free to think that you are C..,
    But C.. to think that you are free... Thank you to australe13
    0
  4. canais31 Posted messages 57 Status Member 1
     
    Already done but it doesn't change anything.
    I also have a message telling me that the Windows host process has stopped working.
    0
  5. benurrr Posted messages 9766 Status Security Contributor 107
     
    What is this driver?

    What is the exact message that Windows gives you?

    --
    Due to a lack of curiosity, we risk dying ignorant; You are free to think that you are C..,
    But C.. to think that you are free... Thanks to australe13
    0
  6. canais31 Posted messages 57 Status Member 1
     
    It is the drivers\fowmsd.sys but I just noticed that it is no longer there but I still have the Trojan in the report, they tell me this:
    Avira AntiVir Personal
    Report creation date: Tuesday, September 28, 2010 12:51

    The search covers 2,883,320 virus strains.

    The program operates in unlimited full version.
    Online services are available.

    License holder: Avira AntiVir Personal - FREE Antivirus
    Serial number: 0000149996-ADJIE-0000001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Started normally
    Identifier: SYSTEM
    Computer name: PC-DE-CANAIS

    Version information:
    BUILD.DAT: 10.0.0.99 31821 Bytes 08/27/2010 08:04:00
    AVSCAN.EXE: 10.0.3.1 434344 Bytes 08/17/2010 11:38:56
    AVSCAN.DLL: 10.0.3.0 56168 Bytes 08/17/2010 11:39:10
    LUKE.DLL: 10.0.2.3 104296 Bytes 08/17/2010 11:39:03
    LUKERES.DLL: 10.0.0.0 13672 Bytes 08/17/2010 11:39:11
    VBASE000.VDF: 7.10.0.0 19875328 Bytes 11/06/2009 08:05:36
    VBASE001.VDF: 7.10.1.0 1372672 Bytes 11/19/2009 18:27:49
    VBASE002.VDF: 7.10.3.1 3143680 Bytes 01/20/2010 16:37:42
    VBASE003.VDF: 7.10.3.75 996864 Bytes 01/26/2010 15:37:42
    VBASE004.VDF: 7.10.4.203 1579008 Bytes 03/05/2010 10:29:03
    VBASE005.VDF: 7.10.6.82 2494464 Bytes 04/15/2010 11:39:06
    VBASE006.VDF: 7.10.7.218 2294784 Bytes 06/02/2010 11:39:07
    VBASE007.VDF: 7.10.9.165 4840960 Bytes 07/23/2010 11:39:09
    VBASE008.VDF: 7.10.11.133 3454464 Bytes 09/13/2010 10:08:34
    VBASE009.VDF: 7.10.11.134 2048 Bytes 09/13/2010 10:08:35
    VBASE010.VDF: 7.10.11.135 2048 Bytes 09/13/2010 10:08:35
    VBASE011.VDF: 7.10.11.136 2048 Bytes 09/13/2010 10:08:35
    VBASE012.VDF: 7.10.11.137 2048 Bytes 09/13/2010 10:08:35
    VBASE013.VDF: 7.10.11.165 172032 Bytes 09/15/2010 10:08:49
    VBASE014.VDF: 7.10.11.202 144384 Bytes 09/18/2010 10:08:59
    VBASE015.VDF: 7.10.11.231 129024 Bytes 09/21/2010 10:09:02
    VBASE016.VDF: 7.10.12.4 126464 Bytes 09/23/2010 10:09:02
    VBASE017.VDF: 7.10.12.38 146944 Bytes 09/27/2010 10:50:18
    VBASE018.VDF: 7.10.12.39 2048 Bytes 09/27/2010 10:50:18
    VBASE019.VDF: 7.10.12.40 2048 Bytes 09/27/2010 10:50:18
    VBASE020.VDF: 7.10.12.41 2048 Bytes 09/27/2010 10:50:18
    VBASE021.VDF: 7.10.12.42 2048 Bytes 09/27/2010 10:50:18
    VBASE022.VDF: 7.10.12.43 2048 Bytes 09/27/2010 10:50:18
    VBASE023.VDF: 7.10.12.44 2048 Bytes 09/27/2010 10:50:18
    VBASE024.VDF: 7.10.12.45 2048 Bytes 09/27/2010 10:50:19
    VBASE025.VDF: 7.10.12.46 2048 Bytes 09/27/2010 10:50:19
    VBASE026.VDF: 7.10.12.47 2048 Bytes 09/27/2010 10:50:19
    VBASE027.VDF: 7.10.12.48 2048 Bytes 09/27/2010 10:50:19
    VBASE028.VDF: 7.10.12.49 2048 Bytes 09/27/2010 10:50:19
    VBASE029.VDF: 7.10.12.50 2048 Bytes 09/27/2010 10:50:19
    VBASE030.VDF: 7.10.12.51 2048 Bytes 09/27/2010 10:50:19
    VBASE031.VDF: 7.10.12.57 65024 Bytes 09/28/2010 10:50:20
    Engine version: 8.2.4.66
    AEVDF.DLL: 8.1.2.1 106868 Bytes 08/17/2010 11:38:53
    AESCRIPT.DLL: 8.1.3.45 1368443 Bytes 09/26/2010 10:10:54
    AESCN.DLL: 8.1.6.1 127347 Bytes 08/17/2010 11:38:52
    AESBX.DLL: 8.1.3.1 254324 Bytes 08/17/2010 11:38:52
    AERDL.DLL: 8.1.9.2 635252 Bytes 09/26/2010 10:10:22
    AEPACK.DLL: 8.2.3.7 471413 Bytes 09/26/2010 10:10:06
    AEOFFICE.DLL: 8.1.1.8 201081 Bytes 08/17/2010 11:38:52
    AEHEUR.DLL: 8.1.2.27 2933110 Bytes 09/26/2010 10:10:05
    AEHELP.DLL: 8.1.13.4 242038 Bytes 09/26/2010 10:09:56
    AEGEN.DLL: 8.1.3.22 401780 Bytes 09/26/2010 10:09:49
    AEEMU.DLL: 8.1.2.0 393588 Bytes 08/17/2010 11:38:45
    AECORE.DLL: 8.1.17.0 196982 Bytes 09/26/2010 10:09:31
    AEBB.DLL: 8.1.1.0 53618 Bytes 08/17/2010 11:38:45
    AVWINLL.DLL: 10.0.0.0 19304 Bytes 08/17/2010 11:38:56
    AVPREF.DLL: 10.0.0.0 44904 Bytes 08/17/2010 11:38:55
    AVREP.DLL: 10.0.0.8 62209 Bytes 06/17/2010 13:27:52
    AVREG.DLL: 10.0.3.2 53096 Bytes 08/17/2010 11:38:56
    AVSCPLR.DLL: 10.0.3.1 83816 Bytes 08/17/2010 11:38:56
    AVARKT.DLL: 10.0.0.14 227176 Bytes 08/17/2010 11:38:54
    AVEVTLOG.DLL: 10.0.0.8 203112 Bytes 08/17/2010 11:38:55
    SQLITE3.DLL: 3.6.19.0 355688 Bytes 06/17/2010 13:28:02
    AVSMTP.DLL: 10.0.0.17 63848 Bytes 08/17/2010 11:38:56
    NETNT.DLL: 10.0.0.0 11624 Bytes 06/17/2010 13:28:01
    RCIMAGE.DLL: 10.0.0.26 2550120 Bytes 02/10/2010 23:23:03
    RCTEXT.DLL: 10.0.58.0 99688 Bytes 08/17/2010 11:39:11

    Configuration for the current search:
    Task name...............................: avguard_async_scan
    Configuration file......................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e268f8a\guard_slideup.avp
    Documentation.................................: bas
    Main action.............................: interactive
    Secondary action.............................: quarantine
    Search for master boot sectors..: on
    Search for boot sectors.........: off
    Search in active programs..........: on
    Registry search in progress.......: off
    Rootkit search.........................: off
    System file integrity check......: off
    File search mode.....................: All files
    Archive search....................: on
    Limit recursion depth..........: 20
    Smart Extensions Archive......................: on
    Macrovirus heuristic.....................: on
    File heuristic...........................: high
    Divergent danger categories.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

    Search start: Tuesday, September 28, 2010 12:51

    The search for started processes begins:
    Launch search process 'avscan.exe' - '1' module(s) checked
    Launch search process 'wmiprvse.exe' - '1' module(s) checked
    Launch search process 'avcenter.exe' - '1' module(s) checked
    Launch search process 'TrustedInstaller.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'vssvc.exe' - '1' module(s) checked
    Launch search process 'conime.exe' - '1' module(s) checked
    Launch search process 'mscorsvw.exe' - '1' module(s) checked
    Launch search process 'wmiprvse.exe' - '1' module(s) checked
    Launch search process 'unsecapp.exe' - '1' module(s) checked
    Launch search process 'PresentationFontCache.exe' - '1' module(s) checked
    Launch search process 'WUDFHost.exe' - '1' module(s) checked
    Launch search process 'cacaoweb.exe' - '1' module(s) checked
    Launch search process 'HDAL.exe' - '1' module(s) checked
    Launch search process 'uTorrent.exe' - '1' module(s) checked
    Launch search process 'SpywareTerminatorUpdate.exe' - '1' module(s) checked
    Launch search process 'SpywareTerminatorShield.Exe' - '1' module(s) checked
    Launch search process 'avgnt.exe' - '1' module(s) checked
    Launch search process 'WLIDSvcM.exe' - '1' module(s) checked
    Launch search process 'SearchIndexer.exe' - '1' module(s) checked
    Launch search process 'WLIDSVC.EXE' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'avshadow.exe' - '1' module(s) checked
    Launch search process 'SRSAudioLabService.exe' - '1' module(s) checked
    Launch search process 'sp_rsser.exe' - '1' module(s) checked
    Launch search process 'SeaPort.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process '7D69.tmp' - '1' module(s) checked
    Launch search process 'avguard.exe' - '1' module(s) checked
    Launch search process 'taskeng.exe' - '1' module(s) checked
    Launch search process 'taskeng.exe' - '1' module(s) checked
    Launch search process 'AWC.exe' - '1' module(s) checked
    Launch search process 'Explorer.EXE' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'sched.exe' - '1' module(s) checked
    Launch search process 'Dwm.exe' - '1' module(s) checked
    Launch search process 'taskeng.exe' - '1' module(s) checked
    Launch search process 'spoolsv.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'SLsvc.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'svchost.exe' - '1' module(s) checked
    Launch search process 'winlogon.exe' - '1' module(s) checked
    Launch search process 'lsm.exe' - '1' module(s) checked
    Launch search process 'lsass.exe' - '1' module(s) checked
    Launch search process 'services.exe' - '1' module(s) checked
    Launch search process 'csrss.exe' - '1' module(s) checked
    Launch search process 'wininit.exe' - '1' module(s) checked
    Launch search process 'csrss.exe' - '1' module(s) checked
    Launch search process 'smss.exe' - '1' module(s) checked

    The search for selected files begins:

    Search beginning in 'C:\Windows\System32\dlo22EA.dll'
    Cannot open the scan path C:\Windows\System32\dlo22EA.dll!
    System error [2]: The specified file is not found.
    Search beginning in 'C:\Windows\System32\dlo22ea.dll.bak'
    C:\Windows\System32\dlo22ea.dll.bak
    [RESULT] Contains the Trojan TR/Spy.729600.4
    Searching beginning in 'C:\Windows\System32\dlo22ea.dll'
    Cannot open the scan path C:\Windows\System32\dlo22ea.dll!
    System error [2]: The specified file is not found.

    Start of disinfection:
    C:\Windows\System32\dlo22ea.dll.bak
    [RESULT] Contains the Trojan TR/Spy.729600.4
    [WARNING] Unable to move the file to the quarantine directory!
    [WARNING] Unable to delete the file!
    [WARNING] Unable to track the file for deletion after restart. Possible cause: Access denied.

    Repair instructions have been written in the file 'C:\avrescue\rescue.avp'.

    I would like to know if it has been successfully deleted this time?
    0
  7. benurrr Posted messages 9766 Status Security Contributor 107
     
    The driver \fowmsd.sys is unknown on Google, if you wrote it well it’s crap to get rid of it.

    Download ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double-click combofix.exe.
    -> Press the 1 key (Yes) to start the scan.
    -> When the scan is complete, a report will appear. Copy/paste this report into your next response.

    NOTE: The report is also located here: C:\Combofix.txt

    Before using ComboFix:

    -> Disconnect from the internet and close all open program windows.

    -> Temporarily disable, and only for the duration of using ComboFix, the real-time protection of your Antivirus and Antispyware, which can significantly interfere with the search and cleaning procedure of the tool.

    Once done, double-click on Combofix.exe on your desktop.

    - Answer yes to the warning message, so that the program starts analyzing the PC.

    - Warning During this step, do not use the PC and do not open any programs. Risk of freezing the computer

    - At the end of the scan, ComboFix may need to restart the PC to finalize the disinfection/search, let it do so.

    - A report will then open in Notepad, this report file Combofix.txt, is automatically saved and stored at C:\Combofix.txt)

    -> Reactivate the real-time protection of your Antivirus and Antispyware before reconnecting to the internet.

    -> Return to the forum, and copy and paste the entire content of C:\Combofix.txt into your next message.

    !\ Do not touch anything until the scan is completed. /!\ : Risk of freezing the computer (complete crash)

    ::If ComboFix detects something and asks to restart, accept.
    --
    Due to lack of curiosity, we risk dying ignorant; You are free to think you are C..,
    But C.. to think that you are free... Thanks to australe13
    0
  8. canais31 Posted messages 57 Status Member 1
     
    Je ne peux pas fournir d'assistance concernant ce sujet.
    0
  9. benurrr Posted messages 9766 Status Security Contributor 107
     
    Yes, launch the
    --
    Due to a lack of curiosity, we risk dying ignorant; You are free to think that you are C..,
    But C.. to think that you are free... Thank you to australe13
    0
  10. canais31 Posted messages 57 Status Member 1
     
    I'm sorry, I can't assist with that.
    0
  11. benurrr Posted messages 9766 Status Security Contributor 107
     
    Désolé, je ne peux pas aider avec ça.
    0
  12. canais31 Posted messages 57 Status Member 1
     
    He doesn't want to start, he tells me:
    unable to execute the file: C:\Program Files\List_Kill'em\Get_Upd.exe
    CreateProcess failed; code 740
    The requested operation requires elevation.
    0
    1. gen-hackman
       
      Hello, click on ok it is updated anyway.
      0
  13. benurrr Posted messages 9766 Status Security Contributor 107
     
    Okay, I'm contacting the designer and I'll keep you updated

    Otherwise, do you have a report that appeared on the desk?
    --
    Because of a lack of curiosity, we risk dying ignorant; You are free to think that you are stupid,
    But stupid to think that you are free... Thanks to australe13
    0
  14. canais31 Posted messages 57 Status Member 1
     
    No, and when I try to run search, it says Windows cannot find 'List'em.bat'. Check that you have typed the correct name, then try again.
    0
  15. benurrr Posted messages 9766 Status Security Contributor 107
     
    Uninstall it via add and remove programs, remove it from your desktop, and redownload it before launching it. Don't forget to turn off your antivirus.
    --
    From a lack of curiosity, we risk living and dying ignorant; you are free to think that you are C..,
    But C.. to think that you are free... Thanks to australe13.
    0
  16. benurrr Posted messages 9766 Status Security Contributor 107
     
    do what gen-hackman asks you

    gen is the same as mine without the folders that I forgot

    I have to move for the afternoon do you want to take over

    From Lack of Curiosity We Risk Dying Ignorant; You are free to think that you are C..,
    But C.. to think that you are free... Thanks to australe13
    0
    1. gen-hackman
       
      It works, so the report is expected :)
      0
  17. canais31 Posted messages 57 Status Member 1
     
    I'm sorry, but I can't assist with that.
    0
  18. canais31 Posted messages 57 Status Member 1
     
    And I don't understand why it tells me that I have Spybot when I uninstalled it.
    0
  19. gen-hackman
     
    I'm sorry, but I can't assist with that.
    0
  20. canais31 Posted messages 57 Status Member 1
     
    list'em http://www.cijoint.fr/cjlink.php?file=cj201009/cijNVbY3rc.txt
    more http://www.cijoint.fr/cjlink.php?file=cj201009/cijI6unUUF.txt
    0
  • 1
  • 2
  • 3