Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C\windows\system32\ Drivers\ntndis.exe


  • Please log in to reply
7 replies to this topic

#1 ewoks

ewoks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 09 July 2007 - 06:39 AM

i've had this problem for quite a while now. when i start my computer, a window always pops up with this message on it, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." The "name" of the window says "C\WINDOWS\system32\drivers\ntndis.exe".

i dont know if this error has something to do with my problems like not being able to see the "folder options" on the "tools menu" and not being able to use the USB ports properly (i can't sync my ipod on my pc).

i havnt done anything yet for this prob.

i forget when i started to experience this but i think it has something to do with the spyware i got a long time ago.

hope you guys can help. thanks

BC AdBot (Login to Remove)

 


#2 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:10:32 AM

Posted 09 July 2007 - 07:00 AM

Hi ewoks,

This is often caused when you have removed this file - ntndis.exe - from your system and when Windows try to run it, it doesn't run. Thus, you get this error message. To do this, please follow the instruction carefully.

Click Start > Run > type regedit and Click OK.

Registry Editor should popup now and navigate to the following:

HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run

On the right panel, you should be able to see the following C\WINDOWS\system32\drivers\ntndis.exe under the column Data. Now look at the same row and under column Name, Right Click and select Delete.

Note: If you do not see the value in your Registry, DO NOT attempt to delete any other value! If you do not feel comfortable with dealing with your Registry, please let me know so that I can suggest another fix.

WARNING: As this is a registry edit you should backup the registry first. To do this, on the Registry Editor, under File, Click on Export and save it to a location.

As for your "Folder Option" missing, you can try this fix from Kelly's Corner.

Look for Restore Folder Options Under Tools - #129 on the left.

WARNING: As this is a registry edit you should backup the registry first.

Please let me know of any question you may have before trying the above fix.

Edited by Nikas, 09 July 2007 - 07:02 AM.


#3 ewoks

ewoks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 10 July 2007 - 06:08 AM

Hi ewoks,

This is often caused when you have removed this file - ntndis.exe - from your system and when Windows try to run it, it doesn't run. Thus, you get this error message. To do this, please follow the instruction carefully.

Click Start > Run > type regedit and Click OK.

Registry Editor should popup now and navigate to the following:

HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run

On the right panel, you should be able to see the following C\WINDOWS\system32\drivers\ntndis.exe under the column Data. Now look at the same row and under column Name, Right Click and select Delete.

Note: If you do not see the value in your Registry, DO NOT attempt to delete any other value! If you do not feel comfortable with dealing with your Registry, please let me know so that I can suggest another fix.

WARNING: As this is a registry edit you should backup the registry first. To do this, on the Registry Editor, under File, Click on Export and save it to a location.

As for your "Folder Option" missing, you can try this fix from Kelly's Corner.

Look for Restore Folder Options Under Tools - #129 on the left.

WARNING: As this is a registry edit you should backup the registry first.

Please let me know of any question you may have before trying the above fix.



hi nikas thanks for the tips. i can't seem to run the regedit. an error occured. it says, "Registry editing has been disabled by your administrator." the problem is, i'm the administrator and i don't think i did that before.

#4 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:10:32 AM

Posted 10 July 2007 - 06:27 AM

There are two method given by this link - Registry Editing has been disabled by your administrator. Try either one of method and see how it goes. It should fix your problem.

I would like you to go for online scan too.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Report back to us and let us know your scan result.

Edited by Nikas, 10 July 2007 - 06:27 AM.


#5 ewoks

ewoks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 10 July 2007 - 10:25 AM

There are two method given by this link - Registry Editing has been disabled by your administrator. Try either one of method and see how it goes. It should fix your problem.

I would like you to go for online scan too.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Report back to us and let us know your scan result.



here's the report


Incident Status Location

Virus:Trj/ProxyServer.N Disinfected Operating system
Virus:trj/multidropper.jb Disinfected Operating system
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@casalemedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@cgi-bin[3].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@counter1.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@counter6.sextracker[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@cs.sexcounter[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@fastclick[2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@gammae[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@mediaplex[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@paycounter[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@serving-sys[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@sexlist[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@sextracker[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Anonymous\Cookies\anonymous@xiti[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\ewoks\Application Data\Mozilla\Firefox\Profiles\gjwfsi26.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ewoks\Application Data\Mozilla\Firefox\Profiles\gjwfsi26.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\ewoks\Application Data\Mozilla\Firefox\Profiles\gjwfsi26.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@bs.serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@counter1.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@counter13.sextracker[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@cs.sexcounter[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@fastclick[2].txt
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@inet-traffic[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@sextracker[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@statse.webtrendslive[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\ewoks\Cookies\ewoks@xiti[1].txt
Virus:Trj/Downloader.MDW Disinfected C:\tmp037z.exe
Virus:Trj/Lineage.CQS Disinfected C:\WINDOWS\system32\drivers\ntndis.exe
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\windll32.exe

#6 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:10:32 AM

Posted 10 July 2007 - 11:47 AM

So have your problem been solved? If that is the case,

I would suggest you to read up - Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer

Before you post your HijackThis log in HijackThis Logs and Analysis Forum.

It seem that there are some more malware resides in your computer, thus you might just want the experts to look through your log.

#7 ewoks

ewoks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 12 July 2007 - 07:09 AM

nope. it still says the same error when i start up. i didn't see the ntndis.exe under this "HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run"

#8 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:10:32 AM

Posted 12 July 2007 - 08:44 AM

Follow my post above, you should be done with that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users