MSRT has deleted ndis.sys

Welcome to Major Geeks!

You need to attach the log from MGtools and then we will likely be able to help you.


Also you could just copy this file: c:\windows\system32\dllcache\ndis.sys

into the c:\windows\System32\drivers folder and then reboot

 

Uninstall the below old versions of software:
Java(TM) 6 Update 16

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Manually copy this file:

C:\WINDOWS\ServicePackFiles\i386\ndis.sys

into the C:\windows\system32\drivers folder so that you have:

C:\WINDOWS\system32\drivers\ndis.sys

Then reboot and see how things look.

 

Note: If you get the same error at reboot after copying this file, then you will have to post in the Networking Forum as your problem is not malware. It would more likely be either corrupted drivers are a failed NIC (Network Interface Card).

A Tip to try: You could go to Device Manager and uninstall the device and then reboot. Upon reboot you should install NEW drivers for the device and not use any existing ones that may be found on the PC. Make sure you use the most recent available drivers and hopefully they are certified by Microsoft.

 

Nothing is stopping you from replacing it. Your system is just crashing when the driver is put in place to allow your network interface to work. Typically this means other related drivers for the hardware have been corrupted or removed or the hardware is broken. This is why I suggested unintalling the Device and then installing ALL new drivers. If you use any of the drivers that are already on the PC, it could just result in the same problem.

 

If you properly reinstalled Windows after a format and did not reinstall anything else except Windows from original media then you are not having malware problems. If however you did not properly reinstall or reinstall other software from some form of backups that could be carrying infections then it is possible that you are reinfected or never removed the real heart of the infection or Windows corruption issues when you did the reinstall.

Also was it really a full reinstall or did you just do a repair?

It is also possible that even if you did a format, you could still be infected if you had a Master Boot Record infection which will survive a format. However, I did not see any signs of an MBR infection in the logs you had attached. But to always be save, you need to delete partitions, recreate partitions, format, and then reinstall and only reinstall Windows and nothing else. Then make sure your PC appears to be operating correctly before installing anything else. Then if you are still going to reinstall Sophos, make sure it is a clean and licensed copy belonging to you.

Normal.