Hi everybody. I'm having trouble cleaning my system. A few days ago I wanted to uninstall ESET Smart Security 4 and go back to ESET Smart Security 3. Apparently something happened on the way to heaven. Since that fateful day, whenever I start Windows, I get the error message: >>> SVCHOST.EXE Error "The instruction at 0x0068066b referenced memory at 0x0068066b. The memory could not be written" >>> (My OS language is Spanish, so I'm translating it for the forum). The message keeps appearing several times and after a few minutes, the System reboots itself. Reading on the net, I took the advice given to other people, so I: 1 - deactivated Windows restore 2 - enabled viewing hidden files 3 - restarted on safe mode Then, I installed and ran a full check with all these programs: 1 - Malwarebytes Anti-Malware 2 - Superantispyware 3 - EasyCleaner 4 - CCleaner 5 - AVG Antivirus They detected some nasty Trojans, such as some "Dopper" guy and a few generics. But unfortunately, the message keeps popping up whenever I start Windows in normal model Looking around to check if there was something left from previous installations, I found that this file is still around and I can't seem to delete it: C:\Archivos de programa\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys I tried Killbox and fileAssassin, but the bugger won't go away. Now, please I'm on my last nerve on this one. I would appreciate any help you can provide. I have a Hijackthis log at your request

First thing you should NOT have done NeidKaos was disable system restore (for future reference),an infected restore point is better than no restore point...just in case something goes wrong in a fix you may try. You may have missed the registry entries as Ccleaner and co never totally cleanup. Im assuming XP for now . Start / run and type REGEDIT and enter. Select EDIT and FIND Type ESET and delete the entries,F3 for next and so on. I strongly suggest you backup the registry first before any deleting,also create a system restore point first. epfwndis.sys is the driver for the Eset firewall and maybe the reason for your problems. Try running Revo Uninstaller if possible http://www.revouninstaller.com/

I deleted the only ESET entry in the registry. Revo Uninstaller doesn't show Eset in the programs list. Nor does it show in Add-Remove program in Windows. The epfwndis.sys still can't be deleted.

Open Hijackthis and Main menu Open the Misc tools section Delete a file upon reboot Now navigate to the location of the stored file and follow the prompts. Problem you may have is if any of the services are still running. So stop these first. Start / run and type SERVICES.MSC and enter,now look for any relevance to Eset and stop the service. Failing that,boot into safemode and try HJT to remove the problem file. Also check MSCONFIG; Start / run and type MSCONFIG and enter,select startup and reduce as many startup items as possible. Obvious ones to leave are any antivirus and firewall and any realtime antispyware program,and if a laptop...leave the synaptics entry ticked and apply and ok...reboot.

I tried that, skidzy, but it doesn't seem to work. The services don't reference ESET in any way and HJT doesn't delete the file. I've already removed all the startup items except for AVG.

OK, I'm taking baby steps, but I finally managed to delete the mysterious file. I booted from a flashdrive using a Windowx XP USB version and deleted epfwndis.sys. I restarted in normal mode and I still get the error message and no network or internet connection (Which I believe is the direct consequence of the svchost.exe error). I ran all the malware, antispyware programs and AVG antivirus on normal mode. And cleaned the PC of every pest. AVG detected Backdoor.generic10.AVTQ in: c:\WINDOWS\System32\drivers\ndis.sys. Again, I could not remove the file until I used the USB flashdrive boot trick. Now I still get the SVCHOST.exe error and no Internet or Network connection and AVG Antivirus says I have "No network protection driver on your system" (Controlador de protección de red en el sistema) Any thoughts?