c:\winnt\inf\AU_gdi.inf cannot be found

This error message has just started appearing on all pcs on a network c:\winnt\inf\AU_gdi.inf - any ideas? I have done a search and examined all c:\winnt\inf folders but the file does not exist anywhere!  I have set the folder view options to show hidden files but dont know what this file is or where it is
Who is Participating?
asodohatchConnect With a Mentor Author Commented:
OK tnx anyway guys but we've finally sorted this - the AU stands for Auto Update - it is a windows autoupdate file that fails to install properly if the user does not have administrator rights.

The solution is to simply log on as administrator then the registry entry is automatically removed.  No need for spyware detection etc.  No need to manually edit registry.

You can then log on as normal user and everything is ok.

Appears to be an oversight on behalf of Microsoft

Pete LongTechnical ConsultantCommented:
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Pete LongTechnical ConsultantCommented:
Hi asodohatch,
check for the existance of this Reg key
CurrentUser\Software\Microsoft\Internet Explorer\Explorer Bars\{c4ee31f3-4768-11d2-be5c-00a0l9a83da1}\000

Above from http://www.experts-exchange.com/Miscellaneous/Q_21133841.html

it would seem to be spyware related
Browser Hijacking/Spyware/Adware/Malware Removal instructions

Full removal and Prevention instructions are available on my website,


Please don't "Gum up" the TA's here by posting Hijack This Logs
go here and have it analysed.

The EE Official Link to info is,

asodohatchAuthor Commented:
Ive run spybot, hijack this and stinger - still got same problem - found an entry in the registry - rundll32 advpack.dll,LaunchINFSection C:\WINNT\INF\AU_gdi.inf,GDIToolRun,2,N - but it wont let me delete it - nothing in startup
Pete LongTechnical ConsultantCommented:
DO you have a registry entry under



 [GDI Detect Tool..] rundll32 advpack.dll,LaunchINFSection
this file is a information file, it will not harm your computer. i have also suffered with this problem. it also create login problem in some system but after delete this value in registry. you will not receive this type of problem and your system work fine.

(Network engineer)
You must login as admin to delete this key. It looks like some hotfix did this. Try to roll back the hotfix you applied (or automatic).
asodohatchAuthor Commented:
Can anybody explain definitely - is this a trojan, is it caused by windows update, is it spyware.  How do we prevent it happening again
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.