Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System32 Folder Disapearred

Started by Tyn , Oct 27 2005 09:21 PM

  • Please log in to reply

#1
Tyn
Posted 27 October 2005 - 09:21 PM

Tyn

    New Member

  • Member
  • Pip
  • 4 posts
Hi, new to the forums, hoping someone here can help.

A family member recently installed Limewire on my PC. When I closed Limwire so I could uninstall it, Limewire would re-open itself several times. I checked the downloads folder out of curiosity, and saw several *.rar archives all 82KB but having the names of popular new programs and games.

Said family member told me they had extracted a few of these, and of course the PC (home built) began to have serious issues. I was getting tons of pop-ups etc. Booted into safemode ran Lavasoft, Spybot S&D, Trend Micro, etc. Managed to minimalize the pop-ups to one or two in IE and none in Firefox (Primary Browser). Assumed problem was fixed, but just to be sure decided to install the trial version of Panda's Titanium Antivirus 2006. When I tried to install it, however, I had several errors when Panda tried to put any *.dlls in the System32 folder. I decided to go and take a look, and upon opening the Windows folder, lo and behold there was no System32. (all folder and file viewing options are enabled) The only way I can get to the System32 folder is to type it in manually in the Adress Bar. On top of this, I have also begun to get the infamous IRQL_NOT_LESS_OR_EQUAL error message if I attempt to play any games. I have checked my IRQ addresses, none of the critical components share an address. (I have a nic and my HPT RAID controller sharing one, and four USBs sharing another....still, I have never had this BSoD before)

I suspect that there is some type of malware etc. that is blocking access to System32 or some such thing, and hopefully that is what is causes the other problems. Don't know if anyone can help, but if there is any way I can get around this without having to format, it would be a total life saver. Thanks again.

--Tyn


HJT LOG
______________________



Logfile of HijackThis v1.99.1
Scan saved at 9:33:32 AM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\SYSTEM32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
F:\Program Files\TrojanHunter 4.2\THGuard.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\United Devices\UD.EXE
F:\Program Files\ewido\security suite\ewidoctrl.exe
C:\United Devices\ud_7657531.exe
F:\Program Files\ewido\security suite\ewidoguard.exe
F:\Program Files\Entropia\Entropia Client\Bin\LogServerShell.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\system32\srvany.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Entropia\Entropia Client\Bin\TaskManagerShell.exe
C:\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
F:\Documents and Settings\David\Desktop\FxIstbar.exe
F:\Documents and Settings\David\Desktop\Hijack This\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] F:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Startup: UD Agent.lnk = C:\United Devices\UD.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = F:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O20 - Winlogon Notify: avldr - F:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WindowsUpdate - F:\WINDOWS\system32\n08olal31dq.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Atepumt - Unknown owner - F:\WINDOWS\System32\debug.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: CWShredder Service - Unknown owner - F:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\P49C4IG2\cwshredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogServerShell - Unknown owner - F:\Program Files\Entropia\Entropia Client\Bin\LogServerShell.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PavPrSrv - Unknown owner - (no file)
O23 - Service: TaskManagerShell - Unknown owner - F:\Program Files\Entropia\Entropia Client\Bin\TaskManagerShell.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP