Computer Support Forum

System32....NLS Files

Question: System32....NLS Files

Hello, I have about 55 nls.files in Windows Sys.32.
Are these required or can I delete them?

XP Home IE6 SP1

Relevance 100%
Preferred Solution: System32....NLS Files

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: System32....NLS Files

14 more replies
Relevance 50.43%

Hi There!My housemate's laptop has a virus and they asked me to help fix it. By the looks of it they have the "Data Recovery Virus" on their laptop. Ran various virus scans and removed about 200 malicious files, but still no joy. Upon startup several boxes pop up stating:"Failed to save all the components for the file \System32\0000390c. The file is corrupted or unreadable." Each box has a different sys32 file, including ..em32\00004509 and ..em32\0000767d. I've ran spybot and SUPERAntiSpyware, both removed a whole load of crap on the laptop but not the damn virus im after!Also ran Security Check: Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: MVPS Hosts File Spybot - Search & Destroy Java™ 6 Update 22 Out of date Java installed! Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date! Mozilla Firefox (x86 en-GB..) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ``````````End of Log```````````` Running a comprehensive virus scan (again) atm, will post SAS results when its done.Any help with this would be greatly appreciated

Answer:Data recovery virus - Failed to save components for the file \System32\(several system32 files). The file is corrupte...

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/27/2011 at 04:10 PM

Application Version : 5.0.1134

Core Rules Database Version : 7856

Trace Rules Database Version: 5668

Scan type : Complete Scan

Total Scan Time : 01:16:31

Operating System Information

Windows 7 Home Premium 64-bit (Build 6.01.7600)

UAC Off - Administrator

Memory items scanned : 306

Memory threats detected : 0

Registry items scanned : 71337

Registry threats detected : 0

File items scanned : 225087

File threats detected : 18

Adware.Agent/Gen-Pinball

C:\PROGRAM FILES (X86)\MOSSYSKY\BIN\1.0.16.0\MOSSYSKYSACB.EXE

C:\Windows\Prefetch\MOSSYSKYSACB.EXE-0EB24479.pf

Trojan.Agent/Gen-FakeAlert[Local]

C:\PROGRAMDATA\1KALMIG2KB7FZP.EXE

Adware.Tracking Cookie

cdn1.image.freeporn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

ec.atdmt.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

files.youporn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

ia.media-imdb.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FLTEG34J ]

s0.2mdn.net [ C:\USERS\LISA\APPDATA\ROAMING&#... Read more

6 more replies
Relevance 47.56%

Hi,

Some malware has been giving me constant grief for the past few weeks. I've spent a lot of time trying to unsuccessfully solve this myself and am now at a loss for how to proceed. Symptoms as follows:

Whenever I'm connected to the internet, avast keeps detecting infected files in a couple of places on my hard drive. Most commonly, they're files with a false extensions that appear in my Network Service folder's Tempoary Internet Files e.g:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EMN1H8B\zhwh[1].gif
These seem to get created every couple of hours when I'm connected, regardless of whether or not I have a web browser open. avast will delete these files, but they'll reappear later with a different filename and extension (always something like .gif .bmp .jpg etc).
Slightly less frequently, avast detects an infected file at C:\WINDOWS\system32\x. Again, avast successfully deletes this file, only for it to regenerate later (filename is always the same for this one).

This has been a problem now for about a month (see attached avast log from Jan 29 2010 - I'm not sure if it's relevant that avast at first recognised the infection as Win32:Confi [Wrm], but is now picking it as Win32:Rootkit-gen [Rtk]). I suspect a couple of potential sources from around that time:
1) A flash drive that was infected by a colleague's PC (when I plugged it into my computer avast detected a mas... Read more

Answer:Infected Files Regenerating in Temporary Internet Files and System32 folders

Other attachments...
 

8 more replies
Relevance 46.74%

Hi!
Setting: I have two identical Notebooks - bought at the same time at the same shop -  that have two internal harddisk slots. They had win 7 preinstalled. I chose the 64 bit version.


As time went by I changed the harddisks 3 or 4 times over the years. The last two changes were to SSD.
One old HD is gone, as it overheated. (But I was able to secure all data.)
The current problem:
To change to the new SSD on NB1 (Notebook1) I cloned the "C"-Partition from the other notebook.
Then I put the SSD in NB1's harddisk slot. In the other harddisk slot there is an old harddisk once running this notebook.
First time it didn't boot, whyever, but second time it did boot. It booted from the new SSD. (I changed the boot-order in the bios appropriatly. And the old harddisk has a defect MBR, so can't boot anyway.)
Two days ago I accessed the old harddisk, where I had a folder "windows.old" which actually contained a quite complete copy of an old state of that harddisks original partition back when it was the OS running harddisk. When trying to access the
user's folder on that old harddisk, it said I need administrator right, then it will be made permanently accessible to me (my current user on the SSD logged in.) It took some minutes, and everything was alright.
When ending work I put the system in "Hibernation" (Ruhezustand).
Yesterday when starting the system, the starting screen was in English "Windows is continued" instead of... Read more

More replies
Relevance 46.74%

Hi!
Setting: I have two identical Notebooks - bought at the same time at the same shop -  that have two internal harddisk slots. They had win 7 preinstalled. I chose the 64 bit version.


As time went by I changed the harddisks 3 or 4 times over the years. The last two changes were to SSD.
One old HD is gone, as it overheated. (But I was able to secure all data.)
The current problem:
To change to the new SSD on NB1 (Notebook1) I cloned the "C"-Partition from the other notebook.
Then I put the SSD in NB1's harddisk slot. In the other harddisk slot there is an old harddisk once running this notebook.
First time it didn't boot, whyever, but second time it did boot. It booted from the new SSD. (I changed the boot-order in the bios appropriatly. And the old harddisk has a defect MBR, so can't boot anyway.)
Two days ago I accessed the old harddisk, where I had a folder "windows.old" which actually contained a quite complete copy of an old state of that harddisks original partition back when it was the OS running harddisk. When trying to access the
user's folder on that old harddisk, it said I need administrator right, then it will be made permanently accessible to me (my current user on the SSD logged in.) It took some minutes, and everything was alright.
When ending work I put the system in "Hibernation" (Ruhezustand).
Yesterday when starting the system, the starting screen was in English "Windows is continued" instead of... Read more

More replies
Relevance 43.87%

I all.. I found this same subject somewhere around 20 days ago. Unfortunately the thread was dead and nothing else happends there.. So I'm posting the same question again... I have hijackthis here and nothing seems weird there until i see the running proccess and the dll loaded by winlogo.exe are a couple of weird ones:
xxyxwxw.dll and another one weird too... (this one seems to be the oldest..) can any one help me telling what can i do or post to try to clean my system up ??? (the system keep opening explorer and connecting to pages, by itself...)
 

Answer:Lot's of tmp files on system32...

8 more replies
Relevance 43.87%
Question: System32 Files

hey i was running my AVG virus scan and these files came up
kernel32.dll
user32.dll
shell32.dll
ntoskrnl.exe

under the result/infection heading, for each of these it has the word change.
does any1 know what this means, what these files are, etc?

Answer:System32 Files

Part of those files may possibly have an infection in them. Also, does it say which path it is too these files? If so, what is the path.

7 more replies
Relevance 43.87%

Hello Pro's,

I had a melt down earlier this week. I think I am almost out of the woods, but I need some guidance.

I've read that some sys32 exe files may be virus connected.

this is a log file from Hijackthis.

I want to know what to dump and what to keep.

( Tell me like I'm 12 years old ) LOL

Thanks in advance,

Pally

Logfile of HijackThis v1.98.2
Scan saved at 7:08:39 PM, on 12/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\Norton AntiVirus\navapsvc.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\Program Files\QuickTime\qttask.exe

F:\Program Files\Messenger\msmsgs.exe

F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Documents and Settings\Rhodie Smith\Desktop\Old Drive\software_2
\Silicon Prairie Software\MemTurbo\memturbo.exe

F:\Program Files\Internet Explorer\iexplore.exe

F:\WINDOWS\system32\calc.exe

F:\Program Files\Internet Explorer\iexplore.exe

F:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe

F:\Program Files\Microsoft Office\Office10\WINWORD.EXE

F:\Documents and Settings\Rhodi... Read more

Answer:System32- .EXE files

Hi pally44

Welcome to TSG!

Go to Add/Remove programs and uninstall AdDestroyer.

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thenewsearch.com/thenewsearch.html

O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-414456544F4E} - F:\WINDOWS\System32\ADV.dll

O3 - Toolbar: Advanced Search - {9EAC0102-5E61-2312-BC2D-414456544F4E} - F:\WINDOWS\System32\ADV.dll

O4 - Startup: AdDestroyer.lnk = F:\Program Files\AdDestroyer\AdDestroyer.exe

O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab

O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - F:\WINDOWS\System32\vbsys.dll

Restart to safe mode.

How to start your computer in safe mode

Now find and delete this folder:

F:\Program Files\AdDestroyer

Also in safe mode navigate to the F:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset... Read more

3 more replies
Relevance 43.87%
Question: System32 files

I ran HJT, making certain fixes, I also ran Spybot S & D and made the recommended fixes, I also ran Registry Mechanic 4.0. IE still pops up out of nowhere, sometimes asking me to allow certain cookies, (which I don't), other times it starts up and attempts to go to a different sites, but it isn't able too.
Here is the question.
I also have Belarc Advisor which i ran and it showed a file in the System32 file named ojtqfp.exe. Under file properties it says it is an installation utility for www.callinghome.biz by the "callinghome.biz" company. I am wondering if i can delete this file without having any problems and if there are other files that this company installed.

Hopefully that is not too confusing.

Thank you for any help.
 

Answer:System32 files

Get AdAware SE http://www.majorgeeks.com/download506.html - check for updates and the run it fixing anything it says, then post you HJT log
 

2 more replies
Relevance 43.87%

XP Home.Is there anywhere a list of the purpose of default .exe files in System 32 :-?

Answer:Exe files in System32

Sounds suspiciously like a homework question? Why do you want to know? Have you used your google button or researched this online? Have you checked at the Microsoft site?

6 more replies
Relevance 43.87%

C:\Windows\System32\drivers\etc\hosts when ever i change anything in the "Host" file my pc wont follow it, like for instance a game i play, needs me to change an ip in the "Hosts" but even if i change it to anything my pc getting the Ip from somewhere else on my pc and updating and not reading the ip i put in my "host" file.. is this anything to do with any adaware//spyware//virus??

please help me

+ i have just bought a new Belkin ADSL Modem with High-Speed Mode Wireless-G router and my internet speed has dropped im on 2mb from Virgin and have a Edimax 11mb wireless Pci Card.

thanksx

Answer:Help With System32 Files

If you are entering information into the HOSTS file, do you ensure that the file isn't marked "Read Only"? Does it give you any error message when you Save it?

Otherwise, this is most likely caused by an anti-virue or anti-spyware type program on your computer. It also can be affected by custom registry settings and Group Policy.

2 more replies
Relevance 43.87%
Question: System32 Files

I have a screen that appears evry 2-3 minutes saying the mp3impat.exe had to shut down do I want to send report to Microsoft. I have 6 other computers that will have the same symptoms but with a file name that is different. The computers have returnil running so that when they shut down they restore to a previus time. The program has been running since their initial instal. The only computer which does not have this is one which has XP Pro SP2 which is used for data storage for the others. In addition to the file listed above, there is a file called rtfagobj.dll in system32 which does not seem to belong. Where do I start?
Here is what pops up and the report details

binodmic.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
C:\DOCUME~1\office\LOCALS~1\Temp\WER1bf9.dir00\binodmic.exe.mdmp
C:\DOCUME~1\office\LOCALS~1\Temp\WER1bf9.dir00\appcompat.txt

Answer:System32 Files

Well it seems you have posted in the right forum and the answer would be yes, you are infectedNow the tricky part, how did it get by your VM?And how do we clean it without your VM reinstalling the infection.Let's start with a MBAM scan and clean and see what shows up. http://www.bleepingcomputer.com/forums/ind...st&p=876163Please post the log and try to answer my 2 questions

1 more replies
Relevance 43.46%

My question is very simple, but first let me outline the problem.

I was deleting Norton off of my drive and I began by deleting registry and I somehow corrupted or deleted my Windows\system32\config\system file. I'm using a Sony, it's a notebook, and The CDROM drive on it is damaged because the connector off the motherboard snapped. I only have a Hard disc drive. I do however have an external CDROM drive, but it does not work until windows COMPLETELY loads up. I have searched every single possible way to try and get into the BIOS and it seems PCG-Gr370 doesn't even have a bios or sumthing....

Is there anyway to kinda put the files you need onto a disk and and get into windows, sorta like a bypass... Once I do that I can get my USB drive to work.

Answer:System32 Files Missing

Quote:




Originally posted by Cajete
My question is very simple, but first let me outline the problem.

I was deleting Norton off of my drive and I began by deleting registry and I somehow corrupted or deleted my Windows\system32\config\system file. I'm using a Sony, it's a notebook, and The CDROM drive on it is damaged because the connector off the motherboard snapped. I only have a Hard disc drive. I do however have an external CDROM drive, but it does not work until windows COMPLETELY loads up. I have searched every single possible way to try and get into the BIOS and it seems PCG-Gr370 doesn't even have a bios or sumthing....

Is there anyway to kinda put the files you need onto a disk and and get into windows, sorta like a bypass... Once I do that I can get my USB drive to work.




did you try safemode? do you have a floppy?

2 more replies
Relevance 43.46%

I asked for help here before and got nothing..maybe someone can help me now.
I did a scan with Avast and it says it's found the following to be infected: Kernel32.dll, winsock.dll, and wsock32.dll
These are all in the System32 folder so I don't want to delete to mess with them without proper help.
I'm pretty sure i'm infected with something cause I constantly get this ad everywhere I go on the web that says "Your system could be saving dangerous adult files to your harddrive!" Different websites, same ad. Whatever my computer is infected with also keeps me from uploading things at places like say, Imageshack or Photobucket.
Here's a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:42 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svc... Read more

Answer:System32 files infected? Need help

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.

WARNING: IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts.
Please do not re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on combofix.exe and follow the prompts. When finished, it w... Read more

3 more replies
Relevance 43.46%

Packard Bell, windows Xp sp1....have been getting the same blue screens,bug checks,minidumps like everyone else for about 10 weeks. It all started after i installed Office Xp Pro ...which i subsequently uninstalled. Then i did a restore to the day b4 i installed Office. However 5 files had to be renamed because they were duplicated...urlmon.dll,shlwapi.dll,shdocvw.dll,mshtml.dll,odbc32.dll
Next.....
(This prob is gonna sound dumb but i think it may all be related)

When u install a microsoft update(eg 828750(MS03-040)) and it says it will install the following files ....
18-Sep-2003 22:28 6.0.2800.1264 2,793,984 Mshtml.dll
23-May-2003 17:15 6.0.2800.1203 1,338,880 Shdocvw.dll
13-Jul-2003 20:05 6.0.2800.1226 395,264 Shlwapi.dll
10-Sep-2003 11:48 6.0.2800.1259 444,928 Urlmon.dll.....
then after I reboot those files should be file versions "as above " in the C;\windows\system32 folder right?

When i check mine ,they are older versions ,namely 6.0.2800.1106 for the shlwapi.dll
6.0.2800.1145 for the shdocvw.dll
6.0.2800.1143 for urlmon.dll and
6.0.2800.1126 for mshtml.dll

Am i right when i say these are outdated versions and should be as the lastest update says?
Can anyone explain?

Also...some updates were installed one day....then 2 days later i have the same updates ready to be installed again...even when they are listed on the add/remove program.

I'm sure this all relates back to the reason for the constant crashes i have been having.
I'd be thankful fo... Read more

Answer:MS Updates and System32 files

It appears that your download and installation did not work properly for IE 6 SP1 (32bit) with XP SP1.
suggest you uninstall the 'update', then get a new download and install again.
The files should be shown in %Windir%\System32 folder
on Windows XP.
 

2 more replies
Relevance 43.46%

I will try and spare you all the gory details for now as they are not really relavent to my question. I want to know if anyone out there knows "EXACTLY" what takes place in the background when copying / renaming files in the Windows\System32 on a WindowsXP client system.

I spend about 8 hours troubleshooting why a custom application was not working using dependancy walker and various other utilities. In all of my testing, everything kept pointing back to a potential problem with either mpr.dll or shlwapi.dll. As a last ditch effort, I took the following steps.

1. Renamed the mpr.dll and shlwapi.dll files to mpr.dll.old and shlwapi.dll.old
2. copied these 2 files from system that was using my custom application just fine in to the Windows\system32 folder
3. Restarted my XP system
4. Tried the application again.

At this point, everything works fine.

So, I assumed at this point that the version of the files that I coppied from the other system were different and that is what fixed the issue. However, this did not turn out to be the case. Upon further inspection, including running the fc.exe (file compare utility) on both new and old coppies of the files mentioned above, they were 100% identicle.

Why did this work?????

Does Windows XP do any sort of file registration / re-registration when copy / renaming files within its system32 folder?

Can anyone shed some light on this for me?

Thank you.
Bob
 

Answer:Copying files to System32

If Windows XP detected a damaged dll, it should automatically replace it with one from its dll cache.

You can force this comparison and replacement operation by using the system file check (sfc /scannow) command.

So, its possible that when you changed it, it was detected and refreshed?
 

1 more replies
Relevance 43.46%

Hello, im Dragan and recently i have started getting errors while trying to use something. Like SetupWizard, Skype(only can be seen in taskbar), option "Run as administrator", control panel options and other. I think that some files from System32 got deteled. How got deleted? I have no idea.

Heres the 2 errors i get:

The usual error i get from "Run as administrator" is this one:''
C:\Windows\System32\program.exe
C:\Windows\System32\program.exe

The system could not find the environment option that was entered."

and errors i get from some programs is that they dont open up at all..


So, please, if you know the solve, please answer. I'd appreciate

*4 days trying to find a solve.. its like

Answer:some System32 files deleted

Run sfc /scannow.

2 more replies
Relevance 43.46%

I just got another computer system today . **upgrading the cpu/ etc** when I put my harddrive into the computer and turned it on I get the error that it can not read the system32 ntfs files . and to use the original windows CD and click repair . however I no longer have the CD ( is there anything I can do ???? please help!!
 

Answer:no system32/ntfs files

You're upgrading a NEW pc?
 

3 more replies
Relevance 43.46%

hi i was messing up with my system files with resources hackers and i found that every time i modify them they just regenerate them self.. how can i stop this?

Answer:system32 files keep regenerating!!?

This is Windows File Protection at work. If you delete or modify one of the protected files in the System32 folder it will be replaced with the original version that is stored elsewhere. There is a way to circumvent this feature but I will not describe it. You really need a good reason for doing this. Unless you have a compelling need it is not recommended.

3 more replies
Relevance 43.46%

Can someone please help identify a group of files that are located in the System32 directory - I have never seen such file extensions until now. There are 22 "sets" of 3 files that apparently embed the file creation date & time in the file names, all preceded by "PQ" and with an extension of .m01, .i01, & .f01 in each set; for example: PQ 21_2_9 2003-11-10.m01, PQ 21_2_9 2003-11-10.f01, etc.

Again, I have no idea how or why they exist .....Windows treats them as unknown application type files, and a Google search turned up nothing. Web sites such as www.webopedia.com does not list these file types either. The files occupy more than 22 MB of disk space, so if they are unnecessary I would like to delete them.

Thanx to all in advance
 

Answer:mysterious System32 files

Hi ArtVandalay,

I tried a search on the file PQ 21_2_9 2003-11-10.m01 on this web page :
http://www.pestpatrol.com/Search/

According to the answer of PestPatrol, it is related to Rm Toolkit 1.0.
If you have (or had) Rm Toolkit installed on your system, it's a possible explanation.
 

1 more replies
Relevance 43.46%

Well I Updated my computer (Automatic Update) and right after it restarted the computer an error box popped open saying a file was missing and it could not run explorer.exeI ran task manager and tried to run the system restore exe (rstrui.exe) but the window came up blank.Is there anyway to fix this?Thanks in Advance.

Answer:System32 Files Missing

Welcome to the CH forums.Please read this...Which file(s) is(are) missing?

5 more replies
Relevance 43.46%

In my %windir%\system32\ folder is something creating a lot of TMP files (MBs, GBs). It looks like winlogon process creates them. Is it virus, is it corrupted Windows XP SP2? Thank You!
 

More replies
Relevance 43.46%

Some time ago a poster asked for a list of what each .exe file in the System32 folder does.  Here is a list covering many but not all of the .exes.

Answer:.EXE files in Windows\System32

A good resource...Thanx !patio.   8-)

1 more replies
Relevance 43.46%

Last week I found a virus on this old windows 2000 laptop when caused a login loop after cleaning parts of the virus. I was able to resolve the login loop by using "ultimate boot CD" to make a registry change. Once that was resolved I cleaned the virus and all as good until the first reboot. On reboot Windows ran chkdsk (didn't have an option to stop it) and when complete Windows wouldn't load since it said PCI.sys was missing or corrupt. I used "ultimate boot CD" again to get to a DOS prompt and saw that the c:\winnt\system32\drivers directory was empty. I was able to copy the files from the dllcache and other directories and Windows loaded. The only issue is that when Windows loads I have no Keyboard, Mouse, USB, NIC, PCMCIA etc....I have access to the keyboard before windows loads and I'm able to boot to the USB CD Rom but I can't load windows to do a reinstall or repair because of a 0x7B (INACCESSIBLE_BOOT_DEVICE) BSOD. I'm able to boot into "ultimate boot CD" but not all of the utilities work when they start to load the CD ROM. Some of the DOS tools do work though. Any ideas how I can get full access to the keyboard,mouse, USB, NIC and PCMCIA when windows loads without doing a reinstall? If I can get at the HD from another PC can I copy the Windows install CD to a directory or partition and install from that partition?

Answer:Missing System32 files

This installation sounds seriously compromised - virus/nasties may haave done the deed...To fix... get yourself a W2K CD and run a repair installation...

2 more replies
Relevance 43.46%

Hello,
I have a Compaq Presario F500 laptop.
Windows XP home SP3.
i have discovered "crypt" files in Windows/system32.
I am almost sure that this is a virus of some sort
or certainly an unwanted intrusion.
I have Avg anti virus, IObit security, and SpyBot search and destroy, and have ran numerous scans with each.
They don't even mention these files so I must assume that they don't see them as "bad".
My question is; can I use "Unlocker", or whatever,
to kill or delete these files.
I have tried without success to include an image file.
So, I'll copy the ones i have located.
crypt.dll-cryptdlg.dll-cryptdll.dll-cryptext.dll-cryptnet.dll-cryptsvc.dll-cryptui.dll.

You folks have helped me very much in the recent past and I await your good advice.
Thank you,
Mike

Answer:Crypt files in system32

Hello michaellbb and welcome back to TSF.

The files you mentioned are legit system files. What makes you suspect that they may be malware?

If you are in doubt, you can have them scanned at VirusTotal

2 more replies
Relevance 43.46%

Running Hijackthis, I noticed Multiple system32 files missing and (unknown owner). Some of these are important files. I just loaded windows 7 on this new Giadia N20 pc and then updated 7 online frome windows and ran hijack this again; same problem. Does anyone know how to fix this? Thank youMod Edit: Removed HJT log data ~ Hamluis.

Answer:win 7 system32 files missing

I removed your posted HJT log, since HJT is a malware tool and the forum expressly prohibits posting malware logs here. You will see this if you visit the main page for this forum.No DDS, HijackThis, or ComboFix logs should be posted in this forum. - BleepingComputer.com - http://www.bleepingcomputer.com/forums/forum-56/announcement-45-no-dds-hijackthis-or-combofix-logs-should-be-posted-in-this-forum/ From what I see..."unknown owner" doesn't mean much. From http://blog.freeantivirushelp.com/post/2010/04/06/How-to-Use-HijackThis-Version-202-Review-and-Download.aspx:"I then check to see if there is an owner for the file. If there is an owner I will simply Google the owner and if there is an unknown owner, I will Google the corresponding .exe file. For example, the FBAgent.exe has an Unknown Owner so I will simply Google “FBAgent.exe”. The first result from SystemLookup.com states that FBAgent.exe is Asus FastBootAgent and since I have an ASUS laptop I can safely assume that this file is trusted. I didn’t even have to click on the link as everything I needed was located in the results." As for files denoted as "missing"...I would think that the source of the install must be questioned...or the hard drive...but that's just the path that I would take.In any case, someone more knowledgeable will be along to try to assist you.It would help if you tell us why you chose to do what appears to be a clean install...and why you r... Read more

3 more replies
Relevance 43.46%

Im trying to replace Some system 32 files such as shell32 and Explorerframe.dll with some theme ones to customize my PC but when i do it says i need permission, so i try to edit my permission to give me access but i get this:

Answer:Editing System32 Files

Hi-

Are you an Administrator of the PC?

If not, that is most likely your problem....

Regards-

Mark

12 more replies
Relevance 43.46%

Hi

Mama and Papa XP made it very difficult (it seems) to make revisions to system files. The one I am focused on is shdoclc.dll. I am one of those people who does not like flash embedded ads. There are a few ways to deal with it, but i prefer disabling Active-X.

However Microsoft always annoys those who don't wnt to look at ads in their browsers by constantly popping up a messge that says:

"Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly"

It is like "Helllooo I know that, this is why I turned them off. Do you really have to remind me evry single time???"

So instead of having an option that says "Disable eternal warning pop up" you have to get inside shdoclc.dll, remove the offending line, to make the pop up message go away.

But there is a catch. It is a 'system' file (let us all take a moment to worship the 'system' file!)

Short of doing a convoluded dance by restartig in DOS to overwrite the old file with the revised one, is ther some way to put this on the fast track?


thanks!



tx

Answer:revising XP system32 files

http://members.aol.com/ojatex/shdoclc.htm


Quote:




Make sure Internet Explorer is not open. From the Start Menu, select "Run" and type in "SFC" [no quotes].
In the SFC dialogue box, select "Extract one file from installation disk"; type in "shdoclc.dll" [no quotes].
Fill-in [browse to] the paths to your altered "shdoclc.dll" file and Windows/System folder respectively.
Select yes when asked to save [i.e.backup] the original "shdoclc.dll" file to the "Windows/Helpdesk/sfc" folder.
Reboot, then open IE5, Help/About Internet Explorer to see that the screen is now wider and all the patch numbers are visible.

7 more replies
Relevance 43.46%

Ok,

Losts of problems on this comp but I will try to start small.... I know how to use computers but have no experience in the whole registry keys and all that...

Anyway... This problem started when I wanted to do a defrag using the windows tool.... Comp stated I didn't have access to dfrg.msc... Over a month I started to lose the ability to uninstall programs... can't do windows update due to "FTP process running" or something like that... Wasn't able to access a command prompt until tonight and now DOS commands such as dir don't seem to be working and the screen is red instead of black..... I recently lost the ability to search from my internet explorer toolbar.... I contacted Dell and they had me shut off all of the background processes??(i think)?? and I could then do uninstall.... I fixed a registry key that affected the windows updater and then the process would run until it hit the FTP problem.... My comp is also starting up and coming off standby... incredibly slow..... I've seen ya'lls sight and I did the whole hijack this log.... and I hope there is some help other than wiping my whole system and starting from scratch......

Logfile of HijackThis v1.98.2
Scan saved at 10:53:54 PM, on 11/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsas... Read more

More replies
Relevance 43.46%

I just got another computer system today . **upgrading the cpu/ etc** when I put my harddrive into the computer and turned it on I get the error that it can not read the system32 ntfs files . and to use the original windows CD and click repair . however I no longer have the CD ( is there anything I can do ???? please help!!
 

Answer:no system32/ntfs files???

Is the error showing in a Blue screen? Then if the error code is 24 then try the following:
1. boofcfg /rebuild
2. chkdsk /r

If it says that NTFS.SYS is missing or corrupt then go through the link below:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822800
 

1 more replies
Relevance 43.46%

hi people how are you?it looks weird , why lots of files in system32 are multiplied and what to do to get rid of them?screenshot :

Answer:Unfolding Of Files In System32

Download Sysinternals AutoRuns tool and find out what the winlogons are used for. http://www.sysinternals.com/utilities/autoruns.html

4 more replies
Relevance 43.46%

I have tried to install a font and accidentally forgot to keep my dll files and I chaanged it to another format I Dont have the cd i'm afraid and worse after I Log in my user it shows errors of practicly random programs not working and a BLANK screen also I can't run anything that's the problem can anyone help?

Answer:.dll files in system32 error

If I could acess a file I can fix it but I can't no programs work

4 more replies
Relevance 43.46%

Hi, my system32 folder has multiple duplicates of the same .dll file. Most of them have 8 duplicates. This is my 1st time looking in this file, so I'm not sure if that ok. My computer is a Dell Dimension 3000 and I have XP_Home Edition. As a side note I installed a 2nd HDD from my old Dell Dimension 2350. Maybe that is causing some of the problem. Thank you for your help.

MexicanCutie
 dll_probs.JPG   134.92KB
  24 downloads

Answer:duplicate .dll (8) files in system32

Well the thing about DLLs is that different programs may each have their own version. WIth rootkit infections you may see what you are looking at because they insert their own DLLs and can even overwrite the system/program DLLs with their own nasty code. I looked a little further in to this and researched some of the DLLs listed. 1. WOW32.dll - File that contains application programming interface (API) functions that allow 16-bit code to call 32-bit code.2. WS2_32.dll - File that contains the Windows Sockets API used by most Internet and network applications. 3. ws2help.dll - listed on Threat Experts a mostly a threat4. wscsvc.dll is a process belonging to Windows Security Center Service5. wshext.dll - Microsoft ? Shell Extension for Windows Script Host6. wshtcpip.dll - Windows Sockets Helper DLL7. wsnmp32.dll - File that contains application programming interface (API) functions that allow SNMP manager applications to listen for SNMP manager requests and also send requests to and receive responses from SNMP agents. This is a needed file. 8. wsock32.dll - File that contains the Windows Sockets API used by most Internet and network applications to handle network connections.9. wtsapi32.dll - File that contains application programming interface (API) functions that enable application programs to (1) manage terminal services, (2) set and retrieve user configuration information that is specific to terminal services, (3) use terminal services virtual channels, and more, in a termi... Read more

3 more replies
Relevance 43.46%

Hey Everyone! I have recently had a huge trojan and adware and spyware problem. 12 hours of constant work later and I have it just about under control. I was reading online that a lot of malware hides in a file called wdmaud in system32. I read that if the owner doesn't say Microsoft Corporation in the details section that it is probably a fake. I have 5 different wdmaud files: wdmaudiowdmaud.drvwdmaud.drv.muiwdmaudio.inf_loc wdmaud.pnfWhen I click into details on these files it says the owner name is TrustedInstaller and not Microsoft CorporationThis automatically makes it seem like a tampered with file. Especially the name TrustedInstaller makes it seem even more tampered with. Everyone single one of my wdmaud files claims that the owner is TrustedInstaller.Any advice would be really appreciated! Thanks everyone

Answer:I think some files in my system32 have been tampered with

If you're on Vista, or 7 TrustedInstaller is a legit service.Read:HEREhttp://www.vistax64.com/tutorials/159360-trustedinstaller-restore-owner.htmlhttp://helpdeskgeek.com/windows-7/windows-7-how-to-delete-files-protected-by-trustedinstaller/

2 more replies
Relevance 43.46%

Hi All...My pc crashed while my son was playing a game (empire earth) no response at all so had to swith off at mains plug....now when you turn it on...you just get a black screen saying ?/?/ system32/?/ files our missing...you may be able to repair this by inserting original cd into cd-rom and pressing r at first screen...well first screen does not seem to appear....so you can touch r or enter...hard drive whirs away re boots and then comes up with same message...vicous circle!... tried all the options under f2,f8 and f12 and even tried re boot from cd rom...no good!!!....seriously stuck guys and there is one database i have set up on there that has took me nearly a year to do....OS is XP DELL dimension 8200 2.4ghz 256 rd ram 128 graphics...thinking of switching to a Mac...i was told things like this never happen to a Mac..is this true?.....Thanks very much!!!
 

Answer:System32...missing files...!?!

10 more replies
Relevance 43.46%

PLEASE HELP!!! I think im in serious %[email protected]#!

On start up of my computer, i get to log in, but my desktop icons and taskbar are gone. I managed to get everything back through Taskmanager.

There are 2 or 3 error messages pop up called "rundll32.exe - Application Error." These inform me that "The application failed to initialize properly (0xc0000005)." I get the same message if i try to get into Add/Remover Programs in the Control Panel.

Trend Mirco says its found a computer virus: "Mal_Vundo-4" in the WINDOWS\System32 file "awtrQGaA.dll". Suspiciously, this file was only created last night (unlike all its neighbours that were created in 2002).

Here are the "Hijack This" files everyone seems to be using on these forums.I hope this is enough information!

I would greatly appreciate any advice!!!

Daena
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:46 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:... Read more

Answer:system32.dll files infected!

Welcome to TSG
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

2 more replies
Relevance 43.46%

Hello i've a big problem with my system, few days ago i was attacked by some virus - i clean the system but they make some damage i mean - before attack i had over 1 gb free space on , when i delete something from c: immadietly this space were filled by some data. Now i have 2mb free space. I noticed that in my /windows/system32 is a lot of *.tmp files like this:

0143b09164904f27e51790880588e89a.TMP
0149632cad697c897ef03ba62e920e3c.TMP

some of this has A attribut, other also -C and in addition are marked as blue
all of this *.tmp files in this folder has over 5gb. Every of this file has 91kB

This is map of disk made by WinDiRStat
this big blue rectangle - system32 folder
May I just simple delete them?

Can anybody help me? thx
 

Answer:A lot of *.tmp files in /windows/system32

6 more replies
Relevance 43.46%

I am having a nightmare of a time trying to get my X-Fi to work. I want EVERYTHING related to Creative to be removed. However, it seems that only SYSTEM has full access and can change files in the system32 folder. I have 135 files that need to come out, so I can have peace of mind finally.

Is there anyway to take control of SYSTEM?

I have already tried deleting the files normally, and in safe mode. I even did the true administrator trick from the administrator command box:
net user administrator /active:yes

Still no luck.

I have tried to enable full access on my account, and even to take ownership of these files. Vista will not let me change anything on these files. Many of them are duplicates that must be fighting each other somehow causing chaos in my computer.
 

Answer:Help me delete system32 files

format c: ?

You've tried everything I would have. Hopefully Someone else can help better.
 

5 more replies
Relevance 43.46%

Over time, as I delete programs and applications, the uninstall asks if I want to delete of leave certain files on System32. Since I don't know if other programs are using these file, I always tell Uninstall to leave them there. There must be a large number of these unused files there now.

Is there software that analyses this and removes unused files?

Thanks.

Answer:Unused System32 Files

I would leave'em. That's one folder you don't want to start deleting files from unless you know what your doing. For this I wouldn't trust any program to advise on what to delete..

4 more replies
Relevance 43.46%

i am currently running windows xp home. i have tried many spyware locators such as ad aware, spybot, hijackthis, vundo fix and although most can find the problem even after reboot the file xxwur.dll and xxwur.exe still are present. when i try to manually delete the files xxwur.exe can be removed but is present again after restart but when i try to delete xxwur.dll it says it cannot be deleted because its in use by another program i will list the file log from my hjt. also when i run spybot search and destroy it will detect many problems such as virtumundo for example but no matter how many times i delete the files and reboot they are all there next time as well. any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:03:01 AM, on 1/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:�... Read more

Answer:Infection Of System32 Files

Hello neverquit11,Welcome to Bleeping Computer 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

6 more replies
Relevance 42.64%

Alright, so I want to upgrade a computer that is running Windows XP currently to Windows 7. I know that it is possible and that this computer is capable of running Windows 7, and I have the Windows 7 Home Premium Upgrade package. However, there was some damage done by a virus on this computer. The virus was removed, but there are System32 files that are damaged as a result. The owner of the computer had this machine custom built, and they don't have any of the disks for Windows or anything to try running a repair. I am wondering if running the upgrade will fix the problems with System32 files or if they will even be a factor in the upgrade. Shedding some light on this situation would be great! Thanks in advance.

Answer:Upgrade from XP While Having Damaged System32 Files

There is no direct upgrade path from XP to W7. You will essentially be doing a clean install, so it really makes no difference at all:
http://windows.microsoft.com/en-us/windows7/help/upgrading-from-windows-xp-to-windows-7

7 more replies
Relevance 42.64%

Hello; I am new to sevenforums.com and this is my 1st post (hope it is in the right place). Here is the problem: I had a SMART drive error, so I performed a backup and image before the drive failed. I replaced the drive, put the image onto the new drive, and everything appears OK with 1 exception: when I try to open a command prompt, I get an error message. I ran FC \scannow, which told me I had two corrupt files: cmd.exe and elsTrans.dll. When I looked at /system32, both files have a size of 0 bytes. I then looked at the image and the files had size values, so I copied them to the desktop. When I click on the desktop cmd.exe file the command prompt opens, so I then tried to copy them into /system32, and cannot do it. I did try reading and following similar posts in the forums,but so far, no luck. Any help would ne greatly appreciated. Thanks, Steve

Answer:Two corrupt files in /system32; cant' replace

Run SFC -SCANNOW Command a few more times. It should repair the files.

9 more replies
Relevance 42.64%

HI....
I ALWAYS RELY ON FORUMS FOR MY PROBLEMS AND TRY TO LEARN FROM THEM.
WHEN I BOOT MY SYSTEM I GET FIVE ERRORS SAYIN DIFFERENT .DLL FILES SPECIFIED MODULES WERE NOT FOUND.

THIS IS HOW MY HIJACK THIS LOG FILE LOOKS LIKE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:40, on 30/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\conime.exe
C:\Program Files\M... Read more

Answer:System32 (.dll) Files, Specified Modules Not Found

Hi Methane

PCR no longer support HJT logs..
I can say though if it is corrupt or missing .dll then do a repair from your recovery disks
 

3 more replies
Relevance 42.64%

Did something really stupid. In an attempt to follow Instructions to replace window media player 12 with
WMP 11 for work purposes, I moved system 32 files from windows/system32 folder to
A folder on the desktop, and tried to replace them with "new" system 32 files downloaded from the instruction website. I manually set a restore point prior to doing this thinking that i would be able to restore everything back to normal if a problem developed. Well of course the moving and replacing not only didnt go as represented, but the pc now won't boot. And system restore says there are no restore points to go back to (why??). When rebooting pc goes into a type of repair mode the name if which i cant remember, but says it is unable to correct the problem. I do not have a recovery disc or win 7 disc--got lost in the move. And of course I have tons of data, music,etc files, so I don't want to restore PC to original out of the box condition. I would highly appreciate any help any of may have to offer. Thanks very much in advance.
 

Answer:how to replace lost system32 files

Hello eyeopr8r, are you able to use or borrow another pc to use this tool ??

http://www.majorgeeks.com/files/details/hirens_bootcd.html
 

10 more replies
Relevance 42.64%

Hello,
I am working on a laptop that has Windows 7 on it. It had a couple of errors. First, it had that Win 7 Home Security 2011 on it, and it wouldn't let you access the internet. It kept blocking any site you try to visit. I found a registration code that activated it, so it now lets me go online, and does not prompt me for a credit card, and state that there are virus's that are really not there.

I scanned the entire system for virus's... it found trojan horses and removed them.

Note that Win 7 Home Security 2011 is not gone... it is just activated.

Here is my problem: It was doing this before I activated Win 7 Home Security... When I start up the laptop, and it loads Windows 7, when the desktop is loaded it says it cannot find the following files... a separate window pops up for each one.
c:\windows\system32\igfxpers.exe
c:\windows\system32\mrt.exe
c:\windows\system32\hkcmd.exe

I manually copied these files from the same type of laptop (Dell Inspiron), so I know the files are there, but I still keep getting the errors that those files cannot be found.

Someone told me to scan the laptop for malware...I tried to download malwarebytes, but when I try to run the setup, it doesn't do anything. I tried rebooting, downloading over, and it keeps doing the same thing.

Is it malware that could be causing this? As I said, I scanned the system and it found 2 virus's and now there are none on it...

Any idea how I can get the files to load? Or can I disable them so... Read more

Answer:3 Files Missing Under c:\windows\system32

I suggest that you read this sticky: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
Follow the directions and post a new topic here:
Virus/Trojan/Spyware Help - Tech Support Forum

BTW, did you activate Win 7 Home Security 2011 by paying for it? If so, contact your bank or credit card company, dispute the charge and have a new card issued. This is rogueware and all they want is your money. It is not a valid program.

2 more replies
Relevance 42.64%

Could someone please explain why
 hijackthis.log   4.61KB
  3 downloads i have missing files in my hijackthis log?Edit: Moved topic from Am I hacked? What do I do? to the more appropriate forum. ~ AnimalLogfile of Trend Micro HijackThis v2.0.4Scan saved at 1:20:02 PM, on 1/26/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16700)Boot mode: Safe mode with network supportRunning processes:C:\Users\Sarah\Downloads\HijackThis.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguiO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher... Read more

Answer:Missing system32 files in hijackthis log

Hello handsomegeek, When you run Hijackhtis on a computer with Windows 7, it incorrectly shows services as missing. Also, you should never run Hijackthis with Safe Mode with Network Support, as it does not show all the running processes. You need to run it the Normal Mode. Are you running a 64 bit version or 32 bit version of Windows 7?Once I know which version of Windows 7 you are using we can run a tool that will show the services.

2 more replies
Relevance 42.64%

Did something really stupid. In an attempt to follow Instructions to replace window media player 12 with
WMP 11 for work purposes, I moved system 32 files from windows/system32 folder to
A folder on the desktop, and tried to replace them with "new" system 32 files downloaded from the instruction website. I manually set a restore point prior to doing this thinking that i would be able to restore everything back to normal if a problem developed. Well of course the moving and replacing not only didnt go as represented, but the pc now won't boot. And system restore says there are no restore points to go back to (why??). When rebooting pc goes into a type of repair mode the name if which i cant remember, but says it is unable to correct the problem. I do not have a recovery disc or win 7 disc--got lost in the move. And of course I have tons of data, music,etc files, so I don't want to restore PC to original out of the box condition. I would highly appreciate any help any of may have to offer. Thanks very much in advance.
 

Answer:How to replace lost system32 files??

16 more replies
Relevance 42.64%

Hello. Before I say anything, I wanna say that I did read the instruction for posting our problems. I am aware of that, but I hope you will find and exception this time only to help me out. I will post hijack log later on.

Here is the problem: I am working at a local radio station. The station isn't well equipped...in fact, it's terrible. The PC's are generally very old and are barely working. Since it's important for me to do my job fast, I am deleting software that uses much CPU power, including...well, antivirus software. Using an audio editor while an antivirus is working in the background is impossible. So that's why I didn't have any protection to begin with. Long story short, while trying out some addons for the radio software I am using, I clicked on an exe file named "dl.exe" like a fool without thinking.

That's the moment everything started to collapse. My internet connection was gone, my PC slowed down and I couldn't bring up Task manager. I knew it was a malware. In such situation, I have an installation of Malwarebytes. After 2 hours of a full system scan, it turns out that the malware has spread far and wide, infecting around 2500+ files. The name: virus.tenga

A reboot was needed to delete them, but my PC froze when he had to restart. Next try. I boot up in safe mode, and do the scan again. This time around, I was successful with deleting most of the infected files, not realizing I have actually deleted some o... Read more

Answer:System files are infected (system32)

If you read the instructions of what to do before posting then you must have read this:
IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS

Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the clean up process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results. Click to expand...

I assume this is what you're asking us to make an exception to. Unfortunately, we can't do with with a network like a radio station. Also, this is a file infector virus and the only real and safe way to clean it is to back up only what is essentially needed and reformat and reload Windows. But you need to address this with your IT Department.

Since there is nothing further that we can do I'm closing this thread.
 

1 more replies
Relevance 42.64%

I am a windows 7 professional 64-bit (Traditional Chinese) user from Hong Kong. (Purchased. NOT a pirate version)The system is greatly afftected by the malfunction of exe files (especially those in system32).Examples: The windows update process can't finish because "C:\e798e2d82133855ff617f2704e55a426\spinstall.exe"I can't even change the time by clicking bottom right corner since rundll32.exe in system32 can't be opened.I've tried this method but in vain as the new a/c created still contains the same problem.My linkI've tried some anti-spyware software too but no use.And I can't solve it by restoring my system since I have mistakenly made a backup along with this problem.Here's the DDS log..DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by Peter_Lai at 12:59:28 on 2012-01-27Microsoft Windows 7 荷颛鶫 6.1.7600.0.950.852.1028.18.3959.2263 [GMT 8:00].AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k Dco... Read more

Answer:Can't run exe files (especially in system32) (possibly due to malware)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

5 more replies
Relevance 42.64%

I have an asus r503u with windows 8 64 bit.  This is the third asus ive had this happen to and would appreciate some help.
 
I turn the laptop off (4 days old) and when i go to turn it back on i am shown a page that says computer needs repaired missing system32 files. After trying to find the system restore hotkey and booting in safemode i am brough to a black screen with white letters that say the following.
 
Reboot and select proper boot device
or insert boot media in selected boot device and press a key
 
Intel UNDI, PXE-2.0 (build 083)
Copyright © 1997-2000 Intel corporation
 
For atheros pcie ethernet controller v2.1.1.1(12/23/11)
 
check cable connection!
PXE-M0F: Exiting PXE ROM
 
These messages keep alternating and repeating when i press a key
 
So i decide to just stick my windows disk in and reinstall, but there is no recognized hard drive to install it to
Bios does not recognize it either
 
what could this be and how do i fix it?
I realize that the seemingly most likely problem is a loose HD connection or Dead HD but i can assure you this isnt the case as the other two laptops ive had this happen to were fixed by a professional (not an option this time around)
 
Any help, ideas, or solutions would be greatly appreciated!'
 
If this too vague or lacking information you might find helpful please feel free to ask me and ill provide it
 
 

 

Answer:Asus help, system32 files deleted

 
I turn the laptop off (4 days old)

 
If by this you mean that you bought this computer 4 - 5 days ago you surely have warranty rights ?  I wouldn't even think about looking at it, I would dump it back on the supplier and say - politely - 'It doesn't work, fix it please, or I will have my money back.'
 
Chris Cosgrove

2 more replies
Relevance 42.64%

I did a system restore recenlty and I'm using Comodo Defense+ as HIPS.

I had an old rule (before system restore) for ...\system32\taskmgr.exe and when I tried to open task manager using cntrl+alt+del it requested a new rule for the file .../winsxs/blablabla/taskmgr.exe.

It actually runs the taskmgr.exe from the winsxs folder and not the system32 folder!
And it happens also for others system32 exe files (SystemPropertiesProtection), but still many ...\system32\*.exe files run from the system32 and not the winsxs folder.

How do u explain this? Is it good or bad? Do I have to fix anything?

Thank u!!

Answer:system32\*.exe files now run from winsxs folder!

Hi PiCoPi. . .

Welcome to the Tech Support Forum - Vista!

The "sxs" in the folder \windows\winsxs stands for "side by side". This folder allows programs to use different versions of the same file, usually drivers. Files in winsxs do include executable files such as Task Manager (taskmgr.exe) and System Restore (rstrui.exe).

A reason that Task Manager would be executed from the folder c:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.0.6xxx.16386_none_122b6d31ac48dff3 may be due to corruption of the \windows\system32 file. Check to see that the file sizes and dates are the same. I have posted a screen shot of my Task Manager files for you to review.




You didn't mention the reason for running the System Restore. I suggest that you run the scan and repair utility found within your system. Perform the following:

click on START | type cmd.exe in the Start Search box | right-click on cmd.exe | select Run as Admin

In the screen that comes up type the following:

sfc /scannow (space after sfc) - press ENTER

This program may take 10 or 15 minutes to run. Good Luck to you.


Regards. . .

jcgriff2

4 more replies
Relevance 42.64%

Before you tell me to post a log I just want to make shure that this is not because of Updates? Since I have gotten My brand new wonderfull beautifull pc...LOL... I have updated aprox. 6 times. I am up to sp1 and that is the last update that I got and that was about 5 days ago. I couldnt tell you if the System files were changed before or after that. AVG isnt recognising any viruses but every time i run a scan in the list of Files it shows the following 32.dll files in the list. The result\infection is Change. I am running the free edition of AVG if that matters?


Kernel32.dll
wsock32.dll
user32.dll
shell32.dll
ntoskrnl.exe.... sorry I didnt notice that was a app?

I am running Object Desktop From stardock.com and I asked in the forums if any of there programs were the reason for the change in these files. And yes I KNOW that it is not smart to use customization software...But i am anyways.
-----------------------------
Specs-

System Info:

Dell Inspiron 530s

OS: Windows vista Home Premium

Windows Experience Index: 3.3

Prcessor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80 GHz, 1.80 GHz

Ram: 2.00 GB

System Type: 32 Bit System
---------------------------------------------



Updates:Like i said the last was SP1 and Here are the details.



Windows Vista Service Pack 1 (KB936330)

Installation date: ‎3/‎28/‎2008 6:51 PM

Installation status: Successful

Update type: Important

Windows Vista Service Pack 1 (SP1) is... Read more

Answer:AVG Recognising Change In system32 .dll files!!!!

found this in avg forums seems to be a common issue

http://forum.grisoft.cz/freeforum/re...0118#msg-30118

2 more replies
Relevance 42.64%

Well, I was pointlessly and randomly looking through my system32 folder, and I noticed a file that was hidden (I have it so I view hidden folders, so it kinda stood out from the others), and I noticed the last part of its name was .manifest. I don't think any of the .manifest files I've found have been activated, because my computer is still alive and moveing normally-ish, but here's a list of the 7 manifest files I have found:cdplayer.exe.manifestlogonui.exe.manifestncpa.cpl.manifestnwc.cpl.manifestsapi.cpl.manifestwindowslogon.manifestwuaucpl.cpl.manifestI skimmed this thread here http://www.bleepingcomputer.com/forums/lof....php/t8139.html, but it said something about restarting your computer will make the fix not work, as the files would have changed, so I do not believe it would work good for me. I'm on Windows XP home, 2002 edition, on a Compaq computer (original OS for the computer). And, of course, SP2 updated.

Answer:Xxx.xxx.manifest Files Are In My System32 Folder.

OK, these are valid Windows files. There are 2 ways to confirm this for you.It will have the same icon as .dll fileshttp://msdn.microsoft.com/library/?url=/li...s_reference.aspI hope that clears it up for you.--------------------------------------------------------------------------------Application ManifestsAn application manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an application should bind to at run time. These should be the same assembly versions that were used to test the application. Application manifests may also describe metadata for files that are private to the application.

2 more replies
Relevance 42.64%

Hey i have been playing games over the internet and i keep getting viruses. I have been able to get rid of them thanks to my anti virus program avast. Avast has a place where you can store viruses so they wont attach to any other files and you can delete them from there. The files that are in there are from system32 dllfiles and i dont know if deleting them will make my computer crash or run wierd. Please help me figure this out.

I have Window XP home edition
AMD athlon XP 2400+ 2.00GHz
 

Answer:getting viruses off system32 files without restoreing

Wow what kind of games you playing that infect you? Are you behind a router?

The infected files in quarantine..if they're system files...I'd want to be careful about deleting them if they cannot be cleaned. A lot of spyware/trojans will put files in the system32 folder...it does not mean those files are necessarily legitimate system files...so they're most likely junk...but if you don't know if they were once real files or not that got infected...better to check them before deleting them.
 

5 more replies
Relevance 42.64%

Here is what AVG detected:
File Name: c:\Windows\System32\Services.exe
Threat Name: Trojan horse Dropper.Generic_c.MMI

This particular file is "White listed" and is critical to system use. I already have and have used HijackThis, Super AntiSpyware, and MalwareBytes, in addition to AVG. I posted this earlier, but the tech that was helping me told me I needed a "Gold" level tech or above to assist me with it.

Can anyone help me get rid of this thing?

Thank you.
 

Answer:trojan lodged in my system32 files, need help

I knew I shouldn't post on the weekend, is there anyone there who can help me with this?
 

2 more replies
Relevance 42.64%

OK AM IN MY C DRIVE WINDOWS\SYSTEM32\WBEB\AUTORECOVER FOLDER THE FILES IN THIS FOLDER ARE ALL BLUE I ASSUME IT MEANS THEY ARE CURRUPT CAN I DELETE THESE FILES

Answer:Can i delete the files in my c drive system32

noUnless you want alot of problems. The blue indicates they are system files, particularly the system 32 files have most of the drivers that run your PC. Viruses do infect system 32 files, but I would not go deleting anything yourself. I suggest using malwarebytes to scan for any nasties.

5 more replies
Relevance 42.64%

Hi, today while looking at my C:\Windows\System32 folder I noticed a lot of strange and disturbing files. The files include names like:

pc_hate.dat
pc_gambling.dat
pc_drugs.dat
pc_onlinedating.dat
pc_pornography.dat
pc_onlinepay.dat
pc_onlineshop.dat
pc_webproxy.dat
pc_tabloids.dat
pc_socialnetworks.dat
pcwords.dat
perfc009.dat
perfd009.dat
perfh009.dat
perfi009.dat

I'm wondering if any of these files are potentially harmful to my computer and if so, how to remove them.

I've run spybot-sd resident and malwarebytes and until a few weeks ago, I was running bitdefender but none of them have reported them as dangerous or tried to remove them.

Does anyone know what's going on?
 

More replies
Relevance 42.64%

Ok Ok i know i have like 5 options.... restore deleted files... have a disk (i don't)... um hope that if i show that i have already bought vista home premium and i didn't get a disk with it the company can give me one? so what other options do i have?

Answer:Restoring system32 files without disk?

Welcome
You can, most likely perform restore to factory default. What is the make and model of your computer?

13 more replies
Relevance 42.64%

I am new here, I have posted the same issue on a couple of other forums before and they werent able to help:
Basically there were a bunch of large mysterious files in System32 and SysWOW64 I need to know what they are and how did they get here:
the previous post is here
https://forums.malwarebytes.org/index.php?/topic/170083-mysterious-files-in-system32-and-syswow64
 
They said it was from some Android A.V. but I don't have that.
 

Answer:Mysterious files in System32 and SysWOW64

to Bleeping Computer.They said it was from some Android A.V. but I don't have that.Actually they said the files had references to Android malware and could be related to a database for some anti malware application or something from an Android emulator but were not malicious.Not sure what else we can do for you here. Both David H. Lipman and shadowwar are trusted experts who investigate reports of new malware threats reported at the Malwarebytes forum.What dates are listed for the files? Did you install any software around the same time period?

8 more replies
Relevance 42.64%

DDS (Ver_09-02-01.01) - NTFSx86
Run by kimford at 7:30:10.14 on Wed 02/18/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3071.1491 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\C... Read more

Answer:Malicious Files found in System32

Not sure why you think those are malicious files. They are Windows Vista files.

2 more replies
Relevance 42.64%

Sorry for posting again, I asked this off topic In another thread, so hopefully I explain it better here. I was viewing files in system32 after clicking open file location on an executable in task manager. I right clicked it to go and click properties. While this was happeninghappening, I was installing a new gpu driver. Before I hit properties my screen blackened and I clicked. After a second the display came back and the resolution was at 800x600 (since installing new driver had to remove the old one and reboot).

The context menu was gone. I had thought now since the resolution change I may have deleted it (it could have caused wherever my mouse was to move over it, explaining why the menu was gone.)

Doing some tests, it seems all executables have a little shield by them in the context menu. I remember a bug where deleting a folser with this uac shield would instantly move anything to the bin. I found nothing in the bin.

Sfc scannow shows no violations. Did I probably just click off the context menu when this happened? I believe the file was wbengine.exe, which still seems to exist, and work when running system restore.


Sorry if this sounds very silly, I just want to make sure nothing is corrupt.

Answer:may have deleted files in system32 - or just imagination?

You might want to check this link for more details on the wbengine.exe .....

What is Wbengine.exe? Wbengine.exe Task Manager Process Information
Please support by pressing the Rep Button

9 more replies
Relevance 42.64%

I got a virus/malware/spyware stc. that locked my PC. Every time i started the PC up it was locked at a specific screen. So i started the PC up with command prompt, and typed in explorer. I, with my little knowledge of computers am 99 percent sure that i deleted files from system32. After i did that the computer went to a blue screen and switched off. Now when i boot up my PC it goes straight to Windows error recovery. The two options i have are to launch start up repair or start windows normally. No matter which i pick, it loads for 20-30 seconds and goes straight back to the windows error recovery screen. Any ideas or help is greatly appreciated.

Answer:Cannot boot PC after deleting files from system32

You will need your windows 7 cdhttp://www.pcworld.com/article/2431...Answers are only as good as the information you provide.How to properly post a question: Sorry no tech support via PM's

4 more replies
Relevance 42.64%

Hello,

I'm hoping you can help me get rid of an annoying problem I'm having with my PC.

First off, my machine runs Windows 2000 Professional and is upgraded with Windows update. I'm using Kerio Personal Firewall as a firewall, a bought copy of McAfee VirusScan, and Microsoft AntiSpyware beta. Also running are TCMonitor from TheCleaner and TCActive!

My problem is that .exe files keep getting added to my c:\winnt\system32\ directory, and I can't figure out what is causing it. When these .EXEs try to run either the Firewall reports that one of them is trying to execute the other, or (most of the time) McAfee says that this executable contains a virus (with a generic name like Win32.Worm.Gen or New Malware.h) and scans the whole disk. It then sometimes finds more of these .EXEs in the same location, or in the Local Settings of my user.

I'm not able to pin this problem down to the usage of one application or Web site, nor does my registry look suspicious. Can you help me find out where the problem is?

Below is a log of HijackThis; I've checked its contents using the Article on merijn.org, but I can't find anything wrong.

Logfile of HijackThis v1.99.0
Scan saved at 10:49:08 AM, on 6/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsas... Read more

Answer:Unwanted .exe files in winnt\system32

16 more replies
Relevance 42.64%

Does any one know where the system 32 files are located at on the Windows cd disk?For example where can I find msgian.dll or explorer.exe on the CD disk?Thanks

Answer:Finding system32 files Windows CD

You've got a typo.Most of the files on CD are scrunched so you need to expand them.expand r:\i386\msgina.dl_ c:\temp\msgina.dll=====================================If at first you don't succeed, you're about average.M2

4 more replies
Relevance 42.64%

OKay. So I've ran down the Ad-Aware. I've run the Spybot... Unfortunately... Nothing's working out for me. (Keep in mind I also don't know what I'm doing.) Great. But I KNOW there are just WAAAY too many files under system32 and I know that they're not suppose to be there. So if anyone would be so kind as to take a looksee at the jungle I call my computer logfile? Thank you!




Quote:





Logfile of HijackThis v1.99.1
Scan saved at 8:51:15 PM, on 3/25/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.ex... Read more

Answer:waaaay too many system32 files that look dangerous

Hi and Welcome.
Its a wonder that this poor old thing has the energy even to log on the net,let alone run.

It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------


Scan your pc with Housecall. Its a free online scanner. Be sure to put a check the box beside AutoClean.

Download FixAgent and unzip it. Run FixAgent.exe. It should fix something. If nothing is fixed, skip to the next step for the HijackThis fixes. If something is found, also download Home_Mi... Read more

5 more replies
Relevance 42.64%

I have a problem with my \windows\system32\ directory filling up with .tmp files that causes my system speed to slow to a crawl. I think this is related to "O20 - Winlogon Notify: baccf - C:\WINDOWS\system32\baccf.dll" that I have been unable to remove. When the "date modified" date of this file changes that is when the directory starts filling up with .tmp files.

I originally opened a thread in this forum two years ago http://forums.techguy.org/malware-r...-browser-hijack-superantispyware-problem.html ,the .tmp files were observed to be created when super anti-spyware software was run, my helper was able to solve all of my problems except removing this baccf.dll file, the thread was marked solved because my helper stopped responding.

I opened a second thread http://forums.techguy.org/malware-r...750832-help-remove-winlogon-notify-baccf.html in September 2008, but no helper responded and it was closed automatically after 45 days.

baccf.dll was modified 7/31/2009 9:04 PM and once again my \windows\system32\ directory began to fill up with with .tmp files. I noticed some other posts on this forum and I suspect that they too have the same problem but the infection may use a random name, because each time I've had the problem I've noticed similar posted problems to this forum.

hijackthis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43 PM, on 2009-08-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8... Read more

Answer:\windows\system32\ filling up with .tmp files

16 more replies
Relevance 42.64%

Hi all,

I definitely have something nasty that I believe just showed up as pop ups started coming up frequently (like

clock work when I'm on IE) only recently. It started when Avast said a file (cbxpfgwu.dll) in system32 had

adware. I tried to put it in the chest but got a message a process was using it, so no luck. I had Avast remove

it on a reboot. It was gone then but a new one (xbfwviuc.dll) was now in system32. This was too suspicious so I

opened msconfig and sure enough, a new start up item ("...xbfwviuc.dll", was now there. I unticked it, of

course. I then decided to do a system restore. Well, what do I find out? All my restore points had been wiped

except for one that was 5 minutes after the timestamp of the original adware infected file Avast had found. I

decided to try an internet search on the latest suspicious file and a few others in system32 that just didn't look

right and were around the same timestamp. That lead me to a combofix log link where it listed FLmSBJlm.ini and

FLmSBJlm.ini2 and mlJBSmLF.dll as being deleted. Since I had all three of those also, I tried to delete them.

The latter gave me the process message while the first two deleted. Was I having some success? Apparently not.

Within seconds these files again showed up in system32 and any self repair efforts on my part ceased as I was

definitely and officially in over my head.

That is the set up to this inquiry. I hope it helps. Following now is t... Read more

Answer:Nasty Adware in system32? Could be several files.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 42.64%

hi,

i recently had a problem with bcmlogon.dll file which i read one of your earlier forums and downloaded the fix which i haven't tried yet.
But also when i troubleshoot a device then click on the link to device manager, mcaffee comes up with a message saying bad scripts are running in hlpctr.exe (can't remember the whole file path). also out of curiosity what causes bad scripts with bcmlogon.dll as this is the 2nd time i've had problems with it in the last 8 months,
hope this makes sense,

cheers

sgateson
 

More replies
Relevance 42.23%

Hello.

Unfortunately I have a trojan invading my system32 files as well as my program files. AVG wasn't able to kill it and called it trojan root. I am not sure of the exact name, but I can tell you that it infected my pc when someone attempted to install a windows media player codec from a fake microsoft site.

I have my logs and I will greatly appreciate any help.

Here is my DDS log.


DDS (Ver_09-10-26.01) - NTFSx86
Run by nate at 20:49:37.71 on Mon 11/16/2009
Internet Explorer: 8.0.7100.0 BrowserJavaVersion: 1.6.0_14
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.1791.940 [GMT 9:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\cryptainersrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system3... Read more

Answer:Trojan/worm invading my system32 files

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

2 more replies
Relevance 42.23%

All of these are related.
Primary root cause of the errors is the registry is corrupt which is located at
\windows\system32\config​and the registry is in MULTIPLE files

DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM


The following topic are all related to registry errors:

System32\config file corrupt
http://www.techspot.com/vb/topic21417.html

System32\config\System File corrupt
http://www.techspot.com/vb/topic59287.html
http://www.techspot.com/vb/topic53755.html

missing file windows\system32\config\system
http://www.techspot.com/vb/topic74906.html

oops; xp fails to boot
http://www.techspot.com/vb/topic74708.html
my fix to avoid reformatting http://www.techspot.com/vb/showthread.php?p=439868#4

Recover your data before you reformat!
http://www.techspot.com/vb/topic76094.html


Microsoft Solution:
http://www.techspot.com/vb/topic14234.html#4

With a copy of \Windows stored elsewhere (or a backup of just that directory),
all of this could have been avoided
 

More replies
Relevance 42.23%

Replaced the 5 config files, still won't boot up. hangs after 20 boot files loaded right after mup.sys is loaded. computer is old, loaded with everything and Spybot has made changes.
Last change involved a microsoft update, complex virus checker which is now modified or removed by Spybot and I think XP is still looking to boot it and hanging there.
 

Answer:5 xp system32\config files replaced, failed

6 more replies
Relevance 42.23%

Hi,

I have Windows XP 2000 Pro. I had a few problems with my pc last week, especially with files in my system32 folder. I got it all straightened out with the help of some good people here, and I also had to download and install SP2 again.

When I was running an AVG scan a little while ago, it reported that I had 2 shell32 files and it put the word "ok" in the status box for both of them. When I took a look inside system32 folder, I saw that I have 3 of them listed as shell32, shell32(2)(2), and shell32(4). I also have several copies of browseui, mshtmled, shlwapi, urlmon, and wininet. These are files that aren't inside folders. I didn't look inside the folders to see if there were multiple copies. I removed the copies from the Ssstem32 folder and I put them inside a folder on my desktop. I rebooted and everything seems fine . . . no problems booting up, no problems on the net, no problems with my ex hd's, etc. I haven't tried to run every program that I have, but would it be safe to say that these duplicate and triplicate copies aren't needed and I can delete them?

My pc has been booting strangely lately also. I'd get the Windows start-up screen (black background, large letters for Windows with bar underneath it with lines moving inside it) for about 15 seconds, then I have a blank screen for about 10 seconds, then the Windows start-up screen appears again for about 20 seconds. After that, I get the message that... Read more

Answer:Duplicate/Triplicate files in System32 folder

Hullo all,
I also have many duplicate files ... 1.7Gbytes on a harddrive with onlt 17Gb used.
I have thught for a long time about what could safely be deleted and what not but still unsure.
If a company that were to have a true and safe methof for scanning puters I think they'd be very successful.
My machine has slowed down in the last two weeks and I've scanned and found all the attached files.
Does anybody know a safe way to clear up my system?
I've just put all the SP2 upgrades onto my 3 year old XP.
I run Norton Corporate, Spybot, AdAware Pro, Ewido Premium and defrag regularly as well as CrapCleaner.
Hope someone can help both myself and Denise M.
Cheers.
Please Click ....


 

4 more replies
Relevance 42.23%

Well I have some old files, from a grafic card. An Ati driver. Well when I try to delete it, it asked for premission. But when I when in propeties, clicked show and I cannot change the premission. So those files is in the background on the taskbar. I went to safe boot, try to delete them. No luck. So what is the proper way to do this?

Answer:Deleting old files on System32, when I upgrade from win7

It is always better to uninstall the driver files in Device Manager or in Programs & Features, but you say this is an old file so that might not work.

If the files are small or not being called, then it's probably best to leave them where they are.

If you really want to delete the file(s), and I caution you against doing that, then you can try taking ownership of the file.
Properties > Security tab > Advanced button
At the top of the dialog box, press Change for the Owner
Type your login ID in the Select user box
Press [ OK ] until you're back at the first Security dialog window
Than add your login ID to the list and give it full access.

Full tutorial here: Owner of Files and Folders - Change in Windows 10 - Windows 10 Forums
Option Four: To Change Owner of Object in Advanced Security Settings Dialog
Option four is what I described, the tutorial has all of the details.

1 more replies
Relevance 42.23%

Having trouble opening the my computer icon..just says searching...I posted on another tech board and it was found that my system32 files start with C:\MISC\System32 etc instead of windows?
ANybody have any ideas? I am clean from all virus/trojans etc..Followed all examples in your file titled Read Me First Before Asking FOr Support. so I know I am clean..
This happened all of a sudden..I noticed my camera, printer and scanner are no longer recognized by computer stating they are not installed when they show up in device manager no problem.
Anyhoo..I posted a message in the general section a couple days ago with no response...
Any ideas??
Thanks in advance
Chris
 

Answer:c:\windows\system32 files now have title of misc

If you have files located in C:\MISC\System32 theres a chance you have a virus. What makes you sure you do not? Do you have the latest motherboard chipset driverS?
 

6 more replies
Relevance 42.23%

On friday I was installing a wireless network in my office. I installed driver, and installed the little pci slot receiver thing and then in setup the pc froze up and crashed, and says windows/system32/config file is missing or corrupted.

The problem is that Im not sure what XP is on the system, oem or retail and I have no setup discs.

I was thinking of this and a few others say it may work but i'd like your opinion. I remove the HD from the work PC and take it home. I then install the work HD in my Home PC as a Slave. Then I copy the system 32/config file from my home pc and then paste it into the work HD, overwriting whats listed as corrupt.

You guys think that will work? I have lots of important stuff on the HD i cant really afford to lose
 

Answer:System32/config files corrupted, will this work?

16 more replies
Relevance 42.23%

So i currently have no way of accessing my computer so i tried to use lazesoft file manager in order to access system32 files but after i tried to do the trick of remaining utilman.exe and sethc.exe through the third party app called lazesoft
Those two system files seem to be missing, and i currently do not have access to the admin permissions nor password
So any way to restore system32 to default or uncorrupt the files , or possibly download
 

More replies
Relevance 42.23%

Hi,

I've got the nasty FBI Virus and the situation is:

- Can't access the internet;
- Can't boot Windows in Safe mode. It goes immediately to shutdown after booting;
- I could go to command prompt under "System Recovery Options" and can run 64 bit programs. Could not run OTL.exe.
- It looks like many files in the system32 folder are gone.

Can you give me any advice? I've run FRST64 and the log generated is below:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-05-2013
Ran by SYSTEM on 14-05-2013 11:05:57
Running from F:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: RecoveryAttention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ==================

Attention: Software hive is missing.

ATTENTION: Software hive is not loaded.

BootExecute:

==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders =======
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS ... Read more

Answer:FBI Moneypack - Missing files in System32 folder!

Hi and welcome to the MalwareTips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to nece... Read more

3 more replies
Relevance 42.23%

Oops I just put the log file on there twice. LOL sorry. Here is the real startuplist StartupList report, 7/2/2007, 2:21:23 AMStartupList version: 1.52.2Started from : C:\HijackThis\HijackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v7.00 (7.00.6000.16473)* Using default options* Including empty and uninteresting sections* Showing rarely important sections==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\CTXFIHLP.EXEC:\WINDOWS\CTHELPER.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\netdde.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\clipsrv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32�... Read more

Answer:Mysterious Files In C:\windows\system32 Folder

Did I do something wrong?
Cuz my thing isn't getting much replies.
Only the 2 by me. lol
Please I really need help with the HiJackThing at least please

6 more replies
Relevance 42.23%

I did a *.TMP search and there was a lot of temp files in my system32 folder. Over 1,000 of them. How do I know if they are safe to delete? I did do a repair install not to long ago. It's windows xp sp2.
 

Answer:Lot of temp files in my system32 folder (WindowsXP)

13 more replies
Relevance 42.23%

I recently bought a 64 bit Vista computer, and backed up some things from my 32 bit. I was careful not to backup any Windows XP or registry files. All the programs I installed on the new computer were fresh.

When I run HijackThis, my log, looks like all under 023 and system32 show files missing, and I cannot remove them. I've manually gone into Windows where any of these files are located and tried to delete, rename, make changes, and nothing. It won't allow me to delete them. I can't get rid of them. There's got to be a way I'm sure, I just can't figure it out.

I also have a folder on my desktop with a subfolder called Programs and under that are two Diskeeper folders that I also cannot delete, rename, run, anything. It's frustrating.

Here's my log. I run it as Adminstrator. I'd appreciate any help you can offer. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:28 PM, on 9/13/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\7onlineAlerts\7onlineAlerts.exe
C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\PROGRA~2\Webshots\Webshots.scr
C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Progr... Read more

More replies
Relevance 42.23%

My teenager says he unintentionally hit the wrong button on a pop-up, and now his IE keeps redirecting to sites he doesn't want to visit. Zonealarm says it has cleaned up a trojan, but after reboot, it finds the trojan again. The DDS log is below, and the attache.txt is attached. Thanks for any help!

Chuck
DDS (Ver_09-02-01.01) - NTFSx86
Run by Cajhne at 21:56:43.08 on Thu 02/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.527 [GMT -7:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
AV: avast! antivirus 4.8.1296 [VPS 090131-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOW... Read more

Answer:IE hijacked, strange new files in WINDOWS\system32

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

28 more replies
Relevance 42.23%

Monday around 12PM or so, I woke up and saw my computer had some spyware. There was a small popup saying my computer was infected and the background was changed to say I did. I ran Spybot and MalwareBytes and deleted everything I could, then rebooted my computer with Spybot running upon rebooting to delete anything that was left. Day after my background changed again while I was playing a game, so I ran Spybot and MB again, and the background hasn't changed since, probably cause I used HJT afterwards. Since then though, whenever I happen to play one particular game, I get a random Application error message for wmiprvse.exe, and yesterday got it for iTunes.exe when playing with music. So far, wmiprvse,exe only has this error when the game is running, and I've been playing it for over a year without these errors. While looking around through Search on My Computer, then got an Application Error on AlbumDB2 or something like that. So far, I've run Spybot, MalwareBytes, HiJackThis, and Symantec AntiVirus but have no found anything to stop this. Any help is appreciated.

Answer:System32 files obtain errors at certain times.

There is no W and the end of wmiprvse(w).exe is there? That would indicate the sasser wormUpdate mbam and run a FULL scanPlease post the resultsThen run ATF and SASATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS,may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the ... Read more

8 more replies
Relevance 42.23%

i've been trying to kill this virus for a few days with combofix and HJT logs with no success... :(

symptoms:
1. C:\Windows\Update.dll
basically adds a bunch of .cn (Chinese) entries to "HOSTS" file
appears as rundll32.exe in task manager

2. random .dll's in C:\Windows\system32
such as "950D1600.dll"

3. System.exe file in system32
in properties
description: HB Inject Application Version 1.2.1.1007
copyright: Copyright ? 2008, HB Software
original file name: HBInject.exe
4. C:\Program Files\Messenger\msgmr.dll
appears as rundll32.exe in task manager

5. changing of startup entries in msconfig, specifically to include the System.exe, msgmr.dll, and Update.dll

6. C:\Documents and Settings\(user name)\Local Settings\temp\wmsetup.dll
perflib_perfdata(random three #/letter sequence).dat is also in that folder

7. none of these files can be deleted unless in safe mode or during restart

for a few days, I simply killed the rundll32.exe processes and manually changed the HOSTS file

then i deleted the msgmr.dll and update.dll files, but they reappeared

two days ago, I checked my HJT log, and found a bunch of weird registry things, so I opened regedit and deleted every one of them
one of them had to do w/ "thunderadvise.dll", which i promptly deleted

the HJT log was clean, but only temporarily

I ran combofix several times and it deleted everythi... Read more

Answer:random .dll files in system32; host file changes

Hi, welcome to tsf!

You have a lot of nasty infections there..

delete your copy of combofix.

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

18 more replies
Relevance 42.23%

I get those files regenerating on startup and according to the internets, they're bad files. AVG once in a while identifies a trojan and fixes it. Somehow, this all started last night. I hadn't downloaded anything new nor gone to any new sites. Here's the log, thanks for your help.

Deckard's System Scanner v20070905.67
Run by Alex on 2007-09-15 12:30:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2007-09-15 16:31:08 UTC - RP604 - Deckard's System Scanner Restore Point
6: 2007-09-15 06:11:05 UTC - RP603 - Installed Prevx 2.0 Agent
5: 2007-09-15 05:03:52 UTC - RP602 - Installed AVG 7.5
4: 2007-09-15 05:02:23 UTC - RP601 - Last known good configuration
3: 2007-09-15 04:59:57 UTC - RP600 - System Checkpoint


-- First Restore Point --
1: 2007-09-15 04:59:51 UTC - RP598 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
System Drive C: has 0.9 GiB (less than 15%) free.


-- HijackThis (run as Alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:43 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mo... Read more

Answer:Regenerating files in System32 (nvmode.001, status.mpf)

Hi and welcome,

I'm looking over your logs & will return shortly.

2 more replies
Relevance 41.82%

I have a good sony vaio from 2010 with a win7 home premium, 4 Gb Ram, 500Gb HDD, 50 Gb available currently. I know various System32 files are missing from information from a HijackThis Scan yesturday, eg lsass.exe. Explorer.exe does not handle folders well-double clicking should open any folder but instead it defaults to trying to open it with the first available software in the context menue, which happens to be VLC Media player. This is a known problem, to do with registry damage and/or windows explorer, not to do with VLC. I have been dilagent with updating drivers, and am currently using Slimdrivers to identify further improvements to my driver lineup. I will add a scan results from tweaking com windows repair after this post. Avast interenet security and Malwarebytes are up to date and scan have found nothing lately. MBAB had to be uninstalled and reinstalled today due to some sudden loss of the signatures update file(I think), but is running well again now.

I wish to go through a range of tests and find out about some procedure to restore these corrupt system files. I am an advanced home user but have run out of idea with this problem and need help.
Thanks in advance for advice.

Answer:system32 files missing and explorer.exe not handling folders

I know various System32 files are missing from information from a HijackThis Scan yesturday, eg lsass.exe.This is drawback of hijack this on 64 bit systems.Do not fix anything.The files are actually present on your system.You cannot boot your PC if you're missing system critical filesExplorer.exe does not handle folders well-double clicking should open any folder but instead it defaults to trying to open it with the first available software in the context menue, which happens to be VLC Media player.Folder fixLaunch it,click YESNow try to open your folders

16 more replies
Relevance 41.82%

I am using Windows XP on a laptop... While using internet explorer 7 if i open a pop up window and then close the window it is crashing IE and asking if i want to send an error report. Also when I have multiple IE windows open and close one of them down it is also crashing IE. I have run both AVG anti virus and SuperAntispyware programs and nothing has shown up that it is infected. On the AVG anti virus i have recieved this error message on the scan...C:\WINDOWS\System32\drivers\etc\hosts. I have followed that path way and discovered that there is nothing listed there. I have copied the host files from another computer and have placed them in the correct folder and have run AVG anti virus again and it is now running normal. i have downloaded highjack this and have run the scan and the results are below. I have ran both scans in safe mode and nothing has shown up

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:35 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PR... Read more

More replies
Relevance 41.82%

Has anyone seen an issue where IE will say in the address bar it is loading a URL such as yahoo.com but in the progess monitor section at bottom it shows it is trying to load something like C:\WINDOWS\System32\xxxxxxx and then when it times out you get both a 404 Error and 500 error message?

If you have how did you get rid of it? I have already run Spybot S&D 1.5 on the computer and reinstalled IE 7 on the computer.

Any help would be appreciated.
 

Answer:Internet Explorer loading C:\WINDOWS\SYSTEM32 files

In Internet Explorer (this occours in ALL versions by the way), the loading of the homepage can lag considerably if you open IE before connecting to any service. If you open up another page before the homepage loads, you'll more than likely get a "HTTP 500 Internal Server Error".

Due to the way Internet Explorer deals with pages, the error would be stored in a Cache when it happens. By default, Internet Explorer uses the Cached version of any page if available to speed up page loads. This causes IE to use outdated versions of websites at times and can be easily corrected by clicking the nice "Refresh" button.

However, if you got a "HTTP Error 500", because IE cached the page, you will keep getting this error whenever you visit the page, EVEN IF YOU REFRESH! This error is only corrected if you type in the URL of another page of the website, for example if you get this error when visiting blah.com you can correct it by typing blah.com/somepage and then work your way back to the glitched page.
 

1 more replies
Relevance 41.82%

Hey Guys,

I have been having too many virus issues these days.
I was able to remove the Trojan.vundo virus from my PC but it seems to be coming back again.

Also, there is another big issue!

for some reason i see that there are a lot of TMP files getting created in the system32 folder.

example of the file names are as follows
1. d371a50ae276b3279a42a7b683a260ce.TMP
2. b430ba5c7b05730ac8b0d106a404c258.TMP
3. 009f4dcdd2a980b5acc2d69b2ff02c0b.TMP
can someone please help me stop.
its making my hard drive full and i cannot work like this!!

Peace!
Milind
 

More replies
Relevance 41.82%

I am a student in college and I left my vista disk in my storage. So I'm on summer break without it (big mistake). and so i was attacked by a virus and now i cannot update and all these pop-ups keep coming. i finally defeated the viruses but it took stuff with it. "system restore" didnt help because something is missing, cant update something is missing, etc.

please help how can i reload my system without a disk... is that even possible? please please help me!!!!

My System:
Vista Home Premium 32bit
AVG Anti-Virus Free

Answer:Missing A Bunch of System32 Files (Virus Attack)

Try running System Files - SFC Command, and maybe try running a full scan with one or some of these to see if there still maybe some infection left.

Malwarebytes.org
The home of Spybot-S&D!
SUPERAntiSpyware.com - Downloads
microsoft.com/downloads

3 more replies
Relevance 41.82%

Hello!
Here I am again with my issues...
So, I have Windows 8.1 installed, with latest updates. And I had to write into system32. I tried to take ownership with the regfile trick. No success. I got so angry, that I booted up ubuntu, and copied from there.
(it was a joypad driver correction, because it loaded the 32bit one and it crashed...)

Now I want to try out XBOX360 controller emulator on asphalt 8. Aaand I have no permission to write in the folder. (also, no ownership to execute apps from that folder)
I took ownership. I have administrator privileges. I have tried administrator built in account. I have added my normal UAC enabled user to the group with full privileges. I have even tried an elevated command promt. Nothing helped. What's going on?

Disabling Nod32v7 didn't help...

Answer:no permission system32 sysWOW64, Program Files\WindowsApps

Have you simply tried changing security permissions for a folder via Properities => Security tab?
Taking ownership usually works but as you know Windows like to defends its privileges...

2 more replies
Relevance 41.82%

I have moved them to the chest(quarantine)and im now wondering where to go from here.

The specific infected files are:
C:/WINDOWS/system32/hggwunld.dll
C:/WINDOWS/system32/ipv6sp.dll

Will the files be fine indefinatley if left alone or will it impede the performance of my OS(Windows XP Version 2002 Sp3)

Please help if possible.
 

Answer:I have avast! antivirus and two viruses infecting system32 files...

Hiya

Are you still having this problem? If so, can you do the following:

Please download Malwarebytes' Anti-Malware from Here or

Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed

with the disinfection process,if asked to restart the computer,please do so immediatly.
Download and scan with SUPERAntiSpyware Free for Home Users
Double-

click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, ... Read more

1 more replies