1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

system32.com,cmd.exe missing

Discussion in 'Windows XP' started by wannabeadri, Apr 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. wannabeadri

    wannabeadri Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    44
    :confused: I had a worm and I had to delete all the infected files, and now, everytime I open windows, I get the message: "System 32 missing...check the path...bla bla". The thing is that I cant run certain programs, so I was wondering what to do...
    Shall I reinstall my OS(WIN XP), and if so, shall I uninstall the one i have now and reinstall, or just install over what is on my HDD now?
    Thanks for your patience!
     
  2. PC_Wiz

    PC_Wiz

    Joined:
    Nov 19, 2003
    Messages:
    1,245
    Probably you have a shortcut in the startup group items or registry keys pointing to "System 32" file that was remove because part of the virus.

    Run hiJack this and post results:
    http://www.tomcoyote.com/hjt/
     
  3. wannabeadri

    wannabeadri Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    44
    Logfile of HijackThis v1.97.7
    Scan saved at 7:59:27 PM, on 25/04/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.exe
    D:\WINDOWS\System32\cisvc.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite CHIP\avpm.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    D:\Program Files\QuickTime\qttask.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite CHIP\AvpM.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\ICQLite\ICQLite.exe
    D:\WINDOWS\System32\cidaemon.exe
    D:\Program Files\WinAce\WinAce.exe
    D:\download\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.102.130.10:8080
    F0 - system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [CMESys] "D:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpyHunter] D:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Kaspersky Anti-Virus Monitor.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite CHIP\AvpM.exe
    O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Rescan and put a check next to each of these then close all browser windows and click "fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/

    F0 - system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe

    O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

    O4 - HKLM\..\Run: [CMESys] "D:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe

    then reboot into safe mode and delete:
    D:\WINDOWS\System32\System32.exe
    D:\WINDOWS\System32\System32.exe
    D:\Program Files\Common Files\CMEII
    D:\Program Files\Common Files\GMT
     
  5. wannabeadri

    wannabeadri Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    44
    Thanks for your help, I managed to solve the problem with system32 at startup. But I still have this tiny but annoying problem:my windows kinda slows down from time to time, and one of those times is when I hit the quick launch menu(10 secs), and it only contains about 15 items!
    Are there any other things from the log which the system can do without?
     
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Just post a fresh one and ill have a look at it.
     
  7. wannabeadri

    wannabeadri Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    44
    Logfile of HijackThis v1.97.7
    Scan saved at 8:33:17 PM, on 29/04/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\cisvc.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite CHIP\avpm.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\cidaemon.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite CHIP\AvpM.exe
    D:\Program Files\Winamp\winamp.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\download\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.96.2.2:8080
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Kaspersky Anti-Virus Monitor.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite CHIP\AvpM.exe
    O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{6488671C-911F-49F5-8AE3-CBB88E6F9CD5}: NameServer = 194.102.130.1,194.153.252.1
     
  8. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
  9. thegreatone

    thegreatone

    Joined:
    Jan 10, 2003
    Messages:
    210
    The random slow down could be do to System Restore turn it off and see if there is a difference in your PC's performance
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223446

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice