W7 x64 several system files missing

Discussion in 'Software' started by Coltan, May 6, 2010.

  1. Coltan

    Coltan Private E-2

    Hello thar!

    Since i installed windows 7 about 4 months ago I have had no problems at all,
    However since 2 days ago I've started getting several blue screens, so i gave CCleaner and did the HJT fix.
    Now the BSOD seems to have stopped, however I can no longer play Warcraft 3:Frozen Throne without getting fatal errors every time, sometimes it takes 20 minutes, sometimes i get them whilst still in the menu.
    I have reinstalled the game 2 times, once with the cd's and once with the blizzard installer and that didn't fix anything at all.

    So i did the HJT scan again and found that there's several missing files from the system32 folder, this surely cannot be a good thing :p and im assuming this is what's causing the fatal errors and also caused the blue screens.

    I've been looking around interwebs for any way to replace or repair these files, but I haven't had any success so far.

    I would be very greatful for any help on this matter, mainly because i would like to avoid doing a clean install.

    Below follows the Hijack file as well as my system/hardware information:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:03:44, on 2010-05-06
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 3984 bytes

    As you can see, i dont really have that many programs running, when i play i have another 2 or 3 programs running but that's about it.
    My video card is up to date.



    ------------------
    System Information
    ------------------
    Code:
    Time of this report: 5/7/2010, 00:18:18
Machine name: MICHAEL-PC
Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7600) (7600.win7_gdr.100226-1909)
Language: Swedish (Regional Setting: Swedish)
System Manufacturer: Gigabyte Technology Co., Ltd.
System Model: P35-DS3L
BIOS: Award Modular BIOS v6.00PG
Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz (4 CPUs), ~2.4GHz
Memory: 4096MB RAM
Available OS Memory: 4094MB RAM
Page File: 1462MB used, 10819MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: Using System DPI
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7600.16385 64bit Unicode

    Sorry if this is posted in the wrong part of the forum, wasn't sure wich one i should post it in.


    Cheers
     
    Coltan, May 6, 2010
    #1
  2. brandypeppy

    brandypeppy MajorGeek

    I don't see any anti virus in your HJ log.

    And some of your 023 services look suspicious.

    And, you are having erratic performance issues.

    I'd recommend you start here;
    Read and Run Me First

    Run the steps, start a thread there if you find anything or run into any blocks on the procedures.

    Then see;
    How to protect yourself from malware
    :wave:wave
     
    brandypeppy, May 6, 2010
    #2
  3. Coltan

    Coltan Private E-2

    Sorry i forgot to mention that I've already done the Malware removal guide,
    I had spybot and ad-aware installed, but neither of the found anything, neither did malwarebyte's anti-malware.
     
    Coltan, May 7, 2010
    #3
  4. collinsl

    collinsl MajorGeek

    What regular anti-virus program do you have installed? I.E. Avast, Avira, McAfee etc?

    What was the result of the last scan with this program?
     
    collinsl, May 7, 2010
    #4
  5. Coltan

    Coltan Private E-2

    That would be ad-aware, last scan was yesterday, it found nothing
     
    Coltan, May 7, 2010
    #5
  6. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    You dont need to replace those files as HijackThis does not as yet really list Windows 7 files correctly. Although I would run the guide in Malware as listed to be 100% sure and "attach" your logs in a new thread in the malware forum, as HJT was not run to the steps in the READ & RUN ME FIRST. Malware Removal Guide as it would have generated a MGLogs file with a name change to the HijackThis executable, reason is many malware know that executable file name, so hide themselves from its scan, this malware can be missed, sadly Hijackthis is not the superb tool many think it is, its good but does not find all malware, hence the full read me guide mentioned.

    Adaware is not an antivirus, so its scan is not great for many malware types, TBH Ad-aware is not that good these days IMHO.

    But you could run from an elevated command prompt (right click CMD and choose Run as Administrator) and type sfc /scannow as this will repair any system files broken.

    Also try closing any un-needed 3rd party applications from running in the background, uTorrent, Foobar, Skype, Warkeys etc and try the game again, if you still get a crash, look in Event Viewer in Application and System for any errors at the exact time (give or take 5mins) of the crash and please mention the error code and faulting file.
     
    DavidGP, May 7, 2010
    #6
  7. collinsl

    collinsl MajorGeek

    You need to install and run an anti-virus as soon as possible. Not having and using an antivirus product is very risky.

    I would recommend Avira. It is free and I have had very good results with it.

    http://www.free-av.com

    Other people on here may recommend Avast, ClamWin, AVG, etc. These are also good products.
     
    collinsl, May 7, 2010
    #7
  8. Coltan

    Coltan Private E-2

    well, this is what happend when i tried to install avira -.-


    Code:
    ==================================================
Dump File         : 050710-25537-01.dmp
Crash Time        : 2010-05-07 15:34:55
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00003800`02987900
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`0288e7f9
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70600
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor         : x64
Computer Name     : 
Full Path         : C:\Windows\Minidump\050710-25537-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7600
==================================================
    I used the sfc /scannow as well, I've attached the log.
     

    Attached Files:

    Coltan, May 7, 2010
    #8
  9. collinsl

    collinsl MajorGeek

    Have you tried this more than once?

    If so I would suspect a memory error and I suggest you burn memtest86+ to a CD and run it overnight.
     
    collinsl, May 7, 2010
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds