# Windows folder showing 0 files, 0 bytes space



## Skud (Sep 27, 2009)

I am having a peculiar problem. My Windows folder is not showing any files or folders. Folder Properties showing 0 bytes of space occupied by 0 files, 0 folders. Even various disk space explorer software showing the same thing. However, if I type the full path in the address bar or Run menu of any folder within the Windows folder (e.g. C:\Windows\System32 etc.), explorer is showing the content. However, the Windows folder itself is not showing anything by any means. However system is working properly without any problem.

My OS is Windows XP SP3 with all the latest updates.

What's going on???


----------



## liquidsnake (Oct 3, 2009)

may be u installed the os in different folder this happens sometimes
1. if u install the os on a partition that already has windows folder n installs in another foder
2. in automated installation disks sometimes u get option to rename windows to other name
3. may be some virus or some system settings causing the problem


----------



## Skud (Oct 26, 2009)

liquidsnake said:


> may be u installed the os in different folder this happens sometimes
> 1. if u install the os on a partition that already has windows folder n installs in another foder
> 2. in automated installation disks sometimes u get option to rename windows to other name
> 3. may be some virus or some system settings causing the problem



1. Not really. Previously it used to show the files and folders. Navigating through cmd prompt and run menu, even launchy is still possible.
2. no such option.
3. virus i have scanned with several offline and online scanners. no infections found.


----------



## Skud (Oct 26, 2009)

xzone said:


> Yep, thats right.. Plus there may be a possibility of going through such strange things when having less permissions. Are you logged in as Administrator? If yes, try turning off the UAC from the control panel & see if that gives any joy..




yes, I am logged in as an administrator.

UAC in XP SP3!!! how to activate it???


----------



## RaghuKL (Oct 26, 2009)

post a hijack this log. definitely some infection is present which is not being detected. 
ps : there is no uac in xp


----------



## sakumar79 (Oct 26, 2009)

What happens when you run the commands dir, dir /ah on command prompt?

Arun


----------



## Skud (Oct 29, 2009)

RaghuKL said:


> post a hijack this log. definitely some infection is present which is not being detected.
> ps : there is no uac in xp



Here's the HijackThis log:-

*
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:42 PM, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\CD Art Display\CAD.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE
C:\Program Files\StartKiller\StartKiller.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe
C:\Documents and Settings\Sudip\Application Data\UpdateStar\UpdateStar.exe
C:\Program Files\VistaSwitcher\vswitch.exe
C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\ashsnap.exe
F:\Downloads\Programs\drivegleam.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\networx_portable\networx.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ZTE Wireless Terminal\bin\App.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\FeedDemon\FeedDemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRAM FILES\SYSINTERNALSSUITE\PROCEXP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 218.248.75.142:80
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Explorer Breadcrumbs Helper Class - {DB5FC78C-0D12-448B-A0B0-DB0F0E6B67DB} - C:\Program Files\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Explorer Breadcrumbs - {A3EB65EC-D9B4-4DC1-88AF-0C7A21EBE5F9} - C:\Program Files\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [TXP Transbar] C:\Documents and Settings\Sudip\Application Data\TweakXPlorer\TransbarHelper.exe
O4 - HKLM\..\Run: [CD Auto Display] C:\Program Files\CD Art Display\CAD.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe"
O4 - HKCU\..\Run: [Start Killer] C:\Program Files\StartKiller\StartKiller.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [USB Threat Defender] "C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe" /b
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\Sudip\Application Data\UpdateStar\UpdateStar.exe -A
O4 - HKCU\..\Run: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch.exe" /startup
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\ashsnap.exe
O4 - HKCU\..\Run: [DriveGLEAM] "F:\Downloads\Programs\drivegleam.exe" /STARTUP
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: networx.lnk = C:\Program Files\networx_portable\networx.exe
O4 - Global Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: FreshDownload - {C7018976-0A3A-464D-89FE-AF5A82B7D893} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB3243B7-7951-4A3E-BA4C-16D616C67B27}: NameServer = 218.248.240.79 218.248.240.135
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - AppInit_DLLs: secuload.dll,wbsys.dll firewall\wl_hook.dll        C:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate1c9d97747ea813a) (gupdate1c9d97747ea813a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe

--
End of file - 12643 bytes
*


Yeah, I know there's no UAC in XP.


----------



## Skud (Oct 29, 2009)

sakumar79 said:


> What happens when you run the commands dir, dir /ah on command prompt?
> 
> Arun



It's showing "file not found". However, I can CD to other directories within Windows (say, System32) and can get file/folder list running dir.


----------



## Skud (Oct 29, 2009)

Well, here's the log of HijackThis after running ADS Spy:-

C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF  (512 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 18C289EF  (132 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34  (125 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 638E6F6B  (135 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 8CE646EE  (112 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 9FB286BF  (120 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : C97C8631  (108 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : CD5BCD16  (130 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2  (143 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF  (512 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 18C289EF  (132 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34  (125 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 638E6F6B  (135 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 8CE646EE  (112 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 9FB286BF  (120 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : C97C8631  (108 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : CD5BCD16  (130 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2  (143 bytes)
C:\Documents and Settings\Sudip\Favorites\ATi Registration.url : favicon  (766 bytes)
*C:\WINDOWS : 30A967521F4343D7  (24 bytes)
C:\WINDOWS : 30A967521F4343D7  (24 bytes)*
M:\Software\FREE\Security\Panda Anti-Rootkit 1.08.00\PAVARK.exe : License  (20 bytes)


----------



## RaghuKL (Oct 31, 2009)

try restoring the system files using sfc. no infections indicated in the hijack this log.


----------



## Skud (Oct 31, 2009)

RaghuKL said:


> try restoring the system files using sfc. no infections indicated in the hijack this log.



i will try. actually the system's working right. i can even play games in full settings without any problem or crashes. that's peculiar.


----------

