TechSpot

EXE Files/Programs dissapearing

By waterproof
Oct 4, 2007
  1. could i have a virus? cuz i dunno.

    When i click on some of the programs, it says it could not be found, where else i was just using it just DAYS AGO! First photoshop.exe file disappeared then the ultimate troubleshooting.exe program is gone, the winrar.exe is gone...then my sony mp3.exe program to transfer songs is gone....




    tried to install avg anti virus but i get a error message saying:

    Local machine: installation failed
    Installation:
    Error: Action failed for file sporder.dll: creating file....
    File opening failed.
    No such file or directory
     
  2. Justin

    Justin TS Rookie Posts: 942

    You have a serious issue with your PC.

    A few things come to mind immediately

    1- Severe virus/trojan infection
    2- Bad registry corruption
    3- Failing hardware

    Failing hardware doesn't often make files just disappear, so I'm leaning towards 1 or 2. However, in any case, your PC needs serious work. I would suggest backing up all data *immediately* and then having someone take a look at it.
     
  3. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    how can i backup?


    i was playing with ageofempire2.exe game today and now windows douldnt find it!!
     
  4. Justin

    Justin TS Rookie Posts: 942

    Burn your personal files to CD/DVD - then take your PC to a trusted friend or a PC shop and have them give you a diagnosis. Most decent shops will at least diagnose you for free or for a minimal charge.
     
  5. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    the exe.file that does the document for burning is gone too :( wtf is wrong with my computer.
     
  6. Justin

    Justin TS Rookie Posts: 942

    I'm gonna go with virus infection right now. Take your PC to a shop and let them know you are pretty sure you have an infection, and insist that you want your personal files saved.

    Some shops will do low-handed crap like just obliterate your install and start over without backing up any data - do NOT let them do this.
     
  7. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    oh no, is there a way to remove it? would it reformat my computer or is it a small virus. yeah gotta go tomorrow :(

    btw when it comes to backup i wanna backup via my usb stick. i gotta back up my firefox password storage thing. :(
     
  8. Cinders

    Cinders TechSpot Chancellor Posts: 872   +12

  9. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    SDFix: Version 1.107

    Run by Owner on Fri 05/10/2007 at 03:32 AM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\DOCUME~1\Owner\Desktop\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\retadpu693.exe - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX07.031\\Proxy Switcher Pro 3 7 3646 incl\\Proxy Switcher Pro 3.7.3646 incl crack\\Cracked.exe-TSRH\\proxyswitcher.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX07.031\\Proxy Switcher Pro 3 7 3646 incl\\Proxy Switcher Pro 3.7.3646 incl crack\\Cracked.exe-TSRH\\proxyswitcher.exe:*:Enabled:proxy Switcher"
    "C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe"="C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe:*:Enabled:SatelliteTVforPC"
    "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"="C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe:*:Enabled:proxy Switcher"
    "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
    "C:\\Program Files\\IP Hider\\IP Hider.exe"="C:\\Program Files\\IP Hider\\IP Hider.exe:*:Enabled:IP Hider"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\ActiveX Control Pad\\age2_x1.exe"="C:\\Program Files\\ActiveX Control Pad\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\\Program Files\\ActiveX Control Pad\\empires2.exe"="C:\\Program Files\\ActiveX Control Pad\\empires2.exe:*:Enabled:Age of Empires II"
    "C:\\Program Files\\age of empires 2\\empires2.exe"="C:\\Program Files\\age of empires 2\\empires2.exe:*:Enabled:Age of Empires II"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\age of empires 2\\age2_x1.exe"="C:\\Program Files\\age of empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Documents and Settings\\Owner\\My Documents\\music folder 2\\Update_D240_A8P_106-71_a056_v1s.exe"="C:\\Documents and Settings\\Owner\\My Documents\\music folder 2\\Update_D240_A8P_106-71_a056_v1s.exe:*:Enabled:SwissUpdate"
    "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
    "SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List"="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List:*:enabled:mad:shell32.dll,-1"
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Tue 25 Jan 2005 196 A.SHR --- "C:\BOOT.BAK"
    Tue 25 Sep 2007 48 ..SH. --- "C:\WINDOWS\S4E819C0A.tmp"
    Wed 5 Jul 2006 16 ...H. --- "C:\WINDOWS\system32\dzmc7qj.dll"
    Tue 15 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 27 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0bf48c56e2f3f29bfbf4f4fd00ad98dd\BIT91.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\466f82a4346fa42a35e5505fe8752428\BIT8B.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\BIT87.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\723d12ccbc22f288fb53cd47a25782f9\BIT93.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e6d3b71ce289c954255678645d11495\BIT85.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT80.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c2d37077957388d9858b79ad51eb59b2\BIT8D.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf719f1d7800c04efd4b1796edb2edc3\BIT88.tmp"
    Mon 10 Sep 2007 7,939,032 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9d5f5f1045bf2fb02a62b63d583b7d1\BIT84.tmp"
    Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6c9dee06442f495611ce67dc17f407e\BIT8C.tmp"
    Mon 10 Sep 2007 9,249,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa5e263db3d19c7c32aedc2969cc4743\BIT83.tmp"

    Finished!




    i download some log that restores etc and found a trojan!! but am i 100% safe?

    i want to know is there anything to restore my missing exe. files :( ?
     
  10. Jase123

    Jase123 Banned Posts: 1,012

    waterproof please post in our security and the web forum.

    Post a fresh HJT log and we will assist you from there.

    Regards Jase :)
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have moved your thread to our S&W forum.

    Your system is probably infected with malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    i dont want to make another thread, moving it would be easy :)

    here's my HJT log.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please follow the instructions in my post above. Once done, if you decide cleaning is your preferred option, post the 3 requested log files as attachments into this thread.

    Regards Howard :)
     
  14. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    sorry for the not attaching.

    anyways i attached to it

    i dont want to reformat, i have alot of programs installed in my computer, all had to do with photo editing etc but 25% now dont work because of the virus thing

    combofix fresh log
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, Combofix and AVG Antispyware logs. Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    i did as followed but...

    It had a pop up error saying

    avenger.exe - application error

    the application failed to initialized properly (0xc0000005). Click on Ok to terminate the application
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, follow all the instructions HERE exactly and post all the requested logfiles. Also let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    You know my computer has been running slow
    & i had to type run > explorer.exe for my computer to show the task bar and start menu, since it wont do it automatically like it did all the time (weird) know what causes this?

    and for my computer, my dsl modem, when i turn it off, my computer freezes and i had to reboot it from the back because everything on screen literally freezes, happened before but i dont think its anything to do with virus etc more like technical, wonder how to get rid of that?

    the AVG found like over 200 tracking cookies btw. waiting for the report. (how do i get the log file for it? if there's one?)


    May i ask is there a way to restore all the exe. files that the virus got rid of or made it disappeared?
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Follow the instructions for using AVG Antispyware. Until you post the requested log files and let me know the results of the AVG Antirootkit scan, I`m struggling to help you.

    I`ll be able to advise you further, once I`ve got all the results.

    Regards Howard :)
     
  20. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    i attached the log.

    i'll edit the post to add the AVG one, it's taking very slow to scan
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Regards Howard :)

    This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    wheww hopefully for good.

    is there a reason why my computer is lagging when i reboot?
    like example the explorer.exe wont automatically start unless i type
    it via window task manager > run > type explorer.exe.

    & also about the missing exe files, is there possibly any way of bringing back/finding/reinstalling it?
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I need to see the rest of your log files. I.E The AVG Antispyware log and a fresh Combofix log. I also need to know the AVG Antirootkit results. This is the umpteenth time I`ve asked for them.

    Once I have those, I`ll be in a better position to advise you.

    Regards Howard :)

    This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. waterproof

    waterproof TS Booster Topic Starter Posts: 207

    Combofix log attached.



    i downloaded Antirootkit(sorry for not reading properly lol, i didnt sleep for over a day because of this crap virus, a bit dizzy), (disconnect the net too) rebooted and when i click it it says windows couldn't find it!! did it again over and over and same thing applies.
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, please do the following and see if it helps at all.

    Download the attached Zip file and extract it. Double click the resulting .reg file and when asked by Windows if you want to merge it, click yes.

    Reboot your computer and let me know if that helps at all.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...