EXE Files/Programs dissapearing

[waterproof]

could i have a virus? cuz i dunno.

When i click on some of the programs, it says it could not be found, where else i was just using it just DAYS AGO! First photoshop.exe file disappeared then the ultimate troubleshooting.exe program is gone, the winrar.exe is gone...then my sony mp3.exe program to transfer songs is gone....




tried to install avg anti virus but i get a error message saying:

Local machine: installation failed
Installation:
Error: Action failed for file sporder.dll: creating file....
File opening failed.
No such file or directory

 

[Justin]

You have a serious issue with your PC.

A few things come to mind immediately

1- Severe virus/trojan infection
2- Bad registry corruption
3- Failing hardware

Failing hardware doesn't often make files just disappear, so I'm leaning towards 1 or 2. However, in any case, your PC needs serious work. I would suggest backing up all data *immediately* and then having someone take a look at it.

 

[waterproof]

how can i backup?


i was playing with ageofempire2.exe game today and now windows douldnt find it!!

 

[Justin]

Burn your personal files to CD/DVD - then take your PC to a trusted friend or a PC shop and have them give you a diagnosis. Most decent shops will at least diagnose you for free or for a minimal charge.

 

[waterproof]

the exe.file that does the document for burning is gone too wtf is wrong with my computer.

 

[Justin]

I'm gonna go with virus infection right now. Take your PC to a shop and let them know you are pretty sure you have an infection, and insist that you want your personal files saved.

Some shops will do low-handed crap like just obliterate your install and start over without backing up any data - do NOT let them do this.

 

[waterproof]

oh no, is there a way to remove it? would it reformat my computer or is it a small virus. yeah gotta go tomorrow

btw when it comes to backup i wanna backup via my usb stick. i gotta back up my firefox password storage thing.

 

[Cinders]

When you go to backup your stored passwords in Firefox you will need something like this.

http://www.watchingthenet.com/how-to-backup-your-saved-passwords-in-firefox.html

 

[waterproof]

SDFix: Version 1.107

Run by Owner on Fri 05/10/2007 at 03:32 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\retadpu693.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX07.031\\Proxy Switcher Pro 3 7 3646 incl\\Proxy Switcher Pro 3.7.3646 incl crack\\Cracked.exe-TSRH\\proxyswitcher.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX07.031\\Proxy Switcher Pro 3 7 3646 incl\\Proxy Switcher Pro 3.7.3646 incl crack\\Cracked.exe-TSRH\\proxyswitcher.exe:*:Enabledroxy Switcher"
"C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe"="C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe:*:Enabled:SatelliteTVforPC"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"="C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe:*:Enabledroxy Switcher"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\IP Hider\\IP Hider.exe"="C:\\Program Files\\IP Hider\\IP Hider.exe:*:Enabled:IP Hider"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\ActiveX Control Pad\\age2_x1.exe"="C:\\Program Files\\ActiveX Control Pad\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\ActiveX Control Pad\\empires2.exe"="C:\\Program Files\\ActiveX Control Pad\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Program Files\\age of empires 2\\empires2.exe"="C:\\Program Files\\age of empires 2\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019"
"C:\\Program Files\\age of empires 2\\age2_x1.exe"="C:\\Program Files\\age of empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Documents and Settings\\Owner\\My Documents\\music folder 2\\Update_D240_A8P_106-71_a056_v1s.exe"="C:\\Documents and Settings\\Owner\\My Documents\\music folder 2\\Update_D240_A8P_106-71_a056_v1s.exe:*:Enabled:SwissUpdate"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List"="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List:*:enabledshell32.dll,-1"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 25 Jan 2005 196 A.SHR --- "C:\BOOT.BAK"
Tue 25 Sep 2007 48 ..SH. --- "C:\WINDOWS\S4E819C0A.tmp"
Wed 5 Jul 2006 16 ...H. --- "C:\WINDOWS\system32\dzmc7qj.dll"
Tue 15 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0bf48c56e2f3f29bfbf4f4fd00ad98dd\BIT91.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\466f82a4346fa42a35e5505fe8752428\BIT8B.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\BIT87.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\723d12ccbc22f288fb53cd47a25782f9\BIT93.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e6d3b71ce289c954255678645d11495\BIT85.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT80.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c2d37077957388d9858b79ad51eb59b2\BIT8D.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf719f1d7800c04efd4b1796edb2edc3\BIT88.tmp"
Mon 10 Sep 2007 7,939,032 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9d5f5f1045bf2fb02a62b63d583b7d1\BIT84.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6c9dee06442f495611ce67dc17f407e\BIT8C.tmp"
Mon 10 Sep 2007 9,249,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa5e263db3d19c7c32aedc2969cc4743\BIT83.tmp"

Finished!




i download some log that restores etc and found a trojan!! but am i 100% safe?

i want to know is there anything to restore my missing exe. files ?

 

[Jase123]

waterproof please post in our security and the web forum.

Post a fresh HJT log and we will assist you from there.

Regards Jase

 

[howard_hopkinso]

I have moved your thread to our S&W forum.

Your system is probably infected with malware.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[waterproof]

i dont want to make another thread, moving it would be easy

here's my HJT log.

 

[howard_hopkinso]

Please follow the instructions in my post above. Once done, if you decide cleaning is your preferred option, post the 3 requested log files as attachments into this thread.

Regards Howard

 

[waterproof]

sorry for the not attaching.

anyways i attached to it

i dont want to reformat, i have alot of programs installed in my computer, all had to do with photo editing etc but 25% now dont work because of the virus thing

combofix fresh log

 

[howard_hopkinso]

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, Combofix and AVG Antispyware logs. Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[waterproof]

i did as followed but...

It had a pop up error saying

avenger.exe - application error

the application failed to initialized properly (0xc0000005). Click on Ok to terminate the application

 

[howard_hopkinso]

In that case, follow all the instructions HERE exactly and post all the requested logfiles. Also let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[waterproof]

You know my computer has been running slow
& i had to type run > explorer.exe for my computer to show the task bar and start menu, since it wont do it automatically like it did all the time (weird) know what causes this?

and for my computer, my dsl modem, when i turn it off, my computer freezes and i had to reboot it from the back because everything on screen literally freezes, happened before but i dont think its anything to do with virus etc more like technical, wonder how to get rid of that?

the AVG found like over 200 tracking cookies btw. waiting for the report. (how do i get the log file for it? if there's one?)


May i ask is there a way to restore all the exe. files that the virus got rid of or made it disappeared?

 

[howard_hopkinso]

Follow the instructions for using AVG Antispyware. Until you post the requested log files and let me know the results of the AVG Antirootkit scan, I`m struggling to help you.

I`ll be able to advise you further, once I`ve got all the results.

Regards Howard

 

[waterproof]

i attached the log.

i'll edit the post to add the AVG one, it's taking very slow to scan

 

[howard_hopkinso]

Your HJT log is clean.

Regards Howard

This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[waterproof]

wheww hopefully for good.

is there a reason why my computer is lagging when i reboot?
like example the explorer.exe wont automatically start unless i type
it via window task manager > run > type explorer.exe.

& also about the missing exe files, is there possibly any way of bringing back/finding/reinstalling it?

 

[howard_hopkinso]

I need to see the rest of your log files. I.E The AVG Antispyware log and a fresh Combofix log. I also need to know the AVG Antirootkit results. This is the umpteenth time I`ve asked for them.

Once I have those, I`ll be in a better position to advise you.

Regards Howard

This thread is for the use of waterproof only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[waterproof]

Combofix log attached.



i downloaded Antirootkit(sorry for not reading properly lol, i didnt sleep for over a day because of this crap virus, a bit dizzy), (disconnect the net too) rebooted and when i click it it says windows couldn't find it!! did it again over and over and same thing applies.

 

[howard_hopkinso]

Ok, please do the following and see if it helps at all.

Download the attached Zip file and extract it. Double click the resulting .reg file and when asked by Windows if you want to merge it, click yes.

Reboot your computer and let me know if that helps at all.

Regards Howard