Hi there!
Yesterday I was on my computer looking at a friend's picture on Facebook, when I started getting a bunch of hard drive errors (Hard drive failure, and some others I believe). A program called Windows Repair popped up on my screen after it downloaded itself to my desktop (see pic). My computer ran the same after these messages kept popping up but when I went to click on my C Drive icon, it was completely empty. I had a external hard drive attached to my computer as well and it was empty too (Seagate 1.5TB). I noticed all of my shortcuts on my desktop looked subdued and I couldn't click on any of them. They even began to disappear! Also, when I would go to Start and All Programs, nothing was there. I ran some full malware scans and the Windows Repair program was gone for good. The malware was gone, but my hard drive problem was still there. I tried the 'stickied' thread's solution but nothing happened when I went to restart the computer. I did everything it said but it didn't work. Also, a Files Needed window keeps popping up saying I need SynTPCo2.dll (see attached pic).
It's hard to explain but I'll give it a shot. The files still exist but do not show up. If I can find a way to get to the programs they still work as if they're still stored on my computer there's just no way to get to them (sounds dumb, I know). For example, if I have a website shortcut saved on my desktop I can still use Firefox by clicking on that shortcut, but no Firefox.exe can't be found on my computer anywhere. Also, I know the files still exist because when I was going to Save As something, I could still see all of my folders in the window when I was looking for a place to save. No matter what I do it still says that the drive is connected correctly and that it 74 out of 80 GB full.
The whole thing is really frustrating me. I've spent hours researching the problem and I can't seem to find a solution. I know this may sound difficult to understand because I probably didn't explain it very well, but I hope maybe someone understands what I am saying and can help me out.
I'm not sure all that is needed to know, but I have a Compaq R4000 with Windows XP, bought in 2005. I was using Firefox when this happened.
Thank you so much for your time and interest. I hope I have given enough info for there to be some sort of help. I'm not the smartest when it comes to this sort of thing
so please bear with me. Thanks again!!!
-Bryan
Below are the logs from the malware scans:
First one:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 6198
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
3/28/2011 1:26:21 PM
mbam-log-2011-03-28 (13-26-21).txt
Scan type: Full scan (C:\|D:\|E:\|Z:\|)
Objects scanned: 291915
Time elapsed: 48 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JmpyxPEOWqPO (Trojan.Downloader) -> Value: JmpyxPEOWqPO -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\jmpyxpeowqpo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18407220.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\bryan saam\local settings\application data\vgo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\bryan saam\local settings\temporary internet files\Content.IE5\Z6U9DXPN\kvhnhlitklyphofpkog[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0117257.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
Second one:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 6198
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/28/2011 3:14:45 PM
mbam-log-2011-03-28 (15-14-45).txt
Scan type: Full scan (C:\|D:\|E:\|Z:\|)
Objects scanned: 293874
Time elapsed: 1 hour(s), 40 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0118296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0118297.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0118298.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Yesterday I was on my computer looking at a friend's picture on Facebook, when I started getting a bunch of hard drive errors (Hard drive failure, and some others I believe). A program called Windows Repair popped up on my screen after it downloaded itself to my desktop (see pic). My computer ran the same after these messages kept popping up but when I went to click on my C Drive icon, it was completely empty. I had a external hard drive attached to my computer as well and it was empty too (Seagate 1.5TB). I noticed all of my shortcuts on my desktop looked subdued and I couldn't click on any of them. They even began to disappear! Also, when I would go to Start and All Programs, nothing was there. I ran some full malware scans and the Windows Repair program was gone for good. The malware was gone, but my hard drive problem was still there. I tried the 'stickied' thread's solution but nothing happened when I went to restart the computer. I did everything it said but it didn't work. Also, a Files Needed window keeps popping up saying I need SynTPCo2.dll (see attached pic).
It's hard to explain but I'll give it a shot. The files still exist but do not show up. If I can find a way to get to the programs they still work as if they're still stored on my computer there's just no way to get to them (sounds dumb, I know). For example, if I have a website shortcut saved on my desktop I can still use Firefox by clicking on that shortcut, but no Firefox.exe can't be found on my computer anywhere. Also, I know the files still exist because when I was going to Save As something, I could still see all of my folders in the window when I was looking for a place to save. No matter what I do it still says that the drive is connected correctly and that it 74 out of 80 GB full.
The whole thing is really frustrating me. I've spent hours researching the problem and I can't seem to find a solution. I know this may sound difficult to understand because I probably didn't explain it very well, but I hope maybe someone understands what I am saying and can help me out.
I'm not sure all that is needed to know, but I have a Compaq R4000 with Windows XP, bought in 2005. I was using Firefox when this happened.
Thank you so much for your time and interest. I hope I have given enough info for there to be some sort of help. I'm not the smartest when it comes to this sort of thing
so please bear with me. Thanks again!!!-Bryan
Below are the logs from the malware scans:
First one:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 6198
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
3/28/2011 1:26:21 PM
mbam-log-2011-03-28 (13-26-21).txt
Scan type: Full scan (C:\|D:\|E:\|Z:\|)
Objects scanned: 291915
Time elapsed: 48 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JmpyxPEOWqPO (Trojan.Downloader) -> Value: JmpyxPEOWqPO -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\jmpyxpeowqpo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18407220.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\bryan saam\local settings\application data\vgo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\bryan saam\local settings\temporary internet files\Content.IE5\Z6U9DXPN\kvhnhlitklyphofpkog[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0117257.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
Second one:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 6198
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/28/2011 3:14:45 PM
mbam-log-2011-03-28 (15-14-45).txt
Scan type: Full scan (C:\|D:\|E:\|Z:\|)
Objects scanned: 293874
Time elapsed: 1 hour(s), 40 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0118296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0118297.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP791\A0118298.exe (Trojan.Agent) -> Quarantined and deleted successfully.
