Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Files mysteriously disappearing from external drive ???


31 Jan 2010   #1

7 64 bit
 
 
Files mysteriously disappearing from external drive ???

Hi all

Glad I found this forum. Hoping one of you uber smart people can help me figure out wtf is going on in my computer. Long story short: I have a Seagate external drive hooked up. I back all my data up to it. The other day I accessed it and to my shock ALL FILES were gone. Poof. We're talking thousands of files. Weird though, the folder structure/tree was still completely in tact!! Every folder is there, it's just the files that are gone. I used Recuva This and got about 60% of it back. The other 40% is gone forever I guess. Very sad as there were about 500 family images that we lost.

Anyway, I add more files to this drive about three days ago to test. Sure enough they TOO are gone now but their folders are still there! Ugh! Important to note these files are NOT going to the recycle bin for some reason. They are just being zapped from the drive somehow.

SOMETHING/SOMEONE is making my files disappear. This drive is NOT being shared on the network. I ran scan disk and no errors were found. Here is my HT log:

Code:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:56:07 PM, on 1/31/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\LivePerson\Expert\LPExpertMessenger.exe
C:\Program Files (x86)\APC\APC PowerChute Personal  Edition\apcsystray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet  Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208}  - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} -  C:\Program Files (x86)\Adobe\/Adobe Contribute  CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper -  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -  {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: IE Developer Toolbar BHO -  {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files  (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar -  {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files  (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -  C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common  Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\RunServices: [Nod42 Service] nod143.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe  /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Speech Recognition]  "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files  (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows  Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin]  C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows  Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin]  C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LivePerson Expert Messenger.lnk = C:\Program Files  (x86)\LivePerson\Expert\LPExpertMessenger.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF -  res://C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program  Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF -  res://C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program  Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -  res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -  C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -  C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote -  {2670000A-7350-4f3c-8081-5663EE0C6C49} -  C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -  {2670000A-7350-4f3c-8081-5663EE0C6C49} -  C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar -  {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files  (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -  C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} -  C:\Program Files (x86)\Intuit\QuickBooks  2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  mscoree.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files  (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated -  C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue  CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner  - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files  (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation -  C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files  (x86)\Common Files\Apple\Mobile Device  Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -  C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file  missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. -  C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. -  C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. -  C:\Program Files (x86)\AVG\AVG9\Identity  Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown  owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown  owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. -  C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet  Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. -  C:\Program Files\Common Files\Macrovision Shared\FLEXnet  Publisher\FNPLicensingService64.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner -  C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision  Corporation - C:\Program Files (x86)\Common  Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program  Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -  C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files  (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -  C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files  (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner -  C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage)  - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files  (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -  C:\Program Files (x86)\Common  Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -  Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown  owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -  Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown  owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown  owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -  Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner  - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown  owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -  Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -  Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101  (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media  Player\wmpnetwk.exe (file missing)


My System SpecsSystem Spec
.

31 Jan 2010   #2

 
 

Do you use a proxy server to connect to the net?

If not then it looks like you could be infected and may not be able to connect to certain security sites.

You could try a quick scan with Malwarebytes Antimalware - update first and delete what it finds.

A second opinion scan with Hitman Pro wouldn't hurt.

|MG| Malwarebytes Anti-Malware 1.44 Download

Hitman Pro 3 - SurfRight
My System SpecsSystem Spec
31 Jan 2010   #3

7 64 bit
 
 

I don't follow. I am not having trouble connecting to any security sites. What makes you think I am having trouble connecting to them?

I have tried scanning for viruses. Nothing comes up

Help

I am really worried
My System SpecsSystem Spec
.


31 Jan 2010   #4

 
 

The setting below from your HJT log may indicate a hijack or it could be a left over from a previous infection.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Have you scanned with Malwarebytes?
My System SpecsSystem Spec
31 Jan 2010   #5

Windows 7 Professional x64
 
 

I had that happen to a thumb drive. It was just another one of the signs that told me my drive was going bad.

I would strongly advice downloading Seagate's SeaTools and scanning your drive.
My System SpecsSystem Spec
31 Jan 2010   #6

7 64 bit
 
 

Yes I ran Malware Bytes on quick scan. I am now doing full scan. What does that registry key you included tell you? Does that mean my PC is being hijacked?

I DL"d SeaTools and have run all tests and the drive passes them all so far. Running the Long Test now. Seems ok though
My System SpecsSystem Spec
31 Jan 2010   #7

7 64 bit
 
 

Also did you notice the nod143.exe entry in my HJT file? I just read that is a virus. I had HJT delete it. Not sure if that is the issue though.

Should I remove the proxy thing you referenced?
My System SpecsSystem Spec
31 Jan 2010   #8

 
 

I would wait till one of the experts over at Bleeping replies to your post but it seems to me that you just may have an infection present.

You can copy and paste your HJT log for an online analysis below as a guide but I would wait for one of the experts to respond over at Bleep.

HijackThis Logfileauswertung

Windows process and HijackThis log tool bv1.5c
My System SpecsSystem Spec
01 Feb 2010   #9

7 64 bit
 
 

Ok I will keep my eye on the bleepingcomputers.com thread. Nothing back yet. I have posted in multiple forums across the web and this is the only one that has yielded a response.
My System SpecsSystem Spec
01 Feb 2010   #10

Windows 7 Pro
 
 

Hi

The R1 entry is nothing to worry about however the nod143.exe entry is.

Information at >Threat Expert<

Malwarebytes' Anti-Malware
Please go here: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com and download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from >here< and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Select "Perform Full Scan" then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that all items are ticked/checked except items in the C:\System Volume Information folder and click on Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Thanks
Vino
My System SpecsSystem Spec
Reply

 Files mysteriously disappearing from external drive ???




Thread Tools



Similar help and support threads for2: Files mysteriously disappearing from external drive ???
Thread Forum
Hard Drive showing as full mysteriously General Discussion
Solved External HD of Laptop being mysteriously accessed by system. Performance & Maintenance
Files Disappearing from Folders on external (USB) disks General Discussion
The mystery of the disappearing external hard drive Hardware & Devices
Files Mysteriously Disappearing from Hard Drive Hardware & Devices
Change back up files from D Partitioned Drive to External Hard Drive? Performance & Maintenance
CD/DVD-Drive disappears mysteriously from My Computer Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:26 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33