1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Got scammed now having PC issue

Discussion in 'Windows - Virus and spyware problems' started by saulat_99, Oct 1, 2012.

  1. saulat_99

    saulat_99 Regular member

    Joined:
    Jul 10, 2004
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    26
    I kind of got scammed online and forced to go to some less reputable sites. My PC was fine after this but when I removed a chat program and another recently installed program I think a msg about active desktop popped up and a side bar on the left of my desktop. I got rid of it easily enough. Now none of my shortcuts, desktop ini, exe files, or most files will not open. My icons lost their pictures or the .txt and .doc files reverted to an older version. I can open mozilla and ran bitdefender and malwarebytes from my networked PC and found no virus on the root drive. I am thinking I have a corrupt windows file. I can not run anything through Run as it says the same as when I try to open an exe program.

    Is there an online site that will check my windows files or a program that will do the same as the system file checker that I can specify the root drive so that I can select my networked PC? Thanks for any help I don't want to reformat and its bad enough I got scammed already.
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    in the run command box type sfc\scannow .this will check your files and hopefully repair the corrupt ones.if this does nothing download the latest version of highjack this and run it.dont fix anything just yet,just post the log.
     
    Last edited: Oct 2, 2012
  3. saulat_99

    saulat_99 Regular member

    Joined:
    Jul 10, 2004
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    26
    I cannot do either. I get the same message when trying to open either file. Windows cannot open this file .exe... needs to know what kind of program created the file.... select from a list or use web to find appropriate program. Its like all or most of my file extensions are no longer associated with a program to open them including shortcuts and things.

    My browser appears to work fine, my system isn't hanging up any, I can even watch videos on the browser which is why I was hoping for some sort of online scan of the windows files. I can use a networked PC so any program I can select the root drive with I should be able to do from the other PC as I was able to make the root drive shared.
     
  4. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    3,989
    Likes Received:
    40
    Trophy Points:
    78
    Icons loosing pictures should be fairly straight forward to repair,you need to rebuild icon cache however it may not work if the below is not repaired still worth a try & start with the easy stuff first

    the .exe files etc is a different matter & more serious,you need to restore file associations

    w7
    http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html

    xp
    http://www.ehow.com/how_5106779_restore-file-associations-windows-xp.html

    if your on w7 what about a system restore |||& since we're on this subject now would be a good time for me to give easeus todo backup(free version) a plug,its free & will solve any future balls ups
     
    Last edited: Oct 2, 2012
  5. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    ill be buggered if i can understand that.what scorpnz is saying makes sense tho.you can also try downloading hjt on another computer and putting it on a usb drive and try running it that way.
     
  6. saulat_99

    saulat_99 Regular member

    Joined:
    Jul 10, 2004
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    26
    That helped some. I had to go to the file types tab in folder options and create and exe extension associated with applications. My .lnk files are still broken. The exe files are working now but not .com or certain other file types. I guess I will need to recreate many of the file extension associations. Not sure if .com is the same as .exe and no clue at all what to associate .lnk files with.

    Oh and sorry for the broken sentences. It was just he windows message asking for which program to use to open the exe files.

    I can run hijack this now but I'm pretty sure the log looks fine I could post it if you want.

    The sfc /scannow is asking for a windows xp sp3 cd which I don't have and it seems like a little hassle to get the right i386 folder or to create an sp3 disc. I only have an older disc before SP3.
     
    Last edited: Oct 2, 2012
  7. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    i meant i couldnt understand the problem.lol.post the log anyway,just in case.can you run check disk utility?
     
  8. saulat_99

    saulat_99 Regular member

    Joined:
    Jul 10, 2004
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    26
    Im off to work for 12 hours, will try to run check disc when I get home.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:03:11 PM, on 10/2/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\system32\LEXBCES.EXE
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\system32\LEXPPS.EXE
    H:\Program Files\Microsoft IntelliPoint\ipoint.exe
    H:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    H:\Program Files\DivX\DivX Update\DivXUpdate.exe
    H:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    H:\Program Files\EZ@Home\EZ Input\EZInput.exe
    H:\WINDOWS\system32\RunDLL32.exe
    H:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    H:\Program Files\Common Files\Java\Java Update\jusched.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\DAEMON Tools Lite\DTLite.exe
    H:\Documents and Settings\Man Cave\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
    H:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    H:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\WINDOWS\system32\rundll32.exe
    h:\program files\mozilla firefox\firefox.exe
    h:\program files\mozilla firefox\plugin-container.exe
    H:\Documents and Settings\Man Cave\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\prxtbVuz2.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - H:\Documents and Settings\Man Cave\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
    O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\prxtbVuz2.dll
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - H:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\prxtbVuz2.dll
    O4 - HKLM\..\Run: [IntelliPoint] "H:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [BDAgent] "H:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DivXUpdate] "H:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "H:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [EZ@Home EZ Input] H:\Program Files\EZ@Home\EZ Input\EZInput.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Azureus] H:\Program Files\Vuze\Azureus.exe
    O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Man Cave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1346526451515
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - H:\Documents and Settings\Man Cave\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - H:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - H:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - H:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - H:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - H:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - H:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - H:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

    --
    End of file - 8875 bytes
     
  9. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    yep,looks ok to me.
     
  10. saulat_99

    saulat_99 Regular member

    Joined:
    Jul 10, 2004
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    26
    Had some help on another forum and this page has fixes for my broken files, they are reg files that regedit can import.

    http://www.dougknox.com/xp/file_assoc.htm

    Probably reformat at some point since I don't know why this happened to me or whether it was malicious or just an odd occurrence.
     
  11. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    thats a handy site.good luck to you.
     

Share This Page