Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.txt Files Corrupted / Images Gone


  • Please log in to reply
4 replies to this topic

#1 Bastille Day

Bastille Day

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 10 July 2014 - 02:26 PM

Have been slowly uploading my information to the cloud then this happened.

 

Hundreds of .txt files unreadable and all my images won't appear.

 

No images at all in the Windows Fax and Picture Viewer frame.

 

Expert tells me I have a virus and my box needs a scan at a cost of $60.00.

 

Problem is I have to travel to the city to do this and have to leave it overnight thus requiring two trips.

 

Just want my files long enough to transfer to a safe location then do a permanent shut-down.

 

Firefox browser works fine.

 

Any suggestions much appreciated.


Edited by hamluis, 10 July 2014 - 03:20 PM.
Moved from XP to Am I infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:06 PM

Posted 10 July 2014 - 06:02 PM

Hello -

Please download all tools to Desktop and Copy and Paste all Logs.

 

First - This is a "basic clean-up" and we will go further depending on your answers.

 

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

 

* NOW :
 Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista / Windows 7 / 8 users right-click and select Run As Administrator.
 * Click on the Scan button (only once)
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.

* Now
 * Click on the Clean button (only once)
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Please download Junkware Removal Tool by Thisisu

Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it. 

Click on Run to initiate the installation.

To avoid potential conflicts, Temporarily Disable your Antivirus

You may want to be offline when you do this.

Run the tool by double-clicking it.

If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open. 
Copy and Paste this in your next post..



#3 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 11 July 2014 - 11:07 AM

These two programs would not download in firefox so i had to switch to the Internet Explorer browser.

 

Rkill:

 

Program started at: 07/11/2014 11:46:22 AM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\hkcmd.exe (PID: 1724) [WD-HEUR]

* C:\WINDOWS\system32\igfxpers.exe (PID: 1732) [WD-HEUR]

* C:\Program Files\Java\jre6\bin\jusched.exe (PID: 1740) [FI]

* C:\WINDOWS\system32\cisvc.exe (PID: 132) [WD-HEUR]

* C:\Program Files\Mozilla Firefox\firefox.exe (PID: 220) [FI]

* C:\WINDOWS\System32\vssvc.exe (PID: 1656) [WD-HEUR]

* C:\WINDOWS\system32\wbem\wmiapsrv.exe (PID: 1720) [WD-HEUR]

* C:\WINDOWS\System32\dmadmin.exe (PID: 2060) [WD-HEUR]

* C:\Program Files\Internet Explorer\iexplore.exe (PID: 3996) [FI]

* C:\Program Files\Internet Explorer\iexplore.exe (PID: 4044) [FI]

* C:\Program Files\Internet Explorer\iexplore.exe (PID: 1156) [FI]

11 proccesses terminated!

Possibly Patched Files.

* C:\WINDOWS\system32\ctfmon.exe

* C:\WINDOWS\explorer.exe

* C:\WINDOWS\system32\dllhost.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.

Startup Type set to: Disabled

* Automatic Updates (wuauserv) is not Running.

Startup Type set to: Disabled

* ALG [Missing Service]

* wdmaud [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\clipsrv.exe : 586,240 : 05/03/2014 03:44 PM : 5a32abd7ae6fdb32097b5a585949fe50 [NoSig]

+-> C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe : 586,240 : 05/03/2014 02:02 PM : e4d3095985deac06fa8a7fa33021d026 [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe : 586,240 : 05/06/2014 10:45 AM : a67bc7d86af1a9549da94e6a86e9cf87 [Pos Repl]

* C:\WINDOWS\System32\ctfmon.exe : 568,320 : 05/27/2014 07:57 PM : 7c1c026f88adaebefae293e2e07a0b65 [NoSig]

+-> C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe : 568,320 : 05/03/2014 02:13 PM : b6b59e37f29c347a2bb10bd15a7df16b [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe : 568,320 : 05/06/2014 10:45 AM : 6b97585591c5c3c1febc0fb84bd1b6fd [Pos Repl]

* C:\WINDOWS\System32\dllhost.exe : 577,536 : 06/23/2014 02:06 PM : 4923947dae123da862a4fb9b11075b14 [NoSig]

+-> C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe : 5,120 : 02/28/2006 08:00 AM : dd87db7387b9eb441c5674888a0d840c [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\dllhost.exe : 5,120 : 04/14/2008 05:42 AM : 0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]

* C:\WINDOWS\System32\wbem\wmiprvse.exe : 771,072 : 05/06/2014 10:51 AM : c390eec4ea1bc894da02e86c11f454c1 [NoSig]

+-> C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe : 771,072 : 05/03/2014 02:45 PM : 932bcb8fdb8a4eb43b0030f3e833ead8 [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe : 771,072 : 05/06/2014 10:47 AM : 3f1c677ca5013d7918d1a999a535bae3 [Pos Repl]

* C:\WINDOWS\System32\wscntfy.exe : 566,784 : 05/06/2014 10:51 AM : f9cf2e558995b994da3ff614959448d8 [NoSig]

+-> C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe : 566,784 : 05/03/2014 02:16 PM : 182cfbae330dbc136d3e4edb97dc5090 [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe : 566,784 : 05/06/2014 10:47 AM : d1fab44675947cfd69ae1d31a74cc570 [Pos Repl]

* C:\WINDOWS\System32\wuauclt.exe : 600,064 : 05/06/2014 10:51 AM : b1eb3db4c45533cedf4576a1d78c647a [NoSig]

+-> C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe : 664,064 : 05/03/2014 02:16 PM : f54132ca11621761110f8d8570a5998a [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe : 664,064 : 05/06/2014 10:47 AM : 93aa0c2080b5ef008727e1305556e656 [Pos Repl]

+-> C:\WINDOWS\system32\dllcache\wuauclt.exe : 600,064 : 05/06/2014 10:49 AM : dfc82249410a8b47c97d1666bc16cae0 [Pos Repl]

* C:\WINDOWS\explorer.exe : 1,586,688 : 05/07/2014 04:51 PM : c42615da24f81990877fee4c05ca4853 [NoSig]

+-> C:\WINDOWS\$NtServicePackUninstall$\explorer.exe : 1,585,152 : 05/03/2014 03:09 PM : ca05fe2728931ce8012e72ced3d65a71 [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\explorer.exe : 1,586,688 : 05/06/2014 10:46 AM : 19a0c88ddc2da196baf42de066a68c69 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/11/2014 11:46:59 AM

Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)



#4 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 11 July 2014 - 11:16 AM

Thanks noknojon for your help but I think this is to complicated for me.



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:06 PM

Posted 11 July 2014 - 06:02 PM

Please follow the instructions in ==>This Prep Guide<== starting at Step 6.

 

Once the proper logs are created, then make a NEW TOPIC and post it ==>virus-trojan-spyware-and-malware-removal area<==

 

The Experts may be able to provide better help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users