WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Infection: "system-check.com" [Solved]
Started by
Dean N
, Dec 27 2011 10:34 PM
This topic is locked
133 replies to this topic
#91
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 05 January 2012 - 12:41 PM
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#92
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 05 January 2012 - 03:13 PM
Dean,
Insert your Windows CD into the CD Rom drive and you can hold the shift key down and it will prevent it from loading.
I am assuming your CD drive is D:, if its not than change this fix by replacing D: with the letter of your drive. Make sure to delete the other expand.bat that we created before
Copy all the Quoted text inside the Quote box and paste it into Notepad, save it as expand.bat , on the drop down list change it to All Files, save it to your desktop, then click on expand.bat to execute it.
At this point just let me know how it went
Insert your Windows CD into the CD Rom drive and you can hold the shift key down and it will prevent it from loading.
I am assuming your CD drive is D:, if its not than change this fix by replacing D: with the letter of your drive. Make sure to delete the other expand.bat that we created before
Copy all the Quoted text inside the Quote box and paste it into Notepad, save it as expand.bat , on the drop down list change it to All Files, save it to your desktop, then click on expand.bat to execute it.
expand D:\WINDOWS\I386\winlogon.ex_ c:\windows\system32\system32\dllcache\winlogon.exe
expand D:\WINDOWS\I386\svchost.ex_ c:\windows\system32\system32\dllcache\svchost.exe
expand D:\WINDOWS\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe
At this point just let me know how it went
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#93
Dean N
-
- Authentic Member
-
- 152 posts
Authentic Member
Posted 05 January 2012 - 03:29 PM
I ran expand.bat, and i got the same problem as before, the c:\ screen pops up with text flying... bottom-to-top this time... endless loop
#94
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 05 January 2012 - 03:55 PM
Can you look on your CD and find the i386 folder?
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
#95
Dean N
-
- Authentic Member
-
- 152 posts
Authentic Member
Posted 05 January 2012 - 03:56 PM
Yep.. in it right now
#96
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 05 January 2012 - 03:57 PM
is it: D:\WINDOWS\I386
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#97
Dean N
-
- Authentic Member
-
- 152 posts
Authentic Member
Posted 05 January 2012 - 03:59 PM
No, it is D:\I386
#98
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 05 January 2012 - 04:04 PM
Try it like this
Copy all the Quoted text inside the Quote box and paste it into Notepad, save it as expand.bat , on the drop down list change it to All Files, save it to your desktop, then click on expand.bat to execute it.
At this point just let me know how it went
Copy all the Quoted text inside the Quote box and paste it into Notepad, save it as expand.bat , on the drop down list change it to All Files, save it to your desktop, then click on expand.bat to execute it.
expand D:\I386\winlogon.ex_ c:\windows\system32\system32\dllcache\winlogon.exe
expand D:\I386\svchost.ex_ c:\windows\system32\system32\dllcache\svchost.exe
expand D:\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe
At this point just let me know how it went
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#99
Dean N
-
- Authentic Member
-
- 152 posts
Authentic Member
Posted 05 January 2012 - 04:25 PM
Same as before. Runs like an old BASIC program:
10 print "blah blah blah";
20 goto 10
...if that helps...
#100
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 05 January 2012 - 04:29 PM
That's pretty weird...
Lets try it another way.
Click Start > Run
Copy past this into the open window
expand D:\I386\winlogon.ex_ c:\windows\system32\system32\dllcache\winlogon.exe
Tap Enter.
Lets try it another way.
Click Start > Run
Copy past this into the open window
expand D:\I386\winlogon.ex_ c:\windows\system32\system32\dllcache\winlogon.exe
Tap Enter.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
Register to Remove
#101
Dean N
-
- Authentic Member
-
- 152 posts
Authentic Member
Posted 05 January 2012 - 04:36 PM
I ran it, and it opened and closed very quickly before i could read it. ran it again, used a screenshot app to catch image before it closed itself again, and caught the text:
Expanding d:\I386\winlogon.ex to c:\windows\system32\system32\dllcache\winlogon.exe.
Can't open output file: \windows\system32\system32\dllcache\winlogon.exe.
#102
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 05 January 2012 - 04:40 PM
Lets see if we can rename the existing ones
Go to each locations and Right Click and the file, select Rename and rename to .Old
Example: winlogon.old
c:\windows\system32\system32\dllcache\winlogon.exe
c:\windows\system32\system32\dllcache\svchost.exe
c:\windows\system32\dllcache\explorer.exe
Then try the expand again
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#103
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 05 January 2012 - 04:48 PM
If that didn't work, we'll need to run the expand from the command prompt.
Click Start, Run and type CMD.EXE
You'll need to type these in so note any spaces as they need to be there and tap enter after each line.
expand D:\I386\winlogon.ex_ c:\windows\system32\system32\dllcache\winlogon.exe
expand D:\I386\svchost.ex_ c:\windows\system32\system32\dllcache\svchost.exe
expand D:\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe
That's the best I can do.
Ken will be back with you to help.
Click Start, Run and type CMD.EXE
You'll need to type these in so note any spaces as they need to be there and tap enter after each line.
expand D:\I386\winlogon.ex_ c:\windows\system32\system32\dllcache\winlogon.exe
expand D:\I386\svchost.ex_ c:\windows\system32\system32\dllcache\svchost.exe
expand D:\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe
That's the best I can do.
Ken will be back with you to help.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#104
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 05 January 2012 - 05:22 PM
You can actually copy and paste each line in, let do one at a time from the command prompt
expand D:\I386\winlogon.ex_ c:\windows\system32\system32\dllcache\winlogon.exe
expand D:\I386\svchost.ex_ c:\windows\system32\system32\dllcache\svchost.exe
expand D:\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#105
Dean N
-
- Authentic Member
-
- 152 posts
Authentic Member
Posted 05 January 2012 - 05:25 PM
c:\windows\system32\system32\dllcache\winlogon.exe
c:\windows\system32\system32\dllcache\svchost.exe
c:\windows\system32\dllcache\explorer.exe
I have neither a system32 folder nor a dllcache folder within my c:\WINDOWS\system32 folder.
I do, however, have winlogon and svchost files in the c:\WINDOWS\system32 folder. Neither of these have flie name extensions, and I've noticed that a majority of .exe files I've used to try to fix this mess don't have visible file name extensions either.
there is no explorer file in the c:\WINDOWS\system32 folder though.
Just saw your last 2 posts, will try to do something with them... thanks!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
