1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help!

Discussion in 'Virus & Other Malware Removal' started by LONDON GEEZA, Oct 5, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    Hi im new here, this might be a silly question for all you pros but recently i have been getting this error message when Windows starts up:

    SYSTEM32/CMD.EXE is not a valid Win32 Application

    What is this, why is it occurring and what should i do?

    Thanx
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    We need more information. Cmd.exe IS, or should be, a valid application on an XP/NT/2k system but not a Win9x/ME one.

    In any case it does not normally run on startup.

    Give us a copy/paste of a HijackThis Scanlog following directions here:

    http://www.tomcoyote.org/hjt/

    Are you sure it didn't say "cmd32.exe", a commonly used "trojan" name?
     
  3. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    hi Rolin' Rog heres the log, plz advise me of any trojans/spyware.. thnx

    Logfile of HijackThis v1.97.2
    Scan saved at 19:37:59, on 05/10/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\Smtray.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\Program Files\Norton Internet Security\ATRACK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Waleed\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=3C01&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=3C01&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=3C01&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=3C01&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/...rchredir2.dll?c=3C01&lc=0809&s=search&ap=b204
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0809
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\cmd32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\cmd32.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Smapp] Smtray.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\RunServices: [CMD] cmd32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: DigiChat Applet - http://demo2.digi-net.com/DigiChat/DigiClasses/Client_IE.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,202
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\cmd32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\cmd32.exe
    O4 - HKLM\..\RunServices: [CMD] cmd32.exe

    then reboot & delete C:\WINDOWS\System32\cmd32.exe which is a virus

    then
    download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de


    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.
     
  5. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    Thanks Derek for your help.. Alongside the cmd32.exe virus, I have also been infected with W32.Pinfi which infected around 200 files, NAV managed to repair most of them but couldnt repair around 8 files, how could I repair them?

    SpyBot hilighted the following files in red, should I delete them?

    -----------------------------------------------------------------------------------
    Alexa Related: What's related link (Replace file, nothing done)
    C:\WINDOWS\Web\related.htm

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2070620897-2317538923-1809067083-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
    -----------------------------------------------------------------------------------

    Also I am having problems with NAV, I keep getting theses script errors, I have tried the suggestions on Symantec support site but still no luck..

    When i open NAV I get this:

    An error has occurred in the script on this page.

    Line: 155
    Char: 2
    Error: Permission denied
    Code: 0
    URL: res://C:\PROGRA~1\NORTON~1\NAVUI.dll/navstats.htm

    When I try and scan, the scan doesnt start and I get this:

    An error has occurred in the script on this page.

    Line: 82
    Char: 2
    Error: null is null or not an object
    Code: 0
    URL: res://C:\PROGRA~1\NORTON~1\NAVUI.dll/scan.htm


    If anyone can help that would be great!

    Thanx
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    What are the files that Nav says it cannot clean? If they are program files, the applications will have to be reinstalled. It is not likely they are XP system files.

    You can have Spybot "fix" those exploits, it is not deleting anything just altering some registry entries.

    What link or help article did you try to follow for those errors with Symantec?

    Was it this one?

    http://service1.symantec.com/SUPPOR...88256ad20079d32c?OpenDocument&src=bar_sch_nam
     
  7. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    Thanx Roll Rog, yes that is the same article that I reffered to, I have tried all suggestions apart from reinstalling NAV, I was leaving that as a last resort and hoping there was an easier solution..

    The files that NAV cant repair display 'access denied', I cannot list them here because I also get a script error in the Quarintine
    section which does not allow me to view the files.. Is there another way I can access them?
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Check and see what is in:

    C:\Program Files\Norton AntiVirus\Quarantine

    This will tell us what the files are. Usually they would be safe to delete if they have actually been quarantined rather than just "backed up".

    I'm afraid I don't have any magic answers on NAV if it's down to a remove and reinstall.
     
  9. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    Can someone check my recent log plz.. thanx

    Logfile of HijackThis v1.97.2
    Scan saved at 23:01:24, on 07/10/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\norton antivirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Smtray.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton Internet Security\ATRACK.EXE
    C:\Program Files\Common Files\Real\Update_OB\realevent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Waleed\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=3C01&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=3C01&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=3C01&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=3C01&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/...rchredir2.dll?c=3C01&lc=0809&s=search&ap=b204
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Smapp] Smtray.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: DigiChat Applet - http://demo2.digi-net.com/DigiChat/DigiClasses/Client_IE.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see any bad stuff in the scanlog at all.
     
  11. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    Thanx Rollin 'Rog.. In the end i decided to reinstall NAV, now its fine, by the way should I allow Internet access to Microsoft Generic Host Process for Win32 Services (svchost.exe)?

    I managed to get a list of the files that NAV couldnt repair, in total there are now 110, they are all similar temp files invected with W32.Pinfi, I will list some below, should i delete them?

    aja2.temp ala3.temp aln453.tmp ana5.tmp bia1.tmp bia2.tmp bja2.tmp bka3.tmp bla1.tmp bla2.tmp bla3.tmp cka1.tmp dja1.tmp dka1.tmp dka2.tmp dka3.tmp etc etc
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Absolutely. I don't know what created them but you can certainly delete anything with a .tmp or .temp extension

    svchost.exe

    Yes that is a vital XP service. Sometime trojans try to run under similar names or under the same name from a directory other than system32, but I'm sure what you are seeing is the valid one.
     
  13. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    Thanx again Rollin 'Rog, you've been most helpful..

    When I scan in HJT and make a log, it saves the log as a FILE document not as a TEXT document, at first I thought W32.Pinfi had deleted my Notepad but its still there, has some other file been damaged for it to be doing this? Also my internet connection keeps disconnecting and only one computer secreen flashes whereas it was excellent before I was hit by this virus.

    Where can i check what files are damaged and need re-installing, in Quarantine there are 330 backup items infected with W32.Pinfi which are mostly program files, have these files been repaired and should i delete them from the list?
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It should be saving the Scanlog as a .log file

    Sometimes file associations get buggered and log files do not open by default in Notepad as they should.

    Right click on the saved file and select "properties". You will see an option there to change the program designated to open it with. Just find Notepad and select that.

    Hard to know what is affecting your internet connection.

    330 program files are a lot of files. Not knowing what they are, it is hard to advise. I think they may have just been backed up as a precaution prior to cleaning or repairing, since the only ones that NAV couldn't repair were evidently the temporary ones. Does the NAV log tell you which files were cleaned or repaired? If so, then you can delete from backup any that were successfully restored

    You can try this for what it's worth: go to Start>Run and enter:

    sfc /scannow

    just have your desktop visible when you do this or you may not see what is happening.

    Sfc, in theory, will check system files and replace automatically if it can, or prompt you if it can't, any files which are missing from the original protected file verification list.

    Since you don't have IE sp1 installed, you could try updating to that to replace any damaged IE files. You should also install the latest cumulative patch.

    The two flashing computer screens represent upload and download connectivity. You may see one or the other or both depending on what is required at any given time.

    If you are using dialup and can try an alternate number or two, I would do that. Disconnects are usually the result of line noise or ISP router problems, or in some cases the modem itself.
     
  15. LONDON GEEZA

    LONDON GEEZA Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    48
    Yes the scanlog has always saved as a .log file but ever since 2 days ago it stopped opening in Notepad,and I have been doing it manually as you mentioned above, I just got a bit suspicious and thought the virus was back..

    This is what NAV says about the backed up items: "This is a backed-up copy of a file that has been repaired. When you are confident that the repaired item is working properly, delete this item." But im not confident that they are all working as i dont know what they do or how to test them.. heres a few of the files:

    _isdel.exe
    Acrodist.exe
    AcroRd32.exe
    AcroTray.exe
    AOM.exe
    ar40eng.exe
    ckcwin.exe
    Dc12.exe
    Dc4.exe
    Dc6.exe etc etc

    I tried the sfc /scannow and that seems to be ok..

    Yes I am using dialup and but its a new modem, when you said 'try an alternate number or two' what did you mean? Also the connecting sound sounds diffrent and takes longer to connect, is that that the line noise?..
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/169698

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice