| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 71201 | 2006-07-29 07:25:00 | Program Not Found - cmd.com | dazzah1 (10859) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 474555 | 2006-07-29 07:25:00 | When i click start -> run. then type in "cmd" and click ok it comes up with this error. img99.imageshack.us i get the same error when i try to run other programs such as "regedit" or "notepad" However i can goto C:\Winnt\system32\cmd.exe and it will open fine but my system32 folder has gone missing. i have to access it with cmd prompt also i cant open .bat files i am not sure if its related but it says make sure the path is correct and make sure all the required libraries are available I have windows 2000 |
dazzah1 (10859) | ||
| 474556 | 2006-07-29 07:55:00 | Might be a worm or something doing it. Get the file in my sig below and post the log here. |
Speedy Gonzales (78) | ||
| 474557 | 2006-07-29 08:13:00 | I think its a worm also i just started fixing some things.. fixed attributes to the system32 folder and found a randon.N trogan then all of a sudden somthing has taken all my free space on my c drive and now i cant open add/remove programs in the control panel | dazzah1 (10859) | ||
| 474558 | 2006-07-29 08:16:00 | Get the file in my signature and we'll check whats in it. | Speedy Gonzales (78) | ||
| 474559 | 2006-07-29 08:25:00 | the prob was i couldnt download it becuase of the mem prob but luckly i already had it this was the log Logfile of HijackThis v1.99.1 Scan saved at 5:19:30 PM, on 29/07/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HHD Software\Accurate Network Monitor\NMService.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\VetMsgNT.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\EZARMO~1\ANTIVI~1\VetTray.exe C:\PROGRA~1\EZARMO~1\ETRUST~1\ca.exe C:\Program Files\MSN Messenger\Plus\MsgPlus.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\EZARMO~1\ANTIVI~1\Vet32.exe C:\Program Files\SpywareBlaster\spywareblaster.exe C:\WINNT\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Gavin\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = You are Hacked!!!!!!!!! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iprimus.com.au:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\EZARMO~1\ANTIVI~1\VetTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\EZARMO~1\ETRUST~1\ca.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto O4 - HKLM\..\Run: [CDLoader] CDLoader.exe O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Anti-Virus&Trojan.lnk = C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au O16 - DPF: Yahoo! Chat - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Accurate Network Monitor Safety Service (NMService) - Unknown owner - C:\Program Files\HHD Software\Accurate Network Monitor\NMService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINNT\System32\VetMsgNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe |
dazzah1 (10859) | ||
| 474560 | 2006-07-29 08:43:00 | I think i may have fixed half of the prob i can now open .bat files and now when i open cmd from run it opens a ms-prompt window with the correct dir in the title bar but it still wont open it.. it just sits on that screen for 5-10 secs then exits | dazzah1 (10859) | ||
| 474561 | 2006-07-29 08:44:00 | Boot into safe mode, disable system restore for now, unzip hijackthis before u run it again, tick these entries and tick fix checked. O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto - This, I think is this (www.symantec.com) a trojan. O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe" - uninstall this. It can install spyware. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Dont run more than 1 antivirus program and 1 firewall. They'll conflict. Did u change this entry?? R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = You are Hacked!!!!!!!!! O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe |
Speedy Gonzales (78) | ||
| 474562 | 2006-07-30 07:45:00 | Logfile of HijackThis v1.99.1 Scan saved at 4:45:01 PM, on 30/07/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HHD Software\Accurate Network Monitor\NMService.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\MSN Messenger\Plus\MsgPlus.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ExploreAnywhere\SpyBuddy\sb32mon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM95\aim.exe C:\Program Files\PS Hot Launch VVL\PSHotLaunchVVL.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\Notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Gavin\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iprimus.com.au:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Trunk32] Trunk32.exe O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PS Hot Launch VVL] C:\Program Files\PS Hot Launch VVL\PSHotLaunchVVL.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au O16 - DPF: Yahoo! Chat - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Accurate Network Monitor Safety Service (NMService) - Unknown owner - C:\Program Files\HHD Software\Accurate Network Monitor\NMService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe This is a new log i still have the same error even tho i have fixed some of the problems |
dazzah1 (10859) | ||
| 474563 | 2006-07-30 08:04:00 | Looks like u still have spyware Boot into safe mode again tick these entries and tick fix checked. Unzip HJT first. This C:\Program Files\ExploreAnywhere\SpyBuddy\sb32mon.exe looks like this (www.symantec.com) I dont know what this belongs to O4 - HKLM\..\Run: [Trunk32] Trunk32.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe" /WinStart Do you know what this is ? O4 - HKCU\..\Run: [PS Hot Launch VVL] C:\Program Files\PS Hot Launch VVL\PSHotLaunchVVL.exe |
Speedy Gonzales (78) | ||
| 474564 | 2006-07-30 08:19:00 | I don't quite get it, Speedy. Why would you want to remove MsgPlus? I mean, if you are not careful during the installation, you might inadvertently install the notorious Lop. However, if one is careful, there is one step where the installation wizard will ask the user whether he / she wants to "give support to sponsors", he / she can just deselect the option. Cheers :) |
Renmoo (66) | ||
| 1 2 | |||||