Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

cmd box & regit probs [RESOLVED]

Started by Paullong , Aug 12 2005 05:36 AM

This topic is locked

#1
Paullong

Posted 12 August 2005 - 05:36 AM

New Member

Member
7 posts

Hi,

I have a problem with cmd and regedit, although command.com works fine! This is a fairly new XP build.

When I start cmd (from Run), I get a blank dos box with a flashing cursor, but no prompt. It stays like this for a minute or so, then I get the error "The NTVDM CPU has encountered an illegal instruction" and an option to ignore or cancel. Both options terminate the dos box.

I have run CleanUp, Ad-aware SE, Spybot S&D, CWShredder, Ewido, Trend Housecall, installed AVG and Trojanhunter - all clean but still no working dos box or regedit.

Here is my HackThis log. Any help would be appreciated!

Thanks,

Paul

Logfile of HijackThis v1.99.1
Scan saved at 12:34:17, on 12/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\ewido\security suite\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\CTHELPER.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\QuickTime\qttask.exe
H:\WINDOWS\System32\CTHELPER.EXE
H:\Program Files\Browser Mouse\Browser Mouse\1.0\mouse32a.exe
H:\Program Files\D-Tools\daemon.exe
H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
H:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
H:\WINDOWS\System32\RUNDLL32.EXE
H:\Program Files\Valve\Steam\Steam.exe
H:\Documents and Settings\Paul\My Documents\BioniX Wallpaper v5.1 RC1\BionixWallpaper5.exe
H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\VIA\RAID\raid_tool.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\Program Files\Grisoft\AVG Free\avgcc.exe
H:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] H:\Program Files\Browser Mouse\Browser Mouse\1.0\mouse32a.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "H:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "H:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winupdate] H:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "H:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] H:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [BioniXWallpaper] "H:\Documents and Settings\Paul\My Documents\BioniX Wallpaper v5.1 RC1\BionixWallpaper5.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = H:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://H:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://H:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://H:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://H:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.3.1.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://ve.ukie.capg...oterisSetup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123751750871
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe

#2
Metallica

Posted 17 August 2005 - 11:58 AM

Spyware Veteran

GeekU Moderator
33,101 posts

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot run HijackThis again. Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [winupdate] H:\Program Files\winupdate\winupdate.exe /auto

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab

Reboot once more and post a new log.
Also let me know if you can use cmd and regedit again.

Regards,

#3
Paullong

Posted 17 August 2005 - 02:14 PM

New Member

Topic Starter
Member
7 posts

Thanks for your help. I've done everything you asked. Some of the files you described were not on my computer but most were.

Regedit now works (thanks) but cmd still doesn't.

New HJT log as requested. Thanks again - I appreciate it!

Logfile of HijackThis v1.99.1
Scan saved at 21:11:25, on 17/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\Program Files\ewido\security suite\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\CTHELPER.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\System32\CTHELPER.EXE
H:\Program Files\Browser Mouse\Browser Mouse\1.0\mouse32a.exe
H:\Program Files\D-Tools\daemon.exe
H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
H:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
H:\WINDOWS\System32\RUNDLL32.EXE
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Valve\Steam\Steam.exe
H:\Documents and Settings\Paul\My Documents\BioniX Wallpaper v5.1 RC1\BionixWallpaper5.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\Program Files\VIA\RAID\raid_tool.exe
H:\PROGRA~1\MOZILL~1\FIREFOX.EXE
H:\WINDOWS\System32\wuauclt.exe
H:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] H:\Program Files\Browser Mouse\Browser Mouse\1.0\mouse32a.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "H:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "H:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "H:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] H:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [BioniXWallpaper] "H:\Documents and Settings\Paul\My Documents\BioniX Wallpaper v5.1 RC1\BionixWallpaper5.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = H:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://H:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://H:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://H:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://H:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.3.1.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://ve.ukie.capg...oterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123751750871
O17 - HKLM\System\CCS\Services\Tcpip\..\{00700743-F691-42D1-A4F7-3CBF899DA459}: NameServer = 158.43.240.4,158.43.240.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{00700743-F691-42D1-A4F7-3CBF899DA459}: NameServer = 158.43.240.4,158.43.240.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{00700743-F691-42D1-A4F7-3CBF899DA459}: NameServer = 158.43.240.4,158.43.240.3
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#4
Metallica

Posted 18 August 2005 - 12:42 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Your log is clean now.

Time to install SP2 for IE and XP

http://www.microsoft...p2/default.mspx

Let me know if that solves it.

Regards,

#5
Paullong

Posted 31 August 2005 - 05:17 AM

New Member

Topic Starter
Member
7 posts

Hi,

Installed SP2 an up to date with updates etc. Regedit now works, but CMD stil doesn't. It still hangs (as before!).

Thanks for your help with this!

Paul

#6
Metallica

Posted 31 August 2005 - 11:50 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Copy the code below into notepad and save it as lookup.bat
Set Filetype to "All files"

dir %Systemdrive%\cmd.* /a h /s > files.txt
start notepad files.txt

That will open a file called files.txt. Post the content of that file, please.

Regards,

#7
Paullong

Posted 31 August 2005 - 12:19 PM

New Member

Topic Starter
Member
7 posts

Hi,

File reads as follows:

Volume in drive H is Main disk
Volume Serial Number is 8CA0-FC2F

Directory of H:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Python Libraries\Lib

17/05/2005 09:03 14,900 cmd.py
1 File(s) 14,900 bytes

Directory of H:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Python Libraries\Lib\distutils

17/05/2005 09:03 19,759 cmd.py
1 File(s) 19,759 bytes

Directory of H:\WINDOWS\Prefetch

31/08/2005 19:16 49,674 CMD.EXE-087B4001.pf
1 File(s) 49,674 bytes

Directory of H:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819

04/08/2004 08:56 388,608 cmd.exe
1 File(s) 388,608 bytes

Directory of H:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\backup

23/08/2001 13:00 375,808 cmd.exe
1 File(s) 375,808 bytes

Directory of H:\WINDOWS\system32

11/08/2005 16:11 2 cmd.com
04/08/2004 00:56 388,608 cmd.exe
2 File(s) 388,610 bytes

Directory of H:\WINDOWS\system32\dllcache

04/08/2004 00:56 388,608 cmd.exe
1 File(s) 388,608 bytes

Thanks,

Paul

#8
Metallica

Posted 31 August 2005 - 12:57 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Please find and delete:
H:\WINDOWS\system32\cmd.com

Let me know if that does it.

Regards,

#9
Paullong

Posted 31 August 2005 - 04:03 PM

New Member

Topic Starter
Member
7 posts

GREAT! - That did it - Thanks very much for your help - I will promote your site wherever I can!

Thanks again,

Paul

#10
Metallica

Posted 01 September 2005 - 11:41 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.