TechSpot

cmd is not a win32 application

By sirish007
Apr 15, 2007
  1. when i type 'cmd' in my run i am getting a error "cmd is not a win32 application"
    plz tell me wht to do i will be w8in for ur reply
    thnx in advance
    MY LOG FILE:-

    Please use proper thread titles from now on. Thanks.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You are running an outdated version of HijackThis.

    Please go to this thread HERE.
    Please post your HijackThis log as an attachment to this thread. Do not copy and paste if not it will be ignored and/or removed by the moderators.


    Regards,
    Your friendly Momok =)
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system has some very nasty infections and you`re running an outdated version of HijackThis.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. sirish007

    sirish007 TS Rookie Topic Starter

    new log file

    i dont want to format my comp... i js want to remove the virus or malware from it
    hear is my new log file plz help me soon and now a days my web browser is encountering error and i have no option except to shut it down and again open it
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, no problem.

    You need to follow all the instructions, then post all the requested logfiles. I have therefore removed your HJT log so that you can post a fresh HJT log after you`ve completed the instructions.

    Regards Howard :)

    This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. sirish007

    sirish007 TS Rookie Topic Starter

  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Combofix is perfectly safe. the article you link to has obviously gotten the wrong end of the stick. Combofix was the object of a rootkit attack that had the potential to cause a users system to have it`s hard drive wiped. The author of Combofix pulled it from public use until he found a fix for the problem. See this thread HERE for further info.

    Post all the requested logfiles.

    Regards Howard :)

    This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. sirish007

    sirish007 TS Rookie Topic Starter

    aft using combo fix my run is working properly
    here r my new log files,tell me if der r ny virus or malware
    presently i am using trend micro will hav ny prob...if i use avg and trend micro simultaneously.
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should never run more than one antivirus programme as it can cause serious conflicts.

    All items in your AVG Antispyware log say "Ignored". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    save
    DAP
    DAEMON Tools SearchBar

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Windows Update
    msconfig
    icq lite
    Update Checker
    AntiVir
    []
    Power Manager (PowerManager)<Disable the service name and/or the name in brackets.

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Save.exe
    scvhost.exe<Not to be confused with svchost.exe
    Search.exe
    PowerReg Scheduler V3.exe
    Update.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.255.64.150:80

    R3 - URLSearchHook: (no name) - - (no file)

    F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe

    F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe

    O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com

    O1 - Hosts: 210.210.19.82 www.sifymall.com

    O2 - BHO: (no name) - {43298275-B5EB-440D-89AA-BD431033F2C6} - C:\WINDOWS\system32\PortablfDeviceClassExtension.dll (file missing)

    O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\DAEMON Tools SearchBar\search.dll

    O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\PCODEC\iesplugin.dll (file missing)

    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\PROGRA~1\DAP\dapiebar.dll (file missing)

    O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\Run: [{7CE8BB7F-0B76-1033-1110-050716040001}] "C:\Program Files\Common Files\{7CE8BB7F-0B76-1033-1110-050716040001}\Update.exe" mc-110-12-0000137

    O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe

    O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe

    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

    O4 - Startup: PowerReg Scheduler V3.exe

    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm

    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there) Only in these locations..

    C:\WINDOWS\svchost.exe

    PowerReg Scheduler V3.exe<Search your system for this file and delete all instances found.

    C:\Program Files\Save<Delete the entire folder.

    C:\WINDOWS\scvhost.exe

    C:\Program Files\Common Files\{7CE8BB7F-0B76-1033-1110-050716040001}<Delete the entire folder.

    D:\PROGRA~1\DAP<Delete the entire folder.

    C:\Program Files\DAEMON Tools SearchBar<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post fresh AVG Antispyware and HJT logs.

    Regards Howard :)

    This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. sirish007

    sirish007 TS Rookie Topic Starter

    i cleaned the malware files
    here r my new log files
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    IEInspector
    HTTPAnalyzerStdV2

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    HttpAnalyzer CodeHook service
    Power Manager (PowerManager)<Disable the service name and/or the name in brackets.

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    InjectWinSockServiceV2.exe
    hpprintqueue.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.255.64.150:80

    O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe

    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe

    O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerStdV2\InjectWinSockServiceV2.exe

    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\svchost.exe
    C:\Program Files\IEInspector<Delete the entire folder.
    C:\WINDOWS\system32\spool\hpprintqueue.exe
    C:\WINDOWS\system32\ccrpbds6.dll
    C:\WINDOWS\system32\msfDX.dll
    C:\WINDOWS\system32\fxtls532.dll

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...