Regedit, Cmd are not a valid Win32 application?!
- Thread starter mackygood
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Your system is infected with a variety of nasties and needs to be thoroughly scanned etc. You are also not running any antivirus or firewall programmes. Download and install the free Zonealarm firewall and the free AVG antivirus programme from HERE and HERE.
Install Zonealarm, followed by AVG and reboot your system. Run the AVG updates and then boot into safe mode and turn system restore off.
Do a full system scan with AVG and delete whatever it finds.
Reboot into normal mode and follow the instructions below.
Go HERE and follow the instructions exactly.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
Your system is infected with a variety of nasties and needs to be thoroughly scanned etc. You are also not running any antivirus or firewall programmes. Download and install the free Zonealarm firewall and the free AVG antivirus programme from HERE and HERE.
Install Zonealarm, followed by AVG and reboot your system. Run the AVG updates and then boot into safe mode and turn system restore off.
Do a full system scan with AVG and delete whatever it finds.
Reboot into normal mode and follow the instructions below.
Go HERE and follow the instructions exactly.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
howard_hopkinso
Posts: 21,238 +17
mackygood said:
paranoidguy is still only learning the ropes for HJT logs.
While he is getting better and better all the time, in your case his advice was a little off the mark.
I therefore deleted his post in order to stop you from getting the wrong information.
Regards Howard
um...can't really boot into safe mode ?!!
I press F8 go to safe mode...same black screen but this time I get this at bottom:
Press ESC to cancel loading SPTD.sys
I don't press ESC and wait.
Then the login menu shows up. I press my username ' Owner ' and it gives me a password box. Then it restarts. I've tried 5 times with the same results. I don't have a password so I'm wondering why it keeps on showing the password box.
Any help on this??
thanks
I press F8 go to safe mode...same black screen but this time I get this at bottom:
Press ESC to cancel loading SPTD.sys
I don't press ESC and wait.
Then the login menu shows up. I press my username ' Owner ' and it gives me a password box. Then it restarts. I've tried 5 times with the same results. I don't have a password so I'm wondering why it keeps on showing the password box.
Any help on this??
thanks
howard_hopkinso
Posts: 21,238 +17
SPTD.sys is part of the Daemon tools drivers and can cause problems.
When asked if you want to cancel SPTD.sys, choose yes.
Regards Howard
When asked if you want to cancel SPTD.sys, choose yes.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
You could try temporarily uninstalling Daemon tools and see if that helps.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
In that case go and manually delete the driver.
C:\windows\System32\Drivers\sptd.sys
Regards Howard
C:\windows\System32\Drivers\sptd.sys
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Mmm, something`s not quite right. Forget the safe mode bit for now and just run the system scan.
Then follow the rest of the instructions as far as you can.
Regards Howard
Then follow the rest of the instructions as far as you can.
Regards Howard
ok..just did everything you told me to.
AVG found two trojans and one worm. I deleted them all.
Then I followed the thread you gave me.
I chose F-secure online scan and it found three files.
I deleted them manually.
then i scanned with ewido and found two cookies and Alexa.
All deleted.
'
then i rebooted, but the problem is still continuing.
Here is a new HJT Log.
(When scanning I received this error message:
An unexpected error has occurred at procedure: modMain_CheckOther14Item()
Error #62 - Input past end of file
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
)
I clicked ok and it went on scanning.
Attached is the log.
Thanks,
mack
AVG found two trojans and one worm. I deleted them all.
Then I followed the thread you gave me.
I chose F-secure online scan and it found three files.
I deleted them manually.
then i scanned with ewido and found two cookies and Alexa.
All deleted.
'
then i rebooted, but the problem is still continuing.
Here is a new HJT Log.
(When scanning I received this error message:
An unexpected error has occurred at procedure: modMain_CheckOther14Item()
Error #62 - Input past end of file
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
)
I clicked ok and it went on scanning.
Attached is the log.
Thanks,
mack
howard_hopkinso
Posts: 21,238 +17
I`ve no idea what the error message you got means.
However, I can tell you your HJT log is now clean.
How is your system running now?
Regards Howard
However, I can tell you your HJT log is now clean.
How is your system running now?
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Thanks for your help.
you know where i can get a copy of cmd.exe ( and regedit ) ? googled it and can't find it : (
as for repairing, My WindowsXP CD's different from the one in the thread.
my pc was made in taiwan, XP was bundled, and they only gave me their company-made XP installation CD.
no signs of any repair option ...
you know where i can get a copy of cmd.exe ( and regedit ) ? googled it and can't find it : (
as for repairing, My WindowsXP CD's different from the one in the thread.
my pc was made in taiwan, XP was bundled, and they only gave me their company-made XP installation CD.
no signs of any repair option ...
howard_hopkinso
Posts: 21,238 +17
Take a look at this thread HERE. It may help with your regedit and cmd problems.
Have you tried typing cmd.exe into the run box and hitting the enter key?
Do the same with regedit and see what happens.
It could be that the infections you`ve just got rid of have damaged some of your OS files.
If all else fails, I`ll send you a copy of my cmd.exe file and regedit.exe file.
Please let me know how you get on.
Regards Howard
Have you tried typing cmd.exe into the run box and hitting the enter key?
Do the same with regedit and see what happens.
It could be that the infections you`ve just got rid of have damaged some of your OS files.
If all else fails, I`ll send you a copy of my cmd.exe file and regedit.exe file.
Please let me know how you get on.
Regards Howard
i have same problem. however, the regedit file is there in c:\windows\
if i type "regedit.exe" instead of just "regedit" the registry editor pops right up. not sure why this is, but it works for the moment while i try to figure out how to fix it.
EDIT: u must go to "c:\windows\system32\" and delete regedit.com and assuming regedit.exe is still in c:\windows\ the problem is fixed for now. if ur confused by there being no .exe or .com after the file, go to menu bar Tools/Folder Options go to the View tab then uncheck the box for "hide extensions for known file types" and Hit OK. this will make extensions for all files visible. be sure to go back and recheck the box after ur done just for any n00bs who might come along and screw themselves up.
as mentioned, regedit.com is mal-ware so u probly have more problems than just this fix.
if i type "regedit.exe" instead of just "regedit" the registry editor pops right up. not sure why this is, but it works for the moment while i try to figure out how to fix it.
EDIT: u must go to "c:\windows\system32\" and delete regedit.com and assuming regedit.exe is still in c:\windows\ the problem is fixed for now. if ur confused by there being no .exe or .com after the file, go to menu bar Tools/Folder Options go to the View tab then uncheck the box for "hide extensions for known file types" and Hit OK. this will make extensions for all files visible. be sure to go back and recheck the box after ur done just for any n00bs who might come along and screw themselves up.
as mentioned, regedit.com is mal-ware so u probly have more problems than just this fix.
- Status
Latest posts
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- captaincranky replied
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
