cmd, CTRL + ALT + DEL - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 01-26-2006, 06:33 PM   #1 (permalink)
Newb Techie
 
Join Date: Jan 2006
Posts: 7
Default cmd, CTRL + ALT + DEL

wen ever i try to open a cmd box or hit CTRL + ALT + DEL, it opens and then closes instantly

anyone have any idea how to fix this?
__________________

mole4321 is offline  
Old 01-26-2006, 06:34 PM   #2 (permalink)
S e c u r e d
 
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760
Default

First scan your machine for any malware.
Use HighJackThis.
Post the log here.
__________________

__________________
brady is offline  
Old 01-26-2006, 06:45 PM   #3 (permalink)
Newb Techie
 
Join Date: Jan 2006
Posts: 7
Default

i run that highjack but to my eye it doesnt mean much any chance of your expertises?

Logfile of HijackThis v1.99.1
Scan saved at 11:40:35 PM, on 1/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
E:\WINDOWS\wt\updater\wcmdmgr.exe
E:\Program Files\ItBill\itbill.exe
E:\Program Files\winupdates\winupdates.exe
E:\Documents and Settings\murray\Desktop\msmsgs.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\ntvdm.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Documents and Settings\Murray\My Documents\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [wcmdmgr] E:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] E:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "E:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "E:\Program Files\ItBill\itbill.exe"
O4 - HKLM\..\Run: [winupdates] E:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "E:\Documents and Settings\murray\Desktop\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: MyWebSearch Email Plugin.lnk = E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm491YYIE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137842922671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
mole4321 is offline  
Old 01-26-2006, 06:51 PM   #4 (permalink)
S e c u r e d
 
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760
Default

Oh wow... yeah you've got some visitors.
Please Delete :

mwsoemon.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -


O4 - HKLM\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZCxdm491YYIE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
__________________
brady is offline  
Old 01-26-2006, 07:01 PM   #5 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Follow these instructions carefully

Download ALL 4 programs and update them as soon as they are installed, this is very important, except for Hijackthis!.

Ad Aware SE Personal Free

Spybot Search and Destroy Free

Microsoft Windows AntiSpyware Free

HijackThis Free

Ewido

Follow these steps

Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot.

Delete all cookies and temporary internet files in the control panel.

Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, click apply, dont reboot yet.

Download Msconfig Cleanup below

Msconfig Cleanup Free

Run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit".

Now run each spyware program 1 by 1. Running all 3 at the same time will slow most systems down.

When each program has finished scanning, remove everything.

For Microsoft Antispy, after it has finished scanning, some items will/might be on ignore, you will need to select remove unless the program is valid such as VNC Viewer, etc.

Now go to the recycle bin and delete everything that is in it.

When finished with the scans, reboot, and go into Safe Mode and run these scans again, remove everything they find, and then reboot back into Windows in normal mode. You dont need to run Hijackthis! yet.

Then run HiJackthis!

Save the log, copy and paste the log on www.techist.com
Do not attach the log, copy and paste always. This will make things go much faster.
__________________
Osiris is offline  
Old 01-26-2006, 07:01 PM   #6 (permalink)
Newb Techie
 
Join Date: Jan 2006
Posts: 7
Default

ok. ive deleted all them files. still cant open a cmd window any other ideas? wat were them files ya no? howd they get in?
mole4321 is offline  
Old 01-26-2006, 07:05 PM   #7 (permalink)
S e c u r e d
 
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760
Default

Follow the instructions left by Warez Monster...
__________________
brady is offline  
Old 01-27-2006, 08:14 AM   #8 (permalink)
Newb Techie
 
Join Date: Jan 2006
Posts: 7
Default

ive downloaded and run all the programs. deleted what has to be deleted. here is my log from highjackthis! hope makes some sorta sense

Logfile of HijackThis v1.99.1
Scan saved at 1:11:50 PM, on 1/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Program Files\ewido anti-malware\ewidoguard.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Murray\My Documents\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137842922671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
mole4321 is offline  
Old 01-27-2006, 08:20 AM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Thumbs up

looks perfect.....
__________________
Osiris is offline  
Old 01-27-2006, 08:22 AM   #10 (permalink)
Newb Techie
 
Join Date: Jan 2006
Posts: 7
Default

yea things are running sweet this end .
cheers
__________________

mole4321 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 11:19 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.