try logging in by using other username, if possible, then try to run cmd by start>run>cmd;
see what happens, let us know.

btw, what do you have in the directory C:\windows\system32\cmd.exe ?

If not possible, please download this Hijack tool from this site www.majorgeeks.com/download5554.html ;and save it to DESKTOP.
Then doubleclick it (it doesn't need installation)...checklist the 'Do a systemscan and save logfile' tab. As soon as it finishes, it shall produce you a logfile (in notepad), either copy-paste the content here or attach it here (it is saved under C:\Program Files\Trendmicro\HijackThis\HijackThis.txt

WARNING:
Don't click or do anything while HijackThis is doing a scan, or else it may cause your computer to stall and must be rebooted.

Hi maryamj

It looks like you only use one browser, Internet Explorer, in your pc. IE is quite vulnerable to virus/spyware/malware attacks. However, i don't see any dangerous application running in your logfile (or is it me who is not good at reading logfile?). Quite confusing........

Anyway, I don' t see any antispyware running in your pc. hmm..that's quite risky!

Try installing these spyware/malware removal tools:
Ad-aware: http://www.lavasoft.de/
AVG-AS : http://www.ewido.net/en/

There is a free version for Ad-aware; but for avg-as, you can only use the resident-shield, which is a real-time scanning, for 30 days.

Install and do a scan with both of them, delete/move to vaults any file(s) found by them. Then let us know the update behaviour of your pc.

PS:
1. Could you please let us know what had happened before the cmd disappeared?
2. After installing ad-aware, you might be asked to reboot and update first, after booting, your pc might be a bit slower than usual. This is ok.
3. Try running the cmd from Task Manager,
CTRL+ALT+DEL>New Task>choose from the list or use the browse button to navigate it to the corresponding folder.

Jo.

Hi maryamj,

From the HijackThis logifle, windows services are actually running...quite weird if you can't open windows utility files.
I gotta be offline soon enough and will be offline for a couple of days. I notice that the forum here is quite passive in responding to threads.

I'd recommend you to go this forum:
register yourself, read the rules, post a new thread by describing the behaviour of your pc under Microsoft Support and your corresponding OS in that forum. That forum is a lot more active. You can also give the link in that forum which directs to the thread here so that the moderator/administrator/computer experts/enthusiasts can have a glimpse of what you have been through.

But before you do so, please complete the scanning and moving-to-vault/quarantine any infections found by the antispyware/malware tools given before.
Sorry for not being quite helpful to you, maryamj.

Dear Moderator,
Sorry if I refer this person to other forum, as it can help her better and faster, at least.
Hope you don't mind.

Jo.

Posting this in hopes it will be helpful to later users:

Yes, this activity can be caused by viruses, spyware, etc. Get a good anti-virus and clean everything up! I used Vexira. I had Backdoor.Win32.Hupigon.gpm

It puts a hidden autorun in the root of every Disk Drive, and on USB keys, which is how it travels.
You will have to enable viewing hidden files, and a couple boxes under that, uncheck "protect windows system files"

Vexira detected and cleaned all these up. Be sure you get your USB keys cleaned too!
It does leave annoying little folders called ..runauto in the root. I used the "unlocker" tool to delete these, although they are clean now. http://ccollomb.free.fr/unlocker/
Be sure that the autorun.pif file is deleted from the root of all the drives. This will cause your windows drives to not load from My Computer until after you reboot.

After all that cleaning, I still couldn't use cmd.exe, regedit.exe, etc.

I have figured out the fix for the programs that were disabled by the virus.

Backup your registry first, just in case.

It takes advantage of a debug option in the registry. I have emergency utils that gives me a copy of regedit.exe so I can edit the registry.
http://www.dougknox.com/xp/utils/xp_emerutils.htm

Look here:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
cmd.exe etc.

Under each of the .exe files that doesn't work, there is a handle called "Debugger" with the value set to "setuprs1.PIF" on mine. Delete the entire debugger entry.

If your name is the same, you can just search for all instances of setuprs1.pif, and delete them all.


This guy explains how it works. So any of those programs were actually set to install the virus again. But of course, the real program couldn't be found. And after the virus program cleaned out the .pifs, there was nothing there. It's interesting that you can actually use a completely different program so easily ... under the name cmd.exe .... NO WONDER viruses use it!
http://geekswithblogs.net/ssimakov/archive/2005/03/22/26930.aspx

Image File Execution options key as an Attack Vector on Windows
Dana Epp posted interesting article about using Image File Execution options in the Windows registry to redirecting a process loading:

By simply mapping the executable name to a different debugger source, you can actually load something else entirely.

Let me give you a proof of concept:

Start the Registry Editor: Click Start, click Run, and then type regedt32.

Locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

To this hive, add the SOURCE exe as a key. Lets use notepad.exe: (Right click and select New, and then Key (Add the key and name it notepad.exe)

To the notepad.exe key, add a new REG_SZ (string) value called Debugger, and point it to c:\windows\system32\cmd.exe

Start up notepad (Click Start, click Run, and then type notepad)

Notice that a new cmd window opened instead [more in Dana's blog entry]
BTW, Mark Russinovich's ProcessExplorer is using this technique to replace default Task Manager (check your HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe key)

Good luck!

if you still havent fixed it by now then check out the "kernel.exe" i have heard it has caused alot of problems.....
i also have this problem but do not know what is causing this. i dont have kernel.exe so i dunno ......Help!!!

Thanks dwlorimer.
This worked a treat.

I just exported the "Image File Execution Options" key to a file opened it in notepad and replaced the debugger line with "setuprs1.PIF" in it with a blank line and saved the file. Then I deleted the "Image File Execution Options" key completely and merged the file with the registry and bobs your uncle it all works again.

Thanks again

my problem with this error is under windows server 2008 and it seems to be a malware.
the solution is http://www.malwarebytes.org/mbam.php
just download its free version,
first of all when setup has been finished let the program to be updated,
it just takes a few minutes.
then open the malwarebytes and go to scanner ,
select quick scan , and let it scan your system,
after the scan has finished it tells you to view the result of
infected objects. so open view result and then push remove selected button
and remove objects.some objects may need windows to be restarted, so after reboot resume the process.after all infected objects removed you can exit the program and
try "CMD" in run .. it should work now.

No doubt after 3 years, the OP has solved the problem :).