You better check for trojans, viruses, and worms. Unless you're all patched up, this exploit shouldn't work anymore anyway. This is caused generally by the Nimda worm. It only works against unpatched Microsoft IIS 4/5 servers.
I am not very good at windows. This is just a wild idea. Do you think we can move cmd.exe to a non default folder, and don't set the path to it. Whenever we try to use cmd.exe we have to type the whole absolute path ? Does it helps ? By default, does windows require cmd.exe located in %systemroor%\cmd.exe ?