| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 139321 | 2015-04-14 02:35:00 | cmd.exe missing | B.M. (505) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1398510 | 2015-04-14 09:00:00 | Ok, I installed Hijackthis and then ran it through the analyser but it found the same as the rest, zip. However, here is the list of what is running: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:39:08, on 14/04/2015 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Wise\Wise Care 365\WiseTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Hard Disk Sentinel\HDSentinel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe |
B.M. (505) | ||
| 1398511 | 2015-04-14 10:31:00 | Wheres the rest of the Hijack List ? That's not much use, its only showing whats currently running, not whats loading or what is happening. The full HJT shows a great more details. What ever is causing the error message may not actually run after boot so wont show as a running process. ran it through the analyser but it found the same as the rest, zip. All that means is what ever is causing the error is not being detected as a nasty. Seen it happen many times where one legit program can cause others to do weird things on bootup. Theres a simple way to find out if its some Legit MS program causing the error, or something else-- Do a clean boot -- This video shows how www.youtube.com |
wainuitech (129) | ||
| 1398512 | 2015-04-14 15:27:00 | Sorry, I thought you only wanted to know what was running so here's the rest. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com.tw R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com.tw/ O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe -- End of file - 5405 bytes I'll stack a few more zzzzzz's and try the clean boot. :) |
B.M. (505) | ||
| 1398513 | 2015-04-14 20:27:00 | Update. Followed the clean boot instructions and problem still exists. :crying So we've established that it goes in safe mode, but not with clean boot. Time for a cuppa. |
B.M. (505) | ||
| 1398514 | 2015-04-14 20:59:00 | Have you tried Junkware Removal Tool and AdwCleaner just to check to see if any other problems exist? Do you have a XP disk with SP3? as you could do a Recovery without losing any files Don't think it's a good thing to have Wise Cleaner along with Advanced system Care,you could live without them Perhaps speedy could see over your highjack log |
Lawrence (2987) | ||
| 1398515 | 2015-04-14 22:58:00 | The hijack log doesn't look to bad. If you look at the original Picture posted, its not actually the real cmd in the way it looks, ( compare to the other picture posted) & its actually saying the c:\windows\system32 cant be found This is an educated guess, but suspect the cause ( seen it before on Computers that have had infections) at some stage something has been installed, now not installed and there are pieces left behind in the registry. What you can try --- 1st make a restore point (just in case) Open ccleaner, on the left, click registry - Scan you'll get a lot of entries, you can either look for anything that has the path HKCU\Software\Microsoft\Command Processor\AutoRun, or any other entry that wants to run something and remove it. Ccleaner only shows entries that are either dead, left overs, damaged. you can also manually go into the reg and follow the above path and look to see if theres any entry, mind you this is not the only place the command could be, as something is causing it to prompt - its a case of finding out what. OR as I do simply run it ( you may even get some speed back) :) Ccleaner is the only reg software I would ever use, all the others can be either over protective ( and wrong) or just plain rubbish. Once cleaned, reboot see if it still happens. |
wainuitech (129) | ||
| 1398516 | 2015-04-14 23:07:00 | In answer to your questions Lawrence I haven’t use the programmes you mention but found nothing with Malwarebytes or Hijackthis, and two pup’s with Nod32 online scanner which were quarantined but made no difference. I don’t have XP SP3 on the one disk but do have XP SP2 on one disk and SP3 on another. I take your point about having Wise Care and Advanced System Care on the same computer but can advise they have played well for quite a long time and are both on my other XP computer which doesn’t have this problem. Personally, my uneducated guess is that there is a rogue entry in the Registry but how does one find it? |
B.M. (505) | ||
| 1398517 | 2015-04-14 23:08:00 | Personally, my uneducated guess is that there is a rogue entry in the Registry but how does one find it? Read my post above :p | wainuitech (129) | ||
| 1398518 | 2015-04-14 23:21:00 | Morning Wainui, you posted whilst I was answering Lawrence. Yes, the first thing I did was run Ccleaner along with the registry check to get rid of anything hiding in temp files and the like but to no avail. BUT, what I didn’t do was turn off System Restore and I have struck it where nasty’s have taken up residence there. I’ll retrace my steps on this one after I’ve bottled some more grog. It’s driving me to drink and I don’t take much driving. ;) |
B.M. (505) | ||
| 1398519 | 2015-04-15 01:14:00 | Why is IE 6 still installed? | Speedy Gonzales (78) | ||
| 1 2 3 4 | |||||