Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EVENT ID 490


  • Please log in to reply
20 replies to this topic

#1 Vtrasikis

Vtrasikis

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 16 March 2010 - 03:11 PM

For some reason, my win-xp pro system is getting a lot of errors:

Event Type: Error
Event Source: ESENT
Event Category: General
Event ID: 490
Date: 3/16/2010
Time: 1:10:41 PM
User: N/A
Computer: NAUJAS
Description:
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Any idea what could be causing this????

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:04 AM

Posted 16 March 2010 - 06:08 PM

What are the symptoms in computer behavior?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Vtrasikis

Vtrasikis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 16 March 2010 - 07:48 PM

Seems a bit slower. I keep getting the errors, even when there is no one using it!!!!!!!!!!!!!!!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:04 AM

Posted 16 March 2010 - 09:56 PM

I suggest you travel to "Am I Infected?" forum to see, if your computer is clean.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Vtrasikis

Vtrasikis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 16 March 2010 - 10:29 PM

Already ran malwarebytes and my AV and both come back clean.............

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:04 AM

Posted 16 March 2010 - 10:31 PM

Please, post some computer info:
- processor type, amount of RAM (hold Windows logo key, hit Pause/Break key)
- hard drive size/free space (open "My Computer", right click on hard drive letter, click "Properties")
- security programs in use (antivirus, firewall)

=================================================================

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System


Under Select type to list, select:
Critical (Vista only)
Error


Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.

=======================================================================

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Attach the file to your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Vtrasikis

Vtrasikis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 16 March 2010 - 10:46 PM

Processor: Intel Core2 Duo CPU
E7400 @ 2.8 GHz
4GB of Ram

Hard Drive: 320 G.. 200 GB free

Security: AVAST antivirus v5

#8 Vtrasikis

Vtrasikis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 16 March 2010 - 10:50 PM

VEW result:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/03/2010 8:39:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/03/2010 5:52:59 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:52:54 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:43:18 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:41:14 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:41:11 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:38:13 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:36:10 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:36:08 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:29:10 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:26:06 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:26:04 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:19:11 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:17:08 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:17:06 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:14:09 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:12:06 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 5:12:04 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 4:59:05 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 4:56:43 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/03/2010 4:53:04 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/03/2010 3:11:12 PM
Type: error Category: 0
Event: 12 Source: PlugPlayManager
The device 'NDAS Raid1 SCSI Disk Device' (SCSI\Disk&Ven_NDAS&Prod_Raid1&Rev_1.0\2&1a6179b8&0&000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 16/03/2010 3:11:12 PM
Type: error Category: 0
Event: 12 Source: PlugPlayManager
The device 'NDAS Miniport Controller' (NDAS\SCSIAdapter_R01\1&2d12bed1&0&10001) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 16/03/2010 3:11:00 PM
Type: error Category: 0
Event: 296 Source: ndasscsi
\Device\Scsi\ndasscsi1 device(10001) is in RAID failure state.

Log: 'System' Date/Time: 16/03/2010 1:31:11 PM
Type: error Category: 0
Event: 12 Source: PlugPlayManager
The device 'NDAS Raid1 SCSI Disk Device' (SCSI\Disk&Ven_NDAS&Prod_Raid1&Rev_1.0\2&1a6179b8&0&000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 16/03/2010 1:31:11 PM
Type: error Category: 0
Event: 12 Source: PlugPlayManager
The device 'NDAS Miniport Controller' (NDAS\SCSIAdapter_R01\1&2d12bed1&0&10001) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 16/03/2010 1:30:59 PM
Type: error Category: 0
Event: 296 Source: ndasscsi
\Device\Scsi\ndasscsi1 device(10001) is in RAID failure state.

Log: 'System' Date/Time: 16/03/2010 2:07:09 AM
Type: error Category: 0
Event: 12 Source: PlugPlayManager
The device 'NDAS Raid1 SCSI Disk Device' (SCSI\Disk&Ven_NDAS&Prod_Raid1&Rev_1.0\2&1a6179b8&0&000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 16/03/2010 2:07:09 AM
Type: error Category: 0
Event: 12 Source: PlugPlayManager
The device 'NDAS Miniport Controller' (NDAS\SCSIAdapter_R01\1&2d12bed1&0&10001) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 16/03/2010 2:06:56 AM
Type: error Category: 0
Event: 296 Source: ndasscsi
\Device\Scsi\ndasscsi1 device(10001) is in RAID failure state.

Log: 'System' Date/Time: 16/03/2010 12:02:36 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 16/03/2010 12:02:29 AM
Type: error Category: 0
Event: 23 Source: Print
Printer Quicken PDF Printer failed to initialize because a suitable Amyuni Document Converter 300 driver could not be found.

Log: 'System' Date/Time: 16/03/2010 12:02:29 AM
Type: error Category: 0
Event: 23 Source: Print
Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found.

Log: 'System' Date/Time: 16/03/2010 12:00:16 AM
Type: error Category: 8
Event: 20 Source: Windows Update Agent
Installation Failure: Windows failed to install the following update with error 0x80070643: Rights Management Services Client with Service Pack 2 for Windows XP (KB979099).

Log: 'System' Date/Time: 15/03/2010 11:55:16 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 15/03/2010 11:55:16 PM
Type: error Category: 0
Event: 23 Source: Print
Printer Quicken PDF Printer failed to initialize because a suitable Amyuni Document Converter 300 driver could not be found.

Log: 'System' Date/Time: 15/03/2010 11:55:16 PM
Type: error Category: 0
Event: 23 Source: Print
Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found.

Log: 'System' Date/Time: 15/03/2010 11:53:20 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error: Access is denied.

Log: 'System' Date/Time: 15/03/2010 11:53:20 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error: Access is denied.

Log: 'System' Date/Time: 15/03/2010 11:53:20 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error: Access is denied.

Log: 'System' Date/Time: 15/03/2010 11:36:35 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.



*********************************************************************

Attached Files



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:04 AM

Posted 16 March 2010 - 11:11 PM

Go Start>Run, type in:
cmd
Click OK

In the command prompt window type the following commands, pressing the ENTER key on your keyboard after each line:

net stop cryptsvc
ren %systemroot%\system32\catroot2 oldcatroot2
net start cryptsvc


Restart computer.

=============================================================================

Re-run Autoruns, click "Logon" tab. We'll disable unnecessary startups (no actual programs will be removed).
UN-check following entries:

+ "IgfxTray"
+ "KernelFaultCheck"
+ "NeroFilterCheck"
+ "Persistence"
+ "SunJavaUpdateSched"
+ "TkBellExe"
+ "Malwarebytes' Anti-Malware" [leave this one alone, if you have paid version]
+ "ccleaner"

Restart computer

===============================================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

===================================================================================

Have you been hooked up to BOINC for a while?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Vtrasikis

Vtrasikis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 16 March 2010 - 11:17 PM

When I try the ren command, I get "Access is denied"

the net stop command did complete successfully

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:04 AM

Posted 16 March 2010 - 11:22 PM

Try same set of commands in Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:04 PM

Posted 16 March 2010 - 11:41 PM

Sounds like a bad malware infection that has changed the permissions.

#13 Vtrasikis

Vtrasikis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 17 March 2010 - 12:23 AM

well, ran the commands in safe mode did the restart then the autorun options...

how long should I keep the options unchecked????


as for the malware??? I ran malwarebytes and it ran clean...

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:04 PM

Posted 17 March 2010 - 12:23 AM

Malware can disable anti-malware software.

Edited by cryptodan, 17 March 2010 - 12:24 AM.


#15 Vtrasikis

Vtrasikis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 17 March 2010 - 12:29 AM

so what would you suggest for checking... malwarebytes ONLY runs when I manually run it...........




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users