Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysterious cmd.exe window shows up when computer boots


  • Please log in to reply
34 replies to this topic

#1 Lan-Astaslem

Lan-Astaslem

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 25 December 2014 - 05:02 PM

Hi fellow Bleepers,

 

Four days ago, I started to get a cmd.exe (black) window on my desktop every time I started my computer.  This window shows up just after all of the icons on the desktop have loaded.  The window presents the following message:

 

The system cannot find the file specified.

C:\WINDOWS\system32>_

 

Please note that the cursor at the end of the command line is blinking.   In addition, the window remains on the desktop until I either delete the window or minimize it with no problems. 

I have started my computer in Safe Mode and the screen still shows up.

 

Windows Task Manager shows cmd.exe running under the Applications Tab and cmd.exe in the list under the Processes Tab.  All of my applications, email, and browsers (Chrome, IE, & Mozilla) seem to work fine. 

 

 My computer is a Dell XPS 400 tower running XP w/SP3 and is a 32-bit version.

 

I have run several scans using Malwarebytes, McAffee LiveSafe, and CHKDSK….and no infections, malware, viruses, or bad sectors were found.

 

I have used MSCONFIG, SystemMechanic, and CCleaner to check the startup programs and nothing unusual or out of the ordinary shows up.

 

Other than being annoying and “mysterious” the damn screen doesn’t seem to affect anything else.

 

Any help or suggestions on how to get rid of the screen will be very much appreciated.

 

Thank You.


Edited by hamluis, 29 December 2014 - 11:45 AM.
Moved from AII to MRL per request - Hamluis.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:19 PM

Posted 25 December 2014 - 05:32 PM

Hi,

 

Can you generate a report using Autoruns so we ca see what Windows its loading?

- Download Autoruns using this link to the desktop
- run the program
- let the program do a scan and the open the Menu Options -> Filter Options... -> unckeck Hide Windows entries
- let the program scan again
- make sure you are located on the Everything tab, open the Menu File -> Save and then save the file autoRuns.arn on the desktop
- please zip the file autoRuns.arn and attach the zip to your post.
 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:19 PM

Posted 25 December 2014 - 05:32 PM

Hi Lets get some initial information firstly:

We will be helping you with your problems. Please be patient while we assist you.
Some points for you to keep in mind while we are helping you to make things go easier and faster for both of us
  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.
NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
----------------------------------------------
Please do the following:
:step1:
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and <strong class='bbc'>save it to your Desktop. <span style='color: #FF0000'> Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).<li>Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.</ul> :step2:
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
:step3:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.
:step4:
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:19 PM

Posted 26 December 2014 - 03:41 PM

Sorry...


Edited by SleepyDude, 27 December 2014 - 10:57 AM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 Lan-Astaslem

Lan-Astaslem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 December 2014 - 01:21 PM

RE: SleepyDude,

 

Thank you for your help.

 

As per your instructions, the following link contains the Zipped output file (autoruns.arn) from the Autoruns scan you recommended:

 

http://www.datafilehost.com/d/b25c991d

 

Thanks again, and please take care.

 

Greg



#6 Lan-Astaslem

Lan-Astaslem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 December 2014 - 03:37 PM

RE: dev00790,

 

Thank you for your assistance.

 

As per your instructions, I completed Step #1......ran TDSSKiller.exe.   At the end of the scan, a summary window opened, with the message: "No threats found" with 362 Objects Processed in 19 seconds.  The output Log File is VERY long.....I will post it if you still need to see it.  

 

PS....It appears that (among other things) it scanned the entire contents of the C:\WINDOWS\system32 folder.......so I did a string search for "cmd.exe" and there is no such entry or file with that name in the Log File......which seems a bit odd, because when I do a file search on My Computer Folders there is a "cmd.exe" file in the WINDOWS\system32 folder......except it is the ONLY file with a {small black C:\} icon next to the cmd.exe file name.........any thoughts on why this is so????

 

I will proceed with Step #2 in your post.......running AdwCleaner, and let you know the results.

 

Thanks again, and take care.



#7 Lan-Astaslem

Lan-Astaslem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 December 2014 - 05:02 PM

RE:  dev00790,

 

I completed Step #2......run AdwCleaner.   The log file is as follows:

 

# AdwCleaner v4.106 - Report created 27/12/2014 at 13:46:30
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Greg - FOUQUET-FA3943C
# Running from : C:\Documents and Settings\Greg\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R1].txt - [1252 octets] - [27/12/2014 13:46:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1312 octets] ##########
 
 
I will now complete Step #3......run Farbar Service Scanner.
 
Thanks and take care.


#8 Lan-Astaslem

Lan-Astaslem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 December 2014 - 05:11 PM

RE:  dev00790,

 

I completed Step #3.......run Farbar Service Scanner........and the Log File is as follows:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Greg (administrator) on 27-12-2014 at 14:08:25
Running from "C:\Documents and Settings\Greg\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) SbFw(8) SBFWIMCLMP(9) sbtis(10) Tcpip(4) 
0x0B00000005000000010000000200000003000000040000000B00000008000000070000000A0000000900000006000000
IpSec Tag value is correct.
 
**** End of log ****
 
 
I will not complete Step #4.......run MiniToolBox.
 
Take care.


#9 Lan-Astaslem

Lan-Astaslem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 December 2014 - 05:25 PM

RE:  dev00790,

 

I completed Step #4.......ran MiniToolBox.......the Log File is as follows:

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Greg (administrator) on 27-12-2014 at 14:15:11
Running from "C:\Documents and Settings\Greg\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/1000 PL Network Connection = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
D-Link DWA-140 RangeBooster N USB Adapter(rev.B2) = Wireless Network Connection 2 (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Wireless Network Connection 2"
 
set address name="Wireless Network Connection 2" source=dhcp 
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : fouquet-fa3943c
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Wireless Network Connection 2:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : D-Link DWA-140 RangeBooster N USB Adapter(rev.B2)
 
        Physical Address. . . . . . . . . : 1C-AF-F7-65-C4-8B
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.9
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Saturday, December 27, 2014 10:39:18 AM
 
        Lease Expires . . . . . . . . . . : Sunday, December 28, 2014 10:39:18 AM
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  74.125.224.132, 74.125.224.130, 74.125.224.136, 74.125.224.129
 74.125.224.137, 74.125.224.135, 74.125.224.134, 74.125.224.128, 74.125.224.131
 74.125.224.142, 74.125.224.133
 
 
 
Pinging google.com [74.125.224.129] with 32 bytes of data:
 
 
 
Reply from 74.125.224.129: bytes=32 time=25ms TTL=56
 
Reply from 74.125.224.129: bytes=32 time=20ms TTL=56
 
 
 
Ping statistics for 74.125.224.129:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 20ms, Maximum = 25ms, Average = 22ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=60ms TTL=52
 
Reply from 98.138.253.109: bytes=32 time=60ms TTL=52
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 60ms, Maximum = 60ms, Average = 60ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...1c af f7 65 c4 8b ...... D-Link DWA-140 RangeBooster N USB Adapter(rev.B2) - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.9  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0      192.168.1.9     192.168.1.9  20
      192.168.1.0    255.255.255.0      192.168.1.9     192.168.1.9  20
      192.168.1.9  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255      192.168.1.9     192.168.1.9  20
        224.0.0.0        240.0.0.0      192.168.1.9     192.168.1.9  20
  255.255.255.255  255.255.255.255      192.168.1.9     192.168.1.9  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/24/2014 07:04:55 PM) (Source: .NET Runtime) (User: )
Description: Application: MSI79.tmp
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 79160E75 (79140000) with exit code 80131506.
 
Error: (12/24/2014 00:36:52 PM) (Source: Microsoft Management Console) (User: )
Description: 271806108
 
Error: (12/24/2014 00:36:45 PM) (Source: Microsoft Management Console) (User: )
Description: mmc.exe5.2.3790.4136ieframe.dll8.0.6001.235800014ead1
 
Error: (12/23/2014 09:56:31 AM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x00640068.
Processing media-specific event for [McSvHost.exe!ws!]
 
Error: (12/15/2014 02:23:56 PM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module HomeNetSvc.dll, version 6.8.721.0, fault address 0x00068fc3.
Processing media-specific event for [McSvHost.exe!ws!]
 
Error: (11/19/2014 11:05:09 AM) (Source: Application Error) (User: )
Description: Faulting application msimn.exe, version 6.0.2900.5512, faulting module directdb.dll, version 6.0.2900.5512, fault address 0x00007641.
Processing media-specific event for [msimn.exe!ws!]
 
Error: (11/19/2014 11:04:13 AM) (Source: ESENT) (User: )
Description: svchost (1916) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (12/27/2014 11:15:43 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/27/2014 10:43:36 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Boot Delay Start Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/27/2014 10:42:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (12/27/2014 10:42:44 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Boot Delay Start Service service hung on starting.
 
Error: (12/27/2014 09:07:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (12/27/2014 09:07:51 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Boot Delay Start Service service hung on starting.
 
Error: (12/26/2014 03:52:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (12/26/2014 03:52:06 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Boot Delay Start Service service hung on starting.
 
Error: (12/26/2014 00:14:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the McNaiAnn service.
 
Error: (12/26/2014 00:14:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the McAfee SiteAdvisor Service service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2014 00:35:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7372 seconds with 5340 seconds of active time.  This session ended with a crash.
 
Error: (10/07/2013 11:23:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 174 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (08/18/2013 11:59:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/18/2013 11:53:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 376 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (05/31/2013 03:11:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
 
 TECH SUPPORT 855-316-TECH (8324) (HKLM\...\{C2835850-FCEB-4A1A-A213-57E7A9A8EC62}) (Version: 7.0.454 - LogMeIn, Inc.)
=========================== Installed Programs ============================
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version:  - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlestations: Midway Patch V1.1.1 (Version: 1.00.0000 - EIDOS HUNGARY) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Creative Audio Console (HKLM\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
D-Link RangeBooster N DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version:  - D-Link)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Photosmart 5520 series Basic Device Software (HKLM\...\{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.1 - iolo technologies, LLC)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
LEGO MINDSTORMS NXT - English Language Pack (HKLM\...\{D70FB770-BE91-4A1C-942B-F2F7C3BFB2C7}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver (HKLM\...\{D30E4145-9120-4497-AD35-F78482C3CF88}) (Version: 1.17.770 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LEGO MINDSTORMS NXT Software v2.0 (HKLM\...\{5B7EDCF8-E6AD-4E99-972C-34BF1F07B349}) (Version: 2.0.114.0 - LEGO)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM\...\SafeKey) (Version: 2.1.6 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.136 - McAfee, Inc.)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft English TTS Engine (Version: 2.0.1000.0 - Microsoft) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Streets & Trips 2013 (HKLM\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
Quicken 2009 (HKLM\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2012 (HKLM\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SAPI Wrapper (Version: 1.0.0.0 - Microsoft Corporation) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
SOS Online Backup (HKLM\...\{2251D2CA-3F6C-4A8A-8B76-C5A5E1EEBC13}) (Version: 5.17.0.20 - SOS Online Backup, Inc.)
SpeedyComputer v3.1 (HKLM\...\SpeedyComputer_is1) (Version: 3.1 - SpeedyComputer)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Task Force ImageGALLERY (HKLM\...\{DC67EE67-AE97-11D6-A70C-0050DA19147B}) (Version: 10.0.1 - NVTech Inc.)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
TTS Wrapper (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{9913305E-D4AC-4D26-B30F-799D529FB282}) (Version:  - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Vipre (Version: 6.1.5496 - Vipre) Hidden
WebClient (HKLM\...\WebClient) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )
 
========================= Devices: ================================
 
Name: Intel® PRO/1000 PL Network Connection
Description: Intel® PRO/1000 PL Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: e1express
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Network Controller
Description: Network Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 27%
Total physical RAM: 3326.09 MB
Available physical RAM: 2419.85 MB
Total Pagefile: 8151.81 MB
Available Pagefile: 7287.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.79 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:69.53 GB) (Free:34.4 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\FOUQUET-FA3943C
 
Administrator            ASPNET                   Greg                     
Guest                    HelpAssistant            SUPPORT_388945a0         
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
30-10-2014 21:31:19 System Checkpoint
01-11-2014 19:57:19 System Checkpoint
03-11-2014 02:20:26 System Checkpoint
08-11-2014 03:02:17 System Checkpoint
09-11-2014 23:17:08 System Checkpoint
12-11-2014 15:02:10 Software Distribution Service 3.0
13-11-2014 19:38:38 System Checkpoint
16-11-2014 02:25:55 System Checkpoint
18-11-2014 19:09:31 System Checkpoint
19-11-2014 23:15:32 System Checkpoint
20-11-2014 16:43:23 Installed SOS Online Backup
20-11-2014 16:43:47 Removed SOS Online Backup
21-11-2014 19:29:25 System Checkpoint
22-11-2014 20:36:22 System Checkpoint
23-11-2014 21:09:58 System Checkpoint
25-11-2014 02:18:59 System Checkpoint
28-11-2014 20:41:28 System Checkpoint
29-11-2014 23:39:25 System Checkpoint
01-12-2014 00:12:02 System Checkpoint
03-12-2014 21:33:02 System Checkpoint
04-12-2014 21:56:56 System Checkpoint
05-12-2014 22:39:16 System Checkpoint
08-12-2014 21:33:57 System Checkpoint
09-12-2014 18:22:46 Software Distribution Service 3.0
10-12-2014 21:27:27 System Checkpoint
12-12-2014 18:19:59 System Checkpoint
13-12-2014 19:17:13 System Checkpoint
14-12-2014 21:57:26 System Checkpoint
16-12-2014 00:29:51 System Checkpoint
17-12-2014 19:16:40 System Checkpoint
19-12-2014 18:26:46 System Checkpoint
20-12-2014 19:47:26 System Checkpoint
22-12-2014 20:01:29 System Checkpoint
22-12-2014 20:58:16 Installed SOS Online Backup
22-12-2014 20:58:47 Removed SOS Online Backup
23-12-2014 06:44:06 Restore Operation
24-12-2014 08:53:09 System Checkpoint
25-12-2014 03:04:45 Removed SOS Online Backup
25-12-2014 03:19:58 Installed SOS Online Backup
27-12-2014 20:54:33 System Checkpoint
 
**** End of log ****
 
 
I hope the information / Log Files from the various scans will be of use to you.   Please let me know if there is anything else I can do to help.
 
Thank you again, and take care. 


#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:19 PM

Posted 28 December 2014 - 11:14 AM

Hi,

 

Open the Command Prompt and type the following two commands:

sc delete SASDIFSV
sc delete SASKUTIL

Restart the computer and tell us if the cmd window are gone.

I see you have Malwarebytes installed please run the program and make sure it is updated the run a full scan, does it reports any malware?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 Lan-Astaslem

Lan-Astaslem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 December 2014 - 02:42 PM

RE:  SleepyDude,

 

1.   I ran the two command line deletes (SASDIFSV and SASKUTIL) as requested......restarted the computer......and.....the bloody black cmd windows is still showing up as before.

 

2.  After the restart, I ran a Malwarebytes (updated) full scan.....26 non-malware (PUP.Optional.Vosteran) items quarantined/deleted.   These scan results are a bit puzzling, because I ran two full Malwarebytes scans BEFORE I started this thread three days ago, and the results were clean with no items reported.

 

3.  I will let you know the situation after I restart the computer.

 

Thanks again, and take care.



#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:19 PM

Posted 28 December 2014 - 05:12 PM

Hi,

 

Restart the computer and don't close the cmd window, next:

 

Open the Command Prompt and type:

WMIC /OUTPUT:"%userprofile%\Desktop\ProcessList.txt" PROCESS get Caption,ExecutablePath,Commandline,Processid 

A log called ProcessList.txt will be created on the Desktop please Copy & Past the file contents to your post.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 Lan-Astaslem

Lan-Astaslem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 December 2014 - 07:57 PM

RE:  SleepyDude,

 

Thank you for your help and patience.

 

1.  I uninstalled Mozilla Firefox, and then did a complete Malwarebytes scan which showed no (0) items detected.

 

2.  As per your instructions, I ran the Command Prompt line as shown (with the Black cmd.exe screen open on the desktop).......The ProcessList.txt output file is pretty messy, so I uploaded it to DatFileHost.......and the download link is as follows:

http://www.datafilehost.com/d/3613ca9f

 

Thanks again and take care.

 



#14 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:19 PM

Posted 29 December 2014 - 10:57 AM

Hi,

 

Based on the last log it seems your computer is infected with something but because it uses legit Windows files the scans don't report nothing.

 

Most likely we have to remove the infection manually using tools not allowed on this section of the forum.

 

I will request a moderator to move the topic and will post new instructions for you when the move was completed...


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:19 PM

Posted 29 December 2014 - 12:50 PM

Hi,

 

Let's take a deeper look...

 

Step 1 - Farbar Recovery Scan Tool (FRST)

  • Download FRST or FRST x64 and save it to the Desktop.
  • (Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, try FRST if it say that is not compatible with your OS you have to use FRST64
  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    (When the Tool opens for the first time you must click Yes on the disclaimer.)
    FRST.png
  • On the Whitelist painel Uncheck the following Options:
    • Registry
    • Processes
    • Services
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • The first time the Tool is run, it makes also another log (Addition.txt).
  • Please copy and paste the logs to your post.

 

Things I would like to see in your next reply:

  • The FRST.txt log and Addition.txt

 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users