PDA

View Full Version : cmd.exe missing



B.M.
14-04-2015, 02:35 PM
Hereís a curly one, my faithful old ASUS laptop running XP professional SP3 has decided to notify me every start-up that cmd.exe in the system32 folder canít be found.

See Screenshot:

6386


However, cmd.exe is definitely where it should be and works perfectly by double clicking it and from the RUN facility.

Iíve done all the normal housework like running CCleaner, Malware Bytes, virus scan but no joy.

I even ran sfc /scannow from the cmd.exe and it didnít ask for the XP disk once.

Further, I did a restore from a point when I knew it was working fine and it restored no problems, but the notification is still there at start-up.

Everything else seems to be fine, so I figure it is a false alert but whatís causing it?

Any suggestions?


:thanks

wainuitech
14-04-2015, 02:48 PM
Sounds a lot like the left overs of an infection as mentioned windowsxp-missing-system32-cmd-exe-417618.html (http://www.realgeek.com/forums/windowsxp-missing-system32-cmd-exe-417618.html)

Try this -- Go to the link in the post, http://www.dougknox.com/download the fix, pictured below.

6387

B.M.
14-04-2015, 03:51 PM
Thanks Wainui but unfortunately that didn't work. :crying

B.M.
14-04-2015, 04:07 PM
Further, a statement from that link you provided Wainui has me scratching my head. "cmd.exe is not a Windows file"

6388

A search of the computer found it in the system32 folder and the i386 folder????????

6389

:confused:

wainuitech
14-04-2015, 04:51 PM
That site -- The message means its not a actual windows file, its actually a infection masquerading as a cmd.exe


Have a look in msconfig / Startup tab to see if anything relating to CMD is ticked /told to run, it shouldn't be.

Also look for any entry that's running from C:\Documents and setting\........ There should be any.

All those locations are fine, they are meant to be there.

B.M.
14-04-2015, 06:13 PM
That site -- The message means its not a actual windows file, its actually a infection masquerading as a cmd.exe


Have a look in msconfig / Startup tab to see if anything relating to CMD is ticked /told to run, it shouldn't be.

Also look for any entry that's running from C:\Documents and setting\........ There should be any.

All those locations are fine, they are meant to be there.

Ok, to start at the top.

This is weird because cmd.exe does appear to be a genuine windows file. :confused::confused:

I say this because another XP Computer I have shows it in the same place and the same size. Also, double clicking it in the system32 folder produces this screenshot.

6390


Maybe someone else with XP might care to take a look at theirs?

Moving onto the start-up there was quite a few items I hadnít seen before, however google didnít list any of them as a problem as long as they werenít impostors, but how do you tell? Anyway, I un-ticked the ones I wasnít sure about but that didnít fix the problem either.


However, I had another thought and started the computer on Safe Mode and the problem was gone. Unfortunately, itís back in normal mode.

This really is becoming quite a challenge. :badpc:

Kame
14-04-2015, 06:24 PM
Hey BM,

At startup? So you are not running cmd.exe yourself?

You need to find which startup item it is, and fix it from there. The error is suggesting that a program that gets executed by cmd.exe does not exist anymore.

If you discover which startup item is requesting it and remove it, you should not be bugged by this anymore.

Someone should be able to recommend the tools to check it, maybe msconfig would work but I'm sure there's better alternatives. If there's batch files on start up, check inside them for anything suspicious.

Cheers,

KK

wainuitech
14-04-2015, 06:33 PM
What kame posted is what i suggested.

Lets have a look at whats starting -- Assuming you have Ccleaner - open it, On the left -- Tools / start up -- Then down the bottom Right click Save to text file - post its contents here. OR hijackthis -- run save as text file ( from memory) post its contents.

wainuitech
14-04-2015, 06:44 PM
OR use the inbuilt tools you have -- Open a command Prompt ( as Admin). Copy / paste or type out exactly the following into the window

wmic startup get caption,command > c:\StartupApps.txt <press Enter>

Go to your C drive there will be a text file called startupapps copy its contents here.

B.M.
14-04-2015, 06:50 PM
No kame, not running it myself at start-up.

I only found it and clicked on it to see where it took me which I thought might be a clue. No such luck.

I interpreted the message as saying the system couldnít find cmd.exe which just so happens to be where itís looking.

All very confusing. :)

B.M.
14-04-2015, 09:00 PM
Ok, I installed Hijackthis and then ran it through the analyser but it found the same as the rest, zip.

However, here is the list of what is running:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:39:08, on 14/04/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wise\Wise Care 365\WiseTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

wainuitech
14-04-2015, 10:31 PM
Wheres the rest of the Hijack List ?

That's not much use, its only showing whats currently running, not whats loading or what is happening. The full HJT shows a great more details. What ever is causing the error message may not actually run after boot so wont show as a running process.


ran it through the analyser but it found the same as the rest, zip. All that means is what ever is causing the error is not being detected as a nasty. Seen it happen many times where one legit program can cause others to do weird things on bootup.

Theres a simple way to find out if its some Legit MS program causing the error, or something else-- Do a clean boot -- This video shows how https://www.youtube.com/watch?v=ntXinCnklrQ

B.M.
15-04-2015, 03:27 AM
Sorry, I thought you only wanted to know what was running so here's the rest.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com.tw/
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe

--
End of file - 5405 bytes

I'll stack a few more zzzzzz's and try the clean boot. :)

B.M.
15-04-2015, 08:27 AM
Update.

Followed the clean boot instructions and problem still exists. :crying

So we've established that it goes in safe mode, but not with clean boot.

Time for a cuppa.

Lawrence
15-04-2015, 08:59 AM
Have you tried Junkware Removal Tool and AdwCleaner just to check to see if any other problems exist?

Do you have a XP disk with SP3? as you could do a Recovery without losing any files

Don't think it's a good thing to have Wise Cleaner along with Advanced system Care,you could live without them

Perhaps speedy could see over your highjack log

wainuitech
15-04-2015, 10:58 AM
The hijack log doesn't look to bad.

If you look at the original Picture posted, its not actually the real cmd in the way it looks, ( compare to the other picture posted) & its actually saying the c:\windows\system32 cant be found

This is an educated guess, but suspect the cause ( seen it before on Computers that have had infections) at some stage something has been installed, now not installed and there are pieces left behind in the registry.

What you can try --- 1st make a restore point (just in case) Open ccleaner, on the left, click registry - Scan you'll get a lot of entries, you can either look for anything that has the path HKCU\Software\Microsoft\Command Processor\AutoRun, or any other entry that wants to run something and remove it. Ccleaner only shows entries that are either dead, left overs, damaged.

you can also manually go into the reg and follow the above path and look to see if theres any entry, mind you this is not the only place the command could be, as something is causing it to prompt - its a case of finding out what.

OR as I do simply run it ( you may even get some speed back) :)

Ccleaner is the only reg software I would ever use, all the others can be either over protective ( and wrong) or just plain rubbish.

Once cleaned, reboot see if it still happens.

B.M.
15-04-2015, 11:07 AM
In answer to your questions Lawrence I havenít use the programmes you mention but found nothing with Malwarebytes or Hijackthis, and two pupís with Nod32 online scanner which were quarantined but made no difference.

I donít have XP SP3 on the one disk but do have XP SP2 on one disk and SP3 on another.

I take your point about having Wise Care and Advanced System Care on the same computer but can advise they have played well for quite a long time and are both on my other XP computer which doesnít have this problem.

Personally, my uneducated guess is that there is a rogue entry in the Registry but how does one find it?

wainuitech
15-04-2015, 11:08 AM
Personally, my uneducated guess is that there is a rogue entry in the Registry but how does one find it? Read my post above :p

B.M.
15-04-2015, 11:21 AM
Morning Wainui, you posted whilst I was answering Lawrence.

Yes, the first thing I did was run Ccleaner along with the registry check to get rid of anything hiding in temp files and the like but to no avail.

BUT, what I didnít do was turn off System Restore and I have struck it where nastyís have taken up residence there.

Iíll retrace my steps on this one after Iíve bottled some more grog. Itís driving me to drink and I donít take much driving. ;)

Speedy Gonzales
15-04-2015, 01:14 PM
Why is IE 6 still installed?

Kame
15-04-2015, 01:59 PM
That log didn't show anything suspicious nor displaying what I would of wanted to see, maybe incorrect tool?

I think we should have a look in msconfig, (winkey + r, type msconfig, enter) and go through the process of elimination where you turn all your known start ups off first, reboot, check etc, long process.

Or even better do this from cmd.exe, (winkey + r, type cmd, enter)

wmic startup get caption,command > c:\start.txt

And post the contents of that file here.

Another thing you could try is maybe press F7? on that suspecting cmd.exe, maybe that will show the previous command used, also what's the properties on that window, could reveal a lot about the line its trying to execute.

Cheers,

KK

wainuitech
15-04-2015, 02:21 PM
That log didn't show anything suspicious nor displaying what I would of wanted to see, maybe incorrect tool?

I think we should have a look in msconfig, (winkey + r, type msconfig, enter) and go through the process of elimination where you turn all your known start ups off first, reboot, check etc, long process.

Or even better do this from cmd.exe, (winkey + r, type cmd, enter)

wmic startup get caption,command > c:\start.txt

And post the contents of that file here.

Another thing you could try is maybe press F7? on that suspecting cmd.exe, maybe that will show the previous command used, also what's the properties on that window, could reveal a lot about the line its trying to execute.

Cheers,

KK Pays to read previous posts -- with the exception of the F7, All of that's already been suggested as well as the command prompt / list option. :groan:

kahawai chaser
15-04-2015, 04:43 PM
Maybe try MS Autoruns. (https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) I'm reusing it now, and under The "everything" tab it has highlighted in yellow under various registry categories, files that cannot be found. These include software I uninstalled a while ago. You can also optionally hide MS/Windows entries.

B.M.
15-04-2015, 06:12 PM
Update:

The F7 trick showed nothing, to make it clearer, clicking on it and pressing F7 didnít do a solitary thing. Maybe I did something wrong. :confused:

Kahawai chaser, that programme you suggested looks a keeper. It reported seven ďfile canít be foundĒ incidents, unfortunately, none that looked promising. Anyway, I unticked all the yellow ones and rebooted but alas the problem is still there. Iím not sure if that was what I was supposed to do or not.

I also turned off System Restore and rebooted but that didnít work either.

So itís back to square one. :badpc:

Kame
15-04-2015, 06:27 PM
I noticed they were mentioned but didn't see any indication of it been used but it probably be the best option over these other tools at this stage.

I guess listing the common start up areas would be the places I would check, task scheduler, start up folder, autoexec.bat, registry run and runonce, etc, its been too long for me to remember them all, but it comes back to me when I'm behind the operating system.

Just was hoping these tools did the gritty work as I never use them myself.

It would of been a lot quicker to just remote in, fix it and be done with it as it doesn't sound like a hard task to fix.

The F7 was a long shot, maybe its the wrong function, F3 usually reruns the last command used but the key I'm trying to think of displays the last command, again it may be something that may not be builtin, was thinking back in DOS days. Does that cmd.exe allow you to type in it or has it terminated?

Cheers,

KK

Lawrence
15-04-2015, 09:15 PM
Just too add to the confusion,do you have microsoft updates turned on or have you not used this lappie for a while? as I see the last supported IE was 8 which came with SP2/3 http://en.wikipedia.org/wiki/Internet_Explorer_versions I would update to IE8 and do any other updates if not already done

But I also know not a hell of alot still use IE and opt for alternative browsers

wainuitech
15-04-2015, 10:21 PM
There is another thing you can try -- boot as if you are going to enter Safemode, but select Enable boot Logging ( similar wording) windows will boot normally, and it will make a log file of everything that happens while its booting.

I "think" the log is called Ntbtlog.txt or ntbootlog.txt From memory it will be on the C Drive.

Open it, and post its contents, hopefully it will give some sort of clue as to whats happening.

B.M.
16-04-2015, 10:59 AM
Good Morning Wainui.

Did as you suggested and all seemed to be as you laid out but can’t find the log file?

Tried on my other XP Pro Desktop and it also advised me, in blue down the bottom of the screen, that it was going to make a boot file but can’t find that one either.

I’ve searched for files with log in them and boot in them but nothing that looks like a boot log?

I’ll keep looking but thought I’d let you know anyway.

For those inquiring about IE6, it has probably never been used, as Firefox is my default browser but they are sailing close to the wind with every update getting slower to load.

wainuitech
16-04-2015, 11:44 AM
Been a long time since I've done the boot-log thing. Just had a quick look on a XP PC while having a cuppa and before heading out to my second job today.

It was located in C:\Windows folder and called ntbtlog.txt

B.M.
16-04-2015, 11:54 AM
Been a long time since I've done the boot-log thing. Just had a quick look on a XP PC while having a cuppa and before heading out to my second job today.

It was located in C:\Windows folder and called ntbtlog.txt

Dead right Wainui. Found the sod in the Windows file which was hidden.

So here it is in all its glory. Seems quite a bit of stuff not loaded.

Service Pack 3 4 16 2015 08:28:34.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver compbatt.sys
Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver risdptsk.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\System32\DRIVERS\ATKACPI.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\igxpmp32.sys
Loaded driver \SystemRoot\System32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\athw.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rtenicxp.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\rimmptsk.sys
Loaded driver \SystemRoot\System32\DRIVERS\rimsptsk.sys
Loaded driver \SystemRoot\System32\DRIVERS\rixdptsk.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\ADIHdAud.sys
Loaded driver \SystemRoot\system32\drivers\AEAudio.sys
Loaded driver \SystemRoot\system32\drivers\Senfilt.sys
Loaded driver \SystemRoot\system32\DRIVERS\smserial.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\StkCMini.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Loaded driver \??\C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Did not load driver \SystemRoot\System32\Drivers\Parport.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Service Pack 3 4 16 2015 08:36:01.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver compbatt.sys
Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver risdptsk.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\System32\DRIVERS\ATKACPI.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\igxpmp32.sys
Loaded driver \SystemRoot\System32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\athw.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rtenicxp.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\rimmptsk.sys
Loaded driver \SystemRoot\System32\DRIVERS\rimsptsk.sys
Loaded driver \SystemRoot\System32\DRIVERS\rixdptsk.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\ADIHdAud.sys
Loaded driver \SystemRoot\system32\drivers\AEAudio.sys
Loaded driver \SystemRoot\system32\drivers\Senfilt.sys
Loaded driver \SystemRoot\system32\DRIVERS\smserial.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\StkCMini.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Loaded driver \??\C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Did not load driver \SystemRoot\System32\Drivers\Parport.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

Kame
16-04-2015, 01:30 PM
All these other suggestions are avoiding what needs to be looked at.

msconfig, type that in a run dialogue (winkey + r), open start up tab, screenshot the list and post here.

Otherwise the usual fix was reformat and reinstall years ago as this is taking too long.

Cheers,

KK

1101
16-04-2015, 02:32 PM
The hijack log doesn't look to bad.

If you look at the original Picture posted, its not actually the real cmd in the way it looks, ( compare to the other picture posted) & its actually saying the c:\windows\system32 cant be found


bingo !!!
what its saying is a file in the system32 folder cant be found
cmd.exe is just the ~name~ of that dos box popup :-)

Have a look in scheduled tasks, there may be something(now deleted) in there trying to run on startup
Also , start disabling start items via msconfig:trial & error to find if its in there

If you go start , run, cmd.exe that should work, showing cmd.exe is there & working correctly.
:)

B.M.
16-04-2015, 03:01 PM
All these other suggestions are avoiding what needs to be looked at.

msconfig, type that in a run dialogue (winkey + r), open start up tab, screenshot the list and post here.

Otherwise the usual fix was reformat and reinstall years ago as this is taking too long.

Cheers,

KK

Ok, here's what is running.

6391

But bear in mind we are on selective start-up after a clean boot.

6392

B.M.
16-04-2015, 03:08 PM
bingo !!!
what its saying is a file in the system32 folder cant be found
cmd.exe is just the ~name~ of that dos box popup :-)

Have a look in scheduled tasks, there may be something(now deleted) in there trying to run on startup
Also , start disabling start items via msconfig:trial & error to find if its in there

If you go start , run, cmd.exe that should work, showing cmd.exe is there & working correctly.
:)

Dahhhh, I thought it was trying to tell me it couldn't find cmd.exe and as I said at the begining of my lead post, cmd.exe was where it should be and worked fine.

I'll move onto scheduled tasks. :)

B.M.
16-04-2015, 03:45 PM
Well scheduled items doesn't spoil us with choice. :D

Take your pick. :)

6393

Kame
16-04-2015, 05:58 PM
Windows updater looks suspicious since its being called from the programs directory but that could be the correct location, but may as well remove it since support is dropped and there should not be any new updates.

In your task scheduler, you can remove the notifications, I'm sure by now you know support has been dropped and you don't need reminders.

Cheers,

KK

wainuitech
16-04-2015, 07:00 PM
From the two Pic's concerned, in MSCONFIG disable the Lot. They are not needed. Heres what they do.

HDD Sentinel runs in the background and verifies SSD / HDD health status by inspecting the SMART status of the disk(s).

CCleaner -- its only in the Icon Tray

CTFMON -- monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.


Windows updater looks suspicious since its being called from the programs directory but that could be the correct location, Just checked on two different XP's, and its not even there in msconfig. The actual file - the is spelling is wrong -- it should be Windows Update not Updater

Some reading on it http://www.file.net/process/windows%20update.exe.html

1101
17-04-2015, 10:06 AM
Just personally, I would delete wise care & wise turbo from scheduled tasks.
Then uninstall it. Its dangerous crapware (a regcleaner)

"Wise Care 365 is a bundle of important tools including a registry cleaner,disk cleaner, program uninstaller, memory optimizer and more."
memory optimiser, so thats like a ram defragger ? :punk

B.M.
03-05-2015, 06:21 PM
Well thanks guyís for all the ideas, but unfortunately none of them solved the issue.

So I put it to one side and forgot about it. Experience has taught me that often if I put something aside and clear the mind I will think of something out of the blue. Well today I thought Iíd try a repair from the XP disk. Grrrr, that was a fail because I got a message telling me the files on the disk were older than those on the computer. That probably figures, given that the CD is SP1. So I thought Iíd try reinstalling SP2 off the disk MS provided all those years ago. That was another fail because the SP2 disk had somehow become cracked in the envelope they were supplied in. OK, Iíll reinstall SP3.

That went fine but on reboot up came the same message BUT then up came a second message with cmd.exe on it and then they both disappeared.

Multiple restarts and all is still good. :banana

So, the only thing I can put it down to is a corrupt or missing registry entry as sfc /scannow claimed the files were fine and although I restored the registry from a back-up, it seems the back-up was only added to the registry as opposed to replacing the registry???

Not sure what the problem was, but Iím off to pour myself another G&T. :D