Results 1 to 11 of 11

Thread: CMD.exe on boot..sluggish PC.

  1. #1
    Junior Member
    Join Date
    Oct 2004
    Posts
    1

    CMD.exe on boot..sluggish PC.

    Hey all, first time poster, and have an issue that just surfaced yesterday. I have been trying to fix it by going through msconfig, an archived post from this forum had some info, and a few other things, but to no avail. What happens is as soon as windows boots up, cmd.exe flashes up on the screen, then closes, then opens and says "Installing...." and closes, then opens again, and closes for the last time. Right away I knew something was up, so I immediatly went into msconfig to search for anything strange...didnt find anything. I downloaded and ran "Trojan Remover", did a housecall scan, and ran adaware....nothing unsual. So I decided to come here and seek advice/help. Here is my HJT log...hopefully someone has an idea of what could be happening.

    Logfile of HijackThis v1.97.7
    Scan saved at 2:09:36 PM, on 10/4/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\EXSHOW95.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\RSNet\RSEDNClient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Smeezy\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...sp?forceLoad=1
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...885.6156134259
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...im/install.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab


    Nothing out of the ordinary to me....granted there are quite a few things rtunning, but I have never had an issue with slow loading or anything until now. I notice it mostly on the internet. I was using Mozilla until yesterday when I uninstalled it thinking it may have been the problem. Sometimes it takes longer than usual for the page to load, sometimes the page will lock up completely for 5-10 seconds. Strange strange.

    Thanks
    Josh

  2. #2
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    First thing I'd try is a real virus scan using a virus scanning tool like AVG, Norton, McAfee.. Install it, update the definitions, and scan away.

    Then I'd try adaware again, as well as spybot search and destroy.

    Then going into msconfig, general tab, select DIAGNOSTIC startup. That should load only the basic software and essential drivers.

    If that doesn't work, I'd try uninstalling anything you have installed in the past 2-3 days. Or I'd run a system restore.

    I'd get rid of that red swoosh product immediately. Unless you absolutely must use it.

    Cmd.exe is basically the command line executive. If it is popping up, something is accessing it. And it sounds like something is trying to install.

    Have you tried to install anything in the past 2-3 days? If so, can you list what it was you installed?

    Some other things, get rid of the real player and get media player classic. It plays all .ram, .rm files and doesn't infest your PC like the real player does.

    Why did I suggest this?

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    It could be the google toolbar as well.. I dunno.
    because it could be that the real player is trying to update itself on the boot. Which it is supposed to do if you have it installed... which I don't I hate real player.

  3. #3
    Techzonez Governor Super Moderator Conan's Avatar
    Join Date
    Apr 2002
    Location
    Philippines
    Posts
    4,343
    I've found that emptying the contents af all temp folders gets rid of the sluggishness that I sometimes experience with my internet connection.

    Like when I updated FireFox to 0.10.1, the update file that remained in the temp folder was slowing down my surfing. When I cleared the contents of the temp folders, things speeded up again.

  4. #4
    Junior Member
    Join Date
    Oct 2004
    Posts
    3

    got the exact same problem

    hi,

    i've got the exact same problem. any luck getting rid of it?

  5. #5
    Junior Member
    Join Date
    Oct 2004
    Posts
    4

    Same Problem... any solutions?

    Hi guys,

    I have recently have experienced this same problem? I've tried virus scan, trojan removal and spyware removal to no avail. Do any of you remember if you installed / uninstalled any programs before you started having the cmd.exe problem on boot? We might be able to find a common link between all of our problems.

    Thanks!

  6. #6
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Have any of you tried system restore?

  7. #7
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    hi,

    try this

    goto start button and select run
    type sysedit
    check to see that you don't have anything in the autoexec.bat and config.sys windows

    that can cause the cmd.exe on bootup
    ------------------------------------------------------------



  8. #8
    Junior Member
    Join Date
    Oct 2004
    Posts
    1
    Got the same problem- just started happening the other day to me as well. I did try out one new file share prog called music station- but have since removed all of its components. Nothing in the normal range of checkers is finding anything- So what have we here??

  9. #9
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Try the same as suggested here.

  10. #10
    Junior Member
    Join Date
    Oct 2004
    Posts
    4

    egghead

    Hi egghead.... I tried what you suggested and I have this in my autoexec.bat

    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    Normal? Safe to delete this? Suggestions?

    Thanks everyone for their help!

  11. #11
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    Quote Originally Posted by kanedags
    Hi egghead.... I tried what you suggested and I have this in my autoexec.bat

    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    Normal? Safe to delete this? Suggestions?

    Thanks everyone for their help!
    hmm
    windowsxp does not use autoexec.bat and config.sys but some older programs might use them

    both my files are empty

    you can do something that is the equivelent of removing the info from the files.

    at the start of each line put the word "rem" in front of it

    this tells windows and command.com to ignore that line.

    rem SET windir=C:\WINDOWS
    rem SET winbootdir=C:\WINDOWS
    rem SET COMSPEC=C:\WINDOWS\COMMAND.COM
    rem SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    rem SET PROMPT=$p$g
    rem SET TEMP=C:\WINDOWS\TEMP
    rem SET TMP=C:\WINDOWS\TEMP


    was there anything in your config.sys? you can rem them too.

    keep us updated.
    ------------------------------------------------------------



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •