Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Mystery Window

Solved 
9K views 52 replies 3 participants last post by  iMacg3 
#1 ·
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: AMD Athlon(tm) II X4 630 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count: 4
RAM: 4094 Mb
Graphics Card: AMD Radeon HD 5700 Series, 1024 Mb
Hard Drives: C: 464 GB (385 GB Free);
Motherboard: Gigabyte Technology Co., Ltd., GA-MA74GM-S2
Antivirus: Avast Antivirus, Enabled and Updated

I had this post in another forum but they suggested that I post here.


Running Windows 10-- Recently, suddenly a window flashes up on my monitor but stays for just a split second then is gone. This window flashes up randomly once every several minutes and I have not been able to determine if there is any action on my part that brings the window up, it seems to just appear on its own. It doesn't seem to have any other effect on the display, it is just annoying.
Any idea on this?
In a bar at the top of this window is a title--"C:\WINDOWS\system32.exe."
 
See less See more
#27 ·
Hi,

Run A Scan With SystemLook

Please download SystemLook from the download mirror and save it to your Desktop.
Download Mirror #1 (64-bit)
  • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *system32.exe*
    :regfind
    system32.exe
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt
 
#28 ·
Sorry this took so long but here is the info of SystemLook.

SystemLook 04.09.10 by jpshortstuff
Log created at 18:36 on 25/01/2019 by Charlie
Administrator - Elevation successful

========== filefind ==========

Searching for "*system32.exe*"
No files found.

========== regfind ==========

Searching for "system32.exe"
No data found.

-= EOF =-
 

Attachments

#29 · (Edited)
Hi,

Does the window say "system32.exe", or a different file path with "system32" in the name? An example might be "system32\cmd.exe" , etc.

-------------------------------

Highlight the contents of the below code box and press Ctrl + C:
Code:
Start::

cmd: bitsadmin /reset /allusers

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

-------------------------------

Download Autoruns from the following link and save it to your desktop. https://live.sysinternals.com/autoruns.exe

Right-click on it and select Run as Administrator.

Accept the license agreement by clicking Agree.

Once the tool has loaded completely, click on File > Save.

Select the File Type drop down menu and change it to Text File. Save the file to your desktop as AutorunsLog.txt.

Attach the AutorunsLog.txt in your next reply. You can do this by clicking "Upload This File" at the bottom of your reply, then selecting AutorunsLog.txt on your desktop.

Let me know if the flashing window still persists.

Thanks.
 
#31 · (Edited)
Hi,

Apologies, there was an error in the instructions in my last post.

Open Autoruns. Once the tool has loaded completely, click on File > Save.

Ensure the file type is "Autoruns data (.arn)".
Save the file to your desktop.

Navigate to your desktop, and right-click on the Autoruns log. Click on Send to > Compressed (zipped) folder. A new .zip file will be created on your desktop. Attach it to your next reply.

You can do this by clicking "Upload This File" at the bottom of your reply, then selecting the .zip file on your desktop.

----------------------------------------------

Were you able to run the fix with FRST in my previous post?

If so, do you still receive the flashing window?

Thanks.
 
#34 ·
Hi,

I watched it for some time and noticed the the window flashes up every 9 minutes. (I timed it) Does that mean anything?
Yes, that helps. Thanks for the information.

I'll look over the logs and get back to you ASAP.
 
#35 · (Edited)
Hi,

Let's take a closer look at what may be causing these pop ups.

Highlight the contents of the below code box and press Ctrl + C:
Code:
Start::

TasksDetails:

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Thanks.
 
#36 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Charlie (31-01-2019 12:24:04) Run:4
Running from C:\Users\Charlie\Desktop
Loaded Profiles: Charlie (Available Profiles: Charlie & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
TasksDetails:

*****************


========================= TasksDetails: ========================

Adobe Acrobat Update Task (LastRunTime: 2019-01-31 12:02:55 -> NextRunTime: 2019-02-01 06:00:00 -> Status: Ready -> Schedule Type: Logon & Daily)
Adobe Flash Player NPAPI Notifier (LastRunTime: 2019-01-27 08:27:00 -> NextRunTime: 2019-02-01 18:27:00 -> Status: Ready -> Schedule Type: Daily)
Adobe Flash Player Updater (LastRunTime: 2019-01-31 11:07:36 -> NextRunTime: 2019-01-31 12:25:00 -> Status: Ready -> Schedule Type: Daily)
GarminUpdaterTask (LastRunTime: 2019-01-31 06:07:35 -> NextRunTime: 2019-02-01 04:43:47 -> Status: Ready -> Schedule Type: Daily)
GoogleUpdateTaskMachineCore (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: 2019-01-31 13:22:35 -> Status: Ready -> Schedule Type: Logon & Daily)
GoogleUpdateTaskMachineUA (LastRunTime: 2019-01-31 12:22:35 -> NextRunTime: 2019-01-31 13:22:35 -> Status: Ready -> Schedule Type: Daily)
HPCustParticipation HP Officejet Pro 8600 (LastRunTime: 2019-01-31 11:55:03 -> NextRunTime: 2019-01-31 12:31:00 -> Status: Ready -> Schedule Type: Time)
User_Feed_Synchronization-{C2E0D5F0-F3A9-4760-B3AD-997C8EECD991} (LastRunTime: 2019-01-31 07:37:40 -> NextRunTime: 2019-01-31 12:47:50 -> Status: Ready -> Schedule Type: Daily)
{BFD932FF-AA12-4E08-8F79-9833FF852917} (LastRunTime: 2011-11-24 14:43:18 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: When Task is registered)
{DC8AC439-F704-4815-8BB7-E66274139D69} (LastRunTime: 2015-02-08 14:53:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: When Task is registered)
Overseer (LastRunTime: 2019-01-31 06:07:35 -> NextRunTime: 2019-01-31 20:18:15 -> Status: Ready -> Schedule Type: Boot & Daily)
Microsoft Antimalware Scheduled Scan (LastRunTime: 2019-01-27 07:19:14 -> NextRunTime: 2019-02-03 05:13:38 -> Status: Ready -> Schedule Type: Weekly)
MpIdleTask (LastRunTime: 2019-01-31 11:48:08 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: When Computer is idle)
.NET Framework NGEN v4.0.30319 (LastRunTime: 2019-01-31 11:15:50 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
.NET Framework NGEN v4.0.30319 64 (LastRunTime: 2019-01-31 08:44:32 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
.NET Framework NGEN v4.0.30319 64 Critical (LastRunTime: 2019-01-10 07:27:12 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: When Computer is idle)
.NET Framework NGEN v4.0.30319 Critical (LastRunTime: 2019-01-10 07:27:12 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: When Computer is idle)
AD RMS Rights Policy Template Management (Automated) (LastRunTime: NA -> NextRunTime: 2019-02-01 03:54:26 -> Status: Disabled -> Schedule Type: Daily & Logon)
AD RMS Rights Policy Template Management (Manual) (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
EDP Policy Manager (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
PolicyConverter (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
SmartScreenSpecific (LastRunTime: 2019-01-29 07:14:20 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
VerifiedPublisherCertStoreCheck (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Boot)
Microsoft Compatibility Appraiser (LastRunTime: 2019-01-31 06:07:35 -> NextRunTime: 2019-02-01 04:28:01 -> Status: Ready -> Schedule Type: Time & WNF State Change)
ProgramDataUpdater (LastRunTime: 2019-01-31 11:20:47 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
StartupAppTask (LastRunTime: 2019-01-30 08:45:55 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
appuriverifierdaily (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
appuriverifierinstall (LastRunTime: 2018-11-30 08:21:24 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
CleanupTemporaryState (LastRunTime: 2019-01-27 08:40:41 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
DsSvcCleanup (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Pre-staged app cleanup (LastRunTime: 2018-05-23 11:50:45 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
Proxy (LastRunTime: 2019-01-30 08:29:02 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Boot)
BitLocker MDM policy Refresh (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
UninstallDeviceTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
BgTaskRegistrationMaintenanceTask (LastRunTime: 2019-01-27 08:40:41 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
AikCertEnrollTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
CryptoPolicyTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
KeyPreGenTask (LastRunTime: 2019-01-31 06:15:02 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change & Logon & Session State Change)
SystemTask (LastRunTime: 2019-01-31 11:50:13 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change & When Task is registered & Boot)
UserTask (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change & When Task is registered & Logon & Event)
UserTask-Roam (LastRunTime: 2019-01-31 06:05:01 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Session State Change)
ProactiveScan (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
SyspartRepair (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
License Validation (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Boot)
CreateObjectTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Consolidator (LastRunTime: 2019-01-31 12:00:01 -> NextRunTime: 2019-01-31 18:00:00 -> Status: Ready -> Schedule Type: Time)
UsbCeip (LastRunTime: 2019-01-27 08:40:41 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Data Integrity Scan (LastRunTime: NA -> NextRunTime: 2019-02-19 18:26:02 -> Status: Ready -> Schedule Type: Weekly & Boot)
Data Integrity Scan for Crash Recovery (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
ScheduledDefrag (LastRunTime: 2019-01-28 07:20:16 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Device (LastRunTime: 2019-01-31 06:07:35 -> NextRunTime: 2019-02-01 03:44:24 -> Status: Ready -> Schedule Type: Time & WNF State Change)
Metadata Refresh (LastRunTime: 2019-01-29 06:44:21 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
HandleCommand (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
HandleWnsCommand (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
IntegrityCheck (LastRunTime: NA -> NextRunTime: 2019-02-05 09:45:57 -> Status: Disabled -> Schedule Type: Time)
LocateCommandUserSession (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
RegisterDeviceAccountChange (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
RegisterDeviceConnectedToNetwork (LastRunTime: 2016-11-01 08:40:11 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: WNF State Change)
RegisterDeviceLocationRightsChange (LastRunTime: 2019-01-31 12:01:19 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
RegisterDevicePeriodic1 (LastRunTime: NA -> NextRunTime: 2019-01-31 13:11:24 -> Status: Disabled -> Schedule Type: Time)
RegisterDevicePeriodic24 (LastRunTime: 2019-01-31 11:15:43 -> NextRunTime: 2019-02-01 02:54:50 -> Status: Ready -> Schedule Type: Time)
RegisterDevicePeriodic6 (LastRunTime: NA -> NextRunTime: 2019-01-31 13:09:16 -> Status: Disabled -> Schedule Type: Time)
RegisterDevicePolicyChange (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
RegisterDeviceProtectionStateChanged (LastRunTime: 2019-01-31 12:10:19 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
RegisterDeviceScreenOnOff (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Session State Change)
RegisterDeviceSettingChange (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
RegisterDeviceWnsFallback (LastRunTime: NA -> NextRunTime: 2019-02-05 08:43:17 -> Status: Ready -> Schedule Type: Time)
RegisterUserDevice (LastRunTime: 2019-01-31 12:05:55 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon & WNF State Change)
Scheduled (LastRunTime: 2019-01-27 08:40:41 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
DXGIAdapterCache (LastRunTime: 2019-01-31 11:50:20 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
SilentCleanup (LastRunTime: 2019-01-31 11:48:08 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Microsoft-Windows-DiskDiagnosticDataCollector (LastRunTime: 2018-07-19 09:51:48 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
Microsoft-Windows-DiskDiagnosticResolver (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
Diagnostics (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
StorageSense (LastRunTime: 2019-01-31 11:20:47 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
dusmtask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
EDP App Launch Task (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
EDP Auth Task (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
EDP Inaccessible Credentials Task (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
StorageCardEncryption Task (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
MDMMaintenenceTask (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
EnableErrorDetailsUpdate (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
ErrorDetailsUpdate (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
ExploitGuard MDM policy Refresh (LastRunTime: 2019-01-31 11:50:03 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change & Boot)
DmClient (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
DmClientOnScenarioDownload (LastRunTime: 2019-01-29 06:26:49 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
File History (maintenance mode) (LastRunTime: 2019-01-30 07:59:03 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
FODCleanupTask (LastRunTime: 2019-01-27 08:40:41 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: When Task is registered)
ScanForUpdates (LastRunTime: 2019-01-31 12:05:21 -> NextRunTime: 2019-01-31 23:13:57 -> Status: Ready -> Schedule Type: Time & WNF State Change)
ScanForUpdatesAsUser (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
SmartRetry (LastRunTime: 2018-06-07 18:14:08 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Boot & Time & WNF State Change)
WakeUpAndContinueUpdates (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
WakeUpAndScanForUpdates (LastRunTime: NA -> NextRunTime: 2019-02-01 05:32:09 -> Status: Disabled -> Schedule Type: Time)
Installation (LastRunTime: 2019-01-31 12:05:55 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon & When Computer is idle)
ReconcileLanguageResources (LastRunTime: 2019-01-31 08:04:39 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
Uninstallation (LastRunTime: 2018-11-18 13:25:02 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
TempSignedLicenseExchange (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Notifications (LastRunTime: 2019-01-14 06:23:24 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
WindowsActionDialog (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
WinSAT (LastRunTime: 2019-01-28 07:47:55 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Cellular (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
Logon (LastRunTime: 2019-01-31 06:56:24 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
MapsToastTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
MapsUpdateTask (LastRunTime: 2019-01-31 06:07:35 -> NextRunTime: 2019-02-01 01:14:24 -> Status: Ready -> Schedule Type: Time)
ActivateWindowsSearch (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
ConfigureInternetTimeService (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
DispatchRecoveryTasks (LastRunTime: 2014-11-15 12:06:58 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
ehDRMInit (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
InstallPlayReady (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
mcupdate (LastRunTime: 2010-10-30 08:55:52 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
mcupdate_scheduled (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
MediaCenterRecoveryTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
ObjectStoreRecoveryTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
OCURActivate (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
OCURDiscovery (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
PBDADiscovery (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
PBDADiscoveryW1 (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
PBDADiscoveryW2 (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
PeriodicScanRetry (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Time)
PvrRecoveryTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
PvrScheduleTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
RecordingRestart (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Boot)
RegisterSearch (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
ReindexSearchRoot (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
SqlLiteRecoveryTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
StartRecording (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
UpdateRecordPath (LastRunTime: 2010-10-23 10:41:26 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
ProcessMemoryDiagnosticEvents (LastRunTime: 2019-01-31 11:48:08 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event)
RunFullMemoryDiagnostic (LastRunTime: 2019-01-31 11:48:08 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
MNO Metadata Parser (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event)
HotStart (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
LPRemove (LastRunTime: 2019-01-30 07:59:03 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
SystemSoundsService (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Running -> Schedule Type: Logon)
GatherNetworkInfo (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
WiFiTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
BackgroundConfigSurveyor (LastRunTime: NA -> NextRunTime: 2019-02-01 03:00:00 -> Status: Disabled -> Schedule Type: When Computer is idle & Daily)
Secure-Boot-Update (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
Sqm-Tasks (LastRunTime: 2019-01-24 17:08:37 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Device Install Group Policy (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
Device Install Reboot Required (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change & Logon)
Plug and Play Cleanup (LastRunTime: 2019-01-24 17:08:37 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Sysprep Generalize Drivers (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
AnalyzeSystem (LastRunTime: 2019-01-31 11:22:13 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
EduPrintProv (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
LoginCheck (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
Registration (LastRunTime: 2019-01-31 11:55:03 -> NextRunTime: 2019-02-20 11:55:04 -> Status: Ready -> Schedule Type: Time & WNF State Change)
MobilityManager (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event)
VerifyWinRE (LastRunTime: 2018-06-07 07:34:38 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
RegIdleBackup (LastRunTime: 2019-01-29 06:44:21 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
RemoteAssistanceTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event & When Task is registered)
shell (LastRunTime: 2019-01-31 12:13:41 -> NextRunTime: 2019-02-01 08:54:41 -> Status: Running -> Schedule Type: Daily)
StartComponentCleanup (LastRunTime: 2019-01-27 08:47:52 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
BackgroundUploadTask (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
NetworkStateChangeTask (LastRunTime: 2019-01-31 06:04:41 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
Account Cleanup (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
CreateObjectTask (LastRunTime: 2019-01-28 06:36:49 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
FamilySafetyMonitor (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
FamilySafetyMonitorToastTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: WNF State Change)
FamilySafetyRefreshTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
IndexerAutomaticMaintenance (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
WindowsParentalControls (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
WindowsParentalControlsMigration (LastRunTime: 2009-07-14 00:09:03 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
AutoWake (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
GadgetManager (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
SessionAgent (LastRunTime: 2010-07-08 19:16:45 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
SystemDataProviders (LastRunTime: 2010-07-08 19:17:00 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
UninstallSMB1ClientTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
UninstallSMB1ServerTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
SvcRestartTask (LastRunTime: NA -> NextRunTime: 2119-01-07 11:53:28 -> Status: Ready -> Schedule Type: Daily)
SvcRestartTaskLogon (LastRunTime: 2018-05-23 10:17:08 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
SvcRestartTaskNetwork (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Event)
SpaceAgentTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Boot & WNF State Change)
SpaceManagerTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Boot & WNF State Change)
HeadsetButtonPress (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
SpeechModelDownloadTask (LastRunTime: 2019-01-31 06:56:24 -> NextRunTime: 2019-02-01 02:43:34 -> Status: Ready -> Schedule Type: Time)
Storage Tiers Management Initialization (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
Storage Tiers Optimization (LastRunTime: NA -> NextRunTime: 2019-01-31 13:00:00 -> Status: Disabled -> Schedule Type: Time)
EnableLicenseAcquisition (LastRunTime: 2019-01-31 11:50:19 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event & WNF State Change)
LicenseAcquisition (LastRunTime: NA -> NextRunTime: 2019-01-31 19:44:05 -> Status: Disabled -> Schedule Type: Daily & When Task is registered & WNF State Change)
HybridDriveCachePrepopulate (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
HybridDriveCacheRebalance (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
ResPriStaticDbSync (LastRunTime: 2019-01-30 08:45:54 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
WsSwapAssessmentTask (LastRunTime: 2019-01-24 17:12:32 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
SR (LastRunTime: 2019-01-30 08:05:08 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Interactive (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
IpAddressConflict1 (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event)
IpAddressConflict2 (LastRunTime: 2012-09-22 22:04:17 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event)
MsCtfMonitor (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
ForceSynchronizeTime (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
SynchronizeTime (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
SynchronizeTimeZone (LastRunTime: 2019-01-28 08:01:22 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Tpm-HASCertRetr (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
Tpm-Maintenance (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
RunUpdateNotificationMgr (LastRunTime: NA -> NextRunTime: 2019-02-01 12:54:19 -> Status: Disabled -> Schedule Type: Daily & When Task is registered)
Maintenance Install (LastRunTime: 2019-01-29 08:15:04 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
MusUx_UpdateInterval (LastRunTime: 2016-03-18 03:50:11 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Time)
Reboot (LastRunTime: 2019-01-18 09:00:38 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Time)
Schedule Scan (LastRunTime: 2019-01-31 11:55:03 -> NextRunTime: 2019-02-01 13:08:13 -> Status: Ready -> Schedule Type: Time & WNF State Change & Event)
USO_Broker_Display (LastRunTime: 2019-01-29 06:14:49 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
UPnPHostConfig (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Usb-Notifications (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
HiveUploadTask (LastRunTime: NA -> NextRunTime: 2019-02-01 00:52:53 -> Status: Disabled -> Schedule Type: Time)
PerformRemediation (LastRunTime: 2019-01-27 05:34:12 -> NextRunTime: 2019-02-02 18:00:07 -> Status: Ready -> Schedule Type: Time)
WiFiTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
ResolutionHost (LastRunTime: 2019-01-31 06:16:42 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Windows Defender Cache Maintenance (LastRunTime: 2019-01-11 15:12:57 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
Windows Defender Cleanup (LastRunTime: 2019-01-11 15:12:57 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
Windows Defender Scheduled Scan (LastRunTime: 2019-01-11 15:26:31 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
Windows Defender Verification (LastRunTime: 2019-01-11 07:13:20 -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Undefined)
QueueReporting (LastRunTime: 2019-01-31 11:50:19 -> NextRunTime: 2019-01-31 12:42:20 -> Status: Ready -> Schedule Type: Boot & WNF State Change & Time)
BfeOnServiceStartTypeChange (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event)
UpdateLibrary (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Event)
AutomaticBackup (LastRunTime: 2018-01-25 14:55:11 -> NextRunTime: 2019-02-03 19:00:00 -> Status: Disabled -> Schedule Type: Weekly)
Windows Backup Monitor (LastRunTime: NA -> NextRunTime: 2019-02-01 10:00:00 -> Status: Disabled -> Schedule Type: Daily & Logon & Session State Change)
Calibration Loader (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon & Session State Change)
Scheduled Start (LastRunTime: 2019-01-22 21:40:46 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Time & Session State Change & WNF State Change)
sih (LastRunTime: 2019-01-31 11:55:03 -> NextRunTime: 2019-02-01 07:07:01 -> Status: Ready -> Schedule Type: Time)
CacheTask (LastRunTime: 2019-01-31 11:50:54 -> NextRunTime: N/A -> Status: Running -> Schedule Type: Logon)
WIM-Hash-Management (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
WIM-Hash-Validation (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Undefined)
Work Folders Logon Synchronization (LastRunTime: 2019-01-31 11:55:55 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
Work Folders Maintenance Work (LastRunTime: 2019-01-31 11:15:44 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
Automatic-Device-Join (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon & Event)
Recovery-Check (LastRunTime: NA -> NextRunTime: N/A -> Status: Disabled -> Schedule Type: Logon)
NotificationTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: WNF State Change)
XblGameSaveTask (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: When Computer is idle)
XblGameSaveTaskLogon (LastRunTime: 2019-01-31 06:56:24 -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Logon)
SqmUpload_S-1-5-21-3241260649-1947226175-2918851277-1001 (LastRunTime: NA -> NextRunTime: N/A -> Status: Ready -> Schedule Type: Daily)

====== End of TasksDetails: ======


==== End of Fixlog 12:24:09 ====
 
#38 · (Edited)
Hi,

It appears the Command Prompt window flashing is very likely related to an installed (legitimate) program, and not necessarily malicious activity.

If we continue troubleshooting, we may have to uninstall a legitimate program (such as Garmin) to confirm that they are not causing the issues. If it turns out they are not, you can reinstall the application.

Let me know if you're okay with doing this. Just wanted to confirm before we proceed.

Thanks. :)
 
#40 ·
Hi,

Does the flashing window say C:\Windows\System32.exe, or something else? (possibly cmd.exe?)
No "system32.exe" file was found on your computer.

Additionally, can you press the Print Scr key on your keyboard while the pop-up is quickly flashing? Then open Windows Paint, and press Ctrl + V to paste the screenshot into the paint program. Click on File > Save and save the file to your desktop. Attach it to your reply.

Thanks.
 
#41 ·
When the window appears it only flashes once and it is too quick for me to hit the Print Scr key. So I took a video of my monitor when the window was about to flash up then advanced it slowly until the caption appeared. It definitely had this caption:
C:\WINDOWS\System32\cmd.exe
I tried to do a screen shot of that on my monitor so I could put it in Paint but couldn't make it work. I tried to attach the video to this post but couldn't make that work either. But it definitely shows the caption as I have typed it above.
 
#45 ·
I don't know why these things won't work for me. When I click on "Upload a File" here then navigate to the folder where this video should be, it only shows the jpg files but not the video.
When I tried to do it on tinypic.com, browse to the folder click on "File Type" and click on "UPLOAD NOW" a message appears that says "Uploading....Please Wait". I wait and wait but nothing happens.
 
#47 ·
Hi,

Please run this FRST fix.

Highlight the contents of the below code box and press Ctrl + C:
Code:
Start::
C:\ProgramData\DKEkjhLZK0.hta
cmd: bitsadmin /reset /allusers
Reboot:
End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Let me know if the flashing CMD window persists.

Thanks.
 
#49 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Charlie (15-02-2019 08:11:03) Run:5
Running from C:\Users\Charlie\Desktop
Loaded Profiles: Charlie (Available Profiles: Charlie & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\ProgramData\DKEkjhLZK0.hta
cmd: bitsadmin /reset /allusers
Reboot:

*****************

C:\ProgramData\DKEkjhLZK0.hta => moved successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{CCF16696-2805-4588-9144-636E2349F1FE} canceled.
Unable to cancel {15A436FB-2A04-401C-98AF-2A123CB5CCCD}.
1 out of 2 jobs canceled.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 08:11:03 ====
 
#53 ·
Hi,

Yes, you can delete the tools used in the clean-up process.

To remove FRST, please do this.

Uninstall FRST
  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.

---------------------

Here are some tips to keep your computer safe on the Internet:

Keep your antivirus up to date and enabled. If you use Windows 8.1 or 10, using Windows Defender is sufficient protection. However, if you use Windows 7, running an antivirus is recommended. Some good AVs are Microsoft Security Essentials, BitDefender, or Kaspersky.

Keep your Windows operating system up to date. Make sure the Automatic Updates feature on your computer is enabled, so Windows can install updates automatically and keep your system up to date. Additionally, make sure to keep your third party software (such as Java, Adobe Flash, and Web browsers) up to date as well.

Use secure passwords. Make sure your passwords are complex and difficult to guess. There are password managers (for example, Bitwarden) that can help you keep track of your passwords and use secure passwords. Make sure to use a different password at every website that requires a login.

Don't download attachments without knowing what they are. Do not download any email attachments that end with an extension of .exe, .pif, .com, or .bat. When downloading third party software, make sure to download it from the developer. Also, un-check offers of additional software when installing some software you want.

I do not recommend you use Peer-to-Peer " (P2P) programs. This is an easy way to get your computer infected, almost as easy as intentionally infecting your computer.
Avoid pirated/"cracked" software. Like using P2P applications, there is a high risk of infecting your computer.

Here are some guides for you to read about keeping your computer safe -

Keep your computer safe on the Internet

Answers to common security questions

If you ever have any malware infections on your computer (hopefully not) you can always come back here for help.

Safe surfing! :)
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top