Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › CMD being run randomly?
New Posts  All Forums:Forum Nav:

CMD being run randomly?

post #1 of 11
Thread Starter 
So ever since about three weeks ago, I randomly see a CMD window appear on my desktop, and very quickly a LOT of text appears in it, it scrolls down slightly and then the whole box disappears. I have tried to screenshot it but it is too quick, and it is random so I can't run video capture to pick it up?

I have done a multitude of scans etc, and I run malware bytes and NOD32 constantly, none of them pick it up.

Is there a way I can see CMD history, or what has been inputted etc?

I can't do a full reinstall because the OS was a one-time activation license.

Thanks
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 5GHz Asrock Z68 Extreme4 Gen3 ASUS 690 GTX  PATRIOT BE 16GB 
Hard DriveHard DriveCoolingOS
SAMSUNG 840 PRO 240GB 2xWD Green 2TB  Noctua DH14 Win 7 x64 
MonitorKeyboardPowerCase
Asus 27" Gigabyte Osmodius Corsair 850W Corsair Carbide 400R 
MouseMouse PadAudio
Razer Deathadder Black Edition XL soft TDL Studio 2, HK690, Beresford DAC 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 5GHz Asrock Z68 Extreme4 Gen3 ASUS 690 GTX  PATRIOT BE 16GB 
Hard DriveHard DriveCoolingOS
SAMSUNG 840 PRO 240GB 2xWD Green 2TB  Noctua DH14 Win 7 x64 
MonitorKeyboardPowerCase
Asus 27" Gigabyte Osmodius Corsair 850W Corsair Carbide 400R 
MouseMouse PadAudio
Razer Deathadder Black Edition XL soft TDL Studio 2, HK690, Beresford DAC 
  hide details  
Reply
post #2 of 11
Windows 7 - View the command prompt history:
http://ccm.net/faq/14204-windows-7-view-the-command-prompt-history

How to prevent the command prompt from closing after execution:
http://superuser.com/questions/306167/how-to-prevent-the-command-prompt-from-closing-after-execution
-> this one looks good (did not try it though):
Quote:
set HKEY_CLASSES_ROOT\cmdfile\shell\open\command\(default) and HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) to "%windir%\system32\cmd.exe" /k "%windir%\system32\cmd" /c "%1" %*
But it may appy to .cmd files only, so if what makes you cmd window appearing is an .exe for instance, the window may close itself anyway...

Hope that helps!
Centurion1
(8 items)
 
 
MiniCube
(11 items)
 
CPUMotherboardGraphicsRAM
Intel Pentium4 Northwood MSI 865PE NEO2-S Gainward GeForce 7600 Golden Sample 256 MB AGP8X Corsair TwinX 2x 1GB DDR PC3200 
CoolingOSPowerCase
Thermalright XP-90 + Noiseblocker SE2 92mm Win2000 Tagan TG380 Dual Fan Active PFC CoolerMaster Centurion1 
CPUMotherboardGraphicsRAM
Delidded Ivy Bridge i5 3570K @4.7GHz Asrock Z77E-ITX iGPU HD4000 G.SKILL Ares Series 2x 8GB 1866MHz CL10-11-10-2N 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility 3 120GB Samsung 840 Series 250GB Samsung SE-218BB external DVD/RW Noctua NH-C14 
OSMonitorPowerCase
Windows 7 Ultimate x64 Philips 220CW Silverstone SFX 300W Silverstone Sugo SG05B 
Mouse
Rapoo 7600 
CPUMotherboardGraphicsRAM
Intel i5-5675C 4.4GHz Asus Z97I-Plus ITX Iris Pro Graphics 6200 Crucial Ballistix Sport VLP (2x 8GB) 
Hard DriveHard DriveCoolingOS
Adata Premier Pro SP900 128GB SATA M.2 2280 KingFast 512GB mSATA BeQuiet Dark Rock TF CPU cooler Windows 7 Pro 
MonitorPowerCase
LG 29UM67-P 29" UltraWide 250W FSP FlexATX 80PLUS Bronze Jonsbo case V2 Black 
  hide details  
Reply
Centurion1
(8 items)
 
 
MiniCube
(11 items)
 
CPUMotherboardGraphicsRAM
Intel Pentium4 Northwood MSI 865PE NEO2-S Gainward GeForce 7600 Golden Sample 256 MB AGP8X Corsair TwinX 2x 1GB DDR PC3200 
CoolingOSPowerCase
Thermalright XP-90 + Noiseblocker SE2 92mm Win2000 Tagan TG380 Dual Fan Active PFC CoolerMaster Centurion1 
CPUMotherboardGraphicsRAM
Delidded Ivy Bridge i5 3570K @4.7GHz Asrock Z77E-ITX iGPU HD4000 G.SKILL Ares Series 2x 8GB 1866MHz CL10-11-10-2N 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility 3 120GB Samsung 840 Series 250GB Samsung SE-218BB external DVD/RW Noctua NH-C14 
OSMonitorPowerCase
Windows 7 Ultimate x64 Philips 220CW Silverstone SFX 300W Silverstone Sugo SG05B 
Mouse
Rapoo 7600 
CPUMotherboardGraphicsRAM
Intel i5-5675C 4.4GHz Asus Z97I-Plus ITX Iris Pro Graphics 6200 Crucial Ballistix Sport VLP (2x 8GB) 
Hard DriveHard DriveCoolingOS
Adata Premier Pro SP900 128GB SATA M.2 2280 KingFast 512GB mSATA BeQuiet Dark Rock TF CPU cooler Windows 7 Pro 
MonitorPowerCase
LG 29UM67-P 29" UltraWide 250W FSP FlexATX 80PLUS Bronze Jonsbo case V2 Black 
  hide details  
Reply
post #3 of 11
Thread Starter 
CMD history only applies to the current session, not globally. Tried that already, and F7 does nothing...
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 5GHz Asrock Z68 Extreme4 Gen3 ASUS 690 GTX  PATRIOT BE 16GB 
Hard DriveHard DriveCoolingOS
SAMSUNG 840 PRO 240GB 2xWD Green 2TB  Noctua DH14 Win 7 x64 
MonitorKeyboardPowerCase
Asus 27" Gigabyte Osmodius Corsair 850W Corsair Carbide 400R 
MouseMouse PadAudio
Razer Deathadder Black Edition XL soft TDL Studio 2, HK690, Beresford DAC 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 5GHz Asrock Z68 Extreme4 Gen3 ASUS 690 GTX  PATRIOT BE 16GB 
Hard DriveHard DriveCoolingOS
SAMSUNG 840 PRO 240GB 2xWD Green 2TB  Noctua DH14 Win 7 x64 
MonitorKeyboardPowerCase
Asus 27" Gigabyte Osmodius Corsair 850W Corsair Carbide 400R 
MouseMouse PadAudio
Razer Deathadder Black Edition XL soft TDL Studio 2, HK690, Beresford DAC 
  hide details  
Reply
post #4 of 11
Does this only happen randomly, or does it happen upon startup also? You could also check the task scheduler to make sure there is nothing running that you don't know about.
Deepthought
(15 items)
 
Baldr
(14 items)
 
Terminal Dogma
(6 items)
 
CPUMotherboardGraphicsRAM
AMD A10-7850K MSI A88XM-GAMING Integrated Crucial Ballistix Sport  
Hard DriveCoolingCoolingCooling
Samsung 850 EVO  Prolimatech Genesis Black 2x Phanteks PH-F140HP 3x Noctua NF-P14S 
OSMonitorKeyboardCase
Debian 8 Samsung UN55H6350AFXZA Dell Generic Nanoxia Deep Silence 5 
MouseOther
Logitech G402 HP NC364T 
CPUGraphicsRAMHard Drive
Intel Core I3 M370 Intel HD Toshiba Samsung 850 EVO 
OSOS
Windows 7 Ultimate Fedora 21 
  hide details  
Reply
Deepthought
(15 items)
 
Baldr
(14 items)
 
Terminal Dogma
(6 items)
 
CPUMotherboardGraphicsRAM
AMD A10-7850K MSI A88XM-GAMING Integrated Crucial Ballistix Sport  
Hard DriveCoolingCoolingCooling
Samsung 850 EVO  Prolimatech Genesis Black 2x Phanteks PH-F140HP 3x Noctua NF-P14S 
OSMonitorKeyboardCase
Debian 8 Samsung UN55H6350AFXZA Dell Generic Nanoxia Deep Silence 5 
MouseOther
Logitech G402 HP NC364T 
CPUGraphicsRAMHard Drive
Intel Core I3 M370 Intel HD Toshiba Samsung 850 EVO 
OSOS
Windows 7 Ultimate Fedora 21 
  hide details  
Reply
post #5 of 11
Thread Starter 
It is totally randomly. I caught a glimpse of an email addy in the text, it was related to firefox?
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 5GHz Asrock Z68 Extreme4 Gen3 ASUS 690 GTX  PATRIOT BE 16GB 
Hard DriveHard DriveCoolingOS
SAMSUNG 840 PRO 240GB 2xWD Green 2TB  Noctua DH14 Win 7 x64 
MonitorKeyboardPowerCase
Asus 27" Gigabyte Osmodius Corsair 850W Corsair Carbide 400R 
MouseMouse PadAudio
Razer Deathadder Black Edition XL soft TDL Studio 2, HK690, Beresford DAC 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 5GHz Asrock Z68 Extreme4 Gen3 ASUS 690 GTX  PATRIOT BE 16GB 
Hard DriveHard DriveCoolingOS
SAMSUNG 840 PRO 240GB 2xWD Green 2TB  Noctua DH14 Win 7 x64 
MonitorKeyboardPowerCase
Asus 27" Gigabyte Osmodius Corsair 850W Corsair Carbide 400R 
MouseMouse PadAudio
Razer Deathadder Black Edition XL soft TDL Studio 2, HK690, Beresford DAC 
  hide details  
Reply
post #6 of 11
I seriously doubt it.  Longtime Firefox+Thunderbird user and have never seen anything like that related to them.
My desktop PC
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-3770K Gigabyte P67A-D3-B3 NVIDIA GeForce 8400 GS  1x Corsair 8 GB 
Hard DriveHard DriveHard DriveOS
Kingston SV300S3 WesternDigital WD10EZEX Samsung HD154UI Windows 7 Ultimate SP1 x64 
MonitorMonitorKeyboardPower
Daewoo L947BK Gateway FPD1530 HTK-2001 Dynex DX-400WPS 
MouseAudio
Kensington K72400 Realtek ALC889 
  hide details  
Reply
My desktop PC
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-3770K Gigabyte P67A-D3-B3 NVIDIA GeForce 8400 GS  1x Corsair 8 GB 
Hard DriveHard DriveHard DriveOS
Kingston SV300S3 WesternDigital WD10EZEX Samsung HD154UI Windows 7 Ultimate SP1 x64 
MonitorMonitorKeyboardPower
Daewoo L947BK Gateway FPD1530 HTK-2001 Dynex DX-400WPS 
MouseAudio
Kensington K72400 Realtek ALC889 
  hide details  
Reply
post #7 of 11
Sounds fairly suspicious. Also, I've never heard of a "One time activation" Windows license. Do you mean it's OEM? In most cases you can reinstall on the same machine with no issues.
Fractal Fury
(9 items)
 
TJ08-e Reborn!
(12 items)
 
CPUMotherboardGraphicsRAM
i7-5930k ASRock X99m Killer AMD Radeon Fury X G-Skill Ripjaws 4 32Gb 
Hard DriveCoolingKeyboardPower
Kingston Hyper-X Predator M.2 Corsair H100i GTX Ducky Shine III (MX Blue) EVGA Supernova 750 G2 
Case
Fractal Node 804 
  hide details  
Reply
Fractal Fury
(9 items)
 
TJ08-e Reborn!
(12 items)
 
CPUMotherboardGraphicsRAM
i7-5930k ASRock X99m Killer AMD Radeon Fury X G-Skill Ripjaws 4 32Gb 
Hard DriveCoolingKeyboardPower
Kingston Hyper-X Predator M.2 Corsair H100i GTX Ducky Shine III (MX Blue) EVGA Supernova 750 G2 
Case
Fractal Node 804 
  hide details  
Reply
post #8 of 11
Do you have Geforce Experience installed? If so enable desktop capture and you can record after the fact with Shadowplay.
The New Recruit
(17 items)
 
An Old Soldier
(20 items)
 
Big Mama
(23 items)
 
CPUMotherboardGraphicsRAM
i5-3570K@4.2 P8Z68-V GEN3 MSI GTX 1070 Gaming X 8G 16 GB CORSAIR Vengeance 16GB (4 x 4GB) 240-Pin ... 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 3 120 Gb WD Caviar Black 1TB WD Caviar Blue 1TB ASUS 24X DVD Burner - Bulk 24X DVD+R 8X DVD+RW ... 
CoolingOSMonitorKeyboard
Cooler Master 212 EVO Windows 10 BenQ XL2730Z Maxkeyboard Nighthawk x9 
PowerCaseMouseMouse Pad
NZXT Hale82 750w  Corsair Carbide 400R Logitech G502 Proteus Core HIEN SOFT L Japan black | SAMURAI gaming mouse ... 
AudioAudioAudioOther
Creative SB X-Fi Titanium HD Pc 363d Klipsch ProMedia 2.1 BT epson wf 3540 
  hide details  
Reply
The New Recruit
(17 items)
 
An Old Soldier
(20 items)
 
Big Mama
(23 items)
 
CPUMotherboardGraphicsRAM
i5-3570K@4.2 P8Z68-V GEN3 MSI GTX 1070 Gaming X 8G 16 GB CORSAIR Vengeance 16GB (4 x 4GB) 240-Pin ... 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 3 120 Gb WD Caviar Black 1TB WD Caviar Blue 1TB ASUS 24X DVD Burner - Bulk 24X DVD+R 8X DVD+RW ... 
CoolingOSMonitorKeyboard
Cooler Master 212 EVO Windows 10 BenQ XL2730Z Maxkeyboard Nighthawk x9 
PowerCaseMouseMouse Pad
NZXT Hale82 750w  Corsair Carbide 400R Logitech G502 Proteus Core HIEN SOFT L Japan black | SAMURAI gaming mouse ... 
AudioAudioAudioOther
Creative SB X-Fi Titanium HD Pc 363d Klipsch ProMedia 2.1 BT epson wf 3540 
  hide details  
Reply
post #9 of 11
Check scheduled tasks manager and see if there isn't an entry that just ran when you see the blink.
I found mine there:
Quote:
adobe flash player updater scheduled task

Search task or schedule task in windows search to get to the task scheduler. It used to be in control panel in previous windows but dunno if it's still there past XP. Ah it's there under administrative tools.

It's usually some gorram updater that is a scheduled service or similar crap that runs at predefined times. And someone was so lazy that they made the updater a console application instead of a windowless application or a proper service in background.

You wouldn't believe the amount of garbage Google, Adobe, Intel, ... will install on your PC and hide in background. It's these huge corps that always have to have some scheduled task updater a service and a start up application sometimes even with it's own tray icon but they've learned that people see the tray and remove them so they started to be more sneaky and not use tray icons or at least do not allow to complete disable it from there.
Edited by JackCY - 6/29/16 at 3:55pm
post #10 of 11
Quote:
Originally Posted by JackCY View Post

You wouldn't believe the amount of garbage Google, Adobe, Intel, ... will install on your PC and hide in background. It's these huge corps that always have to have some scheduled task updater a service and a start up application sometimes even with it's own tray icon but they've learned that people see the tray and remove them so they started to be more sneaky and not use tray icons or at least do not allow to complete disable it from there.

    You got that right.  It's infuriating to see how bogged down some people's PCs get with these.  I wish Microsoft would force these vendors to use Windows Update and cut out all the silly bloat.
My desktop PC
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-3770K Gigabyte P67A-D3-B3 NVIDIA GeForce 8400 GS  1x Corsair 8 GB 
Hard DriveHard DriveHard DriveOS
Kingston SV300S3 WesternDigital WD10EZEX Samsung HD154UI Windows 7 Ultimate SP1 x64 
MonitorMonitorKeyboardPower
Daewoo L947BK Gateway FPD1530 HTK-2001 Dynex DX-400WPS 
MouseAudio
Kensington K72400 Realtek ALC889 
  hide details  
Reply
My desktop PC
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-3770K Gigabyte P67A-D3-B3 NVIDIA GeForce 8400 GS  1x Corsair 8 GB 
Hard DriveHard DriveHard DriveOS
Kingston SV300S3 WesternDigital WD10EZEX Samsung HD154UI Windows 7 Ultimate SP1 x64 
MonitorMonitorKeyboardPower
Daewoo L947BK Gateway FPD1530 HTK-2001 Dynex DX-400WPS 
MouseAudio
Kensington K72400 Realtek ALC889 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › CMD being run randomly?