3
Contributors
80
Replies
81
Views
7 Years
Discussion Span
Last Post by PhilliePhan
0

I have the same problem and none of the above solutions cured it. The 'Common' folder contains drivers for the HP 6110 printer. Moggie moonshin 5th. Nov

Please download and run HijackThis v2.0.4 - You can put it on your desktop. Normally, it shouldn't go there, but for our purposes that will work just fine.

-- Select the option to Do a system scan and save the logfile and then post that log for me.

Cheers :)
PP

0

Many thanks indeed. Here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:23:32 PM, on 11/6/2010
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Second Copy 8\SCVSSSvc.exe
C:\Program Files\Second Copy 8\SecCopy.exe
C:\Program Files\WordPerfect Office X3\Programs\wpwin13.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Maurice\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\system32\dxdllreg.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\Second Copy 8\SecCopy.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163364524281
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O17 - HKLM\System\CS3\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Second Copy VSS Service (SCVSSService) - Unknown owner - C:\Program Files\Second Copy 8\SCVSSSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 13578 bytes

0

Many thanks indeed. Here is the log:

Well . . .at quick glance, that looks OK.
There is definitely a borked or poorly formatted HP registry key in play here and we need to track it down.

-- Please download the attached peek.zip and extract peek.bat toi the Desktop.
-- Doubleclick peek.bat to run it. A log will pop up - please save that and copy&paste the peek.txt for me and we'll see if we can sort this out.

Cheers :)
PP

Edited by PhilliePhan: Removed poorly formatted reg file - Doh!

0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFaxAppPortStarter"="wfxsnt40.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"QuickFinder Scheduler"="\"C:\\Program Files\\WordPerfect Office X3\\Programs\\QFSCHD130.EXE\""
"pdfFactory Dispatcher v3"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis3a.exe\" /source=HKLM"
"KernelFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,6b,\
00,00,00
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"DXDllRegExe"="C:\\WINDOWS\\system32\\dxdllreg.exe"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"SoundMan"="SOUNDMAN.EXE"
"USBDetector"="C:\\USBStorage\\USBDetector.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\apdproxy.exe\""
"UVS10 Preload"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio SE DVD\\uvPL.exe"
"Standby"="\"c:\\Program Files\\Common Files\\Corel\\Standby\\Standby.exe\" -START"
"egui"="\"C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe\" /hide /waitservice"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
@=""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@=""
"Installed"="1"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DriverFinder"="C:\\Program Files\\DriverFinder\\DriverFinder.exe"
"Second Copy"="\"C:\\Program Files\\Second Copy 8\\SecCopy.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002

Volume in drive C is Local Drive
Volume Serial Number is 4870-F50A

Directory of C:\Documents and Settings\All Users\Start Menu\Programs\Startup

10/21/2010 08:04 PM <DIR> .
10/21/2010 08:04 PM <DIR> ..
10/21/2010 05:38 PM 1,819 HP Digital Imaging Monitor.lnk
10/21/2010 05:40 PM 809 HP Image Zone Fast Start.lnk
11/24/2008 09:43 PM 2,003 PolderbitS Audio Driver Monitor.lnk
04/05/2008 09:49 AM 1,798 Windows Search.lnk
4 File(s) 6,429 bytes
2 Dir(s) 78,749,380,608 bytes free
Volume in drive C is Local Drive
Volume Serial Number is 4870-F50A

Directory of C:\Documents and Settings\Maurice\Start Menu\Programs\Startup

09/19/2010 09:53 AM <DIR> .
09/19/2010 09:53 AM <DIR> ..
11/07/2010 08:21 AM 763 BBC iPlayer Desktop.lnk
1 File(s) 763 bytes
2 Dir(s) 78,749,380,608 bytes free
many thanks. I received your post today. MM

0

many thanks. I received your post today. MM

Happy to try to help.

Let's give this a go:

Please download the attached FixIt.zip.
-- RightClick it and extract FixIt.reg to the Desktop.
-- DoubleClick on FixIt.reg and allow it to merge into the registry.

Reboot and see if the "common" folder opens at startup.

Let me know how things went and if you encountered any problems along the way.

Best Luck :)
PP

0

Many thanks. However, when I re-booted, 'Common' still popped up.

OK - well this is not proving to be as simple as it should be.

A few things we can try:

1 - Move HijackThis.exe to C:\Program Files\HijackThis.
You will need to create the C:\Program Files\HijackThis folder and then place the HJT executable in there.

-- Run HJT and do a System scan only.
-- Check the boxes for the following:

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

Then, click "FIX Checked."

Reboot and see if the problem remains. Let me know how you fare. Bear in mind that you will lose the functionality of these keys and will have to manually update, etc... At the very least, doing this will rule them in or out as the culprit.

If that fails, you can also try uninstalling and then re-installing the printer, though, since the problem seems to be with the HP software, doing this may not help.


Cheers :)
PP

0

I did the system scan only as you suggested. In fact I did it twice, but the lines 04- HP software update and 04 .. HP component manager did not appear in the list

0

Ah... that is because PP's fixit worked for you - it ws scripted to remove those entries from registry, and so they no longer appear in hijackthis.
What, actually, are the contents of that common folder? And what is its full path? A quick way to kill both those birds is to use "dir" in the cmd window, and then to copy the cmd window contents, paste here.
Cmd copy etc functions are exposed by rclicking inside the top border of the cmd window. Copy is a bit weird... you can just use Select All, and Copy [by rclicking in the border again.. sigh...] or you can select only what you wish to copy by first using Select all, and then mousing to select the region you really want. Just something more to convince me that the M$ developers rarely talk to each other.

Edited by gerbil: n/a

0

02/12/2008 09:30 AM 28,672 vidcap.ax
08/29/2002 12:00 PM 75 View Channels.scf
10/04/2001 02:50 PM 991,232 virtear.dll
08/29/2002 12:00 PM 4,608 vjoy.dll
02/28/2003 06:26 PM 286,992 vmhelper.dll
01/05/1999 03:30 PM 225,280 VSFLEX3.OCX
08/29/2002 12:00 PM 33,792 vssadmin.exe
02/12/2008 09:29 AM 430,592 vssapi.dll
02/12/2008 09:29 AM 289,792 vssvc.exe
05/13/2005 06:20 PM 144 vssver.scc
08/29/2002 12:00 PM 16,896 vss_ps.dll
11/24/2009 12:50 PM 39,672 vxblock.dll
02/12/2008 09:29 AM 175,104 w32time.dll
08/29/2002 12:00 PM 49,664 w32tm.exe
08/29/2002 12:00 PM 22,016 w32topl.dll
02/12/2008 09:29 AM 15,872 w3ssl.dll
02/11/2008 09:48 PM 17,664 watchdog.sys
04/16/2003 05:00 PM 73,728 wavdest.ax
02/12/2008 09:29 AM 215,552 wavemsp.dll
08/29/2002 12:00 PM 65,489 wbcache.deu
08/29/2002 12:00 PM 65,489 wbcache.enu
08/29/2002 12:00 PM 65,489 wbcache.esn
08/29/2002 12:00 PM 65,489 wbcache.fra
08/29/2002 12:00 PM 65,489 wbcache.ita
08/29/2002 12:00 PM 65,489 wbcache.nld
08/29/2002 12:00 PM 65,489 wbcache.sve
08/29/2002 12:00 PM 1,309,184 wbdbase.deu
08/29/2002 12:00 PM 957,440 wbdbase.enu
08/29/2002 12:00 PM 750,080 wbdbase.esn
08/29/2002 12:00 PM 786,944 wbdbase.fra
08/29/2002 12:00 PM 867,840 wbdbase.ita
08/29/2002 12:00 PM 1,095,680 wbdbase.nld
08/29/2002 12:00 PM 937,984 wbdbase.sve
10/14/2010 07:07 PM <DIR> wbem
10/18/2006 08:47 PM 4,096 wdfapi.dll
10/18/2006 08:58 PM 8,704 wdfmgr.exe
02/12/2008 09:29 AM 49,152 wdigest.dll
08/29/2002 12:00 PM 4,096 wdl.trm
02/12/2008 09:30 AM 23,552 wdmaud.drv
09/11/2001 02:20 PM 30,208 wdmioctl.dll
03/08/2009 03:34 AM 236,544 webcheck.dll
02/12/2008 09:29 AM 68,096 webclnt.dll
07/17/2004 11:35 AM 1,326,080 webfldrs.msi
08/29/2002 12:00 PM 40,448 webhits.dll
02/12/2008 09:29 AM 135,680 webvw.dll
02/12/2008 09:29 AM 65,024 wextract.exe
08/29/2002 12:00 PM 13,600 wfwnet.drv
09/28/2000 11:58 PM 131,072 WFXMNT40.DLL
09/28/2000 11:58 PM 132,608 WFXMNTHQ.DLL
09/28/2000 11:58 PM 43,008 WFXSNT40.EXE
09/28/2000 11:58 PM 129,536 WFXSVC.EXE
02/15/2007 06:00 PM 236,928 WgaLogon.dll
02/15/2007 06:01 PM 336,768 WgaTray.exe
02/12/2008 09:29 AM 433,664 wiaacmgr.exe
02/12/2008 09:29 AM 463,360 wiadefui.dll
02/12/2008 09:29 AM 124,416 wiadss.dll
02/12/2008 09:29 AM 75,776 wiascr.dll
02/12/2008 09:29 AM 333,824 wiaservc.dll
08/29/2002 12:00 PM 40,448 wiasf.ax
02/12/2008 09:29 AM 589,312 wiashext.dll
02/12/2008 09:29 AM 111,104 wiavideo.dll
08/29/2002 12:00 PM 145,408 wiavusd.dll
08/29/2002 12:00 PM 9,216 wifeman.dll
08/29/2002 12:00 PM 18,432 win.com
02/11/2008 10:35 PM 1,843,968 win32k.sys
02/12/2008 09:29 AM 102,400 win32spl.dll
08/29/2002 12:00 PM 13,312 win87em.dll
02/12/2008 09:28 AM 79,360 winar30.ime
02/11/2008 07:39 PM 1,647,616 winbrand.dll
08/29/2002 12:00 PM 35,328 winchat.exe
01/23/2010 11:17 AM <DIR> windows media
07/11/2008 08:55 AM 712,704 windowscodecs.dll
07/11/2008 08:55 AM 347,648 windowscodecsext.dll
08/29/2002 12:00 PM 9,216 winfax.dll
03/08/2009 03:34 AM 208,384 WinFXDocObj.exe
02/12/2008 09:28 AM 72,704 WINGB.IME
08/29/2002 12:00 PM 32,674 winhelp.hlp
08/29/2002 12:00 PM 8,192 winhlp32.exe
02/12/2008 09:29 AM 354,304 winhttp.dll
02/12/2008 09:28 AM 65,536 winime.ime
03/08/2009 03:34 AM 914,944 wininet.dll
02/12/2008 09:29 AM 32,256 winipsec.dll
02/12/2008 09:29 AM 507,904 winlogon.exe
08/29/2002 12:00 PM 119,808 winmine.exe
02/12/2008 09:29 AM 176,128 winmm.dll
08/29/2002 12:00 PM 11,776 winmsd.exe
08/29/2002 12:00 PM 5,120 winnls.dll
02/12/2008 09:28 AM 756,224 winntbbu.dll
08/29/2002 12:00 PM 2,080 winoldap.mod
02/12/2008 09:28 AM 156,672 WINPY.IME
08/29/2002 12:00 PM 1,783,864 WINPY.MB
02/12/2008 09:29 AM 16,896 winrnr.dll
11/12/2006 03:08 PM <DIR> wins
02/12/2008 09:29 AM 99,328 winscard.dll
02/12/2008 09:29 AM 17,408 winshfhc.dll
08/29/2002 12:00 PM 2,864 winsock.dll
02/12/2008 09:28 AM 156,672 WINSP.IME
08/29/2002 12:00 PM 1,564,868 WINSP.MB
02/12/2008 09:30 AM 146,432 winspool.drv
08/29/2002 12:00 PM 2,112 winspool.exe
02/12/2008 09:29 AM 293,376 winsrv.dll
02/12/2008 09:29 AM 53,760 winsta.dll
08/29/2002 12:00 PM 18,944 winstrm.dll
02/12/2008 09:29 AM 176,640 wintrust.dll
02/12/2008 09:29 AM 5,632 winver.exe
02/12/2008 09:28 AM 156,672 WINZM.IME
08/29/2002 12:00 PM 1,223,500 WINZM.MB
08/21/2002 04:13 AM 189,952 WISPTIS.EXE
02/28/2003 06:26 PM 171,792 wjview.exe
02/12/2008 09:29 AM 132,096 wkssvc.dll
02/12/2008 09:29 AM 69,120 wlanapi.dll
02/12/2008 09:29 AM 172,032 wldap32.dll
02/12/2008 09:29 AM 92,672 wlnotify.dll
10/18/2006 08:47 PM 757,248 WMADMOD.dll
10/18/2006 08:47 PM 1,117,696 WMADMOE.dll
10/27/2007 05:40 PM 222,720 wmasf.dll
10/18/2006 08:47 PM 33,792 wmdmlog.dll
10/18/2006 08:47 PM 37,376 wmdmps.dll
10/18/2006 08:47 PM 429,056 wmdrmdev.dll
10/18/2006 08:47 PM 348,672 wmdrmnet.dll
10/18/2006 08:47 PM 535,040 wmdrmsdk.dll
08/29/2002 12:00 PM 51,200 wmerrenu.dll
10/18/2006 08:47 PM 227,328 wmerror.dll
02/12/2008 09:28 AM 5,632 wmi.dll
10/18/2006 08:47 PM 157,184 wmidx.dll
08/29/2002 12:00 PM 89,600 wmidx.ocx
08/29/2002 12:00 PM 63,488 wmimgmt.msc
08/29/2002 12:00 PM 18,944 wmiprop.dll
10/18/2006 08:47 PM 937,984 wmnetmgr.dll
06/11/2007 10:51 PM 10,834,944 wmp.dll
02/12/2008 09:28 AM 20,480 wmp.ocx
10/18/2006 08:47 PM 242,688 wmpasf.dll
02/12/2008 09:29 AM 20,480 wmpcd.dll
02/12/2008 09:29 AM 20,480 wmpcore.dll
10/18/2006 08:47 PM 314,880 wmpdxm.dll
10/18/2006 08:47 PM 295,936 wmpeffects.dll
10/18/2006 08:47 PM 1,661,440 wmpencen.dll
02/12/2008 09:29 AM 276,992 wmphoto.dll
10/18/2006 08:47 PM 8,231,936 wmploc.dll
10/18/2006 08:47 PM 613,376 wmpmde.dll
08/04/2004 12:56 AM 221,184 wmpns.dll
10/18/2006 08:47 PM 130,048 wmpps.dll
11/12/2006 03:30 PM 25,065 wmpscheme.xml
10/18/2006 08:47 PM 99,840 wmpshell.dll
10/18/2006 08:47 PM 204,288 wmpsrcwp.dll
08/29/2002 12:00 PM 77,824 wmpstub.exe
02/12/2008 09:29 AM 20,480 wmpui.dll
10/18/2006 08:47 PM 4,096 wmsdmod.dll
02/12/2008 09:29 AM 115,200 wmsdmoe.dll
10/18/2006 08:47 PM 4,096 wmsdmoe2.dll
11/06/2002 02:10 AM 167,936 wmserror.dll
10/18/2006 08:47 PM 603,648 WMSPDMOD.dll
10/18/2006 08:47 PM 1,329,152 WMSPDMOE.dll
02/12/2008 09:29 AM 303,616 wmstream.dll
08/29/2002 12:00 PM 311,327 wmv8dmod.dll
02/12/2008 09:30 AM 278,559 wmv8ds32.ax
10/18/2006 08:47 PM 4,096 WMVADVD.dll
10/18/2006 08:47 PM 4,096 WMVADVE.DLL
10/18/2006 08:47 PM 2,450,944 wmvcore.dll
08/29/2002 12:00 PM 1,677,312 wmvcore2.dll
10/18/2006 08:47 PM 1,543,680 WMVDECOD.dll
10/18/2006 08:47 PM 4,096 wmvdmod.dll
08/29/2002 12:00 PM 446,464 wmvdmoe.dll
10/18/2006 08:47 PM 4,096 wmvdmoe2.dll
02/12/2008 09:30 AM 258,048 wmvds32.ax
10/18/2006 08:47 PM 1,574,912 WMVENCOD.dll
10/18/2006 08:47 PM 1,382,912 WMVSDECD.dll
10/18/2006 08:47 PM 767,488 WMVSENCD.dll
10/18/2006 08:47 PM 656,896 WMVXENCD.dll
02/12/2008 09:29 AM 264,192 wow32.dll
08/29/2002 12:00 PM 2,736 wowdeb.exe
08/29/2002 12:00 PM 10,368 wowexec.exe
08/29/2002 12:00 PM 3,200 wowfax.dll
08/29/2002 12:00 PM 13,824 wowfaxui.dll
11/12/2006 06:44 PM 13,756 wpa.bak
11/09/2010 03:59 PM 13,756 wpa.dbl
02/12/2008 09:29 AM 32,256 wpabaln.exe
10/18/2006 08:47 PM 35,840 wpdconns.dll
10/18/2006 08:47 PM 154,624 wpdmtp.dll
10/18/2006 08:47 PM 63,488 wpdmtpus.dll
10/18/2006 08:47 PM 2,603,008 WpdShext.dll
10/18/2006 07:00 PM 17,408 wpdshextautoplay.exe
10/18/2006 09:47 PM 38,400 wpdshextres.dll
10/18/2006 08:47 PM 133,632 WPDShServiceObj.dll
10/18/2006 08:47 PM 356,352 wpdsp.dll
10/18/2006 08:47 PM 629,760 wpd_ci.dll
02/12/2008 09:29 AM 11,264 wpnpinst.exe
08/29/2002 12:00 PM 5,632 write.exe
02/12/2008 09:29 AM 19,968 ws2help.dll
02/12/2008 09:29 AM 82,432 ws2_32.dll
02/12/2008 09:29 AM 13,824 wscntfy.exe
02/12/2008 09:30 AM 155,648 wscript.exe
02/12/2008 09:29 AM 80,896 wscsvc.dll
02/12/2008 09:30 AM 148,480 wscui.cpl
08/29/2002 12:00 PM 9,216 wshatm.dll
02/12/2008 09:29 AM 108,032 wshbth.dll
02/12/2008 09:29 AM 36,864 wshcon.dll
02/12/2008 09:29 AM 90,112 wshext.dll
02/12/2008 09:29 AM 14,336 wship6.dll
08/29/2002 12:00 PM 11,776 wshisn.dll
08/29/2002 12:00 PM 7,168 wshnetbs.dll
02/12/2008 09:28 AM 135,168 wshom.ocx
02/12/2008 09:29 AM 11,264 wshrm.dll
02/12/2008 09:29 AM 19,456 wshtcpip.dll
02/12/2008 09:29 AM 41,984 wsnmp32.dll
02/12/2008 09:29 AM 22,528 wsock32.dll
02/12/2008 09:29 AM 50,688 wstdecod.dll
02/12/2008 09:29 AM 18,432 wtsapi32.dll
08/06/2009 06:23 PM 575,704 wuapi.dll
08/06/2009 06:24 PM 15,064 wuapi.dll.mui
08/06/2009 06:24 PM 53,472 wuauclt.exe
05/26/2005 04:16 AM 172,312 wuauclt1.exe
08/06/2009 06:24 PM 217,816 wuaucpl.cpl
08/06/2009 06:24 PM 15,072 wuaucpl.cpl.mui
08/06/2009 06:23 PM 1,929,952 wuaueng.dll
08/06/2009 06:24 PM 17,632 wuaueng.dll.mui
05/26/2005 04:16 AM 194,328 wuaueng1.dll
02/12/2008 09:29 AM 6,656 wuauserv.dll
08/06/2009 06:24 PM 327,896 wucltui.dll
08/06/2009 06:24 PM 21,728 wucltui.dll.mui
09/28/2006 07:13 PM 95,344 WUDFCoinstaller.dll
09/28/2006 05:56 PM 146,432 WudfHost.exe
09/28/2006 05:56 PM 165,376 WudfPlatform.dll
09/28/2006 05:56 PM 55,808 WudfSvc.dll
09/28/2006 05:56 PM 316,416 WUDFx.dll
08/29/2002 12:00 PM 32,256 wupdmgr.exe
08/06/2009 06:24 PM 35,552 wups.dll
08/06/2009 06:24 PM 44,768 wups2.dll
08/06/2009 06:24 PM 209,632 wuweb.dll
02/12/2008 09:29 AM 383,488 wzcdlg.dll
02/12/2008 09:29 AM 52,736 wzcsapi.dll
02/12/2008 09:29 AM 483,840 wzcsvc.dll
02/03/2006 08:41 AM 14,032 x3daudio1_0.dll
03/05/2007 12:42 PM 15,128 x3daudio1_1.dll
10/22/2007 03:37 AM 17,928 X3DAudio1_2.dll
03/05/2008 04:00 PM 25,608 X3DAudio1_3.dll
05/30/2008 02:17 PM 25,608 X3DAudio1_4.dll
10/27/2008 10:04 AM 23,376 X3DAudio1_5.dll
03/16/2009 02:18 PM 22,360 X3DAudio1_6.dll
02/03/2006 08:42 AM 230,096 xactengine2_0.dll
03/31/2006 12:39 PM 229,584 xactengine2_1.dll
10/22/2007 03:39 AM 267,272 xactengine2_10.dll
05/31/2006 07:24 AM 230,168 xactengine2_2.dll
07/28/2006 09:30 AM 236,824 xactengine2_3.dll
09/28/2006 04:05 PM 237,848 xactengine2_4.dll
12/08/2006 12:02 PM 251,672 xactengine2_5.dll
01/24/2007 03:27 PM 255,848 xactengine2_6.dll
04/04/2007 06:55 PM 261,480 xactengine2_7.dll
06/20/2007 08:46 PM 266,088 xactengine2_8.dll
07/20/2007 12:57 AM 267,112 xactengine2_9.dll
03/05/2008 04:03 PM 238,088 xactengine3_0.dll
05/30/2008 02:18 PM 238,088 xactengine3_1.dll
07/31/2008 10:41 AM 238,088 xactengine3_2.dll
10/27/2008 10:04 AM 235,856 xactengine3_3.dll
03/16/2009 02:18 PM 235,352 xactengine3_4.dll
09/04/2009 05:44 PM 238,936 xactengine3_5.dll
02/12/2008 09:29 AM 91,648 xactsrv.dll
05/30/2008 02:17 PM 65,032 XAPOFX1_0.dll
07/31/2008 10:41 AM 68,616 XAPOFX1_1.dll
10/27/2008 10:04 AM 70,992 XAPOFX1_2.dll
09/04/2009 05:44 PM 69,464 XAPOFX1_3.dll
03/05/2008 04:03 PM 479,752 XAudio2_0.dll
05/30/2008 02:19 PM 507,400 XAudio2_1.dll
07/31/2008 10:40 AM 509,448 XAudio2_2.dll
10/27/2008 10:04 AM 514,384 XAudio2_3.dll
03/16/2009 02:18 PM 517,448 XAudio2_4.dll
09/04/2009 05:44 PM 515,416 XAudio2_5.dll
01/19/2010 11:41 AM 634,560 XceedZip.dll
02/12/2008 09:30 AM 30,720 xcopy.exe
07/17/2004 11:39 AM 174,200 xenroll.dll
03/31/2006 12:39 PM 62,672 xinput1_1.dll
07/28/2006 09:30 AM 62,744 xinput1_2.dll
04/04/2007 06:53 PM 81,768 xinput1_3.dll
12/05/2005 06:07 PM 61,136 xinput9_1_0.dll
11/12/2006 03:25 PM <DIR> xircom
08/29/2002 12:00 PM 28,288 xjis.nls
11/17/2003 11:16 AM 32,768 XLLDFRequest2.dll
03/25/2008 04:53 AM 56,320 xmlfilter.dll
01/07/2009 05:21 PM 121,856 xmllite.dll
02/12/2008 09:29 AM 129,024 xmlprov.dll
02/12/2008 09:29 AM 50,176 xmlprovi.dll
02/12/2008 09:29 AM 11,776 xolehlp.dll
02/11/2008 08:56 PM 438,784 xpob2res.dll
02/11/2008 08:56 PM 187,392 xpsp1res.dll
02/11/2008 08:56 PM 2,897,920 xpsp2res.dll
02/11/2008 08:56 PM 689,152 xpsp3res.dll
07/06/2008 12:06 PM 575,488 xpsshhdr.dll
07/06/2008 12:06 PM 1,676,288 xpssvcs.dll
01/27/2010 08:41 PM <DIR> XPSViewer
02/12/2008 09:29 AM 338,432 zipfldr.dll
02/28/2003 04:38 PM 113 zonedoff.reg
02/28/2003 04:38 PM 113 zonedon.reg
01/28/2010 05:22 PM 72 ??
12/06/2009 10:49 PM 36 ?ê
01/29/2010 06:01 PM 36 ??
01/26/2010 01:00 PM 36 ??
2448 File(s) 624,154,517 bytes
52 Dir(s) 78,465,142,784 bytes free

C:\WINDOWS\system32> I actually managed to do it ! Also the path of 'Comm0n' is C:\Program files\ HP and the files within that folder are a lot of .dll ones, and IPAQ and device detection. Moggie

0

Ah... that is because PP's fixit worked for you - it ws scripted to remove those entries from registry, and so they no longer appear in hijackthis.

Actually, it was very poorly scripted by me. I wasn't paying close enough attention when returning the keys with a slight modification. That didn't take.

-- What it does tell us, though, is that since those keys were deleted and the problem still occurred, they were not the culprit......

Let's return those deleted keys so that you don't lose their functionality:
Please download the attached RestoreIt.zip.
-- RightClick it and extract RestoreIt.reg to the Desktop.
-- DoubleClick on RestoreIt.reg.reg and allow it to merge into the registry.


-- Hey Gerbil, what are you onto? What am I missing?

PP:)

0

I'm onto a hiding to nothing, PP. :) And us perfect scripters will let you off this time.
Personally, I think HP hates M$ with some great passion. Those dlls obv don't conform, hence the private "common" folder. I guess there is an error somewhere in that folder, or the calling of some content, and its popping to the desktop is just showing that. I don't have a solution, bar repairing that HP software.
Anyway.. er, moggie, that is a dir of system32, not Hp's common. Try pasteing this into the cmd line:
dir "C:\Program files\HP\Common">c:\XXcopycommon.txt /a /s /og
- give us the contents of that file in C: root.

0

I am getting out of my depth. The only command line that I have open is C:\documents and Settings and I do not know how to change this to C:Program files\Common. This is the correct path of the folder that is causing the problems. I made a mistake in previous postings because there are 3 other 'Common' folder. This 'Common' folder contains another - 'Drivers' and the contents of that are 3 more folders - com_os, win2k_xp and win9x_mc. The contents of these 3 folders are most;y DL files, some EX and one DR, the maximum size is 155 kb

0

I don't wish to take over from PP here, simply because as i stated before i don't have a definitive answer to the problem. But your cmd window plaint I can address:
You do not have to change the prompt of C:\Docs n Setts\You> to anything else at this time, simply open a cmd window and rclick anywhere in it, and paste [or type] in that line i gave...
dir "C:\Program files\HP\Common">c:\XXcopycommon.txt /a /s /og
That will do it for you.
A lesson - to change that prompt to C:\> simply type cd\ [and press enter]. To change to another drive or partition you must inform it that you are doing so with the /d parameter, and type, say..
cd /d e:\
or... cd /d d:\work or cd /d "d:\my work" - the "" are because of the space; no "" and my will be considered the filename and work a parameter. cd is exactly similar to chdir. Another... cd c:\"program files"
Look, it's all fun, and to discover more just type help. For info on a specific command type eg. dir /? or dir help. You are welcome to ignore that lesson, too. Folks make it through life without knowing any of it. They are the lucky ones.

0

Thank you and I have changed the directory to C:\Program files and then typed:
dir "C:\Program Files\Common">c:\XXcopycommon.txt/a/s/og and I get the message
The system cannot find the path specified

0

In cases such as this, 90% of the time it is a bad registry value that is responsible.

-- Did you try uninstalling and re-installing the printer?

At this point, we can resort to some "trial and error." Some would use msconfig - after all, that's what it is there for - but you can also use HijackThis.

Run HijackThis and do a System Scan Only
-- Place a check in the box for each of the 04 entries and click "Fix Checked."
Reboot and let us know if the common folder opens at startup.

Also, do a fresh HijackThis scan after rebooting and save the log and post it for us so we can verify it was done correctly and we'll go from there.

PP:)

Edited by PhilliePhan: Clarification

0

Reply to PP: Many thanks. This has solved the problem. I note that it has also deleted everything from the system tray except the Lan status. Herewith the log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:16:14 PM, on 11/10/2010
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Second Copy 8\SCVSSSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Maurice\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163364524281
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O17 - HKLM\System\CS3\Services\Tcpip\..\{6A0B2AEA-0947-46A2-A914-7B4DD4EF7DB7}: NameServer = 212.74.112.66,212.74.112.67
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Second Copy VSS Service (SCVSSService) - Unknown owner - C:\Program Files\Second Copy 8\SCVSSSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 8254 bytes

0

Reply to Nocindy: I also run Second copy, version 8. I have installed this twice and even release 2 causes problems in that one cannot shut down Windows Xp and run Second copy automatically. Also the Secondcopy icon does not go appear in the system tray. The solution for this is to revert to version 7, which has, for me at least, presented no problems. However, my current problem with the C:Program Files/Common appearing at start-up was occasioned by installing drivers for the HP 6100 All-in-one and may be connected with the fact that I still have the HP 5500 installed as a back-up printer. Who knows? Certainly HP are not interested.

Moggie moonshin

0

Reply to PP: Many thanks. This has solved the problem. I note that it has also deleted everything from the system tray except the Lan status.

Actually, that really hasn't "solved" anything - rather, we have confirmed that one of those keys that we removed is indeed the culprit.
Now, we need to restore all the working ones so you get their functionality back while we pinpoint the bad one and deal with it accordingly....

However, my current problem with the C:/Program Files/Common appearing at start-up was occasioned by installing drivers for the HP 6100 All-in-one and may be connected with the fact that I still have the HP 5500 installed as a back-up printer. Who knows? Certainly HP are not interested.

Yup - I think you are onto something there - that is probably the cause....


Now, let's pinpoint the problem:

-- Run HijackThis and click Open the Misc Tools section.
-- Where it says Configuration, click the Backups button.
You'll see the items you "fixed" with HJT.
You'll need to select them and Restore them by clicking the Restore button. You will also need to Reboot after each restoration to see when the problem returns.
You can do this one by one or in small groups of two or three. Obviously the small groups would be less tedious since you need to reboot each time.

When the problem returns, you can use HJT to "Fix" (remove) the keys in the group you just restored one by one (rebooting each time) until you pinpoint the bad entry.

Let us know which entry that is and we'll try to fix it.

Yeah, I know . . . what a tedious pain in the @$$!!! But, I figure by now it's probably become a personal badge of honor for you to defeat this thing. . . .

PP :)

0

You missed the HP directory in that line. You can copy/paste in a cmd window. No matter, PP'll see you right. It'll probably come down to dll confusion.

Edited by gerbil: n/a

0

You missed the HP directory in that line. You can copy/paste in a cmd window. No matter, PP'll see you right. It'll probably come down to dll confusion.

Dear Gerbil,

I think that I am right. There are several 'common' folders and one is a sub-folder of 'HP'. However, the one that is causing the trouble is C:\Program Files\Common.

Yours Moggie

0

Of course you ae correct, moggie, I just reread your post at top of Page 3. Sometimes I don't read correctly, but skip and jump to conclusions. That's always bad. So I looked at your post again, you are missing a space before the first parameter. Should be...
dir "C:\Program Files\Common">c:\XXcopycommon.txt /a/s/og -there is a space before the /a
I only jumped in to save you waiting for PP on a point... I didn't even read your HT log until just now.. You should run an AVG removal tool, there are still a few traces of your old AV there.
Ah, reading back further, I picked up that incorrect path from the post with your system32 dir log : "Also the path of 'Comm0n' is C:\Program files\ HP and the files within that folder are"... and then misread your correction. No problem.
Oh, a small point which may save you some time. The quickest way to pinpoint using PP's O4 entry restoration is to restore half of them, then depending upon the result you either restore half the remaining or remove half the originals, and so on.

Edited by gerbil: n/a

0

Oh, a small point which may save you some time. The quickest way to pinpoint using PP's O4 entry restoration is to restore half of them, then depending upon the result you either restore half the remaining or remove half the originals, and so on.

Agreed - much quicker than my method.

-- I am curious as to which 04 is causing the issue. I only looked at the HP entries that pointed to Program Files rather than Startup..... Well, I guess we'll see soon enough.

PP:)

0

Dear PP and Gerbil, Many thanks for all your help. I am sorry that I have replied only now. This is because I am also coping with the demolition last week of my conservatory and all the dining furniture in it by a stolen vehicle, i.e. getting quotes, seeing surveyors etc.

I followed your advice, Gerbil, and Backed up half, and then half again, re-booting each time. Actually as an Operations Research Scientist I ought to have remembered that this is one of the standard procedures in Search Theory. However, somehow or other the problem disappeared and did not re-appear even when I got down to the last '04' entry and so I cannot pinpoint what was causing 'Common' to show at start-up. I am grateful indeed to you both.

However, another problem is current as well and so perhaps I ought to start a hew thread:

CHECKDISK I RUNS ON BOOTING

I is part of a portable hard drive on which I back up important files once a day and at shut down. I use Second Copy version 7 (not 8, because that has glitches in it). CHECKDISK runs and shows no errors, but next time that I boot up, it runs again.

0

Dear PP and Gerbil.

I forgot to add that as Gerbil suggested, I did run 2 AVG remove programs, but even they left 50 AVG files in place, which I removed by hand.

Also, although 'Common' now does not open at start-up, the ESET anti-virus window does not open either and the ESET icon does not appear in the system tray. I assume that this is a result of all these machinations and I suppose that I had best re-install ESET ?

Moggie moonshin

0

Dear PP and Gerbil, Many thanks for all your help. I am sorry that I have replied only now. This is because I am also coping with the demolition last week of my conservatory and all the dining furniture in it by a stolen vehicle, i.e. getting quotes, seeing surveyors etc.

That has to be a real hassle!

No worries on our side - we forum veterans are used to sporadic replies and realize that "real life" always takes precedence...
The only time that they are problematic is when a poster is doing all sorts of "fixes" on their own in between those replies - that just serves to confuse us.

I followed your advice, Gerbil, and Backed up half, and then half again, re-booting each time. Actually as an Operations Research Scientist I ought to have remembered that this is one of the standard procedures in Search Theory. However, somehow or other the problem disappeared and did not re-appear even when I got down to the last '04' entry and so I cannot pinpoint what was causing 'Common' to show at start-up. I am grateful indeed to you both.

That is indeed odd, given that all we did was remove a bunch of registry keys and then put them back just as they were.... Oh, well - sometimes it is better not to question the how or why and just keep our fingers crossed that the change sticks ;)

However, another problem is current as well and so perhaps I ought to start a hew thread:
CHECKDISK I RUNS ON BOOTING

Let's stay in this thread - it will be easier for Gerbil and Me to keep track of things that way. What I will do is split off your part from the original thread, though.
There are a number of possibilities here - when did this start to occur?

Most likely, this is the case:

If a volume's dirty bit is set, this indicates that the file system may be in an inconsistent state. The dirty bit can be set because the volume is online and has outstanding changes, because changes were made to the volume and the computer shutdown before the changes were committed to disk, or because corruption was detected on the volume. If the dirty bit is set when the computer restarts, chkdsk runs to verify the consistency of the volume.

Every time Windows XP starts, Autochk.exe is called by the Kernel to scan all volumes to check if the volume dirty bit is set. If the dirty bit is set, autochk performs an immediate chkdsk /f on that volume. Chkdsk /f verifies file system integrity and attempts to fix any problems with the volume.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/fsutil_dirty.mspx?mfr=true

What we will have to do is remove the dirty bit setting.

** First, open a command prompt (START > RUN > CMD > Enter)
Type fsutil dirty query I: ENTER

Does the Volume return dirty?

Let us know.

he ESET anti-virus window does not open either and the ESET icon does not appear in the system tray. I assume that this is a result of all these machinations and I suppose that I had best re-install ESET ?

I do not believe a reinstall is necessary as all we did was remove and replace the reg key that corresponds to the system tray. The last HJT log showed the AV running properly. Try this:
Go into Task Manager (Ctrl-Alt-Del) and look under the Processes tab if egui.exe is listed.
If it is, RightClick it and End Process. Then click File and where it says New Task, type egui.exe and ENTER - See if that works.

Alternatively, just starting your AV GUI via Start Menu or Program Files may accomplish the same thing...

Best :)
PP

Edited by PhilliePhan: Poor Grammar.... geez

0

Dear PP and Gerbil,

Many thanks again. As to the first question, I ran fsutil and the answer returned was 'dirty'. Actually this running of CHKDISK is not on every start-up now.

As to the second issue, I went into task manager and egui.exe was not listed. By the way this is part of ESET, not AVG.
Last night I had looked on the ESET Help site on the web and it advised putting the egui icon in the start up folder which I did. This did not bring up the egui icon in the system tray as it should. Instead I got the error message 'error communicating with kernel'

The Help site then advised about this error message that I should do Srart , Run, services.msc, verify that the service type was set to automatic and that Service Status reads 'started' which I did, and then to click 'apply'. I could not do this, because 'Apply' was greyed out.Then the Help site said that perhaps I had a virus and I should download ESET Special Cleaner, which I did and ran it, but the same problem recurred; i.e. I still got the 'problem communicating with kernel' message on screen

So, to return to tonight, after having tried the Task Manager, I then did Start, Run and typed in the correct path for equi.exe, but it said
'cannot find C:\Program files\ESET|ESET Smart Security. I then browsed to the
correct folder and 'Run' did open it.However the equi icon appears at the left of the system tray, when according to ESET, it should appear next to the clock. So one is left with the problem that ESET does not open automatically. Your advice will be gratefully received - perhaps it will be to re-install ESET

Moggie moonshin

0

Your advice will be gratefully received - perhaps it will be to re-install ESET

It would probably be quickest / easiest / most effective to completely uninstall the AV and re-install it. I don't like messing with AV for obvious reasons.

Even though your logs showed it to be OK, I think that for peace of mind a reinstall is called for.....


RE: Dirty Bit - I would think that a thorough run of chkdsk would remove this, though the process can run for a bit, depending on the size of the drive - we're talking (possibly many) hours here.

First, open a command prompt and type chkntfs /x I: Enter
-- Reboot
then, open a command prompt and type chkdsk I: /x

Let that run and hopefully it will remove the dirty bit - you can repeat the query procedure to verify this.

You may want to do this before re-installing Eset...


Let us know if you run into any issues along the way.

Cheers :)
PP

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.