Solved

common/bin opens on boot

Posted on 2004-08-27
10
706 Views
Last Modified: 2012-06-27
Hi,

A common/bin folder (empty at that) opens on boot on my winXP system, it used to only happen on one of my systems, but after I installed SP2 a few days ago, it's happening on both. I think it MAY have to do with Norton Antivirus, since I updated that at the same time on both systems, but I'm really not sure... I can't nail it down looking through my startup options =/ (Originally I thought it was something to do with guildftpd cos it showed up right around installing that.. but that only runs on one of the boxes anyways ;) )

Any help appreciated.

This is a listing from msinfo32 startup section edited only for usernames

ASUS Probe      c:\program files\asus\probe\asusprob.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Acrobat Assistant      c:\progra~1\adobe\acroba~1.0\distillr\acrotray.exe      All Users      Common Startup
Adobe Gamma Loader      c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe      All Users      Common Startup
BackgroundSwitcher      c:\windows\system32\bgswitch.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE      c:\windows\system32\ctfmon.exe      NT AUTHORITY\LOCAL SERVICE      HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE      c:\windows\system32\ctfmon.exe      NT AUTHORITY\NETWORK SERVICE      HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CoolSwitch      c:\windows\system32\taskswitch.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EM_EXEC      c:\progra~1\logitech\mousew~1\system\em_exec.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Logitech Desktop Messenger      c:\progra~1\logitech\deskto~1\8876480\program\ldmconf.exe /start      All Users      Common Startup
Miranda IM      c:\progra~1\mirand~1\mirand~1.exe      All Users      Common Startup
NVRT            All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroCheck      c:\windows\system32\nerocheck.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon      rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter      rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit      NT AUTHORITY\SYSTEM      HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter      rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit      .DEFAULT      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter      rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Popup Ad Filter      c:\program files\meaya\popup ad filter\popfilter.exe      USERNAME\S-1-5-21-1547161642-1935655697-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task      "c:\program files\quicktime\qttask.exe" -atboottime      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SSC_UserPrompt      c:\program files\common files\symantec shared\security center\usrprmpt.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TCASUTIEXE      tcaudiag.exe -on      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ToUcamVProperty      c:\program files\philips toucam camera\vproperty.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tweak UI      rundll32.exe tweakui.cpl,tweakmeup      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
VCDPlayer      c:\progra~1\virtua~1\system\vcdplay.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinampAgent      c:\program files\winamp\winampa.exe      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp      "c:\program files\common files\symantec shared\ccapp.exe"      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe      c:\windows\system32\ctfmon.exe      USERNAME\S-1-5-21-1547161642-1935655697-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop      desktop.ini      NT AUTHORITY\SYSTEM      Startup
desktop      desktop.ini      USERNAME\USERNAME      Startup
desktop      desktop.ini      .DEFAULT      Startup
desktop      desktop.ini      All Users      Common Startup
nForce Tray Options      sstray.exe /r      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz      nwiz.exe /install      All Users      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
0
Comment
Question by:spamguard
  • 4
  • 4
10 Comments
 
LVL 1

Expert Comment

by:johanmulder
ID: 11917127
Try the start -> programs -> startup directory. Maybe it's up there? Good luck!
0
 

Author Comment

by:spamguard
ID: 11918672
Nope that's not it either :)

Actually to elaborate, the directory it opens is "C:\Program Files\Common" and the listed contents is the "Bin" folder holding various media .dlls from what I gather. Sorry for the slightly misleading description originally.
0
 
LVL 12

Expert Comment

by:alandc
ID: 12220382
Please try renaming the BIN directory as BADBIN -or- move it to "C:\Program Files\Common Files" and then reboot to see what happens.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:spamguard
ID: 12221569
Tried renaming it to BadBin, it still opens "C:\Program Files\Common" showing the contents, which consist solely of the folder now named BadBin.

I'm befuddled.
0
 
LVL 12

Expert Comment

by:alandc
ID: 12221719
Okay, the item is probably in your registry.

Use REGEDIT and look in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
one of the entires will be begin with C:\Program Files\Common\BIN.

You may safely delete it.  However I suggest if you aren't comforable working with your registry to PLEASE make a backup first (or use XP and set a restore point).

0
 
LVL 12

Expert Comment

by:alandc
ID: 12221814
Sorry, brain dump .. you have all that listed above!!!

Any directory called STARTUP (in your path or on your desktop) is liable to contain a shortcut to this so search your C:\ drive for STARTUP.

There is another place to search ... look for "Run=" or "Load=" line in the Win.ini file.
see:  http://www.filesland.com/software/win-ini.html

Finally, try using the System Configuration Utility (msconfig.exe) to trouble shoot your startup.

For more information read
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prmb_tol_dxth.asp

0
 

Author Comment

by:spamguard
ID: 12225190
Ok, from the get go :)

Nothing in start or startup

Nothing suspect in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found a key in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F63B172-5543-4593-91CE-EDBA65B9FACD}\InprocServer32
key's name is default and value is C:\Program Files\Common\Bin\DSPDMO.dll
There are other similar ones in the CLSID section, all ending at InprocServer32 (whatever that is)

There's a refence to the dir here (again with several similar ones) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{081D99E9-04DE-409F-A4E7-5350A60FE123}\1.0\0\win32

Every file in the dir are listed at this location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

win.ini is clean of any reference (as well as actual RUN and LOAD lines)

Nothing really shows up in msconfig that I would think could cause it, certainly nothing with the path listed, closest thing is C:\program files\common files\  ... etc


The directory listing for the (very bad ) BIN dir is as follows

IVIVRX.ocx
IVIGUI.dll
GPIProxy.dll
expDMO.dll
DMO_TSXT.dll
IVIVideoWndX.ocx
IVIPlayerX.ocx
IVIDisplayX.ocx
IVILanguageX.ocx
IVIBookmarkX.ocx
IVIColorX.ocx
IVIAudioEffectX.ocx
IVIAudioSRSX.ocx
IVINavigationX.ocx
IVIAudioModeX.ocx
IVICaptureX.ocx
IVIWebBrowserX.ocx
DSPDMO.dll
timestretchDMO.dll
IviContainerDMO.dll
ComTruSurroundXT.dll
AppRegAgent.dll
InstActivation.dll
WinCinemaMgr.exe
IviAudioProcess.ax
ivivideo.ax
ivinav.ax
iviaudio.ax
KeybdHook.dll
0
 
LVL 12

Accepted Solution

by:
alandc earned 500 total points
ID: 12226335
It looks like you installed InterVideo's WinDVD software
but instead of these files being installed in C:\Program Files\InterVideo\Common\Bin\
they were installed in C:\Program Files\Common\Bin\.

It sounds like WinDVD is trying to initiate something from that directory that may have been deleted.
Why don't you try uninstalling WinDVD and see if it doesn't clean up a little.

Reboot before you reinstall it and make sure the "pop up" goes away.
Delete the COMMON directory then when you reinstall make sure to take the defaults (don't specify your own directory) so it gets installed properly in C:\Program Files\InterVideo\.
0
 

Author Comment

by:spamguard
ID: 12231203
Ok, problem is fixed, although I'm not sure if there's any problem with functionality yet. I uninstalled Intervideo WinDVD 4 and deleted the common dir altogether - then installed WinDVD 5 - this package doesn't seem to have that problem (version 4 was not custom installed and did this on multiple different systems).

Thanks for the help, enjoy your points :)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question