PDA

View Full Version : Unknown program running occasionally.



prowler
2006-11-05, 12:32
I'm not sure where I should post this...please direct me if this is the wrong thread. It's a general question not related to support or such.

I have some unknown program which runs for about 3 seconds, every 15 minutes or so (I'm guessing). I get a Taskbar button entry (the default MS "program" icon but no text) and then it disappears. I have scanned my system and found nothing, and I've checked the various Event viewer entries but nothing shows up there.

Is there some log, unknown to me, on my XP machine which might list what this mystery program is and when it runs? If not, is there some way I can "trap" some info on this thing to figure out what it is? It runs so quickly I can never do anyhting with it.

Zenobia
2006-11-06, 00:34
Is it a little plain white box that flashes down in the taskbar for a couple seconds?Do you happen to have an HP printer?

Zenobia
2006-11-06, 01:34
Well,I remembered it as a plain white box,but it was awhile ago that I was getting that taskbar icon,and it's hard to remember. :red:
Does it look anything like this?:
http://www.headlesscatinc.com/pop.jpg
(Taskbar icon on the far left)

ENIAC 2
2006-11-06, 02:19
That's what mine looks like and I am running an HP printer. And I thought it was Teatimer in the background. Duhhh! :oops:

Zenobia
2006-11-06, 02:45
I know someone that was actually able to catch and click on that.I was never fast enough,lol.
I did have a post on another forum,quite awhile ago,where two of us pretty much figured out that icon had to do with something from our HP printer.Unfortunately,that forum erases posts after so many weeks,so the post is long gone,I can't even get it on google cache.Doubly unfortunately,I was able to rid myself of that flashing across my taskbar,but now I can't exactly remember what I did. :oops:
But on searching the Internet,this forum thread mentioned disabling HP Digital Imaging Monitor from start-up,and that does sound familiar.
http://www.winguides.com/forums/showflat.php?Cat=&Board=brdSpyware&Number=147377&page=7&view=expanded&sb=3&part=
Also,there's another page here,about the blank taskbar item.
http://ask-leo.com/how_can_i_identify_this_blank_taskbar_item.html

prowler
2006-11-06, 02:49
Yep...that looks like the culprit...and I DO have an HP printer. The reason I really noticed this is that it would pause my MS Flight Simulator 9 program, because FS9 would "lose focus". I have changed a setting in FS9 which prevents this...but What is this HP program and how do I turn it off? I'd still prefer that it doesn't run on it's own? Call me an anal control freak, but after 12 years of Windows...I want COMPLETE control! LOL!

Any ideas?

(EDIT): I didn't see your last reply, Zenobia. This might, in fact, have started with my last HP software / driver update? (now that you mention it. ;-P)

And thanks for the replies, gang!

Vic

prowler
2006-11-06, 03:01
Here's a HiJackThis log...there are more than one HP entry...which do you think??

Logfile of HijackThis v1.99.1
Scan saved at 5:58:40 PM, on 11/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\oodag.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe <---------
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frii.com/about/search.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LtcyCfgApply] "C:\Program Files\LtcyCFG\LtcyCfg.exe" /a
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O15 - Trusted Zone: http://www.avsim.com
O15 - Trusted Zone: forums.avsim.net
O15 - Trusted Zone: library.avsim.net
O15 - Trusted Zone: www.avsim.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -

http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158642759591
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA7FD517-F606-4C06-8640-862F83774DA6}: NameServer = 216.17.128.1,216.17.128.2
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe <-----------
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

prowler
2006-11-06, 03:15
Upon reading the 2nd link Zenobia supplied, I folowed instructions to unregister the the DLL described here:

http://forums.spywareinfo.com/index.php?showtopic=50420

From what I can discern it should only be installed in an IE 5.0 or earlier install (I run IE6). But, whatever...it WAS on my system. It will take a bit to see if this has solved the problem...or if it's still an HP thing, "phoning home" or something.

Zenobia
2006-11-06, 03:44
Hello,prowler.Hijackthis logs aren't allowed to be posted in the Spybot forum section.This post will explain why: :)
http://forums.spybot.info/showthread.php?t=1266

prowler
2006-11-06, 06:16
Crap...My apologies guys. I had read the "rules" before my original post...and then promptly forgot. Sheesh!

Sorry.

Zenobia
2006-11-06, 08:54
Sounds like your memory is as good as mine,lol. ;) :D: