[Resolved] Don't even know where to start! {lot's of little buggers}

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

hottesttotty

Thread Starter
Joined
Dec 12, 2001
Messages
542
Checking dh's computer this morning, decided to update and run ad-aware....found 39 new components, 25 of them reg. keys! Well, then, started poking around in start up programs, etc... Here is what I found when pressing ctrl/alt/del that I don't recognize:

ctfmon
pplinks
brmfrsmg
mediadet
ctnotify
ptsnoop
mdm
ahqtb

THEN....here is the list of start up programs from msinfo32

Brother SmartUI PopUp Startup Group "C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe"
Microsoft Office Startup Group "C:\Program Files\Microsoft Office\Office\OSA9.EXE" -b -l
MSMSGS Registry (Per-User Run) "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe Registry (Per-User Run) ctfmon.exe
ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun
TaskMonitor Registry (Machine Run) C:\WINDOWS\taskmon.exe
SystemTray Registry (Machine Run) SysTray.Exe
LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
zBrowser Launcher Registry (Machine Run) C:\Program Files\Logitech\iTouch\iTouch.exe
Disc Detector Registry (Machine Run) C:\Program Files\Creative\ShareDLL\CtNotify.exe
AudioHQ Registry (Machine Run) C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
StillImageMonitor Registry (Machine Run) C:\WINDOWS\SYSTEM\STIMON.EXE
CountrySelection Registry (Machine Run) pctptt.exe
LoadQM Registry (Machine Run) loadqm.exe
New.net Startup Registry (Machine Run) rundll32 C:\WINDOWS\NEWDOT~2.DLL,NewDotNetStartup
PTSNOOP Registry (Machine Run) ptsnoop.exe
LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
MOSearch Registry (Machine Service) C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
MDM7 Registry (Machine Service) "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

Ok, then finally, when I go to msconfig and look at the start up list, this eZulaMain thing is still in there, but not checked. Don't know how to get rid of that! And the ptsnoop.exe is listed twice, one checked, one not. ????

There is also alot of programs I don't recognize in the add/remove programs list, but I think I've bombarded you guys with enough for now! One step at a time!

Sorry this is so long, but I'm trying to give as much info as I can....please help!!

TIA

TT:)
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
You can disable the ones you get rid of by removing the check mark in Msconfig/startup, as I see you already know.

Here's a site that explains most of them, so it's easy to find out yourself which ones to keep, and which ones to leave alone: http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

A couple of things you absolutely need to uncheck are Mosearch, and New.Net:

About Mosearch:

OFFXP: Overview of the New Search Feature in Office XP

OFFXP: Hard Disk Runs Continuously After You Install Office XP

About New.Net:

http://www.cexx.org/newnet.htm

You may also uncheck MDM:

Machine Debug Manager (MDM)

LoadQM, and ctfmon.exe:

CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features.

Good luck,
 
Joined
Sep 4, 1999
Messages
100
YOu need to do regedit, after you are in regedit, do a search for these items and delete them.
 

hottesttotty

Thread Starter
Joined
Dec 12, 2001
Messages
542
I didn't have any problem removing the new.net stuff, BUT...when I try to remove KaZaA from add/remove, it says cannot find the file. I noticed that it is searching for the wrong file, but don't know how to solve that problem! What I read about this KaZaA is that it refers to/keeps the file "c:\windows\system\cd_client.dll", well, when I get this error message it says "cd_clint.dll" instead of "client"!!?? Anyway, it is unchecked in start up, but is that good enough??

As far as doing a regedit.....I have never done it, and am very leary of doing things like that without "1st grade" type instructions!! So, if anyone can supply me with a step-by-step, I'd sure appreciate it!!

TIA

TT:)
 
Joined
Jun 27, 2000
Messages
6,832
Ezula is a mistake on the part of AdAware. They released a new signature file yesterday that will not flag Ezula as it is loaded by certain Windows accessibility stuff. No big deal if you had AdAware remove it, but since it is in your startup I presume you are using something like the magnifier from the accessibility section. If it is no longer working you might just remove it and then restore it in Windows setup in Add/Remove Programs.

Dump the Office Startup. You have to both uncheck it and remove it from the startup folder in Start/Programs or it will just recheck itself. No sense starting the entire Office suite on boot and having it take RAM and resources if you might use only one or two components during a session.

Don’t uncheck Still Image Monitor if you have a HP scanner or it won’t work.
I would also keep Scan Registry, System Tray, Load Power Profile and Task Monitor checked and uncheck everything else. If anything won’t start when you call on it you can just go back and recheck it. That way you will just have stuff running that you need at any particular time. You computer will probably be noticeably quicker.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
"cd_clint.dll" is part of Cydoor, another spyware program included with Kazaa.
Ad-Aware ought to remove it.

As for the unchecked items remaining in Msconfig:

Open the Registry editor: Start/Run/'regedit'.

Navigate to, and examine the following 3 subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices-

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-



Note the - (minus) sign behind Run and RunServices.

In those two subkeys you'll find the Msconfig/startup entries that are UNchecked.

Highlight the ones you'd like to get rid of in the RIGHT pane, and choose 'delete'.

These keys contain the stuff that starts up from the Registry.
Things that are loaded from your Startup folder can simply be deleted there.

Incidentally, don't remove stuff this way you still have, and might want back in startup, for in that case restoring them gets a little more complicated

Good luck,
 

hottesttotty

Thread Starter
Joined
Dec 12, 2001
Messages
542
Ok, Tony, got through the regedit, thank you for the instructions!! Now...in add/remove programs, KaZaA ads support is still there, and still giving same error message. I've got AdAware updated, and have run it 3 times, but it's not detecting it. Next suggestion??

I'm learning!! :D

Thanks all!

TT:)
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
You say that 'when I try to remove KaZaA from add/remove, it says cannot find the file'.

The best solution would be to reinstall Kazaa (yes, I know...), reboot, close Kazaa down, and uninstall it correctly, through Software add/remove.

Now reboot once more.

Then remove all spyware again, first checking the Add-Remove applet again and uninstalling what needs to be uninstalled, and finally running Ad-Aware one last time.
Reboot one last time.

Good luck,
 

hottesttotty

Thread Starter
Joined
Dec 12, 2001
Messages
542
The problem is, I don't know how it got installed, or from where?? How or where would I re-install it to try and remove it? Honestly, I'm not even sure WHAT it is!! After re-installing and un-installing, will I have to do all the other stuff again, or will ad-aware be able to clean it up then?

Sorry if I seem a little "elementary" today, but when it comes to this kind of stuff I guess I am!! LOL :rolleyes:

Thanks!!

TT:)
 

hottesttotty

Thread Starter
Joined
Dec 12, 2001
Messages
542
Geez, Tony....those things are COOL!! LOL...I tried to tell you I was feeling very "elementary" that day!! :D

Anyway, it took me a couple days to get back to the issue at hand (snow days, etc...), and I did as you recommended and reinstalled the nasty thing this afternoon and went through the add/remove progs to remove, then rebooted, ran ad aware, and VOILA....all those rotten little buggers are GONE!!

Thank God....and Thank YOU, very much!! You guys are awesome!!

TT:)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top