1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Don't even know where to start! {lot's of little buggers}

Discussion in 'Earlier Versions of Windows' started by hottesttotty, Jan 17, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Checking dh's computer this morning, decided to update and run ad-aware....found 39 new components, 25 of them reg. keys! Well, then, started poking around in start up programs, etc... Here is what I found when pressing ctrl/alt/del that I don't recognize:

    ctfmon
    pplinks
    brmfrsmg
    mediadet
    ctnotify
    ptsnoop
    mdm
    ahqtb

    THEN....here is the list of start up programs from msinfo32

    Brother SmartUI PopUp Startup Group "C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe"
    Microsoft Office Startup Group "C:\Program Files\Microsoft Office\Office\OSA9.EXE" -b -l
    MSMSGS Registry (Per-User Run) "C:\Program Files\Messenger\msmsgs.exe" /background
    ctfmon.exe Registry (Per-User Run) ctfmon.exe
    ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor Registry (Machine Run) C:\WINDOWS\taskmon.exe
    SystemTray Registry (Machine Run) SysTray.Exe
    LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    zBrowser Launcher Registry (Machine Run) C:\Program Files\Logitech\iTouch\iTouch.exe
    Disc Detector Registry (Machine Run) C:\Program Files\Creative\ShareDLL\CtNotify.exe
    AudioHQ Registry (Machine Run) C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    StillImageMonitor Registry (Machine Run) C:\WINDOWS\SYSTEM\STIMON.EXE
    CountrySelection Registry (Machine Run) pctptt.exe
    LoadQM Registry (Machine Run) loadqm.exe
    New.net Startup Registry (Machine Run) rundll32 C:\WINDOWS\NEWDOT~2.DLL,NewDotNetStartup
    PTSNOOP Registry (Machine Run) ptsnoop.exe
    LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    MOSearch Registry (Machine Service) C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    MDM7 Registry (Machine Service) "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

    Ok, then finally, when I go to msconfig and look at the start up list, this eZulaMain thing is still in there, but not checked. Don't know how to get rid of that! And the ptsnoop.exe is listed twice, one checked, one not. ????

    There is also alot of programs I don't recognize in the add/remove programs list, but I think I've bombarded you guys with enough for now! One step at a time!

    Sorry this is so long, but I'm trying to give as much info as I can....please help!!

    TIA

    TT:)
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You can disable the ones you get rid of by removing the check mark in Msconfig/startup, as I see you already know.

    Here's a site that explains most of them, so it's easy to find out yourself which ones to keep, and which ones to leave alone: http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

    A couple of things you absolutely need to uncheck are Mosearch, and New.Net:

    About Mosearch:

    OFFXP: Overview of the New Search Feature in Office XP

    OFFXP: Hard Disk Runs Continuously After You Install Office XP

    About New.Net:

    http://www.cexx.org/newnet.htm

    You may also uncheck MDM:

    Machine Debug Manager (MDM)

    LoadQM, and ctfmon.exe:

    CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features.

    Good luck,
     
  3. Edmund Tan

    Edmund Tan

    Joined:
    Sep 4, 1999
    Messages:
    100
    YOu need to do regedit, after you are in regedit, do a search for these items and delete them.
     
  4. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    I didn't have any problem removing the new.net stuff, BUT...when I try to remove KaZaA from add/remove, it says cannot find the file. I noticed that it is searching for the wrong file, but don't know how to solve that problem! What I read about this KaZaA is that it refers to/keeps the file "c:\windows\system\cd_client.dll", well, when I get this error message it says "cd_clint.dll" instead of "client"!!?? Anyway, it is unchecked in start up, but is that good enough??

    As far as doing a regedit.....I have never done it, and am very leary of doing things like that without "1st grade" type instructions!! So, if anyone can supply me with a step-by-step, I'd sure appreciate it!!

    TIA

    TT:)
     
  5. slipe

    slipe

    Joined:
    Jun 27, 2000
    Messages:
    6,832
    Ezula is a mistake on the part of AdAware. They released a new signature file yesterday that will not flag Ezula as it is loaded by certain Windows accessibility stuff. No big deal if you had AdAware remove it, but since it is in your startup I presume you are using something like the magnifier from the accessibility section. If it is no longer working you might just remove it and then restore it in Windows setup in Add/Remove Programs.

    Dump the Office Startup. You have to both uncheck it and remove it from the startup folder in Start/Programs or it will just recheck itself. No sense starting the entire Office suite on boot and having it take RAM and resources if you might use only one or two components during a session.

    Don’t uncheck Still Image Monitor if you have a HP scanner or it won’t work.
    I would also keep Scan Registry, System Tray, Load Power Profile and Task Monitor checked and uncheck everything else. If anything won’t start when you call on it you can just go back and recheck it. That way you will just have stuff running that you need at any particular time. You computer will probably be noticeably quicker.
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    "cd_clint.dll" is part of Cydoor, another spyware program included with Kazaa.
    Ad-Aware ought to remove it.

    As for the unchecked items remaining in Msconfig:

    Open the Registry editor: Start/Run/'regedit'.

    Navigate to, and examine the following 3 subkeys:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices-

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-



    Note the - (minus) sign behind Run and RunServices.

    In those two subkeys you'll find the Msconfig/startup entries that are UNchecked.

    Highlight the ones you'd like to get rid of in the RIGHT pane, and choose 'delete'.

    These keys contain the stuff that starts up from the Registry.
    Things that are loaded from your Startup folder can simply be deleted there.

    Incidentally, don't remove stuff this way you still have, and might want back in startup, for in that case restoring them gets a little more complicated

    Good luck,
     
  7. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Ok, Tony, got through the regedit, thank you for the instructions!! Now...in add/remove programs, KaZaA ads support is still there, and still giving same error message. I've got AdAware updated, and have run it 3 times, but it's not detecting it. Next suggestion??

    I'm learning!! :D

    Thanks all!

    TT:)
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You say that 'when I try to remove KaZaA from add/remove, it says cannot find the file'.

    The best solution would be to reinstall Kazaa (yes, I know...), reboot, close Kazaa down, and uninstall it correctly, through Software add/remove.

    Now reboot once more.

    Then remove all spyware again, first checking the Add-Remove applet again and uninstalling what needs to be uninstalled, and finally running Ad-Aware one last time.
    Reboot one last time.

    Good luck,
     
  9. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    The problem is, I don't know how it got installed, or from where?? How or where would I re-install it to try and remove it? Honestly, I'm not even sure WHAT it is!! After re-installing and un-installing, will I have to do all the other stuff again, or will ad-aware be able to clean it up then?

    Sorry if I seem a little "elementary" today, but when it comes to this kind of stuff I guess I am!! LOL :rolleyes:

    Thanks!!

    TT:)
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    I can't believe you haven't heard about these amazing new inventions called 'Search Engines'... :D

    Choose a good one, such as http://www.google.com/

    type Kazaa, and presto!
     
  11. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Geez, Tony....those things are COOL!! LOL...I tried to tell you I was feeling very "elementary" that day!! :D

    Anyway, it took me a couple days to get back to the issue at hand (snow days, etc...), and I did as you recommended and reinstalled the nasty thing this afternoon and went through the add/remove progs to remove, then rebooted, ran ad aware, and VOILA....all those rotten little buggers are GONE!!

    Thank God....and Thank YOU, very much!! You guys are awesome!!

    TT:)
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No problem.

    You're too kind... ;)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/65251

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice