Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 20 of 31 Posts

·
Registered
Joined
·
80 Posts
Discussion Starter · #1 ·
When i press CTRL, ALT and DELETE together, and the Close Program Dialog box appears, i have 13 programs/things running on it. Some of which are causing my PC to crash and are stopping some games, aswell as other programs from working, i know this because when i "END" their "TASK", it works, but when i reboot/restart they re-appear. Does anyone know how i could take some of these off....... permanently, and is it safe to do so ?
This is what's on there:
  • Explorer
  • LoadQM
  • Rundll32
  • Wkalrem
  • Systray
  • Ptsnoop
  • Rnaapp
  • Whagent
  • MsgPlus
  • Gbtask
  • Convsvr
 

·
Registered
Joined
·
11,584 Posts
Psycosis
Welcome to TSG!
The programs you are referring to are starting with the startup group. Go to start/run type in msinfo32 click plus sign in front of software programs and then highlight startup group click edit then click select all then edit again and copy. Come back here and paste the copy so we can advise on which should be removed.
Dave
 

·
Registered
Joined
·
80 Posts
Discussion Starter · #3 ·
Thanks.
Well, i done what you said, but mine was a little different (shown in my attatched image).
So i clicked the plus sign next to Software Enviroment, then clciked Startup Programs then copied the stuff that appeared in the right "frame".
This is it:

EPSON Background Monitor Startup Group C:\ESM2\Stms.exe
Microsoft Works Calendar Reminders Startup Group "C:\Program Files\MSWorks\Calendar\WKCALREM.EXE"
Microsoft Find Fast Startup Group "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE"
Adobe Gamma Loader.exe Startup Group "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" /C
load Win.ini ptsnoop.exe
MSMSGS Registry (Per-User Run) "C:\Program Files\Messenger\msmsgs.exe" /background
ICQ Plus Registry (Per-User Run) C:\PROGRA~1\ICQ\ICQPLUS\vplus.exe
Mirabilis ICQ Registry (Per-User Run) C:\Program Files\ICQ\NDetect.exe
ScanRegistry Registry (Machine Run) c:\windows\scanregw.exe /autorun
TaskMonitor Registry (Machine Run) c:\windows\taskmon.exe
ati Registry (Machine Run)
SystemTray Registry (Machine Run) SysTray.Exe
LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Gearbox Registry (Machine Run) "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
DXM6Patch_981116 Registry (Machine Run) C:\WINDOWS\p_981116.exe /Q:A
RealTray Registry (Machine Run) C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Trickler Registry (Machine Run) "c:\program files\gator.com\fsg\fsg.exe"
Detect Registry (Machine Run) C:\Program Files\iNTERNET Turbo 2001\idetect.exe /auto
LoadQM Registry (Machine Run) loadqm.exe
CC2KUI Registry (Machine Run)
sp Registry (Machine Run) regedit -s C:\WINDOWS\sp.dll
MessengerPlus Registry (Machine Run) "C:\Program Files\Messenger\MsgPlus.exe"
webHancer Agent Registry (Machine Run) "C:\Program Files\webHancer\Programs\whAgent.exe"
New.net Startup Registry (Machine Run) rundll32 C:\WINDOWS\NEWDOT~1.DLL,NewDotNetStartup
LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TVWatch Registry (Machine Service) c:\windows\SYSTEM\TVWatch.exe
Detect Registry (Machine Service) C:\Program Files\iNTERNET Turbo 2001\idetect.exe /auto
Serv-U Registry (Machine Service) C:\PROGRAM FILES\SERV-U\ServUDaemon.exe
HC Reminder Registry (Machine Service) hc.exe

:confused: LOL..... hope that is what you want
 

Attachments

·
Registered
Joined
·
11,584 Posts
OK Psycosis
You have several problems going on here. First off you have some serious Spyware installed that can give you all kinds of problems, and Second there are items in your startup group I do not reconize but may be associated with the spyware.
Fist off here is a list of item you can safely uncheck from your startup group.

Uncheck the following.
EPSON Background Monitor Startup Group C:\ESM2\Stms.exe
Microsoft Works Calendar Reminders Startup Group "C:\Program Files\MSWorks\Calendar\WKCALREM.EXE"
Microsoft Find Fast Startup Group "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE"
MSMSGS Registry (Per-User Run) "C:\Program Files\Messenger\msmsgs.exe" /background
Mirabilis ICQ Registry (Per-User Run) C:\Program Files\ICQ\NDetect.exe
DXM6Patch_981116 Registry (Machine Run) C:\WINDOWS\p_981116.exe /Q:A
RealTray Registry (Machine Run) C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
LoadQM Registry (Machine Run) loadqm.exe
HC Reminder Registry (Machine Service) hc.exe

Now for the spyware
Many of the items listed in the startup which I do not recognize may be associated with the spyware so we will leave them there for the time being.

Now uncheck these spyware items in the startup group.
Trickler registry
Sp registry
WebHancer
New.net

The process for removing items from start is
Go to start/run type in MS config click start-up and then uncheck the boxes I have listed as not required and the Spyware stuff.

Click apply then ok and restart your system.

Now get back on the net and go to http://www.lavasoftusa.com/downloads.html and download the
AdAware main program. Once you have the program downloaded
unzipped and ready to go let me know and we will go to the next step of cleaning up the spyware mess. [/b]Do not run AdAware yet since there is some add/remove program stuff to do.[/b]
Dave

Sounds daunting but we will do this one at a time.
 

·
Registered
Joined
·
45,855 Posts
New.net and Webhancer should both be removed through add/remove programs before running ad-aware. I would do them one at a time and reboot after each removal. They are sometimes troublesome and a bad uninstall can leave you without internet connectivity. I would download this zip file and run it if you have problems reconnecting:

http://www.lavasoft.de/aaw/binary/whndnfix.zip

After you download ad-aware and install it, also download the current reflist.exe. Unzip that and copy it to the ad-aware programs folder.

When you run ad-aware after removing new.net and webhancer, be sure to do a deep memory and registry scan and select all drives on which you have installed programs.

Check all the items for selection and click the "make backup" tab.

Be advised that Gator will no longer run after removing it's spyware component.

Reboot after finishing the ad-aware removal and run it again to ensure a completely clean scan.

I don't know whether it will spot and clean the sp.dll. Let us know and I will give more instructions regarding that.

Here is a general explanation of what it is, I will follow up with registry editing instructions later.

http://groups.google.com/groups?hl=en&[email protected]
 

·
Registered
Joined
·
11,584 Posts
Psycosis
I see that. The server must be temporarily down at lavasofts site.
Also I see Rollin rog jumped and made some suggestions on what to do. He is one of our resident Virus and spyware Gurus.
Read through what he suggests and do the parts that you can until Lavasoft comes back up.
Dave

Also that CC2KUI is Comet Curser spyware and should also be unchecked in MSconfig
 

·
Registered
Joined
·
45,855 Posts
If you found Comet Cursor in Add/Remove, you can remove it from there. Ad-aware, when it comes back up should remove any remnants.

In the mean time lets get rid of sp.dll

From start, run regedit

>> click in order:

+ Hkey_Local_Machine
+ Software
+ Microsoft
+ Windows
+ CurrentVersion

RUN or RUN- (if you have unchecked it in msconfig)

Look for the reference to sp.dll in the right hand pane and right click on it and delete it.

Reboot and do a find Files Search for sp.dll (it should be in Windows). Delete it.

You may have to reset your search page options manually. You can also use the Registry Editor's Edit>Find function to search for references to jethomepage.com and change to what you want.
 

·
Registered
Joined
·
11,584 Posts
Psycosis
No problem thats what we are here for. I presume you followed Rog's proceedure in cleaning up. Also I see lavasoft is still down last time I checked. After you download ad-aware and install it, also download the current reflist.exe. Unzip that and copy it to the ad-aware programs folder.
That will be very important to remove all that spyware stuff. You may be suprised at what it will find.
Keep us posted.
Dave
 

·
Registered
Joined
·
80 Posts
Discussion Starter · #16 ·
OK guys, i will get it 1st thing tomorrow, after school, providing it's back up. I ran the virus scanner and it said it found a trojan and cleared it (Attatched image), can any of you please tell me what it was, and earlier on, you said i had major spyware in my computer, what exactly is that ? Thanks again!
 

Attachments

·
Registered
Joined
·
45,855 Posts
Here is Trend's description of that "trojan"; it is a variation on some others which alter the start page. You should run regedit and follow Trends instructions to verify that complete repair and removal has been accomplished:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_SEEKER.R

The Lavasoft site, when you get there, will give the fullest discussion of "spyware", but esssentialy these are programs that come "bundled" (often hidden) in downloaded programs which either report internet usage to interested advertisers, place ads or links on pages you visit, or otherwise modify the way your computer accesses the internet.
 

·
Registered
Joined
·
11,584 Posts
Phycosis
After all this is said and done you may want to consider getting some antivirus software to prevent some serious problem with yours and your Dads computer. Here are three selections one is free but I personally do not have any experience with it so I cannot say how good it is. the other two I know are good.

Free Antivirus Software
http://www.grisoft.com/html/us_downl.html

Two other very good Antivirus programs not free.

Here is the one that you used free on line.
This version would give you full time protection.
http://www.antivirus.com/pc-cillin/

And lastly the one that I use which is also good.
http://www.symantec.com/nav/nav_9xnt/

Keep us posted on your progress.
Dave
 
1 - 20 of 31 Posts
Status
Not open for further replies.
Top