PC Applications forum

General discussion

ctfmon.exe problem (?) and other oddities

by damian71 / March 10, 2007 11:09 PM PST

OK I will be brief - cos I just posted a lengthy and it didn't work!

Got a new laptop (nowt startling - from my insurance company - ACER Travelmate 2490, 1.60 GHZ; 502 Ram); I was buggering around with my new toy and put lots of download.com gear on.

StartUp Optimiser said that 'CTFMON' was 'harmful' (it was actually the RAIDYS trojan); followd instructions for delete, but couldn't find entry in regedit. So it still shows up in Start Up Optimiser.

Tried to download SiteSdvisor - it seemed to download, but is not working. tried several times.

Tried to use Trend Housecall several times and my browser shut down.

Removed all new gear, except AVG free, Zone Alarm free firewall. Also have Adaware and CCleaner on.

I have included a HiJack this log - below.

can anyone please tell me if I have a problem!? And if so, what should I do?

I would also appreciate opinions on the best (free and paid for - but I don't want to spend a fortune) security solutions - I quite like messing about, but I end up ballsing things up!, so perhaps something which doesn't require too much tinkering. Advice on definite DONT'S regarding tinkering might also be useful!

Cheers in advance!


Logfile of HijackThis v1.99.1
Scan saved at 13:57:05, on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damian\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Discussion is locked
You are posting a reply to: ctfmon.exe problem (?) and other oddities
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: ctfmon.exe problem (?) and other oddities
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Looks clean...
by John.Wilkinson / March 11, 2007 12:23 AM PST

Cnet does not generally handle HJT logs due to the time and skill they take to analyze, but I had a glance at yours and aside from a few apparently obsolete IE entires it looks clean to me.

In regards to ctfmon.exe, StartUp Optimizer is designed for system maintenance, not security, so I would be sure to get a second/third opinion. You could download a free trial of another antivirus, be it Norton, McAfee, or another, to check up on AVG Free, but chances are it's a false positive on StartUp Optimizer's part. (ctfmon.exe is usually a legitimate program from Microsoft that aids in the usage of the Accessibility options, though it is occasionally overwritten by the Raidys trojan.) I would also suggest adding AVG Antispyware (also free) to handle both aspects of your computer's security.

Finally, IE7 tends to be troublesome, and may be the reason you have been unsuccessful in your attempts to install SiteAdvisor and run HouseCall. Try either downloading the free alternative Firefox or uninstalling IE7 through Add/Remove programs in the Control Panel (it will automatically revert to IE6) and see if that corrects the situation.

Let us know.

Collapse -
by damian71 / March 11, 2007 3:26 AM PDT
In reply to: Looks clean...

Thanks for that - I will download AVG AntiSpyware.

I do use Firefox though, so the Siteadvisor remains a puzzle.

Thanks again,


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!