| View previous topic :: View next topic |
| Author |
Message |
jazblanc77
Joined: 22 Feb 2004
|
 Posted: Sat Sep 25, 2004 8:31 pm Post subject: Regedit Rundll |
 |
|
I had installed Trend Micro's PCcillin Security Suite about two months ago but I uninstalled it and put Zone Alarm on my computer. However, I am still getting splsh screens for Trend Micro AV. I can't find registry entries for Trend Micro nor are there any program files on my computer, that I know of!
I am pretty sure that the splash screen is being loaded from rundll but I haven't been able to figure out how to unregister it from there.
Does anyone know how I can get rid of this annoyance? |
|
| Back to top |
|
 |
Demophobe
Joined: 17 May 2004
|
| Posted: Sat Sep 25, 2004 11:33 pm Post subject: |
|
|
Hi Jaz...
Check the registry HKEY\LocalMachine\SOFTWARE\Microsoft
Windows\CurrentVersion\Run
and \runonce sections for any entries that look like those from the company.
The same area in HKEY\LocalMachine.
Check your "services" area in the Admin. Tools for entries. Look in the System32 folder for any files with the first part of the name matching the companies; for example "pccillin____.dll"
Do a search for file names with the prefixes.
MSCONFIG as well.
CTRL+ALT+DEL to find the process that is running with the splash screen.
The "startup" folder to see if it's still in there.
Dunno...just some ideas.
Will post back again later after thinking....this is just knee-jerk stuff. You probably tried all of it already. |
|
| Back to top |
|
|
the saint
Joined: 09 Dec 2003
Location: not there yet...
|
| Posted: Sun Sep 26, 2004 6:15 am Post subject: |
|
|
How many user profiles do you have on your system? It is possible that, if you have multiple profiles, remnants are hiding in user profiles keys somewhere in the registry i.e. profiles that were not the one you un/installed under. This could be true even if you never use those profiles e.g. Guest or Administrator accounts.
Might be worth checking under HKEY_USERS with a fine tooth comb... |
|
| Back to top |
|
|
jazblanc77
Joined: 22 Feb 2004
|
| Posted: Sun Sep 26, 2004 8:14 am Post subject: |
|
|
Well, I have gone through my registry again and found the following entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMTDI\0000\"DeviceDesc"="Trend Micro TDI Driver"
When I delete it, it comes back. There is also a service listed in this directory:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMTDI\0000\"Service"="tmtdi"
Which is, interestingly enough not listed in my services section of the admin tools.
Does anyone know anything about this TDI Service? I am thinking that maybe I should just delete the directory:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMTDI
I think that the "TM" in the following directories may also be related to Trend Micro:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMPREFLT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMFILTER
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TM_CFW
Any comments are welcome.
Additionally, does anyone know anything about a service called "perdafebufiw"? I just noticed it today and disabled it since it looks suspicious. |
|
| Back to top |
|
|
jazblanc77
Joined: 22 Feb 2004
|
| Posted: Sun Sep 26, 2004 8:16 am Post subject: |
|
|
| the saint wrote: |
How many user profiles do you have on your system? It is possible that, if you have multiple profiles, remnants are hiding in user profiles keys somewhere in the registry i.e. profiles that were not the one you un/installed under. This could be true even if you never use those profiles e.g. Guest or Administrator accounts.
Might be worth checking under HKEY_USERS with a fine tooth comb... |
Mine is the only account that is running, making it the system administrator. ANy uninstalls from my account should have taken any traces of a program with it. |
|
| Back to top |
|
|
the saint
Joined: 09 Dec 2003
Location: not there yet...
|
|
| Back to top |
|
|
jazblanc77
Joined: 22 Feb 2004
|
| Posted: Mon Sep 27, 2004 6:13 am Post subject: |
|
|
| the saint wrote: |
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
turned up a blank for that service which means that it is very rare, whatever it is. That site is very thorough and definitely worth bookmarking. |
Yeah, I use that site as well. I have also run searches all over the net and the only thing I have been able to find out is that the TDI driver belongs to Trend Micro... a lot of help that is to know! |
|
| Back to top |
|
|
the saint
Joined: 09 Dec 2003
Location: not there yet...
|
| Posted: Mon Sep 27, 2004 11:55 pm Post subject: |
|
|
Well sorry we can't help you.
FWIW, don't expect any quick reply from them if you send them info about an unlisted service. I have done and have never heard anything back.
Hope you can sort it... |
|
| Back to top |
|
|
Gregarious Monk
Joined: 13 Sep 2004
Location: Busan
|
| Posted: Tue Sep 28, 2004 10:23 pm Post subject: |
|
|
Jaz,
This forum post might be useful (or not):
http://forum.pcmech.com/archive/index.php/t-23048.html
Do a 'Find' in the page for 'edave'. He has a post about something from Trend tech support about disabling the splash screens. Have a look in your "Program Files" directory and add a ".disabled" extension to the directory where the trend software was installed if it's still there, log in and see if it still comes back. In addition to Run and RunOnce, have a look in the RunServices entries in HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.
Hope it helps. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
