Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ciaaddin.exe


  • Please log in to reply
8 replies to this topic

#1 Ubiq

Ubiq

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 25 April 2008 - 05:19 PM

Hi there!

I have been asked to fix my theatre's very old computer. It is deadly slow and needs to be replaced really.
But that won't happen for a bit.

So, I have been reading on this site about how to fix a slow machine and have just taken a look at our startup list as it takes about 5 min to boot this thing.
Everything under the startup tab is listed at the end.

I just don't know what to do with what I have though. I couldn't find ciaaddin.exe by searching the castle cops startup list or this site.
It's location is listed as: HKLM\Software\Microsoft\Windows\CurrentVersion
Is this something I need to leave in startup?

Also, once I figure out what to disable in Startup, should I use Spybot to manage the startup as I think I read somewhere on this site.

I posted here because XP is the OS we use. I hope that was the right choice.

I really like this site and thanks for taking time to read this!

My Startup:
ciaaddin.exe
HPWuSched2
ISW
QTTask
avgcc
ccfmlnka
ctfmon
Microsoft Office
HP Digital Imaging

Edited by Ubiq, 25 April 2008 - 05:21 PM.

Machine: Toshiba Portege r705-P41, Dual Boot: MS Windows 7 Home Premium 64-bit; Ubuntu 15.04
CPU: Intel Core i5 460M @ 2.53GHz Arrandale 32nm Technology,
RAM: 4.0GB Dual-Channel DDR3 @ 532MHz (7-7-7-20), Motherboard: TOSHIBA Portable PC (rBGA1288 Socket)
Video Card: Intel HD Graphics Revision 2 1720 MBytes

Speccy


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:45 PM

Posted 25 April 2008 - 06:09 PM

Hi there Ubiq, welcome to BC! :thumbsup:

Wow, I've never even heard of ciaaddin.exe, nor has Google! Sounds ominous, though: CIA addin. Maybe the CIA is monitoring your PC!

One possible course of action would be to disable the ciaaddin.exe ebtry and reboot. Then see whether any programs you need don't work right.

I know that HP Digital Imaging and QTTask are not necessary and can be disabled. QTTask, however, will automatically replace itself on the list the next time you use Quicktime, though. You need to disable it through the Quicktime applet in the control panel.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 PM

Posted 25 April 2008 - 06:12 PM

Hello and welcome to BC.

One question before we sart anything are you sure you spell Ciaaddin.exe correctly? If it is spelt correctly you might want to disable it because google or castle crops has heard this startup name.
You might want to read this forum about slow computers: http://www.bleepingcomputer.com/forums/t/44690/slow-computer/

It may be an malware promblem or just lack of Maintenance.

You do not need qttask.exe,microsoft office or HP Digital Imaging on startup.
ISW may be a malware but I am not allowed to help you with any malware promblems. If you think your computer is infected you can post it in the "Am I infected" forum.

Hope this helps :thumbsup:
regards
------------
extremeboy

Edited by extremeboy, 25 April 2008 - 06:14 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 caperdog

caperdog

  • BC Advisor
  • 954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nova Scotia
  • Local time:05:45 PM

Posted 25 April 2008 - 06:18 PM

Type: Remote Administration Tool
Type Description: Software for controlling user computer remotely from other computer on local network or Internet.
Level of Danger: Low
Default action: Ignore
File Name: cia.exe, cia.exe, cia.exe, cia.exe, cjpg.dll, copy of webcam pic.exe, pspv.dll, cia10.exe

also found program called ciadaemon.exe but no addin

i like the isolate and reboot idea

#5 Ubiq

Ubiq
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 25 April 2008 - 10:48 PM

Thanks Guys!

I just double checked my spelling and all are correct. I will remove it from the Startup and post the results tomorrow.

One thing I need to ask my GM about is a remote server program he uses to communicate with our sister theatre and whether this is part of it.
Caperdog, could a remote network program use something like that in startup?

I think he accesses a pop3 (sp?) email account through it somehow, but that is all I know about that program since I am not allowed to use it. The GM knows less than I do about computers, so I'm not sure how much help he will be.

Thank you so much for your help. It is much appreciated!

Machine: Toshiba Portege r705-P41, Dual Boot: MS Windows 7 Home Premium 64-bit; Ubuntu 15.04
CPU: Intel Core i5 460M @ 2.53GHz Arrandale 32nm Technology,
RAM: 4.0GB Dual-Channel DDR3 @ 532MHz (7-7-7-20), Motherboard: TOSHIBA Portable PC (rBGA1288 Socket)
Video Card: Intel HD Graphics Revision 2 1720 MBytes

Speccy


#6 castufari

castufari

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Asheville, NC
  • Local time:05:45 PM

Posted 26 April 2008 - 07:02 PM

I'd ditch these, too:
ctfmon (go into Office Setup, get rid of the alternative text input)
Microsoft Office (unless you need it to run at start you could delete this)

There is a cidaemon, it's indexing for Windows.

#7 Ubiq

Ubiq
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 26 April 2008 - 10:31 PM

To update, I removed everything but ISW and ccfmlnka using msconfig.
I had my GM try out his remote desktop connection program and he said it is working fine.

So does that mean that ciaaddin.exe is unrelated to anything legitimate on this computer?
I guess I need to read that link about what to do if I think my comp is infected.

One other weird thing, I took a look at the startup list with Spybot's utility and there was lots more stuff listed than in msconfig. That made me feel weird, so I just closed it. Why isn't that stuff showing up in msconfig?

Thanks again!
Ubiq

Machine: Toshiba Portege r705-P41, Dual Boot: MS Windows 7 Home Premium 64-bit; Ubuntu 15.04
CPU: Intel Core i5 460M @ 2.53GHz Arrandale 32nm Technology,
RAM: 4.0GB Dual-Channel DDR3 @ 532MHz (7-7-7-20), Motherboard: TOSHIBA Portable PC (rBGA1288 Socket)
Video Card: Intel HD Graphics Revision 2 1720 MBytes

Speccy


#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,545 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:45 PM

Posted 27 April 2008 - 10:56 AM

I don't believe that msconfig reflects all registry startup items, whereas Spybot's utility may (I don't know, I don't use Spybot any more and prefer to use Autoruns to monitor startup items).

I also believe that msconfig will only reflect startup items which are enabled, as opposed to reflecting them all. I see big differences between my Autoruns application Logon tab...and msconfig.

And...there are other processes which run which may not be counted as startup items...simply because they are Windows processes which are bona fide functions of using the O/S.

Bottom line: msconfig is meant to be used as a troubleshooting tool, not as a means of controlling startup items. There are other applications/utilities which are much better suited for handling startup items and I don't include Spybot among these. Spybot is for some forms of malware.

I use Windows Defender and it seems to reflect the same limited startup items which msconfig does, using the Software Explorer function.

Louis

#9 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:45 PM

Posted 27 April 2008 - 02:28 PM

Indeed, Autoruns hows a great deal more info, but doesn't discern (IIRC) between important, needed things and malicious or superfluous things. It should be used carefully, like all powerful tools.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users