PDA

View Full Version : Spybot sys startup report


drameet
2007-11-01, 17:01
This is my SPYBOT system startup report! can some knowledgable guys have a look at this n advise



--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-10-26 unins000.exe (51.46.0.0)
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-08-29 Includes\Hijackers.sbi
2007-10-04 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2007-10-24 Includes\Malware.sbi
2007-10-24 Includes\PUPS.sbi
2007-05-30 Includes\Security.sbi
2007-10-24 Includes\Spybots.sbi
2007-10-24 Includes\Trojans.sbi
2007-10-31 Includes\Dialer.sbi
2007-10-31 Includes\Cookies.sbi
2007-10-31 Includes\Revision.sbi
2007-08-21 Includes\Tracks.uti
2007-10-31 Includes\TrojansC.sbi
2007-10-31 Includes\SpybotsC.sbi
2007-10-31 Includes\SecurityC.sbi
2007-10-31 Includes\PUPSC.sbi
2007-10-31 Includes\MalwareC.sbi
2007-10-31 Includes\KeyloggersC.sbi
2007-10-31 Includes\HijackersC.sbi
2007-10-31 Includes\DialerC.sbi
2008-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: E7BE65BF79906AEBC698E077D53F6A1C

Located: HK_LM:Run, Cpqset
command: C:\Program Files\HPQ\Default Settings\cpqset.exe
file: C:\Program Files\HPQ\Default Settings\cpqset.exe
size: 213054
MD5: ABD44CD38087B0FC2C369B80197A4B9A

Located: HK_LM:Run, DrvIcon
command: D:\Program Files\Vista Drive Icon\DrvIcon.exe
file: D:\Program Files\Vista Drive Icon\DrvIcon.exe
size: 45056
MD5: 53A63D37ACC05E8FFBAD4E9A1622AB59

Located: HK_LM:Run, egui
command: "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
file: C:\Program Files\ESET\ESET Smart Security\egui.exe
size: 1410304
MD5: 2815C1B6474AD4CBED5AC2E87F6EF896

Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 1838592
MD5: 1B5121CFC7711647CB3A1FA365C73D37

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: B67233AD972EB7F38CF4526EC6671C7A

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, SoundMAX
command: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
file: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
size: 860160
MD5: A00684FD9E951546E70A1B74BD62703E

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: C06F1A3FF958A10F828EEE828623E193

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 688218
MD5: A0AC3841DC595B5D86AB9E5016A0E36A

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98394
MD5: AB349998E551DE1C0DCC5AD63CE41D31

Located: HK_LM:Run, TopDesk
command: D:\Program Files\TopDesk\topdesk.exe
file: D:\Program Files\TopDesk\topdesk.exe
size: 201216
MD5: 5C900CE425BFD3B4219B2B793C350541

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-602162358-299502267-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, RocketDock
where: S-1-5-21-602162358-299502267-725345543-1003...
command: "D:\Program Files\RocketDock\RocketDock.exe"
file: D:\Program Files\RocketDock\RocketDock.exe
size: 495616
MD5: 7DFCCC67990B6DE7F30F553A4E4612A4

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-602162358-299502267-725345543-1003...
command: D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, USB Safely Remove
where: S-1-5-21-602162358-299502267-725345543-1003...
command: D:\my docs\ddownloads\soft\Safely remove 3\USBSafelyRemove.exe /startup
file: D:\my docs\ddownloads\soft\Safely remove 3\USBSafelyRemove.exe
size: 1797632
MD5: E5B754492134A5D52F77A6216F796BC9

Located: Startup (common), Bluetooth.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 569405
MD5: 52667C3280579AF4063762C413C98DBF

Located: Startup (user), Battery Doubler.lnk
where: C:\Documents and Settings\DR AMEET\Start Menu\Programs\Startup...
command: D:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
file: D:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
size: 1534267
MD5: 590634B45B549F512BFCBCB31BE63397

Located: Startup (disabled), DVD Check (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WBSrv
command: D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
file: D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
spybotsandra
2007-11-01, 18:00
Hello,

Thers is nothing bad on it, so do you have any problems or why do you ask?

Best regards
Sandra
Team Spybot
FFKefka77
2007-11-01, 21:52
Yea, there isnt anything wrong. Are you worried cause there is alot of em? I'm guessing this is on a laptop cause of some are related for hotkeys. Those are just what is starting up when you turn on your pc. You can always click that arrow to the right of that screen and click on each name to get a description of what they are and do and if you can turn them off. Cause alot of people dont need some of those running all the time. If there is no info there on them just search them in google or in http://www.sysinfo.org/startuplist.php to see if they are necessary on startup
drameet
2007-11-02, 15:35
ok thank u!! I tried googling for all the startup items!! Actually i have some probs in the sense i have lost search in my OS!! And i get all sorts of script errors in my IE7!! Actually that crypt thing that loads in startup cryptchain or something is it normal?? Looks suspicious googling it gave me mixed results. some websites told me it is a sign of some Keylogger infection others told me crypt.dll is a normal windows file!! I tried unchecking it in Spybot!! But again it gets checked that is it auto loads itself to statrup!! is this normal!!
spybotsandra
2007-11-03, 02:47
Hello,

Seems to be that it is belonging to the Musicmatch Jukebox.

Best regards
Sandra
Team Spybot
md usa spybot fan
2007-11-03, 16:44
drameet:


Actually that crypt thing that loads in startup cryptchain or something is it normal??
Are you talking about these startup entries?


Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
drameet
2007-11-05, 18:22
drameet:


Are you talking about these startup entries?


Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!


Ya im talking bout these entries which r worrying me!!
md usa spybot fan
2007-11-05, 18:46
drameet:

Those are normal startup entries for Windows XP. Both crypt32.dll and cryptnet.dll are Microsoft modules used in various security routines and APIs.For example see:
Internet Connection Security Components
http://msdn2.microsoft.com/en-us/library/ms913705.aspx
Security Considerations for Windows XP Embedded Developers
http://msdn2.microsoft.com/en-us/library/ms838345.aspx
drameet
2007-11-07, 23:05
drameet:

Those are normal startup entries for Windows XP. Both crypt32.dll and cryptnet.dll are Microsoft modules used in various security routines and APIs.For example see:
Internet Connection Security Components
http://msdn2.microsoft.com/en-us/library/ms913705.aspx
Security Considerations for Windows XP Embedded Developers
http://msdn2.microsoft.com/en-us/library/ms838345.aspx

Thanks a lot