Trentos
2006-02-08, 02:18
I just upgraded to Spybot 1.4 tonight and noticed some things in my startup that were not there previously. They are as follows.
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-03 Includes\Cookies.sbi
2006-02-03 Includes\Dialer.sbi
2006-02-03 Includes\Hijackers.sbi
2006-02-03 Includes\Keyloggers.sbi
2006-02-03 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2006-02-03 Includes\PUPS.sbi
2003-11-12 Includes\QA Tests.sbi
2006-02-03 Includes\Revision.sbi
2006-02-03 Includes\Security.sbi
2006-02-03 Includes\Spybots.sbi
2003-11-21 Includes\Temporary.sbi
2005-02-17 Includes\Tracks.uti
2006-02-03 Includes\Trojans.sbi
Located: HK_LM:Run,
command:
file:
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 356352
MD5: 6492815fc67068a11420740637946b0e
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 279040
MD5: ffeffa201b60d9095c2ca826af9f167b
Located: HK_LM:Run, CTStartup
command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
file:
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: ff95f200b0cb3810382b355cf9f0bed9
Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\\NeroCheck.exe
file: C:\WINDOWS\System32\\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, CTHelper (DISABLED)
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 15f71a562eb274baae347a7a224e3bf9
Located: Startup (common), InterVideo WinCinema Manager.lnk
command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 98304
MD5: 9c98dff6e6ae125cb3ff52e7fb063d9f
Located: Startup (user), Microsoft Find Fast.lnk
command: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
file: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: d57a0ed2472934865e950fb05f8dfd21
Located: Startup (user), Office Startup.lnk
command: C:\Program Files\Microsoft Office\Office\OSA.EXE
file: C:\Program Files\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
These last files that are bolded are the new files that suddenly showed up. I researched some of them are supposedly trojans/virus's etc. Such as Crypt32Chain. Can someone explain how to get rid of them? And which? Can I simply nuke them using Spybots StartUp List option? Pretty confused here. I have never seen them before.... :confused:
Thanks for any help anyone can give!
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-03 Includes\Cookies.sbi
2006-02-03 Includes\Dialer.sbi
2006-02-03 Includes\Hijackers.sbi
2006-02-03 Includes\Keyloggers.sbi
2006-02-03 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2006-02-03 Includes\PUPS.sbi
2003-11-12 Includes\QA Tests.sbi
2006-02-03 Includes\Revision.sbi
2006-02-03 Includes\Security.sbi
2006-02-03 Includes\Spybots.sbi
2003-11-21 Includes\Temporary.sbi
2005-02-17 Includes\Tracks.uti
2006-02-03 Includes\Trojans.sbi
Located: HK_LM:Run,
command:
file:
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 356352
MD5: 6492815fc67068a11420740637946b0e
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 279040
MD5: ffeffa201b60d9095c2ca826af9f167b
Located: HK_LM:Run, CTStartup
command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
file:
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: ff95f200b0cb3810382b355cf9f0bed9
Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\\NeroCheck.exe
file: C:\WINDOWS\System32\\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, CTHelper (DISABLED)
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 15f71a562eb274baae347a7a224e3bf9
Located: Startup (common), InterVideo WinCinema Manager.lnk
command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 98304
MD5: 9c98dff6e6ae125cb3ff52e7fb063d9f
Located: Startup (user), Microsoft Find Fast.lnk
command: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
file: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: d57a0ed2472934865e950fb05f8dfd21
Located: Startup (user), Office Startup.lnk
command: C:\Program Files\Microsoft Office\Office\OSA.EXE
file: C:\Program Files\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
These last files that are bolded are the new files that suddenly showed up. I researched some of them are supposedly trojans/virus's etc. Such as Crypt32Chain. Can someone explain how to get rid of them? And which? Can I simply nuke them using Spybots StartUp List option? Pretty confused here. I have never seen them before.... :confused:
Thanks for any help anyone can give!