PDA

View Full Version : Help with system start up menu in xp using spybot tools.


JOE.G
2008-02-26, 02:28
Hi when I go into spybot tools I see somethings that are in there twice, There also is a buch of things checked and some things that spybot says are viruses or something to that effect. Is there a way i can psot what is in there so you guys can take a look and let me know what is going on. The CP in ? is adell laptop running XP an dhas 2 user accounts. thanks
spybotsandra
2008-02-26, 11:07
Hello,

Please be more detailed.
Which things are twice?
And where are viruses mentioned?
Do you look at the startup?

Best regards
Sandra
Team Spybot
JOE.G
2008-02-27, 00:12
I would like to take a snap sot and show you,

value command line
ctfmon.exe c windows system33ctfmon.exe
is there twice it also says virus,spyware,malware or other resource hog

hk cu:run (user s-1-5-18) avg7_run c progra 1 grisoft avg avgw.exe/runonce is in there 4 times the numbers are diffrent ones is (user s-1-5-19) (user s-1-5-20) (user.default)

I do have 2 accounts set up on this PC.
JOE.G
2008-02-27, 00:37
All of these are checked.
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-02-24 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-02-20 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-02-20 Includes\DialerC.sbi
2008-02-20 Includes\HeavyDuty.sbi
2008-02-20 Includes\Hijackers.sbi
2008-02-20 Includes\HijackersC.sbi
2008-02-20 Includes\Keyloggers.sbi
2008-02-20 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-02-20 Includes\Malware.sbi
2008-02-20 Includes\MalwareC.sbi
2008-02-20 Includes\PUPS.sbi
2008-02-20 Includes\PUPSC.sbi
2008-02-20 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-02-20 Includes\SecurityC.sbi
2008-02-20 Includes\Spybots.sbi
2008-02-20 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-02-20 Includes\Trojans.sbi
2008-02-20 Includes\TrojansC.sbi
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 579072
MD5: 76CD8B6DBB4B8A984193AD07ADC1BD3A

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: E4CF942A4AEA9D27C87F190F65E7D0F6

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 093D3EE722542BA2E7AD929AA3CA6ABC

Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: 0B86BC4C123D3CD08817B1848DB07AC6

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 610304
MD5: 634DC62870B9E0C6C6AE25A75AC9895A

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 110592
MD5: B437E814DC6AA842C482F64D9D2AFA1C

Located: HK_LM:Run, WlanUtilAB
command: C:\Program Files\LanExpress\WirelessAS\Utility\Wlan11ag.exe -hide
file: C:\Program Files\LanExpress\WirelessAS\Utility\Wlan11ag.exe
size: 454656
MD5: 917220C599A012018BEC929DBDC0F184

Located: HK_CU:Run, AVG7_Run
where: .DEFAULT...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, AVG7_Run
where: PE_C_OWNER...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, ctfmon.exe
where: PE_C_OWNER...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, AVG7_Run
where: S-1-5-19...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, AVG7_Run
where: S-1-5-20...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-789336058-764733703-1060284298-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-789336058-764733703-1060284298-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-789336058-764733703-1060284298-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-789336058-764733703-1060284298-1005...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, AVG7_Run
where: S-1-5-18...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, GoToAssist
command: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
file: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
spybotsandra
2008-02-27, 00:49
Hello,

That are all legitmate startup files.
Nothing suspicious.
The information from Paul Collins' Startup list is static information to help you decide the validity of the entry.
There is no scan involved to actually determine if your particular entry is good or bad.

You can find Paul Collins' Startup list here:
Startup Applications List
http://www.sysinfo.org/startuplist.php

Best regards
Sandra
Team Spybot
JOE.G
2008-02-28, 00:19
So all of the avg entries are normal? is there anything that I should uncheck so my system performs better? thanks