-
SpybotDeletingBnnnn
On startup my Anti-Virus identifies three programs in the startup sequence that have been "introduced".. these are SpybotDeletingBnnnn, with nnnn = 4598, 7278, 3847.
What are these? Are they related to SpyBot? Should I let them run? (Anti-virus allows me to delete them .. but they keep returning).
-
Spybot Advisor Team
Please see here for an explanation:
http://www.sysinfo.org/startuplist.p...SpybotDeleting
Have you let them run before,or have you deleted the SpybotDeletingB#### startup entries each time?
-
SpybotDeleting
I started by "deleting" the programs the first couple of times since they appeared suspicious. I have also tried allowing them to run, but they keep coming back.
I am using Webroot Antivirus with Antispyware.
-
Spybot Advisor Team
Do you use teatimer?
Could you follow this to export your startup list from Spybot,then copy and paste your startup list here?
http://www.safer-networking.org/en/howto/startup.html
-
SpybotDeleting ...
Here is the file content .. note that c:\Program Files\AskSBar does not exist on my system:
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-05 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-09-08 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-09-08 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-09-08 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-09-08 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-08-19 Includes\Malware.sbi
2009-09-08 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-09-08 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-09-08 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-09-08 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi
2009-09-08 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C
Located: HK_LM:Run, AsioReg
command: "C:\WINDOWS\system32\REGSVR32.EXE" /S CTASIO.DLL
file: C:\WINDOWS\system32\REGSVR32.EXE
size: 11776
MD5: FBDB9D0935B9907B809B381FDDF1627F
Located: HK_LM:Run, BCMSMMSG
command: "C:\WINDOWS\BCMSMMSG.exe"
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
Located: HK_LM:Run, BellCanada_McciTrayApp
command: "C:\Program Files\BellCanada\McciTrayApp.exe"
file: C:\Program Files\BellCanada\McciTrayApp.exe
size: 1471488
MD5: 72D4606F826D7E00D85809BB3F719E99
Located: HK_LM:Run, CTDVDDet
command: "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
file: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: 49530EA45EBD73E2C11C74DFEBC30D57
Located: HK_LM:Run, CTHelper
command: "C:\WINDOWS\system32\CTHELPER.EXE"
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 28672
MD5: 97615AB538986082787E4989E03C48F7
Located: HK_LM:Run, CTSysVol
command: "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 49152
MD5: C88806E6C9AE0AD88D20E1BDA995355A
Located: HK_LM:Run, CTxfiHlp
command: "C:\WINDOWS\system32\CTXFIHLP.EXE"
file: C:\WINDOWS\system32\CTXFIHLP.EXE
size: 18944
MD5: 279615246E6343B7C4BADBCB8CF37067
Located: HK_LM:Run, dla
command: "C:\WINDOWS\system32\dla\tfswctrl.exe"
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2BFF8A443334A034DF73D2C8D808D2A7
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9
Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: D5BC63D2822B8E244E53D2FF8078CC6B
Located: HK_LM:Run, SMSTray
command: "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe"
file: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
size: 132624
MD5: 8E2E19D483FCC452E7BF7A49FA1B06D8
Located: HK_LM:Run, SpySweeper
command: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 6345840
MD5: 1B39A43E3D701C10BFD38F9B23732820
Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 155648
MD5: 4D04EFDCB8548FDB3B29AB9154480B7B
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
Located: HK_LM:Run, TotalRecorderScheduler
command: "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
file: C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
size: 81920
MD5: F72AE6FB86440C5A67E2519E3220E690
Located: HK_LM:Run, UpdReg
command: "C:\WINDOWS\UpdReg.EXE"
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: C419DF63E0121D72411285780C2FC6CC
Located: HK_LM:Run, Webroot Desktop Firewall
command: "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
file: C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
size: 2401672
MD5: 08AB98D70A9DF579E0BD8F2C42B10C9A
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1659004503-527237240-839522115-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1659004503-527237240-839522115-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, SB Audigy 2 Startup Menu
where: S-1-5-21-1659004503-527237240-839522115-1003...
command: /L:ENG
file: /L:ENG
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sonic RecordNow!
where: S-1-5-21-1659004503-527237240-839522115-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1659004503-527237240-839522115-1003...
command: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:RunOnce, SpybotDeletingD334
where: S-1-5-21-1659004503-527237240-839522115-1003...
command: "cmd.exe" /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD7990
where: S-1-5-21-1659004503-527237240-839522115-1003...
command: "cmd.exe" /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD8037
where: S-1-5-21-1659004503-527237240-839522115-1003...
command: "cmd.exe" /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1659004503-527237240-839522115-1004...
command: "C:\WINDOWS\system32\ctfmon.exe"
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1659004503-527237240-839522115-1004...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1659004503-527237240-839522115-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: Startup (common), DataViz Inc Messenger.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
file: C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
size: 28672
MD5: D0DFDEC5BE5B261575CF6A40CEB27B39
Located: Startup (common), Exif Launcher S.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\FinePixViewerS\QuickDCF2.exe
file: C:\Program Files\FinePixViewerS\QuickDCF2.exe
size: 303104
MD5: EE7B9D446C9C49228008CB39204C5CAA
Located: Startup (common), HOTSYNCSHORTCUTNAME.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Palm\Hotsync.exe
file: C:\Program Files\Palm\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 0C481C71633D3BC771FD30AC3D623A5C
Located: Startup (common), PopMenu exe.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WinBatch\System\popmenu.exe
file: C:\Program Files\WinBatch\System\popmenu.exe
size: 98304
MD5: 075202FB17774389794B345B267E595B
Located: Startup (user), Palm Registration.lnk
where: C:\Documents and Settings\David\Start Menu\Programs\Startup...
command: C:\Program Files\Palm\register.exe
file: C:\Program Files\Palm\register.exe
size: 2494464
MD5: 533773CC598066297984DCAE9788639A
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
-
Hello,
Those entries (with random numbers) get generated each time Spybot cannot remove a file while the system is running (so it gets queued through those entries to be deleted on next system restart).
They're "RunOnce" entries though, automatically removed once executed once - unless you tell TeaTimer to reject their removal.
Best regards
Sandra
Team Spybot
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules