-
Unknown .dll have shown up on my system.
This is the export file from Spybot's startup manager:
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-08-14 blindman.exe (1.0.0.8)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-10-10 unins000.exe (51.41.0.0)
2009-01-19 unins001.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2010-06-29 Includes\Adware.sbi
2010-07-27 Includes\AdwareC.sbi
2010-01-25 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2010-07-27 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2010-07-27 Includes\HijackersC.sbi
2010-06-29 Includes\iPhone.sbi
2010-08-02 Includes\Keyloggers.sbi
2010-08-02 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2010-06-01 Includes\Malware.sbi
2010-08-02 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-07-20 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-07-27 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-06-29 Includes\Spyware.sbi
2010-07-27 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi
2010-07-28 Includes\TrojansC-02.sbi
2010-07-28 Includes\TrojansC-03.sbi
2010-07-28 Includes\TrojansC-04.sbi
2010-08-02 Includes\TrojansC-05.sbi
2010-08-02 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, avast5
command: C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
file: C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
size: 2837864
MD5: 38AE7A942FC3FAB1C6A27EB65DE8F827
Located: HK_LM:Run, EnvyHFCPL
command: C:\Program Files\Audio Deck\EnMixCPL.exe 1
file: C:\Program Files\Audio Deck\EnMixCPL.exe
size: 3895296
MD5: 8D5C81AEC13F95551018E27F89AD18CC
Located: HK_LM:Run, ISUSPM
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Kernel and Hardware Abstraction Layer (DISABLED)
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 76304
MD5: E6A9F68D26A094FB78B98180A40A29FC
Located: HK_LM:Run, McAfeeUpdaterUI (DISABLED)
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
file: C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
size: 169984
MD5: A81135541C9D4EBCE43EFA8AD31395B4
Located: HK_LM:Run, ShStatEXE (DISABLED)
command: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40368
MD5: 4FF27EB0E867A04F981342DDF276C6FC
Located: HK_LM:Run, CTHelper (DISABLED)
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 19456
MD5: A0D5111028F6E25B78B94155B115F7BA
Located: HK_LM:Run, CTxfiHlp (DISABLED)
command: CTXFIHLP.EXE
file: C:\WINDOWS\system32\CTXFIHLP.EXE
size: 18944
MD5: 279615246E6343B7C4BADBCB8CF37067
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13923432
MD5: 58A517026E5C8674A70B9B6650691EFE
Located: HK_LM:Run, NvMediaCenter (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 110696
MD5: 848F20153185A85AB09A4FBCED4E7CC7
Located: HK_CU:RunOnce, WUAppSetup (DISABLED)
where: .DEFAULT...
command: C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
file: C:\Program Files\Common Files\logishrd\WUApp32.exe
size: 435736
MD5: 2AF9AF4BAB4E1B2E8F8F4415C8BD381E
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:RunOnce, SetDefaultMIDI (DISABLED)
where: .DEFAULT...
command: MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
file: C:\WINDOWS\system32\MIDIDEF.EXE
size: 28672
MD5: A50397F7C3E08D470CDAE5D5101C5557
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-776561741-2025429265-839522115-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-776561741-2025429265-839522115-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-776561741-2025429265-839522115-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:RunOnce, WUAppSetup (DISABLED)
where: S-1-5-18...
command: C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
file: C:\Program Files\Common Files\logishrd\WUApp32.exe
size: 435736
MD5: 2AF9AF4BAB4E1B2E8F8F4415C8BD381E
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:RunOnce, SetDefaultMIDI (DISABLED)
where: S-1-5-18...
command: MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
file: C:\WINDOWS\system32\MIDIDEF.EXE
size: 28672
MD5: A50397F7C3E08D470CDAE5D5101C5557
Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 214360
MD5: D9335549EAE48B14FB66EFCB6FFAE736
Located: Startup (disabled), Logitech Desktop Messenger (DISABLED)
command: C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start
file: C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe
size: 169472
MD5: 91291CA1490F952D977618544D540B87
Located: Startup (disabled), Logitech SetPoint (DISABLED)
command: C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
file: C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
size: 805392
MD5: D0948BE9B3547B9669195D7F84FC09F7
Located: Startup (disabled), Adobe Gamma (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), Digsby (DISABLED)
command: C:\PROGRA~1\Digsby\digsby.exe
file: C:\PROGRA~1\Digsby\digsby.exe
size: 141488
MD5: F5E28708E4D02AD415608E97901B18EF
Located: Startup (disabled), Folding@Home 5.03 (DISABLED)
command: C:\PROGRA~1\FOLDIN~1\winFAH.exe
file: C:\PROGRA~1\FOLDIN~1\winFAH.exe
size: 323584
MD5: 1D4E6BAC7AC4FBCCCFFC69C3724E3109
Located: Startup (disabled), MagicDisc (DISABLED)
command: C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE
file: C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE
size: 557568
MD5: F03CF56CAA358BD3E31C73B040EE67F5
Located: Startup (disabled), OpenOffice.org 2.3 (DISABLED)
command: C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE
file: C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE
size: 393216
MD5: 01F7BA16BC60D65149FA36F355319171
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, LBTWlgn
command: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
file: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
size: 72208
MD5: 2ACBFEF9984F0FE9849DA857206CCECC
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Those in red are the ones I've never seen before. I'm a bit concerned as my system isn't responding well, and seems to be bogged down. If you could take a look at these at your convenience and let me know if there truly is an issue or not. Thank you!
~Xel
-----------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
Last edited by tashi; 2010-08-11 at 02:21.
Reason: Moved from the Malware forum, link to FAQ provided. :-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote