Need User Feedback: powrprof.dll identified as both safe and dangerous

[winuser]

I am posting here to clarify a doubt: I was checking my system startup with Spybot S&D and found an entry (powrprof.dll etc.) which is described in two ways at the same time:

Database status: Not required - virus, spyware, malware or other resource hog
Value: LoadPowerProfile
Filename: ASDAPI.EXE
Description
Added by the _CABRO_ TROJAN!

and

Database status: Necessity depends on users preferences
Value: LoadPowerProfile
Filename: Rundll32.exe powrprof.dll

Description
Power management specifics such as monitor shut-off, system standby, etc.

A little worried, I run a full scan with Spybot without detecting the trojan. Thus, I searched for ASDAPI.EXE in the "Search Files and Folders" Windows tool, and then in the register through regedit.

For my concern, I found "ASDAPI.EXE" in the following register keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

I then tried to search more info about backdoor.Cabro on Google, finding that the trojan modifies other keys of the register. I checked those and luckily the trojan values aren't there.
Then I looked for MRU and found that it simply means "Most Recently Used". :lip: A page from the Microsoft.com website explained that it only means that I searched for that earlier (which is true) through "Find Files and Folders".

Can I then consider myself safe?

If the answer is yes, :lip: then please consider this post as an information for all newbies that may find themselves in this situation.

 

[md usa spybot fan]

winuser:

The comments (descriptions) associated on startup entries are the known possibilities for the names of the startup entries ("LoadPowerProfile" in your case). There is no actual analysis of the startup entry itself (other than the name) nor of the program it points to. In order to then determine which description may or may not be applicable to your particular startup entry, you must compare the "Current filename: ..." that is listed above the individual descriptions with the "Filename: ..." in each description to determine which description, if any, may apply.

Since it does not seem that included the "Current filename: ..." nor post the actual startup entry that you are interested in, it is difficult help.

If you post the "Current filename: ..." or the actual startup entry and related information, possibly someone can help.

You can post the actual startup entry by going into Spybot > Mode > Advanced Mode > Tools > System startup and right clicking on the list, then select "Copy to clipboard". You can paste (Ctrl + V) the clipboard into another post in this thread. Please edit the post so that only the entry in question is posted.