Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When Using Spybot, System Startups?


  • Please log in to reply
7 replies to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:37 PM

Posted 20 September 2008 - 09:00 AM

I would be delighted to know a little more about diagnostics in various areas of my PC, and at this time especially in the Startup list and have a couple of questions that concern the recommended path of analyzing these.

I presently am using Spybot tools and have reached the Startup list.

When using the BC Startup List, Many of my entrees have multiple answers as follows;

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6
Name Filename Status Description
PHIME2002ASync dumprep.exe
X
Added by the W32/Puress-B worm. This infection should not be confused with the
legitimate C:\Windows\System32\dumprep.exe. ... Read More
PHIME2002A svchost.exe

X
Added by the W32/Puress-B worm. This infection should not be confused with the
legitimate C:\Windows\System32\svchost.exe. ... Read More
Phime2002a TINTSETP.EXE
N
Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese
text in IE, Outlook and Word ... Read More
PHIME2002ASync TINTSETP.EXE
N
Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese
text in IE, Outlook and Word ... Read More



How do I know which one of these pertains to the one I entered into the search, e.g. the one that I have in my PC ?


My guess is it would be the exact match,i.e., PHIME2002ASync, . . correct?

If so why all the others ?

Edited by Jove, 20 September 2008 - 09:18 AM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:37 PM

Posted 20 September 2008 - 10:01 AM

Phime2002a or PHIME2002ASync ( TINTSETP.EXE)--Not Required at Startup - Application Launcher, Microsoft Office Application

dumprep.exe is a nasty
http://www.bleepingcomputer.com/startups/d....exe-23369.html
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:37 PM

Posted 20 September 2008 - 10:06 AM

Garmanma,

Are you saying the one I have is a nasty ?

This is the one I have, . . .
Per Spybot :

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Edited by Jove, 20 September 2008 - 10:19 AM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#4 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:37 PM

Posted 20 September 2008 - 10:19 AM

Sorry, I did not do a good read on your post !

But thanks, so the one I have as previously stated is Sync and is not a nasty, Ok, its not required at start up, so if I uncheck it, will it start automatically when called upon ?

and if it does, will it revert back to the checked position in the utilities ?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#5 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:37 PM

Posted 20 September 2008 - 11:42 AM

Garmanma,
Let me ask you this, concerning the, BC Startup List Search, . .

For This:
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 143360
MD5: 3F2C31795D7D63BD002C2E0468636132
===========================================================
It found the following;

Name Filename Status Description
igfxtray igfxtray.exe
N
Quick access to the control panel via a System Tray icon for graphics based upon the
Intel chipsets (ie, i810). These chipsets are often included on m ... Read More

Name Filename Status Description

Intel® Common User Interface igfxtray.exe
N
Quick access to the control panel via a System Tray icon for graphics based upon the
Intel chipsets (ie, i810). These chipsets are often included on m ... Read More


As you can see the Original Entry; IgfxTray, uses upper case, and the search seems sensitive to upper case and often means an entirely different program, . . . .

So what do I have here ?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:37 PM

Posted 20 September 2008 - 07:58 PM

Using the startup database requires you to compare not only the filenames, but where they are located.

Dumprep.exe located in the C:\Windows\System32 is a valid file. If it is located elsewhere then it is likely malware.

#7 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:37 PM

Posted 20 September 2008 - 09:59 PM

Grinler,

Thanks for the reply.

Regarding ;
Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6
Name Filename Status Description
PHIME2002ASync dumprep.exe

I am trying to understand this and the information you referenced, therefore the following is my PC Information concerning the dumprep.exec, the location reference indicated here is, HK_LM:Run, PHIME2002A, I believe this to be a Registry reference, I believe you are referring to the file reference that will be found in my,
Local Disk (C:) and this I assume would be derived from the file reference ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

I did find it the system32 file as in the following image

The only IME file I found so far is ime in the WINDOWS folder, . . I find no dumprep.exe file or reference there if the IME is a folder reference, if not what is it ?

I have noticed that the case, i.e. lower or upper seem to make a great deal of difference in the classification of files, and I would assume folders, unless this is otherwise and also is comparative information. Will case be pertinent in identifying files and folders?

Will I need to search each time to check each file as in this case. or am I reading the file location information incorrectly ?



Posted Image

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:37 PM

Posted 21 September 2008 - 06:58 AM

Your command is located at:

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

The startup list has the same command listed as safe, therefore it is legitimate to be in that location. Upper and lower case really does not make a difference.

THe way to use the database is to check three things. If an entry has a name of PHIME2002A then you can search the database for that name. If it is found, you look at the command, which may not always be the same. Then look at the filename and its location. If the info in the startup database is the same info being shown in whatever you are using to view your startups, then you can safely assume what the startup database says is correct.

In this situation we have a legitimate startup database entry that has a name of PHIME2002A. That matches yours.

Your entry's start has the command line of C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName. That is the same as the one in the startup database. So that matches as well.

The path to the file is C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE. That is the same as your startup, so you can safely assume that your startup is legitimate.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users