Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicous Start up items!


  • Please log in to reply
7 replies to this topic

#1 cap2587

cap2587

  • Members
  • 524 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 11 February 2009 - 07:27 AM

I have a Dell Dimension Desktop that is running XP Home Edition. I recently have had to remove some trojans and malware that has snuck into my PC. Everything seems to be running better, but I am worried about a couple of suspicous start up items.

Rundll 32.exe C:\windows\system32\Nvcpl.dll

C:\Windows\system32\Dsentry.exe

C:\windows\dtintq.exe

What is the secret to knowing exactly which items in the start up are essential to everything running correctly. I take it any program files running at start up can be disabled. When I started the computer up I would get this error saying " C:\Program files\crystalys media\cm.dll. I figured out to delete the registry key and everything was fine after that. Is it important for programs you uninstall to go in and delete the registry key? Services is another thing that has tons of things running that are essential to your system running smooth and some that are set to automatic and you never use them. Appreciate any tips on my above 3 start up items. Thanks.

BC AdBot (Login to Remove)

 


#2 Justa

Justa

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:56 PM

Posted 11 February 2009 - 08:16 AM

Hello,

I am not expert but maybe I can help.

Most start ups are listed in Bleeping Computers Start Up Programs database.

rundll32.exe
http://www.bleepingcomputer.com/forums/ind...56&t=202554

DSentry.exe
http://www.bleepingcomputer.com/startups/D...y.exe-1439.html

Couldn't find dtingq.exe and it did not show up in a Google search. Google search can find a lot of start ups. Be careful of the source as a lot of links will tell you a legit start up may be malware and to run there special scan so they can sell you software that sometimes is malware itself.

Unless you really know how to work with the registry I would get help here before making any registry changes and always, always, always back up your registry before making any changes.

Revo Uninstaller seems to do the most complete job to uninstall program traces when you select the most thorough removal options but of course it is slower to do this. The program has to be installed to use it and I have had to reinstall programs and use Revo for a more complete install on occasion. I use this when I am concerned about program traces being left. Whether it is more effective for registry items I am not certain but I have never had a problem with registry items left when using Revo.

http://www.revouninstaller.com/revo_uninst...e_download.html

Hope this helps

#3 cap2587

cap2587
  • Topic Starter

  • Members
  • 524 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 11 February 2009 - 12:09 PM

I have some suspicous start-up items that I would like some help with. Are these legitimate start-ups that I need or things I should remove. Thanks.

Rundll 32.exe C:\windows\system32\Nvcpl.dll

C:\Windows\system32\Dsentry.exe

C:\windows\dtintq.exe

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 11 February 2009 - 02:28 PM

Hi cap,
I would recommend you follow the directions here. And post a log for analysis in the HjT forum

If you typed the entries correctly further investigation would be warranted.
Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 11 February 2009 - 07:09 PM

The first file is an Nvidia related file. The second is Dell Sentry. The third is the suspicious one but check the spelling.

#6 Justa

Justa

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:56 PM

Posted 11 February 2009 - 11:16 PM

Sorry I posted the incorrect link to the first one. Here is the correct one scroll up to see the description.

Rundll 32.exe C:\windows\system32\Nvcpl.dll
http://www.bleepingcomputer.com/startups/r...artup-3803.html

#7 cap2587

cap2587
  • Topic Starter

  • Members
  • 524 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 12 February 2009 - 08:59 AM

Thanks so much for the links and feedback. It seems like none of the 3 start up items are truly needed at start up. The one that is connected to the NVidia Graphics card say's enable if you are overclocking your card. I am not doing that, nor do I know what that means. Does that mean that I am safe to remove this from start-up. Thoughts.

#8 Justa

Justa

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:56 PM

Posted 12 February 2009 - 09:57 AM

I have the luxury of Acronis and frequent mirror image backups to a external drive so I have myself an "out" if I make a mistake. I have never had a problem removing start ups but I am very careful in researching what I want to remove first. Don't know about your graphics card start up but if you make a mistake and lose your monitor that is one I would rather avoid. Many start ups are rather benign in what they consume memory wise and CPU run time. I run task manager as early as possible when Windows loads to watch what is running and whether a process self terminates or not. Clicking on CPU Time in task manager will put the running processes in order from highest to lowest run time and I have found worthless legit processes this way that have consumed tremendous CPU run time. Clicking on Mem Usage puts memory consumers in order from highest to lowest.

The one I would worry about is.

C:\windows\dtintq.exe

Google search returns nothing here and that can indicate newly created malware but I do not have the expertise to determine this.

Good Luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users