I appologize if this is not the appropriate place to post this - but this is 1st time. Please redirect me if necessary.
I believe I have malware which should be removed. I've disabled entries from starting which seem to be unnecessary - but I AM NOT SURE IF I MUST DELETE REGISTRY ENTRIES OR OTHER FILES RELATED.....? AM ESPECIALLY CONCERNED ABOUT ENTRIES AT BOTTOM OF LIST.
Thank You.
sbme
Spybot S & D Tool: System Startup reports the following:
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2007-03-28 unins000.exe (51.41.0.0)
2008-04-05 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-04-16 Includes\Adware.sbi
2008-05-07 Includes\AdwareC.sbi
2008-05-07 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-05-07 Includes\DialerC.sbi
2008-05-07 Includes\HeavyDuty.sbi
2008-04-30 Includes\Hijackers.sbi
2008-05-07 Includes\HijackersC.sbi
2008-04-30 Includes\Keyloggers.sbi
2008-05-07 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-04-22 Includes\Malware.sbi
2008-05-07 Includes\MalwareC.sbi
2008-03-26 Includes\PUPS.sbi
2008-05-07 Includes\PUPSC.sbi
2008-05-07 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-05-07 Includes\SecurityC.sbi
2008-04-16 Includes\Spybots.sbi
2008-05-07 Includes\SpybotsC.sbi
2008-04-16 Includes\Spyware.sbi
2008-05-07 Includes\SpywareC.sbi
2007-11-06 Includes\Tracks.uti
2008-04-30 Includes\Trojans.sbi
2008-05-07 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, BCMSMMSG
command: BCMSMMSG.exe
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
Located: HK_LM:Run, MSConfig (DISABLED)
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 158208
MD5: 4FD22142F54692463A7B98B7DE175573
Located: HK_CU:Run, AVG7_Run
where: .DEFAULT...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB
Located: HK_CU:Run, AVG7_Run
where: PE_C_ADMINISTRATOR...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB
Located: HK_CU:Run, MySpaceIM
where: PE_C_ALL USERS...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, AVG7_Run
where: S-1-5-19...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB
Located: HK_CU:Run, AVG7_Run
where: S-1-5-20...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-790525478-2111687655-725345543-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: HK_CU:Run, AVG7_Run
where: S-1-5-18...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB
Located: Startup (common), Smart Wizard Wireless Settings.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
file: C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
size: 1056864
MD5: E2A8EFA2871BDCE7136828F9C6AAE242
Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 237568
MD5: DA6B945E561B1D1DA67663BB45B4B868
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Typically not required
Value: MSConfig
Filename: msconfig.exe
Description
Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: MSCONFIG32.EXE
Description
Added by the _SPYBOT.B_ WORM!
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: msconfig.exe
Description
_CoolWebSearch_ parasite related. Note - this is not the legitimate _msconfig.exe_ which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
Source: Paul Collins Startup list
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: msconfig.exe
Description
Added by the _WINUR_ WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: wins.exe
Description
Added by the _RBOT.PF_ WORM!
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: MSCONFIG35.EXE
Description
Added by a variant of the _SPYBOT_ WORM!
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: scvhost.exe
Description
Added by the _AGENT-DSF_ TROJAN!
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: winlog.exe
Description
Added by the _IRCBOT-TJ_ TROJAN!
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: icpldrvx.exe
Description
Added by the _BANLOAD.BFT_ TROJAN!
Source: Paul Collins Startup list
____________________
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Database status: Not required - virus, spyware, malware or other resource hog
Value: MSConfig
Filename: msconfig.com
Description
Added by the _IRCBOT-SM_ WORM!
Source: Paul Collins Startup list