No replies to this topic

[sbme]

I appologize if this is not the appropriate place to post this - but this is 1st time. Please redirect me if necessary. I believe I have malware which should be removed. I've disabled entries from starting which seem to be unnecessary - but I AM NOT SURE IF I MUST DELETE REGISTRY ENTRIES OR OTHER FILES RELATED.....? AM ESPECIALLY CONCERNED ABOUT ENTRIES AT BOTTOM OF LIST. Thank You. sbme Spybot S & D Tool: System Startup reports the following: --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8.8) 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2007-03-28 unins000.exe (51.41.0.0) 2008-04-05 unins001.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2008-04-16 Includes\Adware.sbi 2008-05-07 Includes\AdwareC.sbi 2008-05-07 Includes\Cookies.sbi 2007-12-26 Includes\Dialer.sbi 2008-05-07 Includes\DialerC.sbi 2008-05-07 Includes\HeavyDuty.sbi 2008-04-30 Includes\Hijackers.sbi 2008-05-07 Includes\HijackersC.sbi 2008-04-30 Includes\Keyloggers.sbi 2008-05-07 Includes\KeyloggersC.sbi 2004-11-29 Includes\LSP.sbi 2008-04-22 Includes\Malware.sbi 2008-05-07 Includes\MalwareC.sbi 2008-03-26 Includes\PUPS.sbi 2008-05-07 Includes\PUPSC.sbi 2008-05-07 Includes\Revision.sbi 2008-01-09 Includes\Security.sbi 2008-05-07 Includes\SecurityC.sbi 2008-04-16 Includes\Spybots.sbi 2008-05-07 Includes\SpybotsC.sbi 2008-04-16 Includes\Spyware.sbi 2008-05-07 Includes\SpywareC.sbi 2007-11-06 Includes\Tracks.uti 2008-04-30 Includes\Trojans.sbi 2008-05-07 Includes\TrojansC.sbi 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll Located: HK_LM:Run, BCMSMMSG command: BCMSMMSG.exe file: C:\WINDOWS\BCMSMMSG.exe size: 122880 MD5: 2D99607F21FF368C0E335A2D91A052A1 Located: HK_LM:Run, MSConfig (DISABLED) command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe size: 158208 MD5: 4FD22142F54692463A7B98B7DE175573 Located: HK_CU:Run, AVG7_Run where: .DEFAULT... command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe size: 219136 MD5: B331EF4C7437F5093D703340678469EB Located: HK_CU:Run, AVG7_Run where: PE_C_ADMINISTRATOR... command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe size: 219136 MD5: B331EF4C7437F5093D703340678469EB Located: HK_CU:Run, MySpaceIM where: PE_C_ALL USERS... command: C:\Program Files\MySpace\IM\MySpaceIM.exe file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, AVG7_Run where: S-1-5-19... command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe size: 219136 MD5: B331EF4C7437F5093D703340678469EB Located: HK_CU:Run, AVG7_Run where: S-1-5-20... command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe size: 219136 MD5: B331EF4C7437F5093D703340678469EB Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-790525478-2111687655-725345543-1004... command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 2097488 MD5: A9A5DB6AC3721BE698B996913693D73F Located: HK_CU:Run, AVG7_Run where: S-1-5-18... command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe size: 219136 MD5: B331EF4C7437F5093D703340678469EB Located: Startup (common), Smart Wizard Wireless Settings.lnk where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup... command: C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe file: C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe size: 1056864 MD5: E2A8EFA2871BDCE7136828F9C6AAE242 Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED) command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe size: 237568 MD5: DA6B945E561B1D1DA67663BB45B4B868 Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, WgaLogon command: WgaLogon.dll file: WgaLogon.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Typically not required Value: MSConfig Filename: msconfig.exe Description Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: MSCONFIG32.EXE Description Added by the _SPYBOT.B_ WORM! Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: msconfig.exe Description _CoolWebSearch_ parasite related. Note - this is not the legitimate _msconfig.exe_ which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting Source: Paul Collins Startup list Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: msconfig.exe Description Added by the _WINUR_ WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\ Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: wins.exe Description Added by the _RBOT.PF_ WORM! Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: MSCONFIG35.EXE Description Added by a variant of the _SPYBOT_ WORM! Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: scvhost.exe Description Added by the _AGENT-DSF_ TROJAN! Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: winlog.exe Description Added by the _IRCBOT-TJ_ TROJAN! Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: icpldrvx.exe Description Added by the _BANLOAD.BFT_ TROJAN! Source: Paul Collins Startup list ____________________ Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Database status: Not required - virus, spyware, malware or other resource hog Value: MSConfig Filename: msconfig.com Description Added by the _IRCBOT-SM_ WORM! Source: Paul Collins Startup list