I am a newbee at this, but have tried to follow the correct steps. My computer is running slow so I have been following bleepingcomputers advice. I just finished the step of running autoruns. I have searched every entry in the database and taken note of the "harmful" ones. Before taking the next step I wanted to make sure I have correctly identified the entry with the ones on your database. Also, when searching for an entry on the database there seems to be several entries listing a differenet status. Which one do I trust? Here is the list of entries I have found with the information given to me by autoruns.
Thanks
Name: Quick Time Task
Filename: qttask.exe
Location: c:\program files\quicktime\qttask.exe
Name: SunJavaUpdate
Filename: jusched.exe
Location: c:\program files\java\jre1.5.0_11\bin\jusched.exe
Name: MSMSGS, Windows Messenger
Filename: msmsgs.exe
Location: c:\program files\messenger\msmsgs.exe
The filename and location are the same for this entry , but it appears in several differnet names
Name: text/webviewhtml, CDBurn, PostBootReminder, shell32.dll, Taskbar and Start Menu, {0D2E74C4-3C34-11d2-A27E-00C04FC30871}, {24F14F01-7B1C-11d1-838f-0000F80461CF}, {24F14F02-7B1C-11d1-838f-0000F80461CF}, {66742402-F9B9-11D1-A202-0000F81FEDEE}
Filename: shell32.dll
Location: c:\windows\system32\shell32.dll
The filename and location are the same for this entry , but it appears in several differnet names
Name: Microsoft Web Publishing Wizard 1.52, NewMeeting 3.01, Windows Messenger 4.7
Filename: advpack.dll
Location: c:\windows\system32\advpack.dll
The filename and location are the same for this entry , but it appears in several differnet names
Name: Themes Setup, Windows Desk Update
Filename: regsvr32.exe
Location: c:\windows\system32\regsvr32.exe
Name: Sendmail service
Filename: sendmail.dll
Location: c:\windows\system32\sendmail.dll
Name: Kernel32
Filename: kernel32.dll
Location: c:\windows\system32\kernel32.dll
Name: wininet
Filename: wininet.dll
Location: c:\windows\system32\wininet.dll
Name: logonui.exe
Filename: logonui.exe
Location: c:\windows\system32\logonui.exe
I have also found several entries that may match one on your database, i usually see a few maybe several that match, however one entry will note " This infection should not be confused with the legitimate file found at C:\Windows\System32\userinit.exe." If it seems to be the legitimate file do I ignore it? Here are a few listed this way.
Name: C:\WINDOWS\system32\userinit.exe
Filename: userinit.exe
Location: c:\windows\system32\userinit.exe
Name: Explorer.exe
Filename: explorer.exe
Location: c:\windows\explorer.exe
Name: ctfmon.exe
Filename: ctfmon.exe
Location: c:\windows\system32\ctfmon.exe
Name: Eventlog
Filename: services.exe
Location: c:\windows\system32\services.exe
If I do need to handel these would the nest step be disableing and deleting them in safe mode?
Thanks