My computer's starts up slowly & internet problem

sidthereal

sidthereal

New Member
you can do tht by constantly tapping F8
or use a method I adopt.
go to run and type Msconfig
then go to Boot.ini
And click safe mode.
on restart the computer goes into safe mode. To go to normal boot up just uncheck the safe mode option
 
R

Rise

Member
ive now ran microsoft antispyware in safe mode and still cant find anything. everytime i open norton anti virus or my firewall it says error for a few seconds then changes to fine
 
Last edited:
sidthereal

sidthereal

New Member
Rise said:
ive now ran microsoft antispyware in safe mode and still cant find anything. everytime i open norton anti virus or my firewall it says error for a few seconds then changes to fine
Click to expand...
microsoft.com

Did you read the post i said about the worm?? even microsost.com is affected by it..MS antispyware wont work.
Did you download and run Ewido security suite like i asked you too?
DO SO! If it still doesnt work, we move onto manual cleaning.
 
R

Rise

Member
sidthereal said:
microsoft.com

Did you read the post i said about the worm?? even microsost.com is affected by it..MS antispyware wont work.
Did you download and run Ewido security suite like i asked you too?
DO SO! If it still doesnt work, we move onto manual cleaning.
Click to expand...


I thought id try it anyway yes i ran ewido in safe mode it found nothing
 
sidthereal

sidthereal

New Member
ok..lets get rid of this W32/Rbot-ANK first.
Use the following instructions
1.Create a restore point on your pc
2.Download PROCESS EXPLORER freeware to see what processes are running
from http://www.sysinternals.com/Utilities/ProcessExplorer.html
3. find and kill immediatly process “mswinsck.exe”
4. delete the file “mswinsck.exe” located in C:\Windows\System (seup the computer to show hidden files and system files)
5. Delete the following enteries in the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Winsock
mswinsck.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Winsock
mswinsck.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Winsock
mswinsck.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Winsock
mswinsck.exe

HKCU\SYSTEM\CurrentControlSet\Control\Lsa
Microsoft Winsock
mswinsck.exe

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Microsoft Winsock
mswinsck.exe

HKCU\Software\Microsoft\OLE
Microsoft Winsock
mswinsck.exe

HKLM\SOFTWARE\Microsoft\Ole
Microsoft Winsock

Reboot the computer.

To remove Powerreg scheduler take the following steps
1. Kill these running processes with Task Manager:
%DeskTop%\startup\powerreg scheduler v3.exe
%Profile%\start menu\programs\startup\powerreg scheduler.exe
%Profile%\start menu\programs\startup\powerreg schedulerv2.exe
%Startup%\powerreg scheduler v3.exe
%Startup%\powerreg scheduler.exe
%SystemRoot%\desktop\startup\powerreg scheduler.exe
%SystemRoot%\start menu\programs\startup\powerreg scheduler v3.exe
%SystemRoot%\start menu\programs\startup\powerreg scheduler.exe

2. Remove these files (if present) with Windows Explorer:
%DeskTop%\startup\powerreg scheduler v3.exe
%DeskTop%\startup\webshots.lnk
%Profile%\start menu\programs\startup\powerreg scheduler.exe
%Profile%\start menu\programs\startup\powerreg schedulerv2.exe
%ProgramFiles%\powerreg
%Startup%\powerreg scheduler v3.exe
%Startup%\powerreg scheduler.exe
%SystemRoot%\desktop\startup\powerreg scheduler.exe
%SystemRoot%\start menu\programs\startup\image.lnk
%SystemRoot%\start menu\programs\startup\norton disk doctor.lnk
%SystemRoot%\start menu\programs\startup\powerreg scheduler v3.exe
%SystemRoot%\start menu\programs\startup\powerreg scheduler.exe

3. Remove these directories (if present) with Windows Explorer:
%DeskTop%\startup

update your spysweeper programme and ewido security suite.

Now download smitrem from
http://noahdfear.geekstogo.com/click counter/click.php?id=1
and save to desktop.
Double click on the file to extract it to c:\smitrem.

Now reboot to safemode and Open the c:\smitrem folder and double click the RunThis.bat file to start the tool.

Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.

When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.

And now run a full scan of both ewido and Spysweeper, and they should remove the remaining malware in the computer.
run a fresh MWAV scan and post the log.
 
sidthereal

sidthereal

New Member
sigh....
okay, open hijackthis
click on open misc tools section
then click open process manager
refresh the processes
and if you find the mswinsck.exe process kill it.
and then go ahead with the other instructions.

Else, Id suggest, you clear your previous system restores and then scan your registry and hard drives for mswinsck.exe
 
sidthereal

sidthereal

New Member
post the log

Also, to delete the system restore files, you have to disable system restore on the drives.
this can be done thus ways :
go to control panel>System>System restore> click turn off system restore
this will delete all past system restore files.

Additionaly, try and delete the other virus for which instructions have been posted
 
Last edited:
sidthereal

sidthereal

New Member
I dont know if this would help, but no harm in trying it
download Stinger from
http://download.nai.com/products/mcafee-avert/stng260.exe

When the download is complete, navigate to the folder that contains the downloaded Stinger file, and run it

If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned.

Click the Scan Now button to begin scanning the specified drives/directories.
 
R

Rise

Member
rocess list saved on 13:41:40, on 18/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
520 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
796 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
840 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
852 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
996 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1088 C:\Program Files\Windows Defender\MsMpEng.exe 1.1.1051.0 Microsoft Corporation
1132 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1384 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe 103.0.7.2 Symantec Corporation
1572 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
1596 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 103.0.7.2 Symantec Corporation
1608 C:\Program Files\Norton Personal Firewall\ISSVC.exe 8.0.2.5 Symantec Corporation
1644 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 5.5.1.6 Symantec Corporation
1672 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 1.0.1.47 Symantec Corporation
1696 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 103.0.7.2 Symantec Corporation
1988 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
200 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe 2.6.6.3 America Online, Inc.
224 C:\Program Files\ewido anti-malware\ewidoctrl.exe 3.0.0.1 ewido networks
236 C:\Program Files\ewido anti-malware\ewidoguard.exe 3.0.0.1 ewido networks
464 C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe 11.0.16.2 Symantec Corporation
496 C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe 11.0.16.2 Symantec Corporation
536 C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE 18.0.0.62 Symantec Corporation
632 C:\WINDOWS\system32\nvsvc32.exe 6.14.10.8421 NVIDIA Corporation
696 C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE 18.0.0.62 Symantec Corporation
1156 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1332 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 1.8.54.478 Symantec Corporation
1236 C:\WINDOWS\SOUNDMAN.EXE 5.0.0.2 Avance Logic, Inc.
1244 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe 50.0.146.0 Hewlett-Packard Co.
1336 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe 2.223.0.0 HP
1392 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe 1.0.0.1 Hewlett-Packard
1568 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe 2.3.0.162 Hewlett-Packard
2116 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe 2.6.0.162
2648 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe 2.6.6.3 America Online, Inc
1512 C:\Program Files\QuickTime\qttask.exe 6.5.0.48 Apple Computer, Inc.
3816 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe 5.0.30.7 Sun Microsystems, Inc.
3900 C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe 4.0.7.0 GlobespanVirata, Inc.
3908 C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
3916 C:\Program Files\VoyagerTest\fts.exe 1.0.2.2 Friendly Technologies
656 C:\Program Files\Common Files\Symantec Shared\ccApp.exe 103.0.7.2 Symantec Corporation
2700 C:\Program Files\Windows Defender\MSASCui.exe 1.1.1051.0 Microsoft Corporation
3116 C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe 1.3.6.0 America Online, Inc.
3140 C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe 1.3.6.0 America Online, Inc.
3268 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe 1.0.0.701 Microsoft Corporation
3740 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.701 Microsoft Corporation
2300 c:\program files\common files\aol\1133047187\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
2344 C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe 1.3.6.0 America Online, Inc.
2472 C:\WINDOWS\system32\RUNDLL32.EXE 5.1.2600.2180 Microsoft Corporation
2988 C:\PROGRA~1\AOL9~1.0\waol.exe 9.0.0.2 America Online, Inc.
2004 C:\PROGRA~1\AOL9~1.0\shellmon.exe 9.0.0.1 America Online, Inc.
2428 C:\Program Files\Common Files\AOL\aoltpspd.exe 1.1.1.0 America Online Inc
3640 C:\Program Files\AOL Companion\companion.exe 1.6.2.0
3056 C:\Program Files\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
2064 C:\Documents and Settings\iain murray\My Documents\My Received Files\Unused\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
 
R

Rise

Member
i found a powerregister folder and a 2 powerreg.dat 1 in C\:windows and another in doc and settings\name\application data\leadertech\powerregister is that what you wanted?
 
sidthereal

sidthereal

New Member
Rise said:
i found a powerregister folder and a 2 powerreg.dat 1 in C\:windows and another in doc and settings\name\application data\leadertech\powerregister is that what you wanted?
Click to expand...
hmm....before you take action on that file,
did you delete the system restore points? If you did, just run another MWAV scan and see what pops up. I want to see if any changes have occured because of deleting the restore files.
Also did Stinger find anything?
 
sidthereal

sidthereal

New Member
go ahead and delete the files you found in C: drive.

and also to remove clipgenie use the following instructions,
although I believe your taskmanager wont be showing the following entries. If you cant find the files on your pc just remove them from the registry.

To uninstall the program, click Start > Settings > Control Panel > Add/Remove Programs. From the programs list, select the entry ClipGenie, click Change/Remove to uninstall it.

Follow these removal steps to manually remove this adware from your computer:

1. Open Task Manager (by pressing CTRL+ALT+DEL) .
2. From processes list, select and terminate the processes notify.exe and cg.exe.
3. Click Start > Run, type 'regedit' to open the Regsitry Editor.
4. Navigate to and delete the following registry keys:

HKEY_CURRENT_USER\software\clipgenie
HKEY_CURRENT_USER\software\traynotifier\clipgenie
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\clipgenie
HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie
5. Close Registry Editor.
6. Use Windows EXplorer to open the Program Files directory (by default, this is C:\Program Files ), select and delete the folder clipgenie and all the files in it.
 
sidthereal

sidthereal

New Member
delete also:
1)HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
And also the following files
webinstall2
activeinstall.dll
activeinstall.inf
bikpreview.wmv
casinopreview.wmv
celebpreview.wmv
cg.exe
cg.ini
channels.ini
channels.js
clipgenie.cab
content.js
extpreview.wmv
f1_1.html
f1_2a.html
f1_2b_categories.html
f1_3.html
f2.html
f3_1.html
f3_2a_player.html
f3_2b.html
f3_3.html
f3_4a_files.html
f3_4b.html
f3_5.html
files.html
filestyles.css
fpo_player_body.html
fpo_player_nav.html
fpo_player_top.html
guistyles.css
help.html
helpbody.html
helpheader.html
launch.html
main.html
main_bottom.html
main_mid.html
main_top.html
mainpage_lownav_newbase.html
mainpage_nav_newbase.html
no_files.html
player.html
player_top.html
playerslices.htm
preview.html
previewheader.htm
pv_bikini.html
pv_celebs.html
pv_extreme.html
pv_groovy.html
pv_weird.html
scroller.swf
supportbody.html
wrdpreview.wmv
commonprograms+\clipgenie.lnk
programfilesdir+\clipgenie\cg.ini
programfilesdir+\clipgenie\clipgenie\channels.ini
programfilesdir+\clipgenie\clipgenie\media\channels\bikini\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\bikini\gui\pv_bikini.html
programfilesdir+\clipgenie\clipgenie\media\channels\casino\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\casino\gui\pv_casino.html
programfilesdir+\clipgenie\clipgenie\media\channels\celebs\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\celebs\gui\pv_celebs.html
programfilesdir+\clipgenie\clipgenie\media\channels\content.js
programfilesdir+\clipgenie\clipgenie\media\channels\extreme\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\extreme\gui\pv_extreme.html
programfilesdir+\clipgenie\clipgenie\media\channels\files.html
programfilesdir+\clipgenie\clipgenie\media\channels\groovy\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\groovy\gui\pv_groovy.html
programfilesdir+\clipgenie\clipgenie\media\channels\weird\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\weird\gui\pv_weird.html
programfilesdir+\clipgenie\clipgenie\media\channelstyles.css
programfilesdir+\clipgenie\clipgenie\media\gui\main\about.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\channels.js
programfilesdir+\clipgenie\clipgenie\media\gui\main\guistyles.css
programfilesdir+\clipgenie\clipgenie\media\gui\main\help.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\launch.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main_bottom.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main_mid.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main_top.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\mainpage_lownav_newbase.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\mainpage_nav_newbase.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\aboutheader.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\header.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\helpbody.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\helpheader.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\previewheader.htm
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\supportbody.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_1.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_2a.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_2b_categories.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_3.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f2.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_1.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_2a_player.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_2b.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_3.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_4a_files.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_4b.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_5.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\filestyles.css
programfilesdir+\clipgenie\clipgenie\media\gui\player\fpo_player_body.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\fpo_player_nav.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\fpo_player_top.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\no_files.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\player.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\player_top.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\playerslices.htm
programfilesdir+\clipgenie\clipgenie\media\gui\player\playerstyles.css
programfilesdir+\clipgenie\notify\notify.exe
programfilesdir+\clipgenie\user.ini
about.html
aboutheader.html
programfilesdir+\clipgenie\v1\cg.exe
programfilesdir+\clipgenie\webinstall.exe
programfilesdir+\scansoft\paperport\visioneer.exe

And run smitrem which I have posted earlier. We'l have to manually delete files.
 
Last edited:
You must log in or register to reply here.
Top