My computer's starts up slowly & internet problem

[Rise]

that long list on page 5 or 4?the panda scans scanning my c drive. its found spyware it didnt last time

 

[sidthereal]

For Cydoor.TOPicks
Kill the following processes
Program Files\topicks\bin\hthost.exe
Program Files\topicks\bin\idhost.exe
Program Files\topicks\bin\idmun.exe
Unregister the following DLLs and reboot
Program Files\topicks\bin\datamgr.dll
Program Files\topicks\bin\htcheck2.dll
Program Files\topicks\bin\htps.dll
Program Files\topicks\bin\idmcom.dll
Program Files\topicks\bin\idmup.dll
Program Files\topicks\bin\tpbar.dll
Program Files\topicks\bin\tpreg.dll
Delete these registry entries
HKEY_CLASSES_ROOT\clsid\{02cdb0ed-874a-4dcb-8d9f-c2e3b169f265}
HKEY_CLASSES_ROOT\clsid\{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOT\clsid\{5c40012e-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOT\clsid\{80e81a0e-9741-4fbc-8ee3-3b78c04ada1d}
HKEY_CLASSES_ROOT\clsid\{9f8ac164-6826-4b52-8f65-9c31305e81cc}
HKEY_CLASSES_ROOT\clsid\{cbdb0279-9d76-48ac-abd3-8cb9a4d73d4a}
HKEY_CLASSES_ROOT\clsid\{d7cb5baf-18d9-46d4-8f72-909d409506fa}
HKEY_CLASSES_ROOT\datamgr32.actionmgr
HKEY_CLASSES_ROOT\datamgr32.actionmgr.1
HKEY_CLASSES_ROOT\datamgr32.datamgr1
HKEY_CLASSES_ROOT\datamgr32.datamgr1.1
HKEY_CLASSES_ROOT\fetchcomm.commfetch
HKEY_CLASSES_ROOT\fetchcomm.commfetch.1
HKEY_CLASSES_ROOT\htcheck2.checkpage
HKEY_CLASSES_ROOT\htcheck2.checkpage.1
HKEY_CLASSES_ROOT\htcheck2.chelpobj
HKEY_CLASSES_ROOT\htcheck2.chelpobj.1
HKEY_CLASSES_ROOT\htchecksvr.scanpage
HKEY_CLASSES_ROOT\htchecksvr.scanpage.1
HKEY_CLASSES_ROOT\idiumupdater.idiumsysupdater
HKEY_CLASSES_ROOT\idiumupdater.idiumsysupdater.1
HKEY_CLASSES_ROOT\interface\{5c40012f-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOT\interface\{dae6416e-491d-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOT\interface\{eb29cd69-7020-4d1d-a0be-72130dfba9f7}
HKEY_CLASSES_ROOT\typelib\{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOT\typelib\{49d25a3f-28ef-4f38-bf7f-bc5fe6d39fa7}
HKEY_CLASSES_ROOT\typelib\{5c400120-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOT\typelib\{9a7cfeda-5911-4ef1-b49a-35c34230ffc1}
HKEY_CLASSES_ROOT\typelib\{be7613d4-7d09-4cf8-b747-6dff0564891e}
HKEY_LOCAL_MACHINE\software\classes\appid\htchecksvr2.exe\appid
HKEY_LOCAL_MACHINE\software\classes\clsid\{c6958acd-d866-4349-9f7b-fdb73384f697}\appid
HKEY_LOCAL_MACHINE\software\classes\topicksreg.topickreg1
HKEY_LOCAL_MACHINE\software\classes\topicksreg.topickreg1.1
HKEY_LOCAL_MACHINE\software\classes\topicksreg.topickreg1\curver
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\topicks
Remove the following files
Program Files\topicks\bin\datamgr.dll
Program Files\topicks\bin\fileversions.ini
Program Files\topicks\bin\htcheck2.dll
Program Files\topicks\bin\hthost.exe
Program Files\topicks\bin\htps.dll
Program Files\topicks\bin\idhost.exe
Program Files\topicks\bin\idmcom.dll
Program Files\topicks\bin\idmun.exe
Program Files\topicks\bin\idmup.dll
Program Files\topicks\bin\test.ini
Program Files\topicks\bin\topicks.reg
Program Files\topicks\bin\tpbar.dll
Program Files\topicks\bin\tpreg.dll
Program Files\topicks\bin\unwise.ini
Remove the following directories
Documents and Settings\UserName\local settings\temp\idseupdate

 

[sidthereal]

that long list on page 5 or 4?the panda scans scanning my c drive. its found spyware it didnt last time

your doing an online scan right?

 

[Rise]

yes from panda found 6 spyware and 2 hacking tools and potentially unwanted tools so far

 

[sidthereal]

k, update your spyweeper and Ewido Secuirty suite if possible.

 

[Rise]

i will after the scans finished its a quater the way through so another 20 mins and il get back to you ok thanks. will i run spy sweeper and ewios in safe mode?

 

[Rise]

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\iain murray\Cookies\iain murray@2o7[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\iain murray\Cookies\iain murray@atdmt[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\iain murray\Cookies\iain murray@cgi-bin[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\iain murray\Cookies\iain murray@hitbox[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\iain murray\Cookies\iain murray@overture[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\iain murray\Cookies\iain [email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\iain murray\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\iain murray\Desktop\smitRem.exe[Process.exe]

thats all i got

 

[Rise]

will i run both spy sweeper and ewios in safe mode?

 

[Rise]

cant find any of them dll

 

[sidthereal]

will i run both spy sweeper and ewios in safe mode?

update and run in safe mode

 

[Rise]

ok il do it now

 

[Rise]

ok i updated and ran both in safe mode and it only found cookies on spy sweeper ewios found nothing

 

[Rise]

ive downloaded the microsoft malicous tool manually what would how could the worm change the download? pest cleaning by ppclean.exe is asking to start up will i allow it?

 

[sidthereal]

yeah allow it.
Also, attach your MWAV scan log. Not the result of the scan, but the log.
you should be able to save the log after a complete scan.

 

[Rise]

attach it to what this forum?

 

[Rise]

ok ive checked the log and came up with this

Sun Mar 19 14:09:10 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sun Mar 19 14:09:11 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Mar 19 14:09:29 2006 => Offending Folder found: C:\Documents and Settings\All Users\Application Data\aol\c_aol 9.0\idb\bart\1024
Sun Mar 19 14:09:29 2006 => Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.

Sun Mar 19 14:09:32 2006 => Offending file found: C:\Documents and Settings\All Users\Application Data\gtek\gtupdate\aupdate\channels\channels.ini
Sun Mar 19 14:09:32 2006 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken.

Sun Mar 19 14:09:33 2006 => Offending file found: C:\Documents and Settings\All Users\Application Data\symantec\common client\settings.dat
Sun Mar 19 14:09:33 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.

Sun Mar 19 14:09:34 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\Programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Mar 19 14:09:34 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.

Sun Mar 19 14:09:35 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Mar 19 14:09:35 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.


how would i get rid of these? thanks

 

[sidthereal]

okay according to the log, your norton disk doctor is infected,
now since other anti-virus/anti-malware programmes have not been able to disinfect the system, id recommend you uninstall norton disk doctor.

Additionaly, did you not remove all registry entries of Limewire?
delete the infected key
go to
Run>regedit
>HKEY_LOCAL_MACHINE > SOFTWARE>MAGNET>HANDLERS>LIMEWIRE
Delete the following:
C:\Documents and Settings\All Users\Application Data\aol\c_aol 9.0\idb\bart\1024
C:\Documents and Settings\All Users\Application Data\gtek\gtupdate\aupdate\channels\channels.ini
C:\Documents and Settings\All Users\Application Data\symantec\common client\settings.dat

Reboot and please post a new HJT log and MWAV scan

 

[Rise]

i used regcleaner that was recommend by buzz, i didnt do it manually

 

[sidthereal]

Id advise you to stick to regcleaner, cos toying with the registry is not safe.
But in this case, youl have to manually delete the key(s)

 

[Rise]

Sun Mar 19 14:09:10 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!


these keys?