Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojanhorse startpage 19.an and j [RESOLVED]


  • This topic is locked This topic is locked

#61
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
so sorry did not mean to offend u. im really new at all this and im on my own doing all this u lot are really a godsend without u i would be no where.

i am writing this from my new computer as i am back on line with the old pc and my god have i still got probs with that [bleep] trojan horse. i have downloaded agv and i am running a complete test on it at the moment and i tell u it is not looking good ;)

when the scan is complete i will send u all the information from the old computer.

In the mean time do u no of a good free pop up blocker as my son is only 11 and i no some times u can get some pop ups that look tempting to click on and once i cleared this computer (if ever ) i want to make sure that everything is protected as much as i can.

many thanks
shell :tazz:
  • 0

Advertisements


#62
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You didn't offend me ;)

I know that you're still having problems with the startpage trojans because we haven't removed them yet. No worries, we'll get rid of them :tazz:

Just let me know when AVG is done running and I will give you the next set of instructions.

An excellent pop-up blocker is the Google Toolbar.

I will give you many recommendations on protecting the computer once it's finally clean :)
  • 0

#63
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi

So glad did not offend u was worried i had.

well here i am on the old computer and it feels so strange to my new one.

well this is what happened from start to finish.

loaded straight into normal mode
came up with the Mad performed an illegal operation.

Came up with that grey box like we had before with the following warning:

Error loading C:\Widows\temp\se.dll
Access denied.

we had the dreaded agv virus warning as follows

Virus
Trojan horse start page 19.AN
C:\windows\system\dce.dll (also came up another but with different ending se.dll.

i run the agv virus scan and this was the results..

autoexec.txt.bat warning hidden extenstion bat file path c:
I got 2 of the above while i was scanning but only showed one in the results.
( i have moved this to the vault i hope that i have done right)

i also got the 2 trojan horses i mentioned earlier. it said delete but when i went in the vault it said that back up copy was infected.

I clicked on more details and the following came up

Virus encylopedia
Telefoon
This is not a virus but trojan like version of RAR application
Because of the fact that it is not a trojan horse it is not spreding itself. The virus is trying to modify data files of some prehistoric BBS software.

Delete suspicious file and download some newer version of RAR.

Right that was all that agv said.

This is also somthing that i noticed i wanted to set my sons hompage, as wen i clicked on home it came up with the microsoft update page. So when i went into internet options to do this..... ahhhhhh could of screamed there was the dreaded about.blank typed in. Last time it did this though it showed itself up as a search engine. this time it showed itself as a reliable source. also noticed in the address bar the following was the address http:\v4.w

I think that is about all to report, well that is more than enough i hear u say.

Thanks
Shell



these ones came up evertime i tried to open up explorer.
  • 0

#64
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
This is what I need you to do for me (You have to stay online to run it - it may take some hours run!) *NOTE* If you have a screen saver on, turn it off otherwise it may interrupt it:

Please do an online scan with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#65
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ok thanks

Will do that tomorrow...... in the mean time did a scan as well on ad-aware
dont expect this will help but here is the log i got on that as well.

Ad-Aware SE Build 1.06r1
Logfile Created on:29 July 2005 00:02:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R58 28.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):21 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


29-07-05 00:02:30 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293890141
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294961141
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294955141
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294953285
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294862941
Threads : 3
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [MDM.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294860369
Threads : 2
Priority : Normal
FileVersion : 6.00.8149
ProductVersion : 6.00.8149
ProductName : Microsoft ® Visual Studio
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-1998
OriginalFilename : mdm.exe

#:7 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294853581
Threads : 20
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:8 [STARTER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294807197
Threads : 2
Priority : Normal
FileVersion : 1.00.12
ProductVersion : 1.00.12
ProductName : ENSONIQ Mixer Starter
CompanyName : ENSONIQ Corp.
FileDescription : Starter
InternalName : Starter
LegalCopyright : Copyright © 1996-97 ENSONIQ Corp.
OriginalFilename : Starter.exe
Comments : by Mark M. Hoffman

#:9 [DIRECTCD.EXE]
FilePath : C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\
ProcessID : 4294836165
Threads : 2
Priority : Normal
FileVersion : 3.0 (85)
ProductVersion : 3.0 (85)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-1999 Adaptec, Inc.
OriginalFilename : DirectCD.EXE

#:10 [AVGCC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294835905
Threads : 6
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:11 [AVGAMSVR.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294822865
Threads : 8
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294727373
Threads : 4
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:13 [MOTIVESB.EXE]
FilePath : C:\PROGRAM FILES\NTL\BROADBAND MEDIC\SMARTBRIDGE\
ProcessID : 4294729645
Threads : 10
Priority : Normal
FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
ProductVersion : 5.6.7.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : ntl:home broadband medic alerts
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version

#:14 [AVGEMC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294752837
Threads : 7
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:15 [SETICON.EXE]
FilePath : C:\PROGRAM FILES\ICONS\
ProcessID : 4294126657
Threads : 2
Priority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : SMSC USB97C210 Custom Icons Application
CompanyName : Standard Microsystems Corp.
FileDescription : USB97C210 Custom Icons Application
InternalName : SetIcon
LegalCopyright : Copyright © 2002
OriginalFilename : SetIcon.exe

#:16 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294145105
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:17 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294140521
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:18 [INTERNAT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294706993
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : INTERNAT.EXE

#:19 [BCMWLTRY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294136849
Threads : 2
Priority : Normal
FileVersion : 3.30.15.0
ProductVersion : 3.30.15.0
ProductName : Wireless Network Tray Applet
CompanyName : Belkin Corporation
FileDescription : Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2002, Belkin Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:20 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294068481
Threads : 3
Priority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:21 [SPYSUB.EXE]
FilePath : C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\
ProcessID : 4294052889
Threads : 12
Priority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:22 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294032989
Threads : 4
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:23 [MPBTN.EXE]
FilePath : C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\
ProcessID : 4294378913
Threads : 2
Priority : Normal


#:24 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294281697
Threads : 3
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:25 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294111693
Threads : 4
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:26 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294155441
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\main
Value : HOMEOldSP

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : HOMEOldSP

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment : "sp"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : sp

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sharon@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sharon@bs.serving-sys.com/
Expires : 01-01-38 06:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sharon@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:sharon@247realmedia.com/
Expires : 01-01-11 00:59:58
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sharon@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:sharon@serving-sys.com/
Expires : 01-01-38 06:00:00
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 6



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sharon@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\sharon@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sharon@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\sharon@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sharon@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\sharon@bs.serving-sys[1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Toolbars_Placement

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
Data : about:blank

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

CoolWebSearch Object Recognized!
Type : File
Data : hosts
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\wbem\logs\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 28

00:11:07 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:37.890
Objects scanned:58437
Objects identified:28
Objects ignored:0
New critical objects:28


nice to no as well the about blank has gone and now can gain access to whatever home page i set....

Thanks will get back to u with what u asked tomorrow.
best wishes goodnight
shell
  • 0

#66
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I will be watching for your post tomorrow :tazz:

Have a nice night ;)
  • 0

#67
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi

well tried to get kaspersky to work as u said. but it said i had to manually unistall version beta 5 did this and it is still saying same. the only thing i can get onto is where i can put what files i want to scan so i cant do all them other things ie scan archives and scan mail like u wanted just wanted to no what to do next.

thanks
shell
  • 0

#68
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Have you run the Kaspersky online scan before?

On that screen where it says you have to uninstall the Beta 5.0 did you click "Accept" on the screen?

It's just a generic warning that comes up fo everyone, it doesn't mean you actually have the Beta 5.0. When the screen comes up telling you to manually remove beta 5.0 all you have to do is click Accept, then it will start downloading.
  • 0

#69
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi

I dont no wat is going on. i unistalled it by add remove programs, i have used it on here before and could not find where it was installed and wat version it was so i thought it best to uninstall.

For some reason i can not move the page up and the bottom of the page is hidden and i cant see the accept is it at the bottom of the page.

My icons are big i did this because for some reason they were to small to see the writing before i had the problem a few weeks ago. now when i go into display go on advance i can not change it like i did before it gave me options but the box is not available. the only thing i can think of and not sure if this makes difference is that it was working on 256 colours and now i have it on 24true..

If the accept is on the bottom then i do not no how i can get it i have tried to minimise and restore. there is not a middle option to restore like there is on most pages.

Thanks
Shell
  • 0

#70
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I am not sure why you can not see the accept button. What size is your screen?

We'll skip it for now :tazz:

Please, download StartDreck
Unzip and run StartDreck.exe
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log along with a new HiJackThis log.
  • 0

Advertisements


#71
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
hi i dont no why either. as i said everything seems big i think i did this but dont no how to get it back. is there nothing to set screen size etc.

i only have a 14 inch screen

but i have 17 on this one and can see it.
ok will try this other one

shell
  • 0

#72
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Possibly because of your resolution? Hmm I'm not sure.

Right-click on the desktop and go to properties, then click settings. Is it set at 640 by 480 pixels?
  • 0

#73
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi yes it is set as that.

Well here are the logs u wanted first one startdreck

StartDreck (build 2.1.7 public stable) - 2005-07-29 @ 21:38:54 (GMT +01:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as Sharon at HOME1

»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Default User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Local Machine
»Run
*EnsoniqMixer=starter.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*Adaptec DirectCD=C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
*LoadQM=loadqm.exe
*Motive SmartBridge=C:\PROGRA~1\NTL\BROADB~1\SMARTB~1\MotiveSB.exe
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*SetIcon=C:\Program Files\Icons\Seticon.exe
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*internat.exe=internat.exe
*Welcome=C:\WINDOWS\Welcome.exe /R
*bcmwltry=bcmwltry.exe
*removecpl=RemoveCpl.exe
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*SchedulingAgent=mstask.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*Machine Debug Manager=C:\WINDOWS\SYSTEM\MDM.EXE
»RunServicesOnce
**remn=rundll32 C:\WINDOWS\SYSTEM\ODBCCOYF.RSP,DllGetClassObject
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*{0AA01602-FFB4-11D9-8794-00114E031DC8}
`InprocServer32=C:\WINDOWS\SYSTEM\DCE.DLL
»Files
»System/Drivers
»Running Processes
+FFEFF2BB=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF8513=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFFB263=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFFA887=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE0AB3=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFE3CA3=C:\WINDOWS\SYSTEM\MDM.EXE
+FFFE870B=C:\WINDOWS\RUNDLL32.EXE
+FFFE9EC3=C:\WINDOWS\EXPLORER.EXE
+FFFDEABF=C:\WINDOWS\STARTER.EXE
+FFFC6A47=C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
+FFFDA1FB=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFFDA013=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FFFC3563=C:\WINDOWS\LOADQM.EXE
+FFFCF707=C:\PROGRAM FILES\NTL\BROADBAND MEDIC\SMARTBRIDGE\MOTIVESB.EXE
+FFFCDEEB=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FFFCDDEF=C:\PROGRAM FILES\ICONS\SETICON.EXE
+FFF36AF3=C:\WINDOWS\TASKMON.EXE
+FFF34153=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFF35547=C:\WINDOWS\SYSTEM\INTERNAT.EXE
+FFFDE9D7=C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
+FFF33457=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
+FFF2D6FB=C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
+FFF13777=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFF00D4F=C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\MPBTN.EXE
+FFF75F4F=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF5208F=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFF44DAB=C:\WINDOWS\DESKTOP\STARTDRECK\STARTDRECK.EXE
»Application specific

Now for the hijack

Logfile of HijackThis v1.99.1
Scan saved at 21:44:19, on 29/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\ICONS\SETICON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\MPBTN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: (no name) - {0AA01602-FFB4-11D9-8794-00114E031DC8} - C:\WINDOWS\SYSTEM\DCE.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NTL\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

thanks
shell
  • 0

#74
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please print these instructions out. You MUST make sure you type it EXACTLY otherwise this will not work as it's supposed to.

* We are going to boot in DOS,
* Click the Start button
* Select Shut Down
* Select Restart the computer in MS-DOS mode
* Click the Yes button

When in DOS...

Type:

del C:\WINDOWS\SYSTEM\ODBCCOYF.RSP

Then, hit Enter.

type exit then hit enter.

Reboot your system and ignore the errors you WILL get after reboot.

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {0AA01602-FFB4-11D9-8794-00114E031DC8} - C:\WINDOWS\SYSTEM\DCE.DLL (file missing)


Close HiJackThis.

Right-click the start button and go to "explore". Locate the following files and delete them (in bold), if found:

C:\WINDOWS\SYSTEM\DCE.DLL
C:\WINDOWS\TEMP\se.dll

Rescan with HiJackThis and post a new log.
  • 0

#75
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi

Well i think i have done it as u have said when u said check in explore for the files if they were there. You did mean look in C: if so they were not there.

this is the new hijack log

Logfile of HijackThis v1.99.1
Scan saved at 22:38:18, on 29/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\ICONS\SETICON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NTL\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

it looks better to me im getting used to the wrong files laffs.

the other thing i wanted to ask about in the agv virus scan what did it mean when it said about the warning hidden autoexec.txt.bat file path C:
Is that meant to be there i have never seen this come up when i have done a virus check before.

Thanks
Shell
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP