Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojanhorse startpage 19.an and j [RESOLVED]


  • This topic is locked This topic is locked

#91
bdlt

bdlt

    Member

  • Member
  • PipPipPip
  • 875 posts
try entering exit
  • 0

Advertisements


#92
bdlt

bdlt

    Member

  • Member
  • PipPipPip
  • 875 posts
please review the following from post #90

C:\PROGRA~1\GRISOFT\AGVFRE~1\BOOTUP.EXE
set path +C:\WINDOWS\SYSTEM\WBEM;%PATH%


is this correct?
  • 0

#93
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
opps soz typing error

C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
set path=C:\WINDOWS\SYSTEM\WBEM;%PATH%

All exit does is comes out of the dos window complety not go back to viewing it in a smaller window, which is how it was before i clicked on that i thought it would just do that for one time only but now evertime i do run command it goes into a large screen with no way of getting out except typing exit and that brings u right out of the dos window. So if i want to double check somthing u have written or i have typed hence i cant check as it takes me right out of the program and have to keep going run command etc.

Thanks shell
  • 0

#94
bdlt

bdlt

    Member

  • Member
  • PipPipPip
  • 875 posts
the autoexec.bat file looks ok.

to change the setting on the dos window:

right click Start>Explore
navigate to c:
right click on command.com
Properties>Program Tab
for Run - select Normal Window
Screen Tab
for Usage select Window
click OK

Edited by bdlt, 01 August 2005 - 02:03 PM.

  • 0

#95
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi

Thanks so is that it now does this mean my system is all clear. (says quietly)

So all left to do now then is for me to tidy up my computer. make sure i have all the right programs to stop this happening again.

Many thanks again
Shell
  • 0

#96
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hi Shell ;)

Post a new HiJackThis log for me so I can make sure everything is still good and so we can remove optional items from startup to speed it up a bit :tazz:
  • 0

#97
shell38

shell38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi

Sorry not got back to you earlier but i have gone down with a bad cold. here is the latest log u asked for.

Logfile of HijackThis v1.99.1
Scan saved at 21:15:44, on 04/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\ICONS\SETICON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\MPBTN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NTL\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

I dont no where them illegal errors have gone but they have so that is good news it starts straight up with no problems and looking through the log although im no expert it is looking good.

Thanks
Shell :tazz:
  • 0

#98
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hi Shell :tazz:

We're almost done!

The following are optional fixes that will free some system resources to speed up your system. It won't delete them from your system just remove them from startup. If you would like to keep any there don't put a check next to them. My comments are in red.

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE <- DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NTL\BROADB~1\SMARTB~1\MotiveSB.exe <- System tray icon for the Virtual Assistant from your Broadband ISP, used to communicate internet problems via the network rather than telephone. Can be started from Start > Programs - not required

O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe <- Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has. Unnecessary and a Resource hog.

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background <-Tray icon for MSN Messenger. Can be started by goin to Start > Programs.

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <-Belongs to MS Office. Uneccessary and a HUGE resource hog.


Close HiJackThis.

Reboot your computer, post one more HiJackThis log and let me know how it's running now!
  • 0

#99
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • 0

#100
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP