Help needed --I suspect I got done by media motor plus ?

Hi,
I am getting some wierd results when I try to open
some of my programmes.
I suspected something was playing up, SO
I have run
NAV2003 with definitions of 22/12/2004
(I thought I had definitions of 27/12/2004 the other day
(Has something altered these?)
So I downloaded and installed the antivirus catalog which
is dated 29/12/2004 and it found nothing on scanning my PC.
Ran adaware SE
Ran Spybot
Ran bazooka scanner after others and it found nothing
and Adaware and Spybot programmes found some results
that were showing "Media motor" and about it being a "nasty"

I deleted all references to it along with other
things those progs brought up as data miners etc.

These included some that referred to the SAHA below.

Also in my c:\temp file there was a exe file that started
SAHA (cant remember the rest)
which I deleted.
(wished I had kept a list of things I got rid of above!)

Now when I go to start some of my programmes AND
try to start the (dos) COMMAND PROMPT I get the
following error box and message:

Header of error box is
"16bit Windows subsystem"

Message in that box is
" c:\windows\system32\autoexec.nt
The system files is NOT suitable for running MSDOS &
MICROSOFT WINDOWS APPLICATIONS"

Choose CLOSE to terminate the application and
there are two buttons CLOSE and IGNORE, "close"
closes it naturally but "ignore" seems to have no effect
whatsoever.

Have tried uninstalling those progs and reinstalling and
I get the same message after reinstall

rI am running Windows XP SP1 and using their firewall, which is turned on.

(Have been gradually working my way towards XP SP2 by cleaning
and defragging etc , just havent had the time to do it all yet)

Thanking in advance anyone who is able to help, otherwise
it seems a format of c: and reinstall for me, as I dont seem to
have anywhere else to go
regards
Jim
--
Please reply to the list as my email address is a fake

 

Further to the first message, on checking registry location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I looked down to the next line which was "run_disabled" and found an entry
for "mediamotor",
so I deleted it and rebooted PC
and now
My Brothers Keeper for Windows Genealogy programme works again.
My Command Prompt works again
BUT the other software still gives me that error message, including this
program.
"Coherent Software Australia Pty Ltd - Digger(TM) Version 3.0.7 * "
+++++++++++++++++++++++++++++++++++++++++++++++
Software and versions installed (as listed by Belarc) are below:
Anyone see anything that may be causing the problem.
I dont recognize these 2 (see below left ---anyone know these?)
(1) "blindman.exe"
Nothing comes up if i do a Run blindman exe
Might have something to do with Spybot ??

(2) "majik at mindspring dot com" and "scochrane at chattanooga dot net -
Outlook Express
( **NOTE I have munged the addresses above , they appear as they would
normally without munging on the list)
Why would a couple of email addresses come up as software?
neither of them I know?

ABBYY (BIT Software) - FineReader Version 4.0.2.124 (unofficial) *
ABBYY Software House Install Version 4, 3, 0, 0 *
Adobe Photoshop Album Starter Edition Version 2.0.1.0 *
Adobe Reader Version 6.0.2.2004051800 *
Adobe Systems AdobeDownloadManager Version 1.2 *
Agent Ransack -- Professional file searching utility Version 1, 0, 0,
1 *
Ahead Software AG Karlsbad Germany Phone: ++49-7248-911-800 Fax:
++49-7248-911-888 e-mail: - LANGUAGE_English2
Version 5, 5, 7,6 *
Ahead Software Gmbh NeroCheck Version 1, 0, 0, 2 *
ahead software gmbh, karlsbad - Cover Designer Version 2, 1, 0, 8 *
Banner Blue Software Incorporated - Microsoft Organization Chart
Version 2,0,0,1016 *
Belarc, Inc. - BelManage Client Version 6.0c *
BigFix Version 1, 7, 6, 0 *
BirdCage Software - Weather Stats Version 1.03.0008 *


blindman.exe *


Brother's Keeper Version 5.2.1.36 *
Cinematronics - 3D Pinball Version 5.1.2600.0 *
Codeforge Limited - TweakAll Version 3.0.0.0 *
Converter 3000 Version 1, 0, 0, 1 *
Corporation of the President - Viewer Version 2.00 *
DftCom2 *
Download Driver *
DSL-302G Ethernet Diagnostics *
Erik Deppe - DriveSpeed Application Version 1, 6, 0, 0 *
Erik Deppe - Nero CD Speed Version 0, 8, 5, 0 *
Genigraphics®, An In Focus Systems® Company - GraphicsLink(TM) for
Windows Version 8.0 *
GenoPro Version 1.91 *
Hagel Technologies - DU Meter Version 3.07 Build 192 *
Indigo Rose Corporation unin32 Version 1, 0, 0, 5 *
Inno Setup *
Innovata LLC - Electronic Timetable System Version 1.0.0.0 *
InstallShield unInstaller Version 2.20.926.0 *
iolo technologies, LLC - System Mechanic ® Version 4.0.10.0 *
Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA - WS_FTP95 Version 6, 0,
5, 1 *
Jasc Software, Inc. - Paint Shop Pro 6 Version 6.00 *
Jeroen Laarhoven - AllChars for Windows Version 3 *
John Steed / Brother's Keeper - Brother's Keeper for Windows Version
6.01.0034 *
Jordan Russell - If you want to undo changes made by Spybot-S&D, use
the Recovery instead! *
Kirra Enterprises Pty Ltd - Presenter 2.1 Version 2.1.0.0 *
Lavasoft Ad-Aware SE VI.Second Edition *


"majik at mindspring dot com" and "scochrane at chattanooga dot net -
Outlook Express
( **NOTE I have munged the addresses above , they appear as they should
on the list.



Freebie Backup Version 2.08.0062 *
MAW Consulting - SMS-it Version 3.1 *
Metafile Companion Version 1.10 *
Microsoft (R) .NET Framework Version 1.1.4322.573 *
Microsoft App-wide Setup for Windows Version 8.00 *
Microsoft Camcorder Version 96, 0, 34, 14 *
Microsoft Corporation - Clip Gallery 3.0 for Windows Version 3.0 *
Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 *
Microsoft Corporation - Windows Installer - Unicode Version
2.0.2600.1106 *
Microsoft Corporation - Windows Movie Maker Version 1.1.2427.1 *
Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
Microsoft Excel Version 8.0e *
Microsoft Map Version 8.00.00.01203 *
Microsoft Office Binder Version 8.0.3501 *
Microsoft Office Version 8.0.3512 *
Microsoft Open Database Connectivity Version 3.520.9030.0 *
Microsoft Outlook Version 8.04 *
Microsoft Photo Editor Version 3.0 * Microsoft PowerPoint for Windows
Version 8.0b *
Microsoft Setup for Windows Version 3.01 *
Microsoft Windows Media Player Version 6.4.09.1125 *
Microsoft(R) Windows Media Player Version 10.00.00.3646 *
Microsoft® Access Version 8.0.5903 *
Microsoft® Fax Server Version 5.2.1776.1023 *
Microsoft® Find Fast Version 8.0 *
Microsoft® Query Version 8.00.5515 *
Microsoft® Schedule+ for Windows 95(TM) Version 7.0 *
Microsoft® Windows(TM) Shell PowerToys Version 96.02.06 *
Microsoft® Word for Windows® 97 Version 8.0b *
Mike Bradley - LogoManager for Nokia Phones Version 1.3 *
MiniMax Itinerary Manager Version 1.0.001 *
NoteWorthy Player for Win 95, 98, NT4, and 2000 Version 1.70 *
Oct2002 Phone Directory *
Ontrack Data International - Fix-It Utilities Version 3,0,0,27 *
Parloc *
PCCam *
PepiMK Software - SpyBot-S&D Version 1.2 *
ppshlext.exe *
Presorium Software Pty. Ltd. - Frontgate MX 1.0 Version 1.0.0 *
Propel Accelerator CLIENT-CVS-BUILD *
Propel Accelerator Propel Accelerator 3.1 *
Roxio - Disc Copier Application Version 6.0.0.171 *
Roxio - Drag-to-Disc Version 6.0.0.171 *
Roxio - DVD Builder Version 1.0.0.216 *
Roxio - Easy CD Creator Version 6.0.0.171 *
Roxio DVD Player Version 6.0.1615.1 *
Roxio Engine Compatibility Wizard Version 6.0.0.3 *
Roxio PhotoSuite Version 5.0.1366.0 *
Roxio, Inc. - AudioCentral Media Manager Version 1.0.100 *
Roxio, Inc. - AudioCentral Version 1.0.98 *
Run ProShow Gold *
ScsiAccess *
SiSoftware - SiSoft Sandra(tm) Version 8, 0, 2001, 0 *
SiSoftware(tm) - SiSoft Sandra(tm) Version 6, 0, 2000, 0 *
SiSoftware(tm) - SiSoft Sandra(tm) Version 8, 11, 2001, 5 *
SpeedBit Ltd. - Download Accelerator Plus Version 5, 0, 0, 0 *
spywarescanner Application Version 1, 0, 0, 1 *
Symantec Corporation - Common Client Version 1.0.10.006 *
Symantec Corporation - Event Manager Version 1.03.4 *
Symantec Corporation - LiveUpdate Version 2.5.55.0 *
Symantec Corporation - Norton AntiVirus Version 9.05.1015 *
Symantec Corporation - Norton Security Center Version 2005.1 *
Symantec Integrator Version 6.00.17 *
Symantec ScriptBlocking Version 1, 1, 0, 126 *
Symantec Shared Components Version 2.0 *
trin - updatingyes Version 2.00 *
TweakTray *
Ulead - iPhoto Plus Version 4.0 *
Ulead Systems, Inc. - iPhoto Plus 4 *
Ulead Systems, Inc. - iPhoto Plus 4 Explorer *
USB DSC Version 1, 8, 1, 1 *
Virtos GmbH - WaveEdit DLL Version 1, 0, 2, 6 *
WINIMAGE Version 4.00.4000 *
WinZip Version 8.0 (3105) *
Wizards to adjust .NET Framework security, assign trust to assemblies,
and fix broken .NET applications. Version 1.0.5000.0 *
Xara Ltd. - X3D Application Version 2.1p *

 

################################
http://www.safer-networking.org/en/faq/25.html

^^^^^^ Information on blindman.exe

David Guess

http://home.hiwaay.net/~woliver/caldwell_surname.html

Nothing on the chattanooga address but I would search the registry for
those addresses or usr names and delete them if they are there. who
knows what else you will find?
donnie.

 

Thanks for the reply
MOsthing s fixed but if I try to install from A: B: or CD rom I still get
that wierd message.
Have scnanned rgistry and found sa few things which i deleted.
Cant find anything on those addresses.
Have goit Spybot so Blindman is ok even if it does nothing.
regards
Jimbo

 

#####################
Refresh my memory. What's the message again?
donnie.

 

At present i have got the left overs of some ad thingy that took over the
PC .
BUT my main problem now is that anything I try to install OR when I try to
operate certain Windows programs or try floppies in A or B and try to
initialize a program from floppies, I get the folowing message box with this
stuff written in it.
++++++++++++++++++++++++++++++++
Box title = 16 bit Windows subsystem

Text in boc is " C:\windows\system32\autoexec.nt. (yes there is a " . "after
the NT) The system file is not suitable for running MS-DOS and Microsoft
Windows application. Choose close to terminat the application."
There are two buttons Close and Ignore. If I press close iot closes and if I
press Ignore nothing appears to happen and I cant install anything from
floppies or CD without getting this message
+++++++++++++++++++++++++++++++
Originally I had to delete "media motor" and a file in c:\temp called SAHA?
(cant remember the rest)
Used all the adaware/spybot and other spyware progs,
Cleaned out the registry of any invalid and dead entries.
One entry in the software list created by Belarc showed a couple of email
addresses of whom I knew nothing and you replied with something about one of
them but you couldnt emighten on the other. see your reply below.
+++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++++++
regards
Jimbo

 

############################
Here is the contents of my autoexec.nt. Compare it to yours to see if
something was added. One of those email addresses was a legit address
by a legit person. the majik one. I don't think that caused you any
harm but I would delete them from the registry if there is any trace.

@echo off

REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment.
REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a
REM different startup file is specified in an application's PIF.

REM Install CD ROM extensions
lh %SystemRoot%\system32\mscdexnt.exe

REM Install network redirector (load before dosx.exe)
lh %SystemRoot%\system32\redir

REM Install DPMI support
lh %SystemRoot%\system32\dosx

 

Hi Donnie
Thanks for the reply on the security newsgroup.
re Autoexec.nt.
I now realise I may have deleted that file as it isnt on my PC
Is it supposed to be in c:\root or where.
I guess the newsgroup wouldnt allow the file to be attached would it?
If so could you?
Jimbo

 

Donnie
I got it
Expanded it from CD and all is well
thanks for the assist to get my brain thinking
Jimbo

 

#########################
I'm glad to hear that all is well and happy new year.
donnie,.