Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

98 error VXD 0028.CO2A0948


  • Please log in to reply

#1
broken98

broken98

    Member

  • Member
  • PipPip
  • 74 posts
Getting a fatal execption 0028.CO2A0948 in VXD VWIN 32(05) + 000012Do.
Very slow start-up and defragment won't run. Any ideas ? <_<
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Hmmmm, sounds like you need to download the latest version of Hijack This by clicking on the "Hijack This Guide" in my signature. After download disconnect from the internet and close all running programs. Scan with Hijack this and save the log. Reconnect to the internet and post the hijack log back here to be analyzed. Please do not remove any entries by yourself, some or most of the entries you need.

-=jonnyrotten=- <_<
  • 0

#3
broken98

broken98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Logfile of HijackThis v1.98.2
Scan saved at 4:58:28 PM, on 11/13/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\TOOLBAR\TBPS.EXE
C:\PROGRAM FILES\TOOLBAR\PIB.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar...spx?tb_id=50154
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attbusiness.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.ask.com/i...sp?partner=7019
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O1 - Hosts: 192.9.1.9 exchsrv
O1 - Hosts: 192.9.1.7 prxsrv
O1 - Hosts: 192.9.1.11 officespace1
O1 - Hosts: 192.9.1.5 xpmansrv
O1 - Hosts: 192.9.1.4 s103tdvm
O1 - Hosts: 192.9.1.8 absntsrv
O1 - Hosts: 66.250.171.136 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\4.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (file missing)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [USB 3-D Mouse] 3dmoused.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [HKserv.exe] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
O4 - HKCU\..\RunServices: [HKserv.exe] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - HKCU\..\RunServices: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Netnews - {C4E19CE0-34C8-11D3-B82B-F91454671478} - news:worldnet.help.new-users (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtange...zone/wtinst.cab
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Go to control panel, add/remove programs, and uninstall any or all of the programs listed below:
MySearch
MyWebSearch
Wintools
Wild Tangent
WeatherBug
Gain
Gator
Gmt
any toobar/searchbar except google.

Reboot your pc.

Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.

Let's start with a free program. Ad-aware.

Using Ad-aware: Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. <_<

CLICK HERE to download Ad-aware

Reboot your computer and post a new hijack log.

-=jonnyrotten=- :D
  • 0

#5
broken98

broken98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Second log after running Ad-Aware and getting rid of the Spyware
in add/remove programs.

Logfile of HijackThis v1.98.2
Scan saved at 6:13:26 PM, on 11/13/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.terafinder.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attbusiness.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.ask.com/i...sp?partner=7019
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 192.9.1.9 exchsrv
O1 - Hosts: 192.9.1.7 prxsrv
O1 - Hosts: 192.9.1.11 officespace1
O1 - Hosts: 192.9.1.5 xpmansrv
O1 - Hosts: 192.9.1.4 s103tdvm
O1 - Hosts: 192.9.1.8 absntsrv
O1 - Hosts: 66.250.171.136 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [USB 3-D Mouse] 3dmoused.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [HKserv.exe] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Netnews - {C4E19CE0-34C8-11D3-B82B-F91454671478} - news:worldnet.help.new-users (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...zone/wtinst.cab
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
  • 0

#6
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Netnews - {C4E19CE0-34C8-11D3-B82B-F91454671478} - news:worldnet.help.new-users (file missing) (HKCU)
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...zone/wtinst.cab

Reboot and post new log and any new information on how your system is working.

-=jonnyrotten=- <_<
  • 0

#7
broken98

broken98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ran Hijack and fix-checked the proper boxes, rebooted and all is good.
Start-up time now is very quick, under 30 seconds where as before probably
close to a couple minutes. Thank you very much for the help.

Logfile of HijackThis v1.98.2
Scan saved at 6:52:31 PM, on 11/13/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attbusiness.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.ask.com/i...sp?partner=7019
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 192.9.1.9 exchsrv
O1 - Hosts: 192.9.1.7 prxsrv
O1 - Hosts: 192.9.1.11 officespace1
O1 - Hosts: 192.9.1.5 xpmansrv
O1 - Hosts: 192.9.1.4 s103tdvm
O1 - Hosts: 192.9.1.8 absntsrv
O1 - Hosts: 66.250.171.136 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [USB 3
-D Mouse] 3dmoused.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [HKserv.exe] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
  • 0

#8
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Glad to hear that everything is working fine. Check to see if you can defrag now. You could probably use it especially since who knows how long you haven't been able to. :D

Congratulations! Your system is CLEAN <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :D

-=jonnyrotten=- :P
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP