-
Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.
mypcsearch and secondthought
- Thread starter jkell
- Start date
- Status
telecom69
Gone but never forgotten
- Joined
- Oct 12, 2001
- Messages
- 9,807
Ok first move,if you havent already got it go here http://download.com.com/3000-2144-10194058.html?tag=lst-0-1 and download the free spybot and then run it ....after you have done that go here http://www.javacoolsoftware.com/spywareblaster.html download spyware blaster and run that too then let us know how things are 
I ran Logfile of HijackThis v1.97.7
Scan saved at 11:49:07 AM, on 4/17/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\DPCPROXY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME DEVICES\SIDEWINDER GDP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\PROGRAM FILES\ONMSN\MSNDC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\sbsetup.exe c:\windows\SYSTEM
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [VSchedule] C:\Program Files\Network Associates\McAfee VirusScan\VSCHED.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\SYSTEM\DPCPROXY.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
O4 - Startup: SideWinder Game Device Profiler.lnk = C:\Program Files\Microsoft Hardware\Game Devices\SideWinder GDP.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\ONMSN\MSNDC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (SpeedCtrl Class) - http://www.atelys.com/src/Speedup.ocx
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/Installer/nCaseInstaller.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/JEN14108/thin.cab
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
Scan saved at 11:49:07 AM, on 4/17/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\DPCPROXY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME DEVICES\SIDEWINDER GDP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\PROGRAM FILES\ONMSN\MSNDC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\sbsetup.exe c:\windows\SYSTEM
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [VSchedule] C:\Program Files\Network Associates\McAfee VirusScan\VSCHED.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\SYSTEM\DPCPROXY.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
O4 - Startup: SideWinder Game Device Profiler.lnk = C:\Program Files\Microsoft Hardware\Game Devices\SideWinder GDP.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\ONMSN\MSNDC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (SpeedCtrl Class) - http://www.atelys.com/src/Speedup.ocx
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/Installer/nCaseInstaller.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/JEN14108/thin.cab
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
- Joined
- Aug 27, 2003
- Messages
- 119,578
Hi and welcome to TSG,
I know it gets confusing because you were told to start a new thread before but that was because you posted your problem on the end of someone else's post.
Now you've started two new threads when you should have posted this log back to your other thread where you were receiving help, here:
http://forums.techguy.org/showthread.php?t=221137
This way it's less confusing for those who are trying to help you.
There are several security issues in your log so I will request that the threads be combined and moved over to Security.
Cookie
I know it gets confusing because you were told to start a new thread before but that was because you posted your problem on the end of someone else's post.
Now you've started two new threads when you should have posted this log back to your other thread where you were receiving help, here:
http://forums.techguy.org/showthread.php?t=221137
This way it's less confusing for those who are trying to help you.
There are several security issues in your log so I will request that the threads be combined and moved over to Security.
Cookie
- Joined
- Jul 26, 2002
- Messages
- 46,349
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activex...seInstaller.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...N14108/thin.cab
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedb...rT_3.0.7_B4.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/Dist...r2501031120.EXE
Restart to safe mode.
How to start your computer in safe mode
First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"
Now find and delete:
The C:\PROGRAM FILES\STC folder
The C:\Program Files\SAVE folder
The C:\Program Files\Common Files\slmss folder
The C:\WINDOWS\mwsvm.exe file
The C:\WINDOWS\fash.exe file
The C:\WINDOWS\SYSTEM\INSTALLER.EXE file
Now navigate to the C:\WINDOWS\TEMP folder. Open the Temp folder and go to Edit > Select all then Edit > Delete to delete the entire contents of the Temp folder.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activex...seInstaller.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...N14108/thin.cab
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedb...rT_3.0.7_B4.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/Dist...r2501031120.EXE
Restart to safe mode.
How to start your computer in safe mode
First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"
Now find and delete:
The C:\PROGRAM FILES\STC folder
The C:\Program Files\SAVE folder
The C:\Program Files\Common Files\slmss folder
The C:\WINDOWS\mwsvm.exe file
The C:\WINDOWS\fash.exe file
The C:\WINDOWS\SYSTEM\INSTALLER.EXE file
Now navigate to the C:\WINDOWS\TEMP folder. Open the Temp folder and go to Edit > Select all then Edit > Delete to delete the entire contents of the Temp folder.
- Joined
- Jul 26, 2002
- Messages
- 46,349
To start in safe mode go to Start > Run and type in msconfig. Click OK.
In the System Configuration Utility, click "Advanced."
In the Advanced Troubleshooting Settings dialog box, check "Enable Startup Menu".
You will be prompted to restart the computer. Click Yes. The computer will restart in Safe mode. (This can take several minutes.)
To return to normal you will have to go back into msconfig and repeat those steps and remove the check by "Enable Startup Menu".
In the System Configuration Utility, click "Advanced."
In the Advanced Troubleshooting Settings dialog box, check "Enable Startup Menu".
You will be prompted to restart the computer. Click Yes. The computer will restart in Safe mode. (This can take several minutes.)
To return to normal you will have to go back into msconfig and repeat those steps and remove the check by "Enable Startup Menu".
- Status
Users Who Are Viewing This Thread (Users: 0, Guests: 1)
As Seen On
Welcome to Tech Support Guy!
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
Join over 807,865 other people just like you!
