1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

mypcsearch and secondthought

Discussion in 'All Other Software' started by jkell, Apr 16, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jkell

    jkell Thread Starter

    Joined:
    Apr 16, 2004
    Messages:
    4
    I am operating on Windows 98, and have AOL cable. Can you please help me get rid of mypcsearch and secondthought. Thanks.
     
  2. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
  3. jkell

    jkell Thread Starter

    Joined:
    Apr 16, 2004
    Messages:
    4
    I ran Logfile of HijackThis v1.97.7
    Scan saved at 11:49:07 AM, on 4/17/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\WINDOWS\SYSTEM\HPZTSB05.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
    C:\WINDOWS\MWSVM.EXE
    C:\WINDOWS\SYSTEM\DPCPROXY.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME DEVICES\SIDEWINDER GDP.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\PROGRAM FILES\ONMSN\MSNDC.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\HPZSTATX.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\sbsetup.exe c:\windows\SYSTEM
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [VSchedule] C:\Program Files\Network Associates\McAfee VirusScan\VSCHED.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
    O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
    O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\SYSTEM\DPCPROXY.exe
    O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\RunServices: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
    O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
    O4 - Startup: SideWinder Game Device Profiler.lnk = C:\Program Files\Microsoft Hardware\Game Devices\SideWinder GDP.exe
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: MSN Quick View.lnk = C:\Program Files\ONMSN\MSNDC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
    O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (SpeedCtrl Class) - http://www.atelys.com/src/Speedup.ocx
    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/Installer/nCaseInstaller.cab
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/JEN14108/thin.cab
    O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
    O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,202
    Hi and welcome to TSG,

    I know it gets confusing because you were told to start a new thread before but that was because you posted your problem on the end of someone else's post.

    Now you've started two new threads when you should have posted this log back to your other thread where you were receiving help, here:

    http://forums.techguy.org/showthread.php?t=221137

    This way it's less confusing for those who are trying to help you.

    There are several security issues in your log so I will request that the threads be combined and moved over to Security.

    Cookie
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I've merged your two threads.

    Please continue in this thread until your problem is resolved.
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL

    O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k

    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe

    O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

    O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe

    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

    O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

    O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe

    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activex...seInstaller.cab

    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...N14108/thin.cab

    O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedb...rT_3.0.7_B4.cab

    O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/Dist...r2501031120.EXE


    Restart to safe mode.

    How to start your computer in safe mode

    First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

    Now find and delete:

    The C:\PROGRAM FILES\STC folder
    The C:\Program Files\SAVE folder
    The C:\Program Files\Common Files\slmss folder
    The C:\WINDOWS\mwsvm.exe file
    The C:\WINDOWS\fash.exe file
    The C:\WINDOWS\SYSTEM\INSTALLER.EXE file

    Now navigate to the C:\WINDOWS\TEMP folder. Open the Temp folder and go to Edit > Select all then Edit > Delete to delete the entire contents of the Temp folder.
     
  7. jkell

    jkell Thread Starter

    Joined:
    Apr 16, 2004
    Messages:
    4
    Are these spyware so sophistcated that they will not allow me to access how to start my computer in safe mode. When I click on that link, it locks my computer up. Please help.
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    To start in safe mode go to Start > Run and type in msconfig. Click OK.

    In the System Configuration Utility, click "Advanced."

    In the Advanced Troubleshooting Settings dialog box, check "Enable Startup Menu".

    You will be prompted to restart the computer. Click Yes. The computer will restart in Safe mode. (This can take several minutes.)

    To return to normal you will have to go back into msconfig and repeat those steps and remove the check by "Enable Startup Menu".
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221268

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice