mypcsearch and secondthought

I am operating on Windows 98, and have AOL cable. Can you please help me get rid of mypcsearch and secondthought. Thanks.

 

Ok first move,if you havent already got it go here http://download.com.com/3000-2144-10194058.html?tag=lst-0-1 and download the free spybot and then run it ....after you have done that go here http://www.javacoolsoftware.com/spywareblaster.html download spyware blaster and run that too then let us know how things are

 

I ran Logfile of HijackThis v1.97.7
Scan saved at 11:49:07 AM, on 4/17/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\DPCPROXY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME DEVICES\SIDEWINDER GDP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\PROGRAM FILES\ONMSN\MSNDC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\sbsetup.exe c:\windows\SYSTEM
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [VSchedule] C:\Program Files\Network Associates\McAfee VirusScan\VSCHED.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\SYSTEM\DPCPROXY.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
O4 - Startup: SideWinder Game Device Profiler.lnk = C:\Program Files\Microsoft Hardware\Game Devices\SideWinder GDP.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\ONMSN\MSNDC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (SpeedCtrl Class) - http://www.atelys.com/src/Speedup.ocx
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/Installer/nCaseInstaller.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/JEN14108/thin.cab
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE

 

I've merged your two threads.

Please continue in this thread until your problem is resolved.

 

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL

O4 - HKLM\..\Run: [Eac_Rvndl] C:\WINDOWS\TEMP\EACDOWNLOAD\RAVEN_DEF.EXE -k

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE

O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe

O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activex...seInstaller.cab

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...N14108/thin.cab

O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedb...rT_3.0.7_B4.cab

O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/Dist...r2501031120.EXE

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete:

The C:\PROGRAM FILES\STC folder
The C:\Program Files\SAVE folder
The C:\Program Files\Common Files\slmss folder
The C:\WINDOWS\mwsvm.exe file
The C:\WINDOWS\fash.exe file
The C:\WINDOWS\SYSTEM\INSTALLER.EXE file

Now navigate to the C:\WINDOWS\TEMP folder. Open the Temp folder and go to Edit > Select all then Edit > Delete to delete the entire contents of the Temp folder.

 

Are these spyware so sophistcated that they will not allow me to access how to start my computer in safe mode. When I click on that link, it locks my computer up. Please help.

 

To start in safe mode go to Start > Run and type in msconfig. Click OK.

In the System Configuration Utility, click "Advanced."

In the Advanced Troubleshooting Settings dialog box, check "Enable Startup Menu".

You will be prompted to restart the computer. Click Yes. The computer will restart in Safe mode. (This can take several minutes.)

To return to normal you will have to go back into msconfig and repeat those steps and remove the check by "Enable Startup Menu".