[Excal]

Much better

Open up HiJackthis and do a scan. Check off the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=

Click FIX CHECKED then close HiJackThis.

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX]

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RECOMMENDED HOTFIX - 421701D]

[-HKEY_CURRENT_USER\SOFTWARE\AURORA]

[-HKEY_CURRENT_USER\SOFTWARE\IN3RD]

[-HKEY_CURRENT_USER\SOFTWARE\PROGRAM INFO]

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOPSEARCH.TSLINK]

[-HKEY_CLASSES_ROOT\WEBCOM.WEBBAR.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ISTSVC]

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\BANDREST]

[-HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{FB74C951-ACA1-4e33-A94C-A9261EB2CCB7}]

[-HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page]

Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Just a few random bad files and folders to clean up.

Please remove the following folders using Windows Explorer (if present):

C:\PROGRAM FILES\joystick networks
C:\PROGRAM FILES\COMMON FILES\Slmss
C:\WINDOWS\SYSTEM32\nsvsvc
C:\WINDOWS\bsx32
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on "Delete File on Reboot"
• Navigate to this file - C:\WINDOWS\unstall.exe
• Double click on that file.
• HJT asks you if you want to reboot, now. Click "no".
  
  Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.

C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll
C:\WINDOWS\SYSTEM32\commcoss.dll
C:\WINDOWS\SYSTEM32\ide21201.vxd
C:\WINDOWS\SYSTEM32\saie.log
C:\WINDOWS\SYSTEM32\setup_incred_8.exe
C:\WINDOWS\SYSTEM32\TBPS.ini
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\INF\localNrd.inf
C:\WINDOWS\INF\twaintec.inf
C:\WINDOWS\optimize.exe
C:\Documents and Settings\Owner\Desktop\backups\backup-20050730-004645-791.dll

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• click on "delete an NT service"
• Copy and paste this in the box: SvcProc
• Click "ok", then reboot

Post back when you finish and tell me how your computer is running

[Advertisements]

On the last step I got the message: "Service 'SvcProc' was not found in the registry. Make sure you have entered the shortname of the service., vbExclamation" with an OK box.

Also, I saw a file that was similar to one you told me to delete:

C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmnwrd.dll

it was similar to:

C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll


I did not delete tvmnwrd.dll but i did delete tvmcwrd.dll

other than that computer seems to be running well for now.

[biga]

On the last step I got the message: "Service 'SvcProc' was not found in the registry. Make sure you have entered the shortname of the service., vbExclamation" with an OK box.

Also, I saw a file that was similar to one you told me to delete:

C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmnwrd.dll

it was similar to:

C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll


I did not delete tvmnwrd.dll but i did delete tvmcwrd.dll

other than that computer seems to be running well for now.

[Excal]

computer seems to be running well for now.

Well that doesn't sound very optimistic!! lol


Great job, it appears your computer is clean

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected

[biga]

thank you so much, for your patience and for your help. You will definitely see a donation of extreme appreciation soon.

[Excal]

Thanks

Good luck and safe surfing!



Excal

[Excal]

Biga,


Can you do one more thing, want to check something out.

Download FindIt's.zip to your desktop: Download Here

• Create a new folder on your desktop
• Unzip/extract the files inside that folder you created on your desktop.
• Open the folder and run FindIt's.bat and wait for notepad to open a text file. It may take awhile so please be patient ...
• Then post the results here along with a new HJT log by using Add Reply

Thanks again,



Excal

[Excal]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.