Please help!!! Simon Taylor

Hi Major Geeks

Recently my computer has been riddled with spyware/adware/dialers. I have followed your steps 1-8 from READ & RUN ME FIRST Before Asking for Support and it has cleared a lot of the malicous programs . However i still have a popups and internet browser hijackers. After looking at my Regedit program i'm worried that i have worms like TKBellexe.exe but i'm not tottally sure.

Bitdefender did not find any problems so i won't attach it to my post.

I think i can only post 3 attachments so i will include
PandaActiveScan.
GetRunKey
log HijackThis

I will include PandaActiveScan.
ShowNew
In a different post.

Please help, all your time will be greatly appreciated and hopefully you will be able to prevent me totally wiping out my c.

Thanks

Simon

 

Please help!!! Simon Taylor cont

Thanks for any help heres the other attachment from the panda active scan

 

Hi just some extra info you might need

Microsoft XP Proffessional Version 2002 service pack 2

Intel(R) Pentium(R) M
processor 1400mhz
1.40ghz, 496 of Ram

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs .yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.sear ch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R3 - URLSearchHook: (no name) - {E27E70E4-ED29-E1A9-7BE4-B09EF0675F97} - C:\WINDOWS\system32\svtfnwt.dll

O2 - BHO: (no name) - {1A2CF862-8520-039B-ED9B-0773F353532A} - C:\WINDOWS\system32\bjlhkef.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {E27E70E4-ED29-E1A9-7BE4-B09EF0675F97} - C:\WINDOWS\system32\svtfnwt.dll

O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)

O4 - HKLM\..\Run: [ycuemsc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ycuemsc.dll,tqffqw
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\?icrosoft.NET ← Search for this folder and delete it!

C:\WINDOWS\system32\svtfnwt.dll

C:\WINDOWS\system32\bjlhkef.dll

C:\WINDOWS\system32\ycuemsc.dll

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hi Thanks for all your help and time

please find the hijackthis logfile below.

I found all of the files in windows\system32\ to delete but could not find c:\windows\?icrosoft.NET

However i did find 2 suspect folders named microsoft.Net. I deleted the one which only contained a file called masconfigexe.vir.

Thanks again for your time and trouble

simon

 

Your log looks good, are you having any further problems?