Help looking at my hijack this file

[joshb21]

Hi I have had problems with viruses and malware on my computer and using some stuff on the internet ive managed to get rid of most of it but I was wondering what you think of this hijak this file is there anything I need to fix.

When i first got this problem my internet also broke down for some reason or another but do you think that if i connect my computer back to my internet it will do the same again even though i have ad aware and AVG now or do you think it was just coincidence before.

Thanks, Josh

 

[touch]

Hello joshb21

I´can´t tell if it was a coincidence, or the cause was the infections you have.

I´ll therefore suggest you proceed as follows ->

Please run the steps in this guide:

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Post attached log´s from:

Malwarebyte
Superantispyware
Hijackthis

In your next reply

 

[joshb21]

Hi thanks for the help them programs found lods of infections etc. here are the files you asked for.

I couldn't follow step6 fully about installing the new java because the computer isn't connected to the internet i am using another computer to post this. But i will connect once i know that everything is Ok because don't want the hassle of mending my internet again.

Once again thanks for the help. Josh

 

[touch]

Download the Norton Removal Tool (SymNRT) to your Desktop.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.


Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
C:\WINDOWS\rfnunmt.exe
Folder::
C:\Program Files\Nvyew

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[joshb21]

hi did the first thing you asked and unistalled norton but when I run combo fix it comes up with the following message.

Combofix has detetected that this machine does not have the WINNDOWS RECOVERY CONSOLE

Would you like to install Yes/No

What should I do? i can't download it by clicking yes because I don't have acces to the internet on the computer is there a link where i can download it from so that i can save it 2 a memory stick and then put it on 2 my other computer

 

[joshb21]

Hi managed to sort it out and get a download here is the log you wanted

Combofix added some old shortcuts to my desktop which I forgot all about

Thanks Josh

 

[touch]

Hmm, thought you´ve got rid of P2P programs

P2P software/programs are a major contributor to your infections.

We reserve the right to withdraw our support:
If such programs are found in your logs
Should you not agree to their removal.
As they are normally set to bypass your Firewall and Anti-Virus software
Filesharing/P2P Programs serves as a constant threat to your computer

Uninstall:
c:\program files\LimeWire

If you decide to remove it, reboot, attach new combofix log

 

[joshb21]

soz i did unistall but obviously didn't uninstall it fully will sort it out for you and get a new log soz

 

[joshb21]

Heres the new log you requested.

If limewire still shows up then i will need some help removing it because i uninstalled it from the control panel ages ago and i have just removed all my downloads, limewire program files and the shortcut which reappeared after the first scan.

Hope everything is ok. Thanks for your help.

 

[touch]

It´s removed

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

AtJob::
Driver::
wdmose

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=-

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post, and tell how things are running ?

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[joshb21]

hi computer running fine. Very fast compared to what it used to be. Here's the logo you wanted

 

[touch]

Great

The log looks clean.

Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.


Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place

Keep safe :wave:

 

[joshb21]

thanks mate ur an absolute ledgend. Thanx for all your help

 

[joshb21]

hi soz 1 last thingafter doing those final steps all my documents have .doc or .bmp after them is there anyway of getting rid of this just a bit annoying

 

[joshb21]

sorted it now

 

[touch]

Sounds good, and I was glad to help :grinthumb