Author Topic: C:\windows\system32\taskmon.exe (Read 103993 times)

paddyc · « **Reply #30 on:** November 24, 2008, 11:28:14 PM »

Ltangelic

Well I have run Combofix and it appears to have deleted three files. As requested I am attaching the log. This is part 1

ComboFix 08-11-23.02 - Paddy 2008-11-25 6:54:58.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.567 [GMT 9:00]
Running from: c:\documents and settings\Paddy\Desktop\ComboFix.exe
* Created a new restore point
.

(

paddyc · « **Reply #31 on:** November 24, 2008, 11:38:48 PM »

Ltangelic

This is part 2

paddyc · « **Reply #32 on:** November 24, 2008, 11:41:08 PM »

Ltangelic

This is part 3

paddyc · « **Reply #33 on:** November 25, 2008, 02:06:54 AM »

Ltangelic,

Whatever Combofix did has not resolved the problem.

After posting the log to you I did another reboot as this file only gets picked up after the reboot and sure enough Avast came back with the same suspicious file warning. I did a delete and then a boot scan which found nothing. As soon as the boot scan was finished and the rest of my files came up there was the same suspicious warning again. This time I just did the delete. Copies of the files should have been sent back to Avast.

Just for your info the suspicious file warning was active when I switched on this morning when I went to download Combofix but I left it there while I did the Combofix as I figured that if Avast was seeing the file then so would Combofix but I guess not.

I will wait to hear what you think about the log.

Ltangelic · « **Reply #34 on:** November 25, 2008, 07:42:23 AM »

Hey paddyc,

I don't see much in that log, we need to run some other tools.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

1) Run CFScript

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: [Select]

KillAll:

File::
c:\program files\Uninstall_CDS.exe

Folder::
c:\program files\FrostWire
c:\documents and settings\Paddy\Application Data\FrostWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

2) Run RootkitRevealer

Please download Rootkit Revealer (It should be part of the Top 10 Downloads list)

Unzip it to your desktop.
Open the rootkitrevealer folder and double-click rootkitrevealer.exe
Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go up to File > Save. Choose to save it to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

3) Run RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Next reply (please include):

Note: Please do NOT attach the logs and post ONE log in each post

RSIT log.txt and info.txt
RootkitRevealer log
ComboFix.txt

paddyc · « **Reply #35 on:** November 25, 2008, 10:44:51 AM »

Hi Ltangelic,

I have run everything that you asked for and I am ready to post it up. I will start with Combofix.txt - this is part 1

ComboFix 08-11-24.01 - Paddy 2008-11-25 17:36:34.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.443 [GMT 9:00]
Running from: c:\documents and settings\Paddy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paddy\Desktop\CFScript.txt
* Created a new restore point

paddyc · « **Reply #36 on:** November 25, 2008, 10:48:52 AM »

Ltangelic

paddyc · « **Reply #37 on:** November 25, 2008, 10:55:37 AM »

Ltangelic,

Part 3 of Combofix.txt

paddyc · « **Reply #38 on:** November 25, 2008, 10:59:32 AM »

Ltangelic,

Here is rootkitrevealer.txt

Ltangelic · « **Reply #39 on:** November 25, 2008, 11:05:08 AM »

Hey please post me the RSIT logs as well. I mean the log.txt and info.txt.

Ltangelic · « **Reply #40 on:** November 25, 2008, 11:40:47 AM »

How is your computer running by the way? Still getting the warning from Avast?

paddyc · « **Reply #41 on:** November 25, 2008, 12:01:23 PM »

Ltangelic,

The computer seems fine and no warnings from Avast even though Combofix did a reboot. It is interesting that after the reboot the Avast icons were not in the system tray and I had to restart Avast - don't know if this made a difference. Once I have finished with all these reports I will do another reboot and see what happens. Anyway here is RSIT log.txt Part 1

paddyc · « **Reply #42 on:** November 25, 2008, 12:04:22 PM »

RSIT log.txt Part2

paddyc · « **Reply #43 on:** November 25, 2008, 12:07:49 PM »

RSIT log.txt Part 3

paddyc · « **Reply #44 on:** November 25, 2008, 12:10:54 PM »

RSIT log.exe Part 4