C:\windows\system32\taskmon.exe

[paddyc]

RSIT log.exe Part 5

[Ltangelic]

Hey paddy,

You still haven't sent me the full info.txt from RSIT. Can I have that before I post a fix?

[paddyc]

RE info.txt

Thought that I had sent it all. Have you recd part of it?

For your info I have just done a reboot of my computer and Avast is back to reporting the suspicious file again.

[Ltangelic]

Nope, check your inbox messages, you only sent part of info.txt and I replied to your message.

[Ltangelic]

Strange, I don't see anything that could be causing this. I need a look at the full info.txt.

[Ltangelic]

Hey paddyc,

Thanks for posting all the logs.

For your info I have just done a reboot of my computer and Avast is back to reporting the suspicious file again.

Seems like something is still generating it.

1) Fix with HijackThis

Please re-open HijackThis and Do a System Scan Only.  Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

2) Uninstall programs

Please go to Add or Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0
Java 2 Runtime Environment, SE v1.4.1_02
LimeWire PRO 4.18.8


Optional Removal (highlighted in green): LimeWire is a P2P program that can compromise your computer's security, its highly recommended that you remove it

NEXT

Use Windows Explorer and remove the following (if present):

C:\Program Files\LimeWire

Reboot your computer.

3) Run Kaspersky Webscanner

Please do an online scan with  Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
• Scan Options:Scan Archives
  Scan Mail Bases
• Click OK
  
• Now under select a target to scan: Select My Computer
  
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

4) Run SilentRunners

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:

Do you want to skip supplementary searches?
click NO

• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
  

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Next reply (please include):

Note: Please do NOT attach the logs and post ONE log in each post

Fresh HijackThis log
Kaspersky scan results
SilentRunners log

[paddyc]

Ltangelic,

I am going to have to do all this tomorrow as I need to go now. Just a quick question should I also remove frostwire which is a limewire lookalike?

[Ltangelic]

I have already removed it in my previous fix, just go on and remove LimeWire will do.

[paddyc]

Ltangelic

Ok I have run all the items that you asked -that Kaspersky took forever to run - glad I did not attempt it last night.

Any way here are the files in the order that I run them

HijackThis Part 1

[paddyc]

HijackThis Part 2

[paddyc]

Ltangelic

Here are the Kaspersky scan results.

 I should mention that before I run this and the HijackThis Avast had picked up it's usual suspicious file so I did nothing with it to allow these programs the opportunity to pick up what Avast had found.

When I did the program delete for J2SE Runtime Environment 5.0 the Spybot Teatimer advised me of registry changes for Java 6 Update 7 which I accepted but I then got a strange error message.

"Access violation of address 4B4E494C Read of address 4B4E494C"

I clicked OK and then everything proceeded as normal.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Wednesday, November 26, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Tuesday, November 25, 2008 21:48:45
 Records in database: 1416649
--------------------------------------------------------------------------------

[paddyc]

Ltangelic,

Here is the SilentRunner log Part 1

[paddyc]

SilentRunners log Part 2

[paddyc]

SilentRunners Part 3

[paddyc]

SilentRunners log Part 4