Hey
paddyc,
Important: It seems that you have cracks running on your computer. Please be aware that it is
both illegal and dangerous to have cracks as many malwares are bundled with them, and this can compromise your computer security.
Please follow my instructions carefully to remove the cracks on your computer.Something isn't right about that taskmon.exe. Let's try uploading it to a virus scanner.
1) Run CFScript1. Please
open Notepad- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now
copy/paste the entire content of the codebox below into the Notepad window:
KillAll:
File::
C:\Documents and Settings\Paddy\My Documents\Netscape\Paddy Costello\37i28wl0.slt\Mail\pmcost mail\GFI24.com
C:\Documents and Settings\Paddy\My Documents\Netscape\Paddy Costello\37i28wl0.slt\Mail\mail.jerseymail.co-1.uk\GFI24.com
C:\Documents and Settings\Paddy\My Documents\Thunderbird\Profiles\3mcpj5ys.default\Mail\mail.jerseymail.co-1.uk\GFI24.com
C:\Documents and Settings\Paddy\My Documents\Thunderbird\Profiles\3mcpj5ys.default\Mail\mail.jerseymail.co.uk\GFI24.com
C:\Documents and Settings\Paddy\Application Data\Mozilla\Profiles\default\07i19gb4.slt\Mail\mail.jerseymail.co-1.uk\GFI24.com
C:\Documents and Settings\Paddy\Application Data\Mozilla\Profiles\P M Costello\1dlwid7r.slt\Mail\pmcost mail\GFI24.com
C:\Documents and Settings\Paddy\Application Data\Mozilla\Profiles\P M Costello\1dlwid7r.slt\Mail\pop1.psilink.co.je\GFI24.com
C:\Documents and Settings\Paddy\Application Data\Thunderbird\Profiles\3mcpj5ys.default\Mail\mail.jerseymail.co.uk\GFI24.com
C:\DOCUME~1\PADDY\My Documents\Download Files\AnyDVD_All_Versions_Keygen,_Loader.zip
C:\DOCUME~1\PADDY\My Documents\Download Files\tmpgrnc\TMPGEnc DVD Author v1.5.11.37 KeyGen.exe
C:\DOCUME~1\PADDY\My Documents\Download Files\AnyDVD_All_Versions_Keygen,_Loader\AnyDVD_Crk.key
C:\DOCUME~1\PADDY\My Documents\Download Files\AnyDVD_All_Versions_Keygen,_Loader\AnyDVD_kg.exe
C:\DOCUME~1\PADDY\My Documents\Download Files\AnyDVD_All_Versions_Keygen,_Loader\AnyDVD_loader.exe
C:\DOCUME~1\PADDY\My Documents\Download Files\AnyDVD_All_Versions_Keygen,_Loader\tmg.nfo
C:\DOCUME~1\PADDY\My Documents\My Music\ABBA\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).mp3
Folder::
C:\Documents and Settings\Paddy\My Documents\Netscape\Paddy Costello\37i28wl0.slt\Mail\pop1.psilink.co.je\Inbox
C:\Documents and Settings\Paddy\My Documents\Netscape\Paddy Costello\37i28wl0.slt\Mail\pop1.psilink.co.je\Inbox
C:\Documents and Settings\Paddy\Application Data\Mozilla\Profiles\P M Costello\1dlwid7r.slt\Mail\pop1.psilink.co.je\Inbox
C:\Documents and Settings\Paddy\Application Data\Mozilla\Profiles\P M Costello\1dlwid7r.slt\Mail\pop1.psilink.co.je\Inbox
C:\DOCUME~1\PADDY\My Documents\Download Files\AnyDVD_All_Versions_Keygen,_Loader
Registry::
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
3.
Save the above as
CFScript.txt4. Then
drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
2) Upload file for analysisPlease ensure you can view hidden files and folders by doing the following:
- Go to Start>Control Panel and go under Appearances and Themes
- Click on Folder Options and go under View tab
- Ensure that "Show hidden files and folders" is selected and click Apply
NEXT- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\windows\system32\taskmon.exe
- Click on the Upload button
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
3) Run runscannerPlease download
Runscanner to your desktop and run it.
- When the first page comes up select Beginner Mode
- On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
- At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
- On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
- Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.
Next reply (please include):
Fresh RSIT log (please re-run RSIT)
ComboFix.txt
Runscanner log (please attach it)
Virscan results