also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Taskmgr.exe, regedit, msconfig etc.

Discussion in 'Virus and Malware Removal' started by Artix, Mar 21, 2010.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Artix TechSpot Paladin

    i have recieved your message ;)

    will continue on the virus removal right now ;)
    Artix, Apr 5, 2010
    #21

  2. Artix TechSpot Paladin

    Update: OTM run




    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\hp\drivers\hpiz31\setup\PhotoGallery\PhotoGallery.cab moved successfully.
    C:\Program Files\HP\Digital Imaging\bin\hpqEmlsz.exe moved successfully.
    C:\Program Files\Online Services\BTESAT\1890hp.exe moved successfully.
    C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Anytime\SignupLt.exe moved successfully.
    E:\Backup2010\detectionzer0 wallhack\GBP\GBP.exe moved successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 143172068 bytes
    ->Temporary Internet Files folder emptied: 20278283 bytes
    ->Java cache emptied: 250860 bytes
    ->FireFox cache emptied: 38707237 bytes
    ->Flash cache emptied: 10844 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 138564 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp filaes removed: 19528 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34097 bytes
    RecycleBin emptied: 10654367 bytes

    Total Files Cleaned = 203.00 mb


    OTM by OldTimer - Version 3.1.10.1 log created on 04052010_233232

    Files moved on Reboot...
    C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\264 moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7C46.tmp moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8x9fh7q.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8x9fh7q.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8x9fh7q.default\Cache\_CACHE_003_ moved successfully.

    Registry entries deleted on Reboot...
    Artix, Apr 5, 2010
    #22

  3. Broni Malware Annihilator

    Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator")
    • Click on the CleanUp! button and follow the prompts.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.
    • After the reboot all the tools we used should be gone.
    • The tool will delete itself once it finishes.

    ========================================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
    Broni, Apr 5, 2010
    #23

  4. Artix TechSpot Paladin

    ok here is the log ;)

    Attached Files:

    Artix, Apr 6, 2010
    #24

  5. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
    Broni, Apr 6, 2010
    #25

  6. Artix TechSpot Paladin

    Thank you very much :) Will run weekly virus scan etc dont want any bad viruses coming back xD.

    Thanks :)
    Artix, Apr 7, 2010
    #26

  7. Broni Malware Annihilator

    You're very welcome :)
    Stay safe :)
    Broni, Apr 7, 2010
    #27
Page 2 of 2
Thread Status:
Not open for further replies.