Home > Hijackthis Log > Hijackthis Log - Apntex.exe (XP Antispyware 2010 Virus)

Hijackthis Log - Apntex.exe (XP Antispyware 2010 Virus)

Contents of the 'Scheduled Tasks' folder 2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 02:54] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 02:54] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659357267-2296849982-895310936-1113Core.job Stay with this topic until I give you the all clean post. c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytesscan completed successfullyhidden files: 1**************************************************************************Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netdevice: opened successfullyuser: MBR read successfullycalled modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B85158]<< kernel: MBR read successfullydetected MBR rootkit I won't go ahead of you again...I promise.

I just want some help to verify that the computer is completely clean. Here's how it works. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Anybody can ask, anybody can answer. https://forums.techguy.org/threads/hijackthis-log-apntex-exe-xp-antispyware-2010-virus.905123/

Software > Computer viruses and spyware Possible virus? At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware. Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION

Be assured, any links I give are safe.7. But no awakening it! Windows Messenger is a frequent cause of popups.Unzip the file on the desktop. Close any open browsers or any other programs that are open.2.

Updater (YahooAUService) - Yahoo! Register now! If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo!

c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Wave Systems Corp\Common\DataServer.exe c:\program files\NavNT\defwatch.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common I rebooted the machine just fine, but I haven't re-ran GMER yet. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. Read HERE why we disable autoruns Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - http://www.computerhope.com/forum/index.php?topic=111398.0 plugin.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... Join the ClassRoom and learn how. Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-04-29 115560]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoWelcomeScreen"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 wvauth[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec

Please do so. ( Press YES on the alert) If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . opivyattackTopic StarterGreenhorn Experience: Beginner OS: Unknown Possible virus? Your security programs may give warnings for some of the tools I will ask you to use. Please note that your topic was not intentionally overlooked.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please a1afk10a.exe) and allow the gmer.sys driver to load if asked. Next: Please download ATF Cleaner by Atribune. http://magicnewspaper.com/hijackthis-log/hijackthis-log-virus.html When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Download GMER Rootkit Scanner from here to your desktop.

Please login or register.Did you miss your activation email? 1 Hour 1 Day 1 Week 1 Month Forever Login with username, password and session length Forum only search News: Home Malware issues - Hijackthis Log included Started by blu12345 , Jan 06 2010 12:07 PM Page 1 of 2 1 2 Next Please log in to reply 25 replies to this If you don't know or understand something, please don't hesitate to ask.4.

Please re-enable javascript to access full functionality. [Closed] Computer has a virus; new Hijack this log Started by jrwestman , Jan 20 2010 01:06 AM This topic is locked 2 replies to

They may otherwise interfere with our tools. HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.* Viewpoint* Viewpoint Manager* Viewpoint Media Player* Viewpoint

Consistently helpful members with best answers are invited to staff. Launch Malwarebytes' Anti-Malware. Click the Tools menu, and then click Folder Options. Any idea how many stages there are to combofix?