Home > Hijackthis Log > Hijackthis Log - Apntex.exe (XP Antispyware 2010 Virus)

Hijackthis Log - Apntex.exe (XP Antispyware 2010 Virus)

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exeO23 - If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful run.If this does not occur please delete that application and download Try What the Tech -- It's free! check over here

HiJackThis log « previous next » Print Pages: [1] Go Down Author Topic: Possible virus? I am obviously typing this from my other PC. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running https://forums.techguy.org/threads/hijackthis-log-apntex-exe-xp-antispyware-2010-virus.905123/

HiJackThis log « Reply #3 on: October 18, 2010, 10:03:01 PM » SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 10/18/2010 at 07:27 PMApplication Version : 4.44.1000Core Rules Database Version : 5707Trace Rules Database Version: 3519Scan Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Press Update to make sure the latest database is loaded.

When completed, a log will open in Notepad. Read HERE why we disable autoruns Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing When I put my mouse over the icon shield, it says "XP Antispyware 2010". Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

Advertisement Recent Posts No valid ip address error,... It is important that you reply to this thread. Hum... Note 1: Do not mouseclick combofix's window while it's running.

Contents of the 'Scheduled Tasks' folder 2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 02:54] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 02:54] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659357267-2296849982-895310936-1113Core.job With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. or read our Welcome Guide to learn how to use this site. If this is an issue or makes it difficult for you -- please tell your helper. 4.

Attached Files DDS.txt 16.63KB 0 downloads Back to top #9 wolfpackfans wolfpackfans Topic Starter Members 123 posts OFFLINE Location:Wilmington, NC Local time:05:44 PM Posted 18 December 2010 - 01:08 PM Software > Computer viruses and spyware Possible virus? I have done all of that and will post them in the following posts, including a new Hijackthis log after running the other two scans. Free Antispyware: HijackThis, AdwCleaner, JRT, Combofix, Super Antispyware, Malwarebytes Anti-malwareInstructions: Show hidden files, Reboot in Safe Mode, How to backup Windows registry------------------------------Follow us on Facebook.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:20:43 PM, on 2/22/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe http://splodgy.org/hijackthis-log/hijackthis-log-virus.php Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. I rebooted the machine just fine, but I haven't re-ran GMER yet.

Updater (YahooAUService) - Yahoo! I am concerned about what I had you run so if you would have him run DDS like I had you do in post #2 and post just the DDS.txt. contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - this content Scheduler - Sage Software SB, Inc - C:\Program Files\ACT\ACT for Windows\Act.Scheduler.exeO23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation.

Here's how it works. I had to hack the admin password, and the laptop is so darn slow that it has taken a while to get these tools downloaded and run! HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

msbobo83, Feb 22, 2010 #2 msbobo83 Thread Starter Joined: Mar 17, 2008 Messages: 15 Bump.

Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. Use: "mbr.exe -f" to fix.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-578150710-4130622947-1107255772-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,4c,3b,65,08,70,20,4c,bc,1b,a0,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,4c,3b,65,08,70,20,4c,bc,1b,a0,\.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1096)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll- - Register now! Join the ClassRoom and learn how.

Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. Please include this log in your next reply. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link http://splodgy.org/hijackthis-log/hijackthis-log-and-virus.php loader.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {A7506E43-EDA8-4F09-8FFF-404917633797} (ExClient_v100_ax Control) - http://81.86.149.50/ExClient_v200_ax.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ...

Thanks. -blu Back to top #4 thewall thewall Malware Response Team 6,424 posts OFFLINE Gender:Male Location:Florida Local time:06:44 PM Posted 11 January 2010 - 03:19 PM OK, thanks for letting Any idea how many stages there are to combofix? Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.* Viewpoint* Viewpoint Manager* Viewpoint Media Player* Viewpoint I won't go ahead of you again...I promise.

I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: &Yahoo! My name is Dave.

Back to top Page 1 of 4 1 2 3 Next » Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, Please note that your topic was not intentionally overlooked. Updater (YahooAUService) - Yahoo!