Over 1 million tech questions and answers.

Panda Scan Result.. Restart.exe

Q: Panda Scan Result.. Restart.exe

Hi there!

I just recently got my system put back together and I have been slowly running a few online scans to make sure everything was clean while I was downloading security updates over this last weekend.

I ran one recommended to me called BitDefender last night, and it came up absolutely clean. I also ran another earlier called ewido, which also came up clean, other than a few tracking cookies which were no problem getting rid of.

I just ran Panda's free online scan and it brought up something...

C:/Windows/system32/Tools/Restart.exe It says that files is "Potentionally Unwanted Tool"

I did a search on these forums and found somebody else had this file come up in a Panda scan, so I followed one of the instructions listed, and uploaded it to a site to run several scans. Here are those results:
------------------
http://virusscan.jotti.org/
File: Restart.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 eb1b125ee5d2022cbf5e2f7226f47638
Packers detected: -
Scanner results
AntiVir Found SecurityPrivacyRisk/Destart.A riskware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found HackerTool/Rebootah
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
----------------

I do not have that Hijack this program yet, I'm still trying to get things together but I will be looking into it on a night I have the available time to download it (I'm on a 24k dial up connection, so those things take awhile).

I plan on running Housecall, from TrendMicro tomorrow/Thursday night as well to see if it brings anything else up. Is the Restart.exe file safe to remove? What exactly does that file do?

Thank you! I will check back first thing after I wake up in the morning....

RELEVANCY SCORE 200
Preferred Solution: Panda Scan Result.. Restart.exe

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Panda Scan Result.. Restart.exe

Read other 9 answers
RELEVANCY SCORE 62

i tried to do the on-line Panda scan a few times, once my dial-up connection disconnected it, and i couldnt get it back, and I tried it 2 more times and it stalled about 3/4 of the way thru, even tho i was still connected. When i do Spybot S&D scan it stalls midway too, several times, i have to keep moving my mouse around for a while to get it to start again. Why do u think this keeps happening on my computer?( Virus scan was negative, and i deleted some adware with a scan i did a day before.) I know the Panda scan used Actixe X which i had to download to do the scan. Should i delete it now? What would it look like and where would it be on the computer.?
I have an old Dell OptiPlex GX1 Pentium 2 with 350 MHZ, with 256 RAM and WIN ME O.S. with 10 G. storage with a slow dial-up connection. Thank in advance. ZUZU2
 

A:Panda scan and Spybot-S&D scan stalls mid-scan

This is my HJT log after running (sluggishly) Sbybot-S&D and finding no problem:
Logfile of HijackThis v1.99.1
Scan saved at 9:56:31 PM, on 2/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\DOWNLOAD\CONKEEPM.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\DIALER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\NETSCAPE WEB ACCELERATOR\NSACCEL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\CSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: I... Read more

Read other 1 answers
RELEVANCY SCORE 61.2

The Intel Driver & Support Assistant said that it had an update: Intel® Graphics Driver for Windows* [15.40]. When I did a scan with the Lenovo Companion app, it said there were no updates available. Why the difference of opinion betwee the two apps?

Read other answers
RELEVANCY SCORE 59.6

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-23 22:43:10
PROTECTIONS: 1
MALWARE: 25
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Trend Micro AntiVirus - Virus Protection 15.10.2002 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.Family\Application Data\Mozilla\Firefox\Prof... Read more

A:My scan for malware with Panda Active Scan

Hello -

It appears as though you've stopped at Step 2.

Step 5 would have you do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 59.6

Hi,

I'm sorry I'm not very good with computers and last year you guys helped me so much. I think I have the same problem again: viruses, malware, etc..

My system info:

Microsoft Windows XP
Version 2002
Service pack 2
Intel Celeron 2.13GHz
768 MB RAM

Hijackthis scan results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:58 PM, on 9/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files... Read more

A:Scan results for Hijackthis/panda scan please help thank you

Hello,

I am concerned about the trojan viruses that I got from Limewire. I have since removed this unsafe program from my computer but would like help in getting my computer to be clean again.

Below is the updated hijackthis and panda scans of my computer.

Thank you for your time,

Danna


My system info:

Microsoft Windows XP
Version 2002
Service pack 2
Intel Celeron 2.13GHz
768 MB RAM


Panda Scan Results:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-20 16:45:43
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Zone Alarm Security Suite 7.0.483.000 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type ... Read more

Read other 10 answers
RELEVANCY SCORE 55.2

I cleaned up most of the infections with a combo of ewido, adawarese, spybot s&d, avg and cleanup. I'm still getting popups of myfavoritesearch.com along with other popups/rediirectors....

I'm also using popupstopper.

Here's the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 3:25:15 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iedw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\... Read more

A:panda scan log and hjt log

Hi and welcome to TSF.

My handle is TexRanger, and I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread by clicking Thread Tools then subscribe to this thread so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 11 answers
RELEVANCY SCORE 55.2

here is a copy of my panda scan:

A:panda scan...need help..

Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4 and Ad-aware SE v1.06 . Fix whatever they suggest.

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer:

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.

Anti-trojan
Please download, update and run the A2 (A squared) anti-trojan. Let it fix whatever it wants to.

Anti-virus
Also, run this pc through the...
Panda Online virus scanner
or
Trend Micro Housecall Online virus scanner

Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually.


=============================================

Please download the trial version of Ewido/AVG Anti-Spyware 7.5
here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


... Read more

Read other 19 answers
RELEVANCY SCORE 55.2

i just now did a panda scan/ active scan.. whatever its called and i got these:
Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Tribal... Read more

A:will someone look at this panda scan for me?

Nah, it's normal
 

Read other 1 answers
RELEVANCY SCORE 55.2

I've just run the online Pandascan and it came up with 1 "Potentially unwanted Tool:Application Processor"

And this is the one "Smitfraudfix/Process.exe"
So can you tell me if this is needed or it's fine and used as part of this program
 

A:Panda scan?

It's fine
 

Read other 3 answers
RELEVANCY SCORE 55.2

Hi People,

It has been a while and was pleased about that, it meant no problems , but I have a new laptop and I have updated Panda Virusscan but it just won't scan. It'll say connecting to the server, it will start scanning for a couple of files and then jams every single time. I'm a little worried about it. Is it a setting that might be wrong?

Where are safe internet online scans I can do to see if I have something or another? Or do I need to make a seperate thread for that question in the malware forum? I am not really sure it is malware hence I posted here.

Hope somebody can help me out!

Have a nice evening
 

A:Panda won't scan

Read other 16 answers
RELEVANCY SCORE 55.2

Can't run Panda scan.

A:cant run panda scan

Hello and welcome to TSF.

Skip the Panda scan and just continue on with the next step until they are all completed, and post your logs please.

Read other 1 answers
RELEVANCY SCORE 55.2

I need some help!!
My computer slowed a lot and now restarts every now and then.
I noticed QDRModule13.exe running and looked it up. Not good. A few others grabbed my attention.

Here is the Panda Scan followed by the HJ Log.

Thanks for your help.

---------------------
PANDA
----------------------
Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UGA6P_0001_N122M2210NetInstaller.exe
Spyware:spyware/media-motor Not disinfected c:\windows\unstall.exe
Adware:adware/startpage.amb ... Read more

A:Help -- HJ Log and Panda scan

Shameless bump

I have been reading the other posts and reponses. Good stuff on here.

Read other 4 answers
RELEVANCY SCORE 55.2

hi all, i have run the scan on panda and got this:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-09 10:52:11
PROTECTIONS: 1
MALWARE: 30
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Enterprise 8.5.0.781 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Sett... Read more

A:panda scan log - what now?

can anyone help with this?

everytime i try to use IE i get another screen which freezes and will not open the homepage?

Read other 1 answers
RELEVANCY SCORE 55.2

big trouble thanks for help. hjt log on this post panda scan next post to big

Logfile of HijackThis v1.99.1
Scan saved at 9:20:17 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\VideoKeyCodec\isamonitor.exe
C:\Program Files\VideoKeyCodec\pmsngr.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\VideoKeyCodec\pmmon.exe
C:\Program Files\VideoKeyCodec\isamini.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\default\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,... Read more

A:help please hjt and panda scan

Panda Scan To Big To Post
 

Read other 2 answers
RELEVANCY SCORE 55.2

Hi

I just did a Panda online scan and was wondering how I can get rid of these 2 virus's that it found.

Incident Status Location

Adware:Adware/VirtualBouncer No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\ActiveX.inf
I run windows xp home addition with pretty much all the security that I thought I would need

AVG antivirus
Alpha Shield external firewall

AdAware SE
SpyBot

Also when you click on tools, internet options, settings and then view options can you safely remove those programs in there that say damaged or unknown?

RAndy
 

A:Panda Scan

didn't it put the viruses in the vault ? just right click on the vault to delete them. new AVG update today also.
 

Read other 2 answers
RELEVANCY SCORE 55.2

I'm following the steps ... shut down my virus, registered -w- PANDA down loaded it, updated it and then stare at a blank screen. I've done the download and update 3x.

HELP

Joe

Read other answers
RELEVANCY SCORE 55.2

As the title says I can't seem to get rid of this rootkit. I spent several hours cleaning a clients PC at work today and am burned out. Any help is appreciated.

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 10:43:17 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton Utilities\NPROTECT.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Speed Disk\nopdb.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZONELABS\vsmon.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\Mixer.exe
F:\PROGRA~1\NORTON~2\navapw32.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\Program Files\AIM\aim.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Ju... Read more

A:HJT Log and Panda Scan too

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 1 answers
RELEVANCY SCORE 54.8

Hi,

Can anyone tell me if this file is harmful, it was picked up while scanning with AVG software, status read at the top of the it said it had been changed, this is the file:

C:WINDOWS\SYSTEM32\ntoskrnl.exe

Is this whats called a kernal, this is not in my virus vault but keeps coming up on the scan each time.

Thanks
 

A:AVG scan result

See post #4 in this thread: http://forums.techguy.org/security/554221-solved-avg-finds-ntoskrnl-exe.html
 

Read other 2 answers
RELEVANCY SCORE 54.8

When I run a virus scan using AVG I get the message C:\windows\system32\drivers\etc\hosts change result: changed. I have attached Kappersky and DSS scan results. Do I have something to worry about? besides AVG I have SpyBot which I update and run every couple of days. Thanks in advance for your help.

A:Avg Scan Result

Hello StalagmiteWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, download and install Hijackthis by Trendmicro and post a log, copy and paste it into the thread by using the Add Reply button, please do not attach it. I am looking at a possible trojan on your system.Download Trendmicros Hijackthis to your desktop.Double click it to installFollow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exeOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Read other 2 answers
RELEVANCY SCORE 54.8

Hey guys,
I posted this originally on May 2nd and have never gotten a response. If I don't have anything to be concerned about, please, just let me know. I have always gotten very good assistance with my troubles and questions before. Maybe I just posted my question in the wrong place.

Question about scan
I am not really having a problem but I am curious about the results of a scan by AVG Free. When my scan is complete, I get the results shown in Attach. #1. I click on "remove all unhealed infections and I get the results shown in Attach. #2. Also enclosed is the results from my HiJackThis scan. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:31 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\A... Read more

Read other answers
RELEVANCY SCORE 54.4

Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t24jqwkl.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t24jqwkl.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t24jqwkl.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t24jqwkl.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t24jqwkl.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t24jqwkl.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t24jqwkl.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cooki... Read more

A:Could someone read this panda scan please?

Read other 12 answers
RELEVANCY SCORE 54.4

Has anyone had trouble downloading this from I E?I have been trying for ages now but to no avail .I have tweaked my internet options settings turned off pop up blocker but unless it a browser thing I do not know what next.Any help would be appreciated.
 

A:Panda Active Scan

Read other 9 answers
RELEVANCY SCORE 54.4

i got a trojan a few days ago, mcafee deleted it right away but ever since i got this yellow triangle w/ exclamation point. i've followed the directions thus far in this forum and this is what it came up with at the end of the scan.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-21 13:20:52
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;=======================================================================================================================================... Read more

A:ran the panda security scan and here's what i got

Hello -

That is but Step 2....please continue on.

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 11 answers
RELEVANCY SCORE 54.4

hey im new to a of this stuff but if you could show mthrew it (be detailed) that would be very appreciated..so i guess im supposed to send this to you then yu send me back so if you can tell me (exactly) what to do that would be greeat! so my computer started to get slow. pop ups have been coming and all of the sdden my background changes to blue and says that i have spyware. now cant change my properties. many porn pop up have been coming up althought i dont do tha sort of stuff. that is pretty much my problem. thank you!


Deckard's System Scanner v20071014.68
Run by Danoo XD on 2008-07-13 02:07:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-07-13 06:07:41 UTC - RP225 - Deckard's System Scanner Restore Point
14: 2008-07-13 00:27:20 UTC - RP224 - Last known good configuration
13: 2008-07-13 00:27:14 UTC - RP223 - Last known good configuration
12: 2008-07-13 00:27:14 UTC - RP222 - System Checkpoint
11: 2008-07-13 00:27:14 UTC - RP221 - System Checkpoint


-- First Restore Point --
1: 2008-07-13 00:27:13 UTC - RP211 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Danoo XD.exe) --------------------------------------------

Logfile of Trend Micro Hij... Read more

Read other answers
RELEVANCY SCORE 54.4

I recently ran the Panda software facility and it has found 2 problems listed below.

Can anyone please help - my computer seems to be slowing down all the time and processes end and the comp has to be restatred?

Any help would be much appreciated.

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Amanda Parsons\Desktop\Crisafa P's Games\Spyware\old\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Amanda Parsons\Desktop\Crisafa P's Games\Spyware\old\smitRem.exe[smitRem/Process.exe]

A:Panda scan results

Hi chris

Panda have only tagged the smitrem tool you used it's nothing to worry about. However you do have an ongoing log http://www.techsupportforum.com/showthread.php?t=93157

I would recommend you complete the cleaning process.

Read other 4 answers
RELEVANCY SCORE 54.4

I did my scan and came up with this i have no idea what to do next Can you please help? Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\1.bin\W6WBTEMP.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Len Steinle\Application Data\Mozilla\Firefox\Profiles\5vijmdkt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Len Steinle\Application Data\Mozilla\Firefox\Profiles\5vijmdkt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Len Steinle\Application Data\Mozilla\Firefox\Profiles\5vijmdkt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Len Steinle\Application Data\Mozilla\Firefox\Profiles\5vijmdkt.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Len Steinle\Application Data\Mozilla\Firefox\Profiles\5vijmdkt.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Len Steinle\Application Data\Mozilla\Firefox\Profiles\5vijmdkt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Tribal... Read more

A:help with results from panda scan

Read other 7 answers
RELEVANCY SCORE 54.4

Hello fella's & ladies, been getting messages of existing virus lately 'round
my hotmail acct. other day tried to attach some pics from my documents
to send my daughter & wouldn't attach saying it contained virus, did it with
yahoo acct. no problem. Last night tried to access 4 pics of her that are attached to an em from last week. I was only able to open the 1st one. The others are corrupted, according to hotmail's em auto scan. Well, I have a NAV
2000 that came w/ this unit. seems to be working, I think. What'about online
scan ? will that tell me ?
 

A:Online Panda scan ?

i run AVG7 free on my system. i also use panda free on line scan once a week to be safe. uncheck scan for spyware ,panda does not remove spyware. they want to sell you a program.

http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
 

Read other 2 answers
RELEVANCY SCORE 54.4

I was following the steps to find and remove malware/spyware,i followed a link from this site to panda activescan.After i installed the program and went to run it i recieved a notification from Avast that it contained spyware so i aborted the connection.Im just wondering if this is a trusted program or avast has got it wrong because it has failed me before.thanks for your help.

EDIT: My apologies,i didnt see the "Avast users notice" at the bottom of the thread

A:panda active scan

I haven't used panda before for my spyware removal. I would recommend that you try downloading Spybot Search and Destroy. This is a great free program that is great.

I did a little searching with my friend google, and haven't found anything yet that says that Panda active scan has malware. So, go ahead and use it but I would recommend Spybot too.

Cheers!

Read other 1 answers
RELEVANCY SCORE 54.4

Please could someone help, for some reason my computer wont shut down anymore, it gets stuck just before it turns off and i have to turn it off by the mains.

Could some tell me what files need to be deleted.

Thanks in advance.


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\lwl84rtg.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\demo\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\demo\Cookies\[email... Read more

Read other answers
RELEVANCY SCORE 54.4

Hey guys, someone once recommended panda active scan on here.. so ive done a scan and it shows 24 spyware and 4 hacks... however it wont let me remove them without purchasing... but my other programs wont find these problems. so im hoping by posting the scan log someone can help me out...

******************************
Incident Status Location

Potentially unwanted tool:application/seekmo Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Erin's Mom\Application Data\Mozilla\Firefox\Profiles\o47jdgha.default\COOKIES.TXT[.perf.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Erin's Mom\Application Data\Mozilla\Firefox\Profiles\o47jdgha.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Erin's Mom\Application Data\Mozilla\Firefox\Profiles\o47jdgha.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Erin's Mom\Application Data\Mozilla\Firefox\Profiles\o47jdgha.default\CO... Read more

A:Panda Active scan

most are cookies so are harmless

Please download ATF Cleaner by Atribune
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

and I wouldn't worry about the others but see what this finds & fixes

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
Click the Free Trial link under "Downloads/SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory Objects
Sweep Windows Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Compressed Files
Sweep for Rootkits
Please UNCHECK Sweep System Restore Folder.

Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next bu... Read more

Read other 3 answers
RELEVANCY SCORE 54.4

I have run, ' Ad-Aware 2007' , ' AVG Anti-Virus 7.5' , ' Spybot - Search & Destroy' , ' SUPERAntiSpyware' , ' Spyware Blaster' , ' Nortans internet Security 2005 / Symantec' , ' Combo Fix' , ' WinPatrol' And the 5 Step Rule for this post.

Here im going to post my HiJackThis Log, and right under it i will post my Panda Scan, and right under that my DSS Log, and last my Combo Fix Log.


HiJackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:09 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\syste... Read more

A:HJT Log/Panda Scan/Combo Fix/DSS - PLEASE HELP!

been 2 days, no reply, BUMP...

Read other 13 answers
RELEVANCY SCORE 54.4

I sat there and watched this freakin thing scan for over an hour and then towards the end it just hangs without having disinfected the spyware it found. It got hung up on this file...

c:\windows\system32\aclui.dll


edit: nevermind...after sitting on this file for about 15-20 minutes and just about to give up on it it started running again, but the stupid thing still didn't disinfect what it found..

A:Panda scan incomplete..

Click here to download HJTsetup.exeSave HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Read other 1 answers
RELEVANCY SCORE 54.4

I was cleaning the computer today. Ran adware, spybot, ccleaner, AVG and I ran another virus scan Panda, and it found quite a bit of things. What should I do about them. Thank you..

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Dialer:dialer.bdf Not disinfected c:\windows\system32\newdial.exe
Adware:adware/cws.searchmeup Not disinfected c:\windows\system32\newdial1.exe
Adware:adware/winprotect Not disinfected c:\windows\help\SPAlert.chm
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\clsid\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\MySearchToolBar.ToolbarPlugin
Adware:adware/sidestep Not disinfected Windows Registry
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cooki... Read more

A:Solved: panda scan

Read other 11 answers
RELEVANCY SCORE 54.4

so i just did a panda scan and i got 16 spyware infections and another 9 in my computer, can some 1 give me free programs to delete these. Thanks
 

A:Solved: Panda scan

Best program for removal:

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Also try Spybot:

http://www.safer-networking.org/

( Comes with a handy immunizer )
 

Read other 3 answers
RELEVANCY SCORE 54.4

Incident Status Location Adware:Adware/PurityScan No disinfected C:\!Submit\dsta.exe Adware:Adware/MediaTickets No disinfected C:\!Submit\l.bat Adware:Adware/MediaTickets No disinfected C:\!Submit\m.bat Adware:Adware/Transponder No disinfected C:\!Submit\ngdiqls.exe Adware:Adware/Apropos No disinfected C:\!Submit\ProxyStub.dll Adware:Adware/MediaTickets No disinfected C:\!Submit\update-sp1.html Adware:Adware/MediaTickets No disinfected C:\!Submit\update-sp2.html Adware:Adware/MediaTickets No disinfected C:\!Submit\update-sp3.html Adware:Adware/MediaTickets No disinfected C:\!Submit\update-sp4.html Adware:Adware/MediaTickets No disinfected C:\!Submit\update-sp5.html Adware:Adware/MediaTickets No disinfected C:\!Submit\z.bat

Heres my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 20:24:35, on 2005/10/10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\mitsutoshi abe\デスクトップ\hijackthis\HijackThis.exe


O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\.... Read more

A:After panda scan please need help!

O4 - HKLM\..\Run: [aラy-ッ] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [xー饌ラy-ッ] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [xーイxー・ペ-ッ] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [C:N INDOWS\\\\scgeekao.C:\\\\Program Files\\\\ISTsvc\\\\istsvc.exe] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [CB<WINDOW jcgeekaoNC:\\\\Program Files\\\\ISTsvc\\\\istsvc.exe] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [CB<WINDOWGGjcgeekaoNC:\\\\Program Files\\\\ISTsvc\\\\istsvc.exe] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [CB<0NDOWGGjcgeekaoNC:\\\\Program Files\\\\ISTsvc\\\\istsvc.exe] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [CB<0NDOWGGjcgeekao^C:\\\\Program Files\\\\ISTsvc\\\\istsvc.exe] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [CB0INDOW fscgeekao^C:\\\\Program Files\\\\ISTsvc\\\\istsvc.exe] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [bOイWラy-ッ] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [bOイWラy-ッ迥C:\\\\:] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [頒aラy-ッ] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [蕃イaラy-ッ] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [蕃イ鴇aラy-ッ] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run: [bOイZラy-ッ迥C:\\\\:] C:\WINDOWS\scgeekao.exe
O4 - HKLM\..\Run... Read more

Read other 3 answers
RELEVANCY SCORE 54.4

I allready ran adaware SE, spybot S&D, and also done the 5 step process before posting. The symptoms my computer is having summed up as well as I can get them are as follows: pop-ups, icons in the try saying "you have spyware download this" or "your computer is running 48% slower than normal" and it will take me to pages trying to get me to download virus removal tools etc, when on the internet I will get automatically directed to other sites, or it will block certain sites (i.e. when I tried to download HiJackThis from download.com, it would divert me from the page after a few seconds saying it cannot be displayed and I need to download this or that.)

The following are the panda scan/dss results.

Panda scan:

Incident Status Location

Adware:Adware/ErrClean Not disinfected c:\documents and settings\owner\application data\setup_en[1].exe
Virus:Gen... Read more

A:Panda/DSS scan logs, help please.

Please download SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Please download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this ... Read more

Read other 5 answers
RELEVANCY SCORE 54.4

Hello,
I've followed the instructions just like what the other users told me.

so uhm,, here's my logs:

PANDASCAN:

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Manolo\Application Data\Mozilla\Firefox\Profiles\qnd028uy.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Manolo\Application Data\Mozilla\Firefox\Profiles\qnd028uy.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Manolo\Application Data\Mozilla\Firefox\Profiles\qnd028uy.default\COOKIES.TXT[stat.onestat.com/] ... Read more

A:Panda scan/ HJT logs

my HJT log :

Logfile of HijackThis v1.99.1
Scan saved at 3:42:21 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\progra~1\mcafee\MCAFEE~3\masalert.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
C:\Program Files\CursorXP\CursorXP.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSO... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

Old thread:

Quote:




Well, on the rare occasion I let someone use my laptop, I finally allowed some of my friends to mess around with it while I wasn't on it. Well, this will be the last time. They were on limewire and downloade a video, which called for a codec I'm assuming, of course they downloaded it and it downloaded shitloads of viruses on my computer.

Random IE pages are opening to random sites.
There is a folder named "!" in my pc with over 1900 videos in it of porn and other items.
There are several things in my startup that continuously try to start if I reject them from starting with Spybot.

I've scanned it umpteen times, used hijack to make them stop starting, they still come back. IE pages won't stop coming up, my computer is basically a hell hole right now and I'm not very pleased. Sometimes when I scan it, they come up, sometimes they don't. I've scanned in safe mode, used several online scanners, used AVG, Avast, Spybot, and god only knows what else. I just don't know what to do.

- Sorry if this is the wrong forum.

Edit:// Also, lately apple products have been installing themselves on my pc as well. I have itunes out of my own will, but I don't want Safari and Bonjour?




Deckard's System Scanner v20071014.68
Run by Gage on 2008-05-03 13:37:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2008-05-03 ... Read more

A:Panda scan thing.

I redid it the right way, sorry for the last past.

Read other 17 answers
RELEVANCY SCORE 54.4

I have been having minor problems lately usually result in having to do a restart. Tried to run a Panda scan but a message re- active X not responding, try again if this does not work restart computor and try again. I have tried several times. Here is my latest Hi-jack this log.

Logfile of HijackThis v1.99.1
Scan saved at 4:23:17 AM, on 3/25/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DO... Read more

Read other answers
RELEVANCY SCORE 54.4

Incident Status Location Adware:adware/seekmo Not disinfected Windows Registry Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Chris Layo\Cookies\chris [email protected][1].txt Adware:Adware/PornoPlayer Not disinfected C:\Downloads\Uninstall.exe Potent... Read more

A:Hijack This Log And Panda Scan Log

Welcome to BC

Sorry for the delay, the forum has been extremely busy lately.

Since its been a few days, please post a fresh Hijackthis log. Thanks.

Read other 10 answers
RELEVANCY SCORE 54.4

Hi Guys,

Yes I actually read Iains 5 steps!!!

I dont consider myself as a total computer novice but at the same time I know where my tallent runs out! so below is my HJT log file and my panda scan, obviously panda has ID'd a good few spyware files but thought Id leave it to the experts!!

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 18:17:55, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Divx Player\DivxPlayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTACE... Read more

A:HJT log help please (Panda scan included)

48 hour bump please guys!

Read other 9 answers
RELEVANCY SCORE 54.4

Hi all
Following the "Preparation Guide for use before posting a HijackThis Log", I have the results to a Panda Online Scan but can't afford to pay to have them removed. Does anyone know of any way I can find these Cookies on my system and manually delete them? Now that I know they are there it is bugging me. Ad-aware SE, Spybot and Windows Defender (my usual scans) haven't picked up on them.

(Tried to paste the results here but not coming across 'cleanly' - I know nothing about Notepad!)

A:Panda Scan Results

You delete cookies through your browser.Internet Explorer:Open Internet Explorer.In the Toolbar, at the top, click Tools.Select Internet Options.Click the General tab.Click on Delete Cookies...Click OK.Firefox:(Pre version 2.0)Click Tools.Select Options....Click the Privacy icon.Click the Cookies tab.Click the Clear Cookies Now button.Click the OK button.(version 2.0)Click Tools.Select Options....Click the Privacy icon.Under Cookies, click the Show Cookies... button.Click the Remove All Cookies button.Click the Close button.Click the OK button.

Read other 7 answers
RELEVANCY SCORE 54.4

Run Panda Scan recently & have received results below. Please advise what I need to do next to clean system. I have just installed AVG Anti-Virus & Comodo firewall to replace Virgin PC Guard.

Incident Status Location

Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\fourdefydrivepart\Holeshim.exe
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][2].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Mark & Matt\Cookies\mark & [email protected][1].txt
Spyware:Cookie/GoStats Not disinfecte... Read more

A:Panda scan results

Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html

When you have completed them, you shall have a set of logs for us

Read other 17 answers
RELEVANCY SCORE 54.4

I have been getting help in the Windows 98 Section for shutdown problems. I have gone through the five step process and have been referred to this forum because when I did an online Pandascan it indicated that I was infected. I have downloaded Hijackthis and run it, but when I try to save the file it says that the: the requested file C:\WINDOWS\DESKTOP\hijackthis.log was not a valid font file. Any suggestions? How do I save it and transfer it to this forum?

thanks
Linda

A:Panda Scan indicates infection

Hi Linda

Did you save a report of the Panda scan? If so could you post it in your next reply

Open HijackThis and click 'do system scan and save a log'. Once the scan is complete notepad will open with the log. Copy the entire log (Ctrl + A then Ctrl + C ) and paste it into your next reply by pressing Ctrl + V

You may also wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Read other 19 answers
RELEVANCY SCORE 54.4

I followed a link last night, from the one here about the latest worm, to the Panda online virus scan. I didn't think I have the worm, had used other scans, but who knows what a new (free) scan might find

First I downloaded the program, took about 45 mins (for some reason, it wasn't that big a download) then decided on the full scan, while I was at it. After an hour of this, it had barely moved on the progress bar, and it was 1 AM so I stopped it and went to bed.

I considered taking it offline and letting it scan (as it says you can, but have to go online for results) but don't like leaving it on all night "doing something" while I sleep.

At that point it said it had found 4 infected files, it had disinfected (but no details, since I didn't finish it). I THINK it might be emails I had deleted, since it was scanning all files. Though I usually delete the deleted ones- to make sure.

This morning I started it again, this time he didn't have to download totally, quickly connected to whatever it had dl'd last night. Three hours later..... it had barely gotten to what might be the 1/4 mark on the progress bar. I had mainly been online (letting it scan) but took it off and back on again (which it said could be done)

I finally stopped it.

This afternoon, I tried it again, this time only checking EMAIL to scan.

An hour later.... it was only about 1/10th of the way on the bar, and had been on one file for about 30 mins. Said ithad scann... Read more

A:Using Panda online scan...?

Read other 7 answers