Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Panda Scan results

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
When I scan my computer with Panda online says that the computer is infected with some adware/spyware. My problem is that I donít know what to do and if to believe that results. The computer seems to work perfectly and at the moment I donít experience any kind of problem that should make me thing it is infected.
I run very often (almost everyday) and always up to date, Spybot, Ad-ware, CWShredder, Microsoft Antispyware, Spywareblaster and my antivirus is Symantec Client Security 8.1. It appears for the last 2 weeks always very clean, just few little tracking cookies by Ad-ware but the rest, just clean. I have also my computer updated with all Microsoft updates and have recently installed Windows XP Pack SP2.
So, could you please check the Panda logfile and the Hijackthis log and advise what will be next step to do? I tried already to find some of the files from the Panda scan for deletion but I can not find them however I should be able to see all hidden files aswell.
Thanks a lot

Panda Scan:

Incidencia Estado Elemento

Spyware:Spyware/Dyfuca No desinfectado C:\WINDOWS\nem???.dll
Adware:Adware/SideFind No desinfectado Registro de Windows
Adware:Adware/Startpage.ID No desinfectado C:\WINDOWS\nem216.dll
Adware:Adware/SuperSpider No desinfectado C:\Program Files\Q330994.exe
Adware:Adware/Popuper No desinfectado C:\Documents and Settings\erik\Favorieten\Home Loan.url
Adware:Adware/Virmaid No desinfectado C:\WINDOWS\system32\perfcii.ini
Adware:Adware/Popuper No desinfectado C:\Documents and Settings\erik\Favorieten\Home Loan.url
Adware:Adware/123Messenger No desinfectado C:\hijacksthis\backups\backup-20050513-235942-127.inf
Adware:Adware/SuperSpider No desinfectado C:\m.exe
Adware:Adware/SuperSpider No desinfectado C:\mssys.com
Adware:Adware/SuperSpider No desinfectado C:\p.exe
Adware:Adware/SuperSpider No desinfectado C:\Program Files\q330994.exe
Adware:Adware/SuperSpider No desinfectado C:\q.exe
Adware:Adware/SuperSpider No desinfectado C:\q250204.exe
Adware:Adware/SuperSpider No desinfectado C:\soundmx.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\cvchost.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\dl.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\dlm.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\msstasks.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\mssys.com
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\mstaskss.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\msxmidi.exe
Adware:Adware/Startpage.ID No desinfectado C:\WINDOWS\nem216.dll
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\reg33.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\rocky.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\seksdialer.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system\system.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system\wmscrop.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system32\d2kpax.dll
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system32\d2kpax.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system32\jac.dll
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system32\mcc.exe
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system32\msxslab.dll
Adware:Adware/Virmaid No desinfectado C:\WINDOWS\system32\perfcii.ini
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system32\services
Adware:Adware/SuperSpider No desinfectado C:\WINDOWS\system32\system32.dll
Adware:Adware/SuperSpider No desinfectado C:\winspec.dat ......................................................................................

Logfile of HijackThis v1.99.1
Scan saved at 19:48:30, on 27-5-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\ES\DevDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\ES\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks a lot again.
  • 0




    Spyware Veteran

  • GeekU Moderator
  • 32,372 posts
I wonder why the scan says it didn't clean them? (No desinfectado)
Maybe because the files were uncleanable and simply deleted?
Besides, all of those listed are files that Microsoft AntiSpyware would find as well. And you hav that running.

There is only one worrying entry in your HijackThis log:

O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe

That is not the path to the real file ( C:\Program Files\Messenger\msmsgs.exe )

So I would fix that line.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP